diff --git a/go.mod b/go.mod
index 52a9cffce..bdb75b9f9 100644
--- a/go.mod
+++ b/go.mod
@@ -12,8 +12,8 @@ require (
github.com/golangci/golangci-lint/v2 v2.11.1
github.com/onsi/ginkgo/v2 v2.28.1
github.com/onsi/gomega v1.39.1
- github.com/openshift/api v0.0.0-20260429122012-1180c0f5c3e9
- github.com/openshift/client-go v0.0.0-20260429123927-c81f86abfa6a
+ github.com/openshift/api v0.0.0-20260629123346-784126000268
+ github.com/openshift/client-go v0.0.0-20260629081241-b769428f4111
github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20260310144400-bec013a007a8
github.com/openshift/controller-runtime-common v0.0.0-20260428152732-64ee174f5e2e
github.com/openshift/library-go v0.0.0-20260505113324-de46cb8e2ddc
@@ -142,7 +142,18 @@ require (
github.com/go-logr/zapr v1.3.0 // indirect
github.com/go-openapi/jsonpointer v0.21.2 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
- github.com/go-openapi/swag v0.23.1 // indirect
+ github.com/go-openapi/swag v0.25.4 // indirect
+ github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
+ github.com/go-openapi/swag/conv v0.25.4 // indirect
+ github.com/go-openapi/swag/fileutils v0.25.4 // indirect
+ github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+ github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
+ github.com/go-openapi/swag/loading v0.25.4 // indirect
+ github.com/go-openapi/swag/mangling v0.25.4 // indirect
+ github.com/go-openapi/swag/netutils v0.25.4 // indirect
+ github.com/go-openapi/swag/stringutils v0.25.4 // indirect
+ github.com/go-openapi/swag/typeutils v0.25.4 // indirect
+ github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/go-toolsmith/astcast v1.1.0 // indirect
github.com/go-toolsmith/astcopy v1.1.0 // indirect
@@ -189,7 +200,6 @@ require (
github.com/jgautheron/goconst v1.8.2 // indirect
github.com/jingyugao/rowserrcheck v1.1.1 // indirect
github.com/jjti/go-spancheck v0.6.5 // indirect
- github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/julz/importas v0.2.0 // indirect
github.com/karamaru-alpha/copyloopvar v1.2.2 // indirect
@@ -208,7 +218,6 @@ require (
github.com/leonklingele/grouper v1.1.2 // indirect
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/macabu/inamedparam v0.2.0 // indirect
- github.com/mailru/easyjson v0.9.0 // indirect
github.com/manuelarte/embeddedstructfieldcheck v0.4.0 // indirect
github.com/manuelarte/funcorder v0.5.0 // indirect
github.com/maratori/testableexamples v1.0.1 // indirect
@@ -326,7 +335,7 @@ require (
k8s.io/code-generator v0.35.1 // indirect
k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b // indirect
k8s.io/kube-aggregator v0.35.1 // indirect
- k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
+ k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288 // indirect
mvdan.cc/gofumpt v0.9.2 // indirect
mvdan.cc/unparam v0.0.0-20251027182757-5beb8c8f8f15 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 // indirect
@@ -334,5 +343,5 @@ require (
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 // indirect
sigs.k8s.io/randfill v1.0.0 // indirect
- sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect
+ sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect
)
diff --git a/go.sum b/go.sum
index ad3c4cb57..bb0b8923f 100644
--- a/go.sum
+++ b/go.sum
@@ -240,8 +240,36 @@ github.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwge
github.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
-github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
-github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
+github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU=
+github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ=
+github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4=
+github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0=
+github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
+github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
+github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y=
+github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk=
+github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
+github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
+github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA=
+github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM=
+github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
+github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
+github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48=
+github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg=
+github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0=
+github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg=
+github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
+github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
+github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
+github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
+github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
+github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
+github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
+github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
@@ -360,8 +388,6 @@ github.com/jingyugao/rowserrcheck v1.1.1 h1:zibz55j/MJtLsjP1OF4bSdgXxwL1b+Vn7Tjz
github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
github.com/jjti/go-spancheck v0.6.5 h1:lmi7pKxa37oKYIMScialXUK6hP3iY5F1gu+mLBPgYB8=
github.com/jjti/go-spancheck v0.6.5/go.mod h1:aEogkeatBrbYsyW6y5TgDfihCulDYciL1B7rG2vSsrU=
-github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE=
github.com/joshdk/go-junit v1.0.0/go.mod h1:TiiV0PqkaNfFXjEiyjWM3XXrhVyCa1K4Zfga6W52ung=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -408,8 +434,6 @@ github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69
github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
github.com/macabu/inamedparam v0.2.0 h1:VyPYpOc10nkhI2qeNUdh3Zket4fcZjEWe35poddBCpE=
github.com/macabu/inamedparam v0.2.0/go.mod h1:+Pee9/YfGe5LJ62pYXqB89lJ+0k5bsR8Wgz/C0Zlq3U=
-github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
-github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
github.com/manuelarte/embeddedstructfieldcheck v0.4.0 h1:3mAIyaGRtjK6EO9E73JlXLtiy7ha80b2ZVGyacxgfww=
github.com/manuelarte/embeddedstructfieldcheck v0.4.0/go.mod h1:z8dFSyXqp+fC6NLDSljRJeNQJJDWnY7RoWFzV3PC6UM=
github.com/manuelarte/funcorder v0.5.0 h1:llMuHXXbg7tD0i/LNw8vGnkDTHFpTnWqKPI85Rknc+8=
@@ -466,10 +490,10 @@ github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28=
github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg=
github.com/openshift-cloud-team/cloud-provider-vsphere v1.19.1-0.20260317135518-758abc9d59a5 h1:Mayj50dtdLPzUVmJNHJpM4GpFWq7fcy9FDIoYUfngQ4=
github.com/openshift-cloud-team/cloud-provider-vsphere v1.19.1-0.20260317135518-758abc9d59a5/go.mod h1:3uaiy47HteyMlDjJankjteem/s1hnbRBU1FgbekLMKU=
-github.com/openshift/api v0.0.0-20260429122012-1180c0f5c3e9 h1:lZw6pYY7El1giNk1lYvkp6hLungiqwIOqLlH+Hm7w9g=
-github.com/openshift/api v0.0.0-20260429122012-1180c0f5c3e9/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo=
-github.com/openshift/client-go v0.0.0-20260429123927-c81f86abfa6a h1:4GR6seHvlfv0rADe+LCQx63FqSExx6gaSo8uNiyWq+c=
-github.com/openshift/client-go v0.0.0-20260429123927-c81f86abfa6a/go.mod h1:Lm7X7aYbAaKhGsNhgYaowP7hiLKwfN/w0r+Q6VlQoI8=
+github.com/openshift/api v0.0.0-20260629123346-784126000268 h1:s2Z/n/ihnmPddz89PnLMkcOgjoe28VlkuDOMUu7y3uI=
+github.com/openshift/api v0.0.0-20260629123346-784126000268/go.mod h1:Jm45pE7O6/G0tYYhiLzNyZykTjmf9BfhsKYuGfLLwTE=
+github.com/openshift/client-go v0.0.0-20260629081241-b769428f4111 h1:Wa3YiBDvUxenrcE03qF//gWV/DRQf+03ptFUikYO5Kw=
+github.com/openshift/client-go v0.0.0-20260629081241-b769428f4111/go.mod h1:X9OaPiMdlU4xQC5SUGxgxoQ/56/GsjAa1wMO/N1Vt08=
github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20260310144400-bec013a007a8 h1:x62h16RetnB1ZP+zjSM9fsoMz98g95zte+DXeUDF34o=
github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20260310144400-bec013a007a8/go.mod h1:n8RwIitgr5SAfvisrU0Ps+Szrn545DBU7nqtwATZphw=
github.com/openshift/controller-runtime-common v0.0.0-20260428152732-64ee174f5e2e h1:k89oIo2EjX0PRSdi1kesktCyWp50SC9WwKurvupvRGs=
@@ -853,8 +877,8 @@ k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc=
k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0=
k8s.io/kube-aggregator v0.35.1 h1:LN+btMJ3yp7biqVgT/0LF6SKIKLyfPU0R+JJ1mycs2I=
k8s.io/kube-aggregator v0.35.1/go.mod h1:HQSjPQfOFRzcv7biQ7jV3cEfKHG+bczpLCfh4QfvxZU=
-k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE=
-k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ=
+k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288 h1:A7Lby6ekC6nv+6oO38huCMFBRP0Os+tIeq1GkwxOQes=
+k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288/go.mod h1:V/QaCUYDa+0QpcHhVVc5l99Uz56wEMEXBSj9oCDkNDY=
k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU=
k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=
mvdan.cc/gofumpt v0.9.2 h1:zsEMWL8SVKGHNztrx6uZrXdp7AX8r421Vvp23sz7ik4=
@@ -881,7 +905,7 @@ sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 h
sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96/go.mod h1:EOBQyBowOUsd7U4CJnMHNE0ri+zCXyouGdLwC/jZU+I=
sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 h1:2WOzJpHUBVrrkDjU4KBT8n5LDcj824eX0I5UKcgeRUs=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=
diff --git a/openshift-tests/README.md b/openshift-tests/README.md
index 845b010fc..f5cf22eb1 100644
--- a/openshift-tests/README.md
+++ b/openshift-tests/README.md
@@ -20,13 +20,14 @@ The test suite is organized into separate sub-projects, each with independent de
## Test Binaries
-### 1. `cluster-cloud-controller-manager-operator-tests-ext`
+### 1. `cloud-controller-manager-operator-tests-ext`
**Purpose:** General cloud controller manager operator tests that run on multiple platforms
**Suites:**
- `ccm/operator/conformance/parallel` - Parallel conformance tests
- `ccm/operator/conformance/serial` - Serial conformance tests
+- `ccm/operator/disruptive/serial` - Serial disruptive operator tests
**Test Selection:**
- Platform-agnostic tests that work across cloud providers
@@ -37,6 +38,7 @@ The test suite is organized into separate sub-projects, each with independent de
- General operator conformance testing
- Multi-platform test runs
- OpenShift-specific feature validation (e.g., VSphereMixedNodeEnv)
+- Focused disruptive operator rehearsals
### 2. `cloud-controller-manager-aws-tests-ext`
@@ -69,6 +71,7 @@ The test suite is organized into separate sub-projects, each with independent de
### Operator Tests (`operator-tests/e2e/`)
- `operator/vsphere_mixed_node.go` - VSphereMixedNodeEnv feature gate tests
+- `operator/ccm_status_disruption.go` - Disruptive CCM operator tests
- `common/helper.go` - Client configuration (`NewClientConfigForTest`)
### Test Prefixes
@@ -110,12 +113,12 @@ make build
# Or build individually from within each sub-project
cd openshift-tests/ccm-aws-tests && go build -o ../bin/cloud-controller-manager-aws-tests-ext .
-cd openshift-tests/operator-tests && go build -o ../bin/cluster-cloud-controller-manager-operator-tests-ext .
+cd openshift-tests/operator-tests && go build -o ../bin/cloud-controller-manager-operator-tests-ext .
```
Binaries are built to `openshift-tests/bin/`:
- `cloud-controller-manager-aws-tests-ext` (~95MB)
-- `cluster-cloud-controller-manager-operator-tests-ext` (~85MB)
+- `cloud-controller-manager-operator-tests-ext` (~85MB)
### Running Tests
@@ -129,11 +132,14 @@ The test binaries are OpenShift Tests Extension (OTE) binaries and follow the OT
./openshift-tests/bin/cloud-controller-manager-aws-tests-ext run ccm/aws/conformance/parallel
# List operator tests
-./openshift-tests/bin/cluster-cloud-controller-manager-operator-tests-ext list
+./openshift-tests/bin/cloud-controller-manager-operator-tests-ext list
# Run operator tests (parallel or serial)
-./openshift-tests/bin/cluster-cloud-controller-manager-operator-tests-ext run ccm/operator/conformance/parallel
-./openshift-tests/bin/cluster-cloud-controller-manager-operator-tests-ext run ccm/operator/conformance/serial
+./openshift-tests/bin/cloud-controller-manager-operator-tests-ext run ccm/operator/conformance/parallel
+./openshift-tests/bin/cloud-controller-manager-operator-tests-ext run ccm/operator/conformance/serial
+
+# Run disruptive operator recovery tests
+./openshift-tests/bin/cloud-controller-manager-operator-tests-ext run ccm/operator/disruptive/serial
```
**Prerequisites:**
diff --git a/openshift-tests/operator-tests/e2e/operator/ccm_status_disruption.go b/openshift-tests/operator-tests/e2e/operator/ccm_status_disruption.go
new file mode 100644
index 000000000..89efeec41
--- /dev/null
+++ b/openshift-tests/operator-tests/e2e/operator/ccm_status_disruption.go
@@ -0,0 +1,218 @@
+package operator
+
+import (
+ "context"
+ "fmt"
+ "strings"
+ "time"
+
+ . "github.com/onsi/ginkgo/v2"
+ . "github.com/onsi/gomega"
+ configv1 "github.com/openshift/api/config/v1"
+ "github.com/openshift/client-go/config/clientset/versioned"
+ "github.com/openshift/cluster-cloud-controller-manager-operator/openshift-tests/operator-tests/e2e/common"
+
+ corev1 "k8s.io/api/core/v1"
+ apierrors "k8s.io/apimachinery/pkg/api/errors"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/util/wait"
+ "k8s.io/client-go/kubernetes"
+ "k8s.io/client-go/rest"
+)
+
+const (
+ cloudControllerManagerOperatorName = "cloud-controller-manager"
+ cloudControllerManagerNamespace = "openshift-cloud-controller-manager"
+ openshiftConfigNamespace = "openshift-config"
+ openshiftConfigManagedNamespace = "openshift-config-managed"
+ cloudProviderConfigName = "cloud-provider-config"
+ kubeCloudConfigName = "kube-cloud-config"
+)
+
+var _ = Describe("[Serial][Disruptive][Suite:openshift/ccm/operator/disruptive/serial] cloud-controller-manager operator status", Label("Serial", "Disruptive"), func() {
+ var (
+ err error
+ kubeClient *kubernetes.Clientset
+ configClient *versioned.Clientset
+ platformType configv1.PlatformType
+ )
+
+ BeforeEach(func() {
+ kubeConfig, configErr := common.NewClientConfigForTest()
+ Expect(configErr).NotTo(HaveOccurred(), "failed to load kubeconfig")
+
+ kubeClient = kubernetes.NewForConfigOrDie(rest.AddUserAgent(kubeConfig, clientName))
+ configClient = versioned.NewForConfigOrDie(rest.AddUserAgent(kubeConfig, clientName))
+
+ infra, infraErr := configClient.ConfigV1().Infrastructures().Get(context.Background(), "cluster", metav1.GetOptions{})
+ Expect(infraErr).NotTo(HaveOccurred(), "failed to get cluster infrastructure")
+ platformType = infrastructurePlatformType(infra)
+
+ _, err = configClient.ConfigV1().ClusterOperators().Get(context.Background(), cloudControllerManagerOperatorName, metav1.GetOptions{})
+ if apierrors.IsNotFound(err) {
+ Skip("cloud-controller-manager clusteroperator is absent on this cluster")
+ }
+ Expect(err).NotTo(HaveOccurred(), "failed to get cloud-controller-manager clusteroperator")
+ })
+
+ It("70621 cloud-controller-manager should be Upgradeable is True when Degraded is False", func(ctx context.Context) {
+ skipUnlessSupportedPlatform(platformType,
+ configv1.AWSPlatformType,
+ configv1.GCPPlatformType,
+ configv1.AzurePlatformType,
+ configv1.IBMCloudPlatformType,
+ configv1.NutanixPlatformType,
+ configv1.VSpherePlatformType,
+ configv1.OpenStackPlatformType,
+ )
+
+ By("Deleting cloud config configmaps while keeping the operator upgradeable during transient recovery")
+ originalCloudProviderConfig, err := kubeClient.CoreV1().ConfigMaps(openshiftConfigNamespace).Get(ctx, cloudProviderConfigName, metav1.GetOptions{})
+ Expect(err).NotTo(HaveOccurred(), "failed to read %s/%s", openshiftConfigNamespace, cloudProviderConfigName)
+
+ err = kubeClient.CoreV1().ConfigMaps(openshiftConfigNamespace).Delete(ctx, cloudProviderConfigName, metav1.DeleteOptions{})
+ Expect(err).NotTo(HaveOccurred(), "failed to delete %s/%s", openshiftConfigNamespace, cloudProviderConfigName)
+ DeferCleanup(func(ctx context.Context) {
+ By("Restoring cloud-provider-config after the transient disruption")
+ restore := restorableConfigMap(originalCloudProviderConfig)
+ _, createErr := kubeClient.CoreV1().ConfigMaps(openshiftConfigNamespace).Create(ctx, restore, metav1.CreateOptions{})
+ Expect(createErr).NotTo(HaveOccurred(), "failed to restore %s/%s", openshiftConfigNamespace, cloudProviderConfigName)
+
+ err = wait.PollUntilContextTimeout(ctx, 5*time.Second, 2*time.Minute, true, func(ctx context.Context) (bool, error) {
+ co, getErr := configClient.ConfigV1().ClusterOperators().Get(ctx, cloudControllerManagerOperatorName, metav1.GetOptions{})
+ if getErr != nil {
+ return false, getErr
+ }
+
+ degraded := findOperatorConditionStatus(co.Status.Conditions, configv1.OperatorDegraded)
+ upgradeable := findOperatorConditionStatus(co.Status.Conditions, configv1.OperatorUpgradeable)
+ if degraded == configv1.ConditionFalse && upgradeable == configv1.ConditionTrue {
+ return true, nil
+ }
+
+ return false, nil
+ })
+ Expect(err).NotTo(HaveOccurred(), "cloud-controller-manager did not recover to Degraded=False and Upgradeable=True after restoring cloud-provider-config")
+ }, ctx)
+
+ err = kubeClient.CoreV1().ConfigMaps(openshiftConfigManagedNamespace).Delete(ctx, kubeCloudConfigName, metav1.DeleteOptions{})
+ Expect(err).NotTo(HaveOccurred(), "failed to delete %s/%s", openshiftConfigManagedNamespace, kubeCloudConfigName)
+
+ By("Waiting for kube-cloud-config to be recreated while cloud-controller-manager stays non-degraded and upgradeable")
+ err = wait.PollUntilContextTimeout(ctx, 5*time.Second, 2*time.Minute, true, func(ctx context.Context) (bool, error) {
+ _, getErr := kubeClient.CoreV1().ConfigMaps(openshiftConfigManagedNamespace).Get(ctx, kubeCloudConfigName, metav1.GetOptions{})
+ if getErr != nil {
+ if apierrors.IsNotFound(getErr) {
+ GinkgoWriter.Printf("%s/%s is still absent, retrying\n", openshiftConfigManagedNamespace, kubeCloudConfigName)
+ return false, nil
+ }
+ return false, getErr
+ }
+
+ co, getErr := configClient.ConfigV1().ClusterOperators().Get(ctx, cloudControllerManagerOperatorName, metav1.GetOptions{})
+ if getErr != nil {
+ return false, getErr
+ }
+
+ degraded := findOperatorConditionStatus(co.Status.Conditions, configv1.OperatorDegraded)
+ upgradeable := findOperatorConditionStatus(co.Status.Conditions, configv1.OperatorUpgradeable)
+ if degraded != configv1.ConditionFalse || upgradeable != configv1.ConditionTrue {
+ return false, fmt.Errorf("expected cloud-controller-manager to stay Degraded=False and Upgradeable=True after kube-cloud-config recreation, got %q", summarizeOperatorConditions(co.Status.Conditions))
+ }
+
+ GinkgoWriter.Printf("%s/%s has been recreated and cloud-controller-manager remains healthy: %s\n", openshiftConfigManagedNamespace, kubeCloudConfigName, summarizeOperatorConditions(co.Status.Conditions))
+ return true, nil
+ })
+ Expect(err).NotTo(HaveOccurred(), "cloud-controller-manager did not remain non-degraded after kube-cloud-config recovery")
+ })
+
+ It("70566 Garbage in cloud-controller-manager status", func(ctx context.Context) {
+ skipUnlessSupportedPlatform(platformType,
+ configv1.AWSPlatformType,
+ configv1.AzurePlatformType,
+ configv1.GCPPlatformType,
+ configv1.AlibabaCloudPlatformType,
+ configv1.VSpherePlatformType,
+ configv1.IBMCloudPlatformType,
+ )
+
+ By("Deleting the cloud-controller-manager namespace to force operator recovery")
+ err = kubeClient.CoreV1().Namespaces().Delete(ctx, cloudControllerManagerNamespace, metav1.DeleteOptions{})
+ Expect(err).NotTo(HaveOccurred(), "failed to delete namespace %s", cloudControllerManagerNamespace)
+
+ By("Waiting for recovered status to drop stale degraded messages")
+ err = wait.PollUntilContextTimeout(ctx, time.Minute, 20*time.Minute, true, func(ctx context.Context) (bool, error) {
+ co, getErr := configClient.ConfigV1().ClusterOperators().Get(ctx, cloudControllerManagerOperatorName, metav1.GetOptions{})
+ if getErr != nil {
+ GinkgoWriter.Printf("retrying while cloud-controller-manager clusteroperator is unavailable: %v\n", getErr)
+ return false, nil
+ }
+
+ conditionSummary := summarizeOperatorConditions(co.Status.Conditions)
+ if strings.Contains(conditionSummary, "TrustedCABundleControllerControllerDegraded condition is set to True") {
+ return false, fmt.Errorf("unexpected stale degraded message in recovered cloud-controller-manager status: %s", conditionSummary)
+ }
+
+ if strings.Contains(conditionSummary, "Trusted CA Bundle Controller works as expected") {
+ GinkgoWriter.Printf("cloud-controller-manager recovered cleanly: %s\n", conditionSummary)
+ return true, nil
+ }
+
+ GinkgoWriter.Printf("still waiting for a clean recovered status: %s\n", conditionSummary)
+ return false, nil
+ })
+ Expect(err).NotTo(HaveOccurred(), "cloud-controller-manager did not recover with a clean status message")
+ })
+})
+
+func infrastructurePlatformType(infra *configv1.Infrastructure) configv1.PlatformType {
+ if infra.Status.PlatformStatus != nil && infra.Status.PlatformStatus.Type != "" {
+ return infra.Status.PlatformStatus.Type
+ }
+
+ return infra.Status.Platform
+}
+
+func skipUnlessSupportedPlatform(actual configv1.PlatformType, supported ...configv1.PlatformType) {
+ for _, platform := range supported {
+ if actual == platform {
+ return
+ }
+ }
+
+ Skip(fmt.Sprintf("platform %q is not covered by this disruptive test", actual))
+}
+
+func restorableConfigMap(original *corev1.ConfigMap) *corev1.ConfigMap {
+ restore := original.DeepCopy()
+ restore.ResourceVersion = ""
+ restore.UID = ""
+ restore.CreationTimestamp = metav1.Time{}
+ restore.Generation = 0
+ restore.ManagedFields = nil
+ restore.OwnerReferences = nil
+ restore.Finalizers = nil
+ restore.SelfLink = ""
+ restore.DeletionTimestamp = nil
+ restore.DeletionGracePeriodSeconds = nil
+ return restore
+}
+
+func findOperatorConditionStatus(conditions []configv1.ClusterOperatorStatusCondition, conditionType configv1.ClusterStatusConditionType) configv1.ConditionStatus {
+ for _, condition := range conditions {
+ if condition.Type == conditionType {
+ return condition.Status
+ }
+ }
+
+ return configv1.ConditionUnknown
+}
+
+func summarizeOperatorConditions(conditions []configv1.ClusterOperatorStatusCondition) string {
+ parts := make([]string, 0, len(conditions))
+ for _, condition := range conditions {
+ parts = append(parts, fmt.Sprintf("%s=%s reason=%s message=%s", condition.Type, condition.Status, condition.Reason, condition.Message))
+ }
+
+ return strings.Join(parts, "; ")
+}
diff --git a/openshift-tests/operator-tests/go.mod b/openshift-tests/operator-tests/go.mod
index 2ab17cd51..9a10cf1c8 100644
--- a/openshift-tests/operator-tests/go.mod
+++ b/openshift-tests/operator-tests/go.mod
@@ -6,6 +6,8 @@ require (
github.com/onsi/ginkgo/v2 v2.28.1
github.com/onsi/gomega v1.39.1
github.com/openshift-eng/openshift-tests-extension v0.0.0-20250916161632-d81c09058835
+ github.com/openshift/api v0.0.0-20260629123346-784126000268
+ github.com/openshift/client-go v0.0.0-20260629081241-b769428f4111
github.com/spf13/cobra v1.10.2
github.com/spf13/pflag v1.0.10
k8s.io/api v0.35.2
@@ -32,7 +34,18 @@ require (
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.21.2 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
- github.com/go-openapi/swag v0.23.1 // indirect
+ github.com/go-openapi/swag v0.25.4 // indirect
+ github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
+ github.com/go-openapi/swag/conv v0.25.4 // indirect
+ github.com/go-openapi/swag/fileutils v0.25.4 // indirect
+ github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+ github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
+ github.com/go-openapi/swag/loading v0.25.4 // indirect
+ github.com/go-openapi/swag/mangling v0.25.4 // indirect
+ github.com/go-openapi/swag/netutils v0.25.4 // indirect
+ github.com/go-openapi/swag/stringutils v0.25.4 // indirect
+ github.com/go-openapi/swag/typeutils v0.25.4 // indirect
+ github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/google/cel-go v0.26.1 // indirect
github.com/google/gnostic-models v0.7.0 // indirect
@@ -42,9 +55,7 @@ require (
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
- github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
- github.com/mailru/easyjson v0.9.0 // indirect
github.com/moby/spdystream v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
@@ -88,13 +99,12 @@ require (
google.golang.org/protobuf v1.36.11 // indirect
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
- gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.35.1 // indirect
k8s.io/apiserver v0.35.1 // indirect
k8s.io/component-helpers v0.35.1 // indirect
k8s.io/controller-manager v0.35.1 // indirect
k8s.io/klog/v2 v2.140.0 // indirect
- k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
+ k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288 // indirect
k8s.io/kubectl v0.33.0 // indirect
k8s.io/kubelet v0.35.0 // indirect
k8s.io/pod-security-admission v0.35.0 // indirect
@@ -102,7 +112,7 @@ require (
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 // indirect
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
sigs.k8s.io/randfill v1.0.0 // indirect
- sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect
+ sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect
sigs.k8s.io/yaml v1.6.0 // indirect
)
diff --git a/openshift-tests/operator-tests/go.sum b/openshift-tests/operator-tests/go.sum
index 45fd52c35..6bf8596b7 100644
--- a/openshift-tests/operator-tests/go.sum
+++ b/openshift-tests/operator-tests/go.sum
@@ -44,8 +44,36 @@ github.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwge
github.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
-github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
-github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
+github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU=
+github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ=
+github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4=
+github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0=
+github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
+github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
+github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y=
+github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk=
+github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
+github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
+github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA=
+github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM=
+github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
+github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
+github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48=
+github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg=
+github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0=
+github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg=
+github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
+github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
+github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
+github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
+github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
+github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
+github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
+github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
@@ -69,8 +97,6 @@ github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnV
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2/go.mod h1:pkJQ2tZHJ0aFOVEEot6oZmaVEZcRme73eIFmhiVuRWs=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE=
github.com/joshdk/go-junit v1.0.0/go.mod h1:TiiV0PqkaNfFXjEiyjWM3XXrhVyCa1K4Zfga6W52ung=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -83,8 +109,6 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
-github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo=
github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg=
github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE=
@@ -107,6 +131,10 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/openshift-eng/openshift-tests-extension v0.0.0-20250916161632-d81c09058835 h1:rkqIIfdYYkasXbF2XKVgh/3f1mhjSQK9By8WtVMgYo8=
github.com/openshift-eng/openshift-tests-extension v0.0.0-20250916161632-d81c09058835/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M=
+github.com/openshift/api v0.0.0-20260629123346-784126000268 h1:s2Z/n/ihnmPddz89PnLMkcOgjoe28VlkuDOMUu7y3uI=
+github.com/openshift/api v0.0.0-20260629123346-784126000268/go.mod h1:Jm45pE7O6/G0tYYhiLzNyZykTjmf9BfhsKYuGfLLwTE=
+github.com/openshift/client-go v0.0.0-20260629081241-b769428f4111 h1:Wa3YiBDvUxenrcE03qF//gWV/DRQf+03ptFUikYO5Kw=
+github.com/openshift/client-go v0.0.0-20260629081241-b769428f4111/go.mod h1:X9OaPiMdlU4xQC5SUGxgxoQ/56/GsjAa1wMO/N1Vt08=
github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20260303184444-1cc650aa0565 h1:3/q8qM4HbFa+Een8wgzpwO8W6mO7Po+MwY6uxiXi/ac=
github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20260303184444-1cc650aa0565/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -245,8 +273,8 @@ k8s.io/controller-manager v0.35.0 h1:KteodmfVIRzfZ3RDaxhnHb72rswBxEngvdL9vuZOA9A
k8s.io/controller-manager v0.35.0/go.mod h1:1bVuPNUG6/dpWpevsJpXioS0E0SJnZ7I/Wqc9Awyzm4=
k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc=
k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0=
-k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE=
-k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ=
+k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288 h1:A7Lby6ekC6nv+6oO38huCMFBRP0Os+tIeq1GkwxOQes=
+k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288/go.mod h1:V/QaCUYDa+0QpcHhVVc5l99Uz56wEMEXBSj9oCDkNDY=
k8s.io/kubectl v0.35.0 h1:cL/wJKHDe8E8+rP3G7avnymcMg6bH6JEcR5w5uo06wc=
k8s.io/kubectl v0.35.0/go.mod h1:VR5/TSkYyxZwrRwY5I5dDq6l5KXmiCb+9w8IKplk3Qo=
k8s.io/kubelet v0.35.0 h1:8cgJHCBCKLYuuQ7/Pxb/qWbJfX1LXIw7790ce9xHq7c=
@@ -263,7 +291,7 @@ sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5E
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 h1:2WOzJpHUBVrrkDjU4KBT8n5LDcj824eX0I5UKcgeRUs=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=
diff --git a/openshift-tests/operator-tests/main.go b/openshift-tests/operator-tests/main.go
index 52e8297d2..442d1d3aa 100644
--- a/openshift-tests/operator-tests/main.go
+++ b/openshift-tests/operator-tests/main.go
@@ -46,6 +46,12 @@ func main() {
Qualifiers: []string{`labels.exists(l, l == "Serial") && labels.exists(l, l == "Conformance")`},
})
+ kubeTestsExtension.AddSuite(extension.Suite{
+ Name: "ccm/operator/disruptive/serial",
+ Qualifiers: []string{`labels.exists(l, l == "Serial") && labels.exists(l, l == "Disruptive")`},
+ ClusterStability: extension.ClusterStabilityDisruptive,
+ })
+
// Build our specs from ginkgo
specs, err := ginkgo.BuildExtensionTestSpecsFromOpenShiftGinkgoSuite()
if err != nil {
diff --git a/pkg/controllers/cloud_config_sync_controller.go b/pkg/controllers/cloud_config_sync_controller.go
index 4ad41e972..df1c9dd36 100644
--- a/pkg/controllers/cloud_config_sync_controller.go
+++ b/pkg/controllers/cloud_config_sync_controller.go
@@ -187,6 +187,8 @@ func (r *CloudConfigReconciler) Reconcile(ctx context.Context, req ctrl.Request)
klog.Infof("Initializing minimal config for platform %s", platformType)
minimalConfig := getMinimalConfigForPlatform(platformType)
sourceCM.Data = map[string]string{defaultConfigKey: minimalConfig}
+ } else {
+ return ctrl.Result{}, fmt.Errorf("cloud-config source configmap %s/%s not found", openshiftUnmanagedCMKey.Namespace, openshiftUnmanagedCMKey.Name)
}
} else if err != nil {
klog.Errorf("unable to get cloud-config for sync: %v", err)
diff --git a/pkg/controllers/cloud_config_sync_controller_test.go b/pkg/controllers/cloud_config_sync_controller_test.go
index a9e370ef9..8d55138ae 100644
--- a/pkg/controllers/cloud_config_sync_controller_test.go
+++ b/pkg/controllers/cloud_config_sync_controller_test.go
@@ -548,6 +548,31 @@ var _ = Describe("Cloud config sync reconciler", func() {
Expect(degradedCond.Status).To(Equal(configv1.ConditionTrue))
})
+ It("should treat a missing source configmap as transient until it reappears", func() {
+ Expect(cl.Delete(ctx, makeInfraCloudConfig(configv1.AWSPlatformType))).To(Succeed())
+
+ infraResource := makeInfrastructureResource(configv1.AWSPlatformType)
+ Expect(cl.Create(ctx, infraResource)).To(Succeed())
+
+ infraResource.Status = makeInfraStatus(infraResource.Spec.PlatformSpec.Type)
+ Expect(cl.Status().Update(ctx, infraResource.DeepCopy())).To(Succeed())
+
+ _, err := reconciler.Reconcile(context.TODO(), ctrl.Request{})
+ Expect(err).To(HaveOccurred())
+
+ co := &configv1.ClusterOperator{}
+ Expect(cl.Get(ctx, client.ObjectKey{Name: clusterOperatorName}, co)).To(MatchError(apierrors.IsNotFound, "IsNotFound"))
+
+ Expect(cl.Create(ctx, makeInfraCloudConfig(configv1.AWSPlatformType))).To(Succeed())
+
+ _, err = reconciler.Reconcile(context.TODO(), ctrl.Request{})
+ Expect(err).NotTo(HaveOccurred())
+
+ Expect(cl.Get(ctx, client.ObjectKey{Name: clusterOperatorName}, co)).To(Succeed())
+ Expect(v1helpers.IsStatusConditionTrue(co.Status.Conditions, cloudConfigControllerDegradedCondition)).To(BeFalse())
+ Expect(v1helpers.IsStatusConditionTrue(co.Status.Conditions, cloudConfigControllerAvailableCondition)).To(BeTrue())
+ })
+
It("should continue with reconcile when feature gates are available", func() {
reconciler.FeatureGateAccess = featuregates.NewHardcodedFeatureGateAccessForTesting(
[]configv1.FeatureGateName{"CloudControllerManagerWebhook", "ChocobombVanilla", "ChocobombStrawberry"},
@@ -604,9 +629,8 @@ var _ = Describe("Cloud config sync reconciler", func() {
Expect(cl.Status().Update(ctx, infraResource.DeepCopy())).To(Succeed())
_, err := reconciler.Reconcile(context.TODO(), ctrl.Request{})
Expect(err).To(BeNil())
- allCMs := &corev1.ConfigMapList{}
- Expect(cl.List(ctx, allCMs, &client.ListOptions{Namespace: targetNamespaceName})).To(Succeed())
- Expect(len(allCMs.Items)).To(BeZero())
+ Expect(cl.Get(ctx, client.ObjectKey{Namespace: targetNamespaceName, Name: syncedCloudConfigMapName}, &corev1.ConfigMap{})).
+ To(MatchError(apierrors.IsNotFound, "IsNotFound"))
})
})
diff --git a/vendor/github.com/go-openapi/swag/.codecov.yml b/vendor/github.com/go-openapi/swag/.codecov.yml
new file mode 100644
index 000000000..3354f44b2
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/.codecov.yml
@@ -0,0 +1,4 @@
+ignore:
+ - jsonutils/fixtures_test
+ - jsonutils/adapters/ifaces/mocks
+ - jsonutils/adapters/testintegration/benchmarks
diff --git a/vendor/github.com/go-openapi/swag/.golangci.yml b/vendor/github.com/go-openapi/swag/.golangci.yml
index d2fafb8a2..126264a6b 100644
--- a/vendor/github.com/go-openapi/swag/.golangci.yml
+++ b/vendor/github.com/go-openapi/swag/.golangci.yml
@@ -1,56 +1,78 @@
-linters-settings:
- gocyclo:
- min-complexity: 45
- dupl:
- threshold: 200
- goconst:
- min-len: 2
- min-occurrences: 3
-
+version: "2"
linters:
- enable-all: true
+ default: all
disable:
- - recvcheck
- - unparam
- - lll
- - gochecknoinits
- - gochecknoglobals
+ - cyclop
+ - depguard
+ - errchkjson
+ - errorlint
+ - exhaustruct
+ - forcetypeassert
- funlen
- - godox
+ - gochecknoglobals
+ - gochecknoinits
- gocognit
- - whitespace
- - wsl
- - wrapcheck
- - testpackage
- - nlreturn
- - errorlint
- - nestif
- godot
- - gofumpt
+ - godox
+ - gomoddirectives
+ - gosmopolitan
+ - inamedparam
+ - intrange
+ - ireturn
+ - lll
+ - musttag
+ - modernize
+ - nestif
+ - nlreturn
+ - nonamedreturns
+ - noinlineerr
- paralleltest
- - tparallel
+ - recvcheck
+ - testpackage
- thelper
- - exhaustruct
+ - tagliatelle
+ - tparallel
+ - unparam
- varnamelen
- - gci
- - depguard
- - errchkjson
- - inamedparam
- - nonamedreturns
- - musttag
- - ireturn
- - forcetypeassert
- - cyclop
- # deprecated linters
- #- deadcode
- #- interfacer
- #- scopelint
- #- varcheck
- #- structcheck
- #- golint
- #- nosnakecase
- #- maligned
- #- goerr113
- #- ifshort
- #- gomnd
- #- exhaustivestruct
+ - whitespace
+ - wrapcheck
+ - wsl
+ - wsl_v5
+ settings:
+ dupl:
+ threshold: 200
+ goconst:
+ min-len: 2
+ min-occurrences: 3
+ gocyclo:
+ min-complexity: 45
+ exclusions:
+ generated: lax
+ presets:
+ - comments
+ - common-false-positives
+ - legacy
+ - std-error-handling
+ paths:
+ - third_party$
+ - builtin$
+ - examples$
+formatters:
+ enable:
+ - gofmt
+ - goimports
+ exclusions:
+ generated: lax
+ paths:
+ - third_party$
+ - builtin$
+ - examples$
+issues:
+ # Maximum issues count per one linter.
+ # Set to 0 to disable.
+ # Default: 50
+ max-issues-per-linter: 0
+ # Maximum count of issues with the same text.
+ # Set to 0 to disable.
+ # Default: 3
+ max-same-issues: 0
diff --git a/vendor/github.com/go-openapi/swag/.mockery.yml b/vendor/github.com/go-openapi/swag/.mockery.yml
new file mode 100644
index 000000000..8557cb58d
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/.mockery.yml
@@ -0,0 +1,30 @@
+all: false
+dir: '{{.InterfaceDir}}'
+filename: mocks_test.go
+force-file-write: true
+formatter: goimports
+include-auto-generated: false
+log-level: info
+structname: '{{.Mock}}{{.InterfaceName}}'
+pkgname: '{{.SrcPackageName}}'
+recursive: false
+require-template-schema-exists: true
+template: matryer
+template-schema: '{{.Template}}.schema.json'
+packages:
+ github.com/go-openapi/swag/jsonutils/adapters/ifaces:
+ config:
+ dir: jsonutils/adapters/ifaces/mocks
+ filename: mocks.go
+ pkgname: 'mocks'
+ force-file-write: true
+ all: true
+ github.com/go-openapi/swag/jsonutils/adapters/testintegration:
+ config:
+ inpackage: true
+ dir: jsonutils/adapters/testintegration
+ force-file-write: true
+ all: true
+ interfaces:
+ EJMarshaler:
+ EJUnmarshaler:
diff --git a/vendor/github.com/go-openapi/swag/README.md b/vendor/github.com/go-openapi/swag/README.md
index a72922299..371fd55fd 100644
--- a/vendor/github.com/go-openapi/swag/README.md
+++ b/vendor/github.com/go-openapi/swag/README.md
@@ -1,23 +1,239 @@
# Swag [](https://github.com/go-openapi/swag/actions?query=workflow%3A"go+test") [](https://codecov.io/gh/go-openapi/swag)
[](https://slackin.goswagger.io)
-[](https://raw.githubusercontent.com/go-openapi/swag/master/LICENSE)
+[](https://raw.githubusercontent.com/go-openapi/swag/master/LICENSE)
[](https://pkg.go.dev/github.com/go-openapi/swag)
[](https://goreportcard.com/report/github.com/go-openapi/swag)
-Contains a bunch of helper functions for go-openapi and go-swagger projects.
+Package `swag` contains a bunch of helper functions for go-openapi and go-swagger projects.
You may also use it standalone for your projects.
-* convert between value and pointers for builtin types
-* convert from string to builtin types (wraps strconv)
-* fast json concatenation
-* search in path
-* load from file or http
-* name mangling
+> **NOTE**
+> `swag` is one of the foundational building blocks of the go-openapi initiative.
+> Most repositories in `github.com/go-openapi/...` depend on it in some way.
+> And so does our CLI tool `github.com/go-swagger/go-swagger`,
+> as well as the code generated by this tool.
+* [Contents](#contents)
+* [Dependencies](#dependencies)
+* [Release Notes](#release-notes)
+* [Licensing](#licensing)
+* [Note to contributors](#note-to-contributors)
+* [TODOs, suggestions and plans](#todos-suggestions-and-plans)
-This repo has only few dependencies outside of the standard library:
+## Contents
-* YAML utilities depend on `gopkg.in/yaml.v3`
-* `github.com/mailru/easyjson v0.7.7`
+`go-openapi/swag` exposes a collection of relatively independent modules.
+
+Moving forward, no additional feature will be added to the `swag` API directly at the root package level,
+which remains there for backward-compatibility purposes. All exported top-level features are now deprecated.
+
+Child modules will continue to evolve and some new ones may be added in the future.
+
+| Module | Content | Main features |
+|---------------|---------|---------------|
+| `cmdutils` | utilities to work with CLIs ||
+| `conv` | type conversion utilities | convert between values and pointers for any types
convert from string to builtin types (wraps `strconv`)
require `./typeutils` (test dependency)
|
+| `fileutils` | file utilities | |
+| `jsonname` | JSON utilities | infer JSON names from `go` properties
|
+| `jsonutils` | JSON utilities | fast json concatenation
read and write JSON from and to dynamic `go` data structures
~require `github.com/mailru/easyjson`~
|
+| `loading` | file loading | load from file or http
require `./yamlutils`
|
+| `mangling` | safe name generation | name mangling for `go`
|
+| `netutils` | networking utilities | host, port from address
|
+| `stringutils` | `string` utilities | search in slice (with case-insensitive)
split/join query parameters as arrays
|
+| `typeutils` | `go` types utilities | check the zero value for any type
safe check for a nil value
|
+| `yamlutils` | YAML utilities | converting YAML to JSON
loading YAML into a dynamic YAML document
maintaining the original order of keys in YAML objects
require `./jsonutils`
~require `github.com/mailru/easyjson`~
require `go.yaml.in/yaml/v3`
|
+
+---
+
+## Dependencies
+
+The root module `github.com/go-openapi/swag` at the repo level maintains a few
+dependencies outside of the standard library.
+
+* YAML utilities depend on `go.yaml.in/yaml/v3`
+* JSON utilities depend on their registered adapter module:
+ * by default, only the standard library is used
+ * `github.com/mailru/easyjson` is now only a dependency for module
+ `github.com/go-openapi/swag/jsonutils/adapters/easyjson/json`,
+ for users willing to import that module.
+ * integration tests and benchmarks use all the dependencies are published as their own module
+* other dependencies are test dependencies drawn from `github.com/stretchr/testify`
+
+## Release notes
+
+### v0.25.4
+
+** mangling**
+
+Bug fix
+
+* [x] mangler may panic with pluralized overlapping initialisms
+
+Tests
+
+* [x] introduced fuzz tests
+
+### v0.25.3
+
+** mangling**
+
+Bug fix
+
+* [x] mangler may panic with pluralized initialisms
+
+### v0.25.2
+
+Minor changes due to internal maintenance that don't affect the behavior of the library.
+
+* [x] removed indirect test dependencies by switching all tests to `go-openapi/testify`,
+ a fork of `stretch/testify` with zero-dependencies.
+* [x] improvements to CI to catch test reports.
+* [x] modernized licensing annotations in source code, using the more compact SPDX annotations
+ rather than the full license terms.
+* [x] simplified a bit JSON & YAML testing by using newly available assertions
+* started the journey to an OpenSSF score card badge:
+ * [x] explicited permissions in CI workflows
+ * [x] published security policy
+ * pinned dependencies to github actions
+ * introduced fuzzing in tests
+
+### v0.25.1
+
+* fixes a data race that could occur when using the standard library implementation of a JSON ordered map
+
+### v0.25.0
+
+**New with this release**:
+
+* requires `go1.24`, as iterators are being introduced
+* removes the dependency to `mailru/easyjson` by default (#68)
+ * functionality remains the same, but performance may somewhat degrade for applications
+ that relied on `easyjson`
+ * users of the JSON or YAML utilities who want to use `easyjson` as their preferred JSON serializer library
+ will be able to do so by registering this the corresponding JSON adapter at runtime. See below.
+ * ordered keys in JSON and YAML objects: this feature used to rely solely on `easyjson`.
+ With this release, an implementation relying on the standard `encoding/json` is provided.
+ * an independent [benchmark](./jsonutils/adapters/testintegration/benchmarks/README.md) to compare the different adapters
+* improves the "float is integer" check (`conv.IsFloat64AJSONInteger`) (#59)
+* removes the _direct_ dependency to `gopkg.in/yaml.v3` (indirect dependency is still incurred through `stretchr/testify`) (#127)
+* exposed `conv.IsNil()` (previously kept private): a safe nil check (accounting for the "non-nil interface with nil value" nonsensical go trick)
+
+**What coming next?**
+
+Moving forward, we want to :
+* provide an implementation of the JSON adapter based on `encoding/json/v2`, for `go1.25` builds.
+* provide similar implementations for `goccy/go-json` and `jsoniterator/go`, and perhaps some other
+ similar libraries may be interesting too.
+
+
+**How to explicitly register a dependency at runtime**?
+
+The following would maintain how JSON utilities proposed by `swag` used work, up to `v0.24.1`.
+
+ ```go
+ import (
+ "github.com/go-openapi/swag/jsonutils/adapters"
+ easyjson "github.com/go-openapi/swag/jsonutils/adapters/easyjson/json"
+ )
+
+ func init() {
+ easyjson.Register(adapters.Registry)
+ }
+ ```
+
+Subsequent calls to `jsonutils.ReadJSON()` or `jsonutils.WriteJSON()` will switch to `easyjson`
+whenever the passed data structures implement the `easyjson.Unmarshaler` or `easyjson.Marshaler` respectively,
+or fallback to the standard library.
+
+For more details, you may also look at our
+[integration tests](jsonutils/adapters/testintegration/integration_suite_test.go#29).
+
+### v0.24.0
+
+With this release, we have largely modernized the API of `swag`:
+
+* The traditional `swag` API is still supported: code that imports `swag` will still
+ compile and work the same.
+* A deprecation notice is published to encourage consumers of this library to adopt
+ the newer API
+* **Deprecation notice**
+ * configuration through global variables is now deprecated, in favor of options passed as parameters
+ * all helper functions are moved to more specialized packages, which are exposed as
+ go modules. Importing such a module would reduce the footprint of dependencies.
+ * _all_ functions, variables, constants exposed by the deprecated API have now moved, so
+ that consumers of the new API no longer need to import github.com/go-openapi/swag, but
+ should import the desired sub-module(s).
+
+**New with this release**:
+
+* [x] type converters and pointer to value helpers now support generic types
+* [x] name mangling now support pluralized initialisms (issue #46)
+ Strings like "contact IDs" are now recognized as such a plural form and mangled as a linter would expect.
+* [x] performance: small improvements to reduce the overhead of convert/format wrappers (see issues #110, or PR #108)
+* [x] performance: name mangling utilities run ~ 10% faster (PR #115)
+
+---
+
+## Licensing
+
+This library ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE).
+
+## Note to contributors
+
+A mono-repo structure comes with some unavoidable extra pains...
+
+* Testing
+
+> The usual `go test ./...` command, run from the root of this repo won't work any longer to test all submodules.
+>
+> Each module constitutes an independant unit of test. So you have to run `go test` inside each module.
+> Or you may take a look at how this is achieved by CI
+> [here] https://github.com/go-openapi/swag/blob/master/.github/workflows/go-test.yml).
+>
+> There are also some alternative tricks using `go work`, for local development, if you feel comfortable with
+> go workspaces. Perhaps some day, we'll have a `go work test` to run all tests without any hack.
+
+* Releasing
+
+> Each module follows its own independant module versioning.
+>
+> So you have tags like `mangling/v0.24.0`, `fileutils/v0.24.0` etc that are used by `go mod` and `go get`
+> to refer to the tagged version of each module specifically.
+>
+> This means we may release patches etc to each module independently.
+>
+> We'd like to adopt the rule that modules in this repo would only differ by a patch version
+> (e.g. `v0.24.5` vs `v0.24.3`), and we'll level all modules whenever a minor version is introduced.
+>
+> A script in `./hack` is provided to tag all modules with the same version in one go.
+
+* Continuous integration
+
+> At this moment, all tests in all modules are systematically run over the full test matrix (3 platform x 2 go releases).
+> This generates quite a lot of jobs.
+>
+> We ought to reduce the number of jobs required to test a PR focused on only a few modules.
+
+## Todos, suggestions and plans
+
+All kinds of contributions are welcome.
+
+A few ideas:
+
+* [x] Complete the split of dependencies to isolate easyjson from the rest
+* [x] Improve CI to reduce needed tests
+* [x] Replace dependency to `gopkg.in/yaml.v3` (`yamlutil`)
+* [ ] Improve mangling utilities (improve readability, support for capitalized words,
+ better word substitution for non-letter symbols...)
+* [ ] Move back to this common shared pot a few of the technical features introduced by go-swagger independently
+ (e.g. mangle go package names, search package with go modules support, ...)
+* [ ] Apply a similar mono-repo approach to go-openapi/strfmt which suffer from similar woes: bloated API,
+ imposed dependency to some database driver.
+* [ ] Adapt `go-swagger` (incl. generated code) to the new `swag` API.
+* [ ] Factorize some tests, as there is a lot of redundant testing code in `jsonutils`
+* [ ] Benchmark & profiling: publish independently the tool built to analyze and chart benchmarks (e.g. similar to `benchvisual`)
+* [ ] more thorough testing for nil / null case
+* [ ] ci pipeline to manage releases
+* [ ] cleaner mockery generation (doesn't work out of the box for all sub-modules)
diff --git a/vendor/github.com/go-openapi/swag/SECURITY.md b/vendor/github.com/go-openapi/swag/SECURITY.md
new file mode 100644
index 000000000..72296a831
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+This policy outlines the commitment and practices of the go-openapi maintainers regarding security.
+
+## Supported Versions
+
+| Version | Supported |
+| ------- | ------------------ |
+| 0.25.x | :white_check_mark: |
+
+## Reporting a vulnerability
+
+If you become aware of a security vulnerability that affects the current repository,
+please report it privately to the maintainers.
+
+Please follow the instructions provided by github to
+[Privately report a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
+
+TL;DR: on Github, navigate to the project's "Security" tab then click on "Report a vulnerability".
diff --git a/vendor/github.com/go-openapi/swag/cmdutils/LICENSE b/vendor/github.com/go-openapi/swag/cmdutils/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/cmdutils/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/cmdutils/cmd_utils.go b/vendor/github.com/go-openapi/swag/cmdutils/cmd_utils.go
new file mode 100644
index 000000000..6c7bbb26f
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/cmdutils/cmd_utils.go
@@ -0,0 +1,13 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package cmdutils
+
+// CommandLineOptionsGroup represents a group of user-defined command line options.
+//
+// This is for instance used to configure command line arguments in API servers generated by go-swagger.
+type CommandLineOptionsGroup struct {
+ ShortDescription string
+ LongDescription string
+ Options any
+}
diff --git a/vendor/github.com/go-openapi/swag/cmdutils/doc.go b/vendor/github.com/go-openapi/swag/cmdutils/doc.go
new file mode 100644
index 000000000..31f2c3753
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/cmdutils/doc.go
@@ -0,0 +1,5 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package cmdutils brings helpers for CLIs produced by go-openapi
+package cmdutils
diff --git a/vendor/github.com/go-openapi/swag/cmdutils_iface.go b/vendor/github.com/go-openapi/swag/cmdutils_iface.go
new file mode 100644
index 000000000..bd0c1fc12
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/cmdutils_iface.go
@@ -0,0 +1,11 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import "github.com/go-openapi/swag/cmdutils"
+
+// CommandLineOptionsGroup represents a group of user-defined command line options.
+//
+// Deprecated: use [cmdutils.CommandLineOptionsGroup] instead.
+type CommandLineOptionsGroup = cmdutils.CommandLineOptionsGroup
diff --git a/vendor/github.com/go-openapi/swag/conv/LICENSE b/vendor/github.com/go-openapi/swag/conv/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/conv/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/conv/convert.go b/vendor/github.com/go-openapi/swag/conv/convert.go
new file mode 100644
index 000000000..f205c3913
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/conv/convert.go
@@ -0,0 +1,161 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package conv
+
+import (
+ "math"
+ "strconv"
+ "strings"
+)
+
+// same as ECMA Number.MAX_SAFE_INTEGER and Number.MIN_SAFE_INTEGER
+const (
+ maxJSONFloat = float64(1<<53 - 1) // 9007199254740991.0 2^53 - 1
+ minJSONFloat = -float64(1<<53 - 1) //-9007199254740991.0 -2^53 - 1
+ epsilon float64 = 1e-9
+)
+
+// IsFloat64AJSONInteger allows for integers [-2^53, 2^53-1] inclusive.
+func IsFloat64AJSONInteger(f float64) bool {
+ if math.IsNaN(f) || math.IsInf(f, 0) || f < minJSONFloat || f > maxJSONFloat {
+ return false
+ }
+ rounded := math.Round(f)
+ if f == rounded {
+ return true
+ }
+ if rounded == 0 { // f = 0.0 exited above
+ return false
+ }
+
+ diff := math.Abs(f - rounded)
+ if diff == 0 {
+ return true
+ }
+
+ // relative error Abs{f - Round(f)) / Round(f)} < ε ; Round(f)
+ return diff < epsilon*math.Abs(rounded)
+}
+
+// ConvertFloat turns a string into a float numerical value.
+func ConvertFloat[T Float](str string) (T, error) {
+ var v T
+ f, err := strconv.ParseFloat(str, bitsize(v))
+ if err != nil {
+ return 0, err
+ }
+
+ return T(f), nil
+}
+
+// ConvertInteger turns a string into a signed integer.
+func ConvertInteger[T Signed](str string) (T, error) {
+ var v T
+ f, err := strconv.ParseInt(str, 10, bitsize(v))
+ if err != nil {
+ return 0, err
+ }
+
+ return T(f), nil
+}
+
+// ConvertUinteger turns a string into an unsigned integer.
+func ConvertUinteger[T Unsigned](str string) (T, error) {
+ var v T
+ f, err := strconv.ParseUint(str, 10, bitsize(v))
+ if err != nil {
+ return 0, err
+ }
+
+ return T(f), nil
+}
+
+// ConvertBool turns a string into a boolean.
+//
+// It supports a few more "true" strings than [strconv.ParseBool]:
+//
+// - it is not case sensitive ("trUe" or "FalsE" work)
+// - "ok", "yes", "y", "on", "selected", "checked", "enabled" are all true
+// - everything that is not true is false: there is never an actual error returned
+func ConvertBool(str string) (bool, error) {
+ switch strings.ToLower(str) {
+ case "true",
+ "1",
+ "yes",
+ "ok",
+ "y",
+ "on",
+ "selected",
+ "checked",
+ "t",
+ "enabled":
+ return true, nil
+ default:
+ return false, nil
+ }
+}
+
+// ConvertFloat32 turns a string into a float32.
+func ConvertFloat32(str string) (float32, error) { return ConvertFloat[float32](str) }
+
+// ConvertFloat64 turns a string into a float64
+func ConvertFloat64(str string) (float64, error) { return ConvertFloat[float64](str) }
+
+// ConvertInt8 turns a string into an int8
+func ConvertInt8(str string) (int8, error) { return ConvertInteger[int8](str) }
+
+// ConvertInt16 turns a string into an int16
+func ConvertInt16(str string) (int16, error) {
+ i, err := strconv.ParseInt(str, 10, 16)
+ if err != nil {
+ return 0, err
+ }
+ return int16(i), nil
+}
+
+// ConvertInt32 turns a string into an int32
+func ConvertInt32(str string) (int32, error) {
+ i, err := strconv.ParseInt(str, 10, 32)
+ if err != nil {
+ return 0, err
+ }
+ return int32(i), nil
+}
+
+// ConvertInt64 turns a string into an int64
+func ConvertInt64(str string) (int64, error) {
+ return strconv.ParseInt(str, 10, 64)
+}
+
+// ConvertUint8 turns a string into an uint8
+func ConvertUint8(str string) (uint8, error) {
+ i, err := strconv.ParseUint(str, 10, 8)
+ if err != nil {
+ return 0, err
+ }
+ return uint8(i), nil
+}
+
+// ConvertUint16 turns a string into an uint16
+func ConvertUint16(str string) (uint16, error) {
+ i, err := strconv.ParseUint(str, 10, 16)
+ if err != nil {
+ return 0, err
+ }
+ return uint16(i), nil
+}
+
+// ConvertUint32 turns a string into an uint32
+func ConvertUint32(str string) (uint32, error) {
+ i, err := strconv.ParseUint(str, 10, 32)
+ if err != nil {
+ return 0, err
+ }
+ return uint32(i), nil
+}
+
+// ConvertUint64 turns a string into an uint64
+func ConvertUint64(str string) (uint64, error) {
+ return strconv.ParseUint(str, 10, 64)
+}
diff --git a/vendor/github.com/go-openapi/swag/conv/convert_types.go b/vendor/github.com/go-openapi/swag/conv/convert_types.go
new file mode 100644
index 000000000..cf4c6495e
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/conv/convert_types.go
@@ -0,0 +1,72 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package conv
+
+// Unlicensed credits (idea, concept)
+//
+// The idea to convert values to pointers and the other way around, was inspired, eons ago, by the aws go sdk.
+//
+// Nowadays, all sensible API sdk's expose a similar functionality.
+
+// Pointer returns a pointer to the value passed in.
+func Pointer[T any](v T) *T {
+ return &v
+}
+
+// Value returns a shallow copy of the value of the pointer passed in.
+//
+// If the pointer is nil, the returned value is the zero value.
+func Value[T any](v *T) T {
+ if v != nil {
+ return *v
+ }
+
+ var zero T
+ return zero
+}
+
+// PointerSlice converts a slice of values into a slice of pointers.
+func PointerSlice[T any](src []T) []*T {
+ dst := make([]*T, len(src))
+ for i := 0; i < len(src); i++ {
+ dst[i] = &(src[i])
+ }
+ return dst
+}
+
+// ValueSlice converts a slice of pointers into a slice of values.
+//
+// nil elements are zero values.
+func ValueSlice[T any](src []*T) []T {
+ dst := make([]T, len(src))
+ for i := 0; i < len(src); i++ {
+ if src[i] != nil {
+ dst[i] = *(src[i])
+ }
+ }
+ return dst
+}
+
+// PointerMap converts a map of values into a map of pointers.
+func PointerMap[K comparable, T any](src map[K]T) map[K]*T {
+ dst := make(map[K]*T)
+ for k, val := range src {
+ v := val
+ dst[k] = &v
+ }
+ return dst
+}
+
+// ValueMap converts a map of pointers into a map of values.
+//
+// nil elements are skipped.
+func ValueMap[K comparable, T any](src map[K]*T) map[K]T {
+ dst := make(map[K]T)
+ for k, val := range src {
+ if val != nil {
+ dst[k] = *val
+ }
+ }
+ return dst
+}
diff --git a/vendor/github.com/go-openapi/swag/conv/doc.go b/vendor/github.com/go-openapi/swag/conv/doc.go
new file mode 100644
index 000000000..1bd6ead6e
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/conv/doc.go
@@ -0,0 +1,15 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package conv exposes utilities to convert types.
+//
+// The Convert and Format families of functions are essentially a shorthand to [strconv] functions,
+// using the decimal representation of numbers.
+//
+// Features:
+//
+// - from string representation to value ("Convert*") and reciprocally ("Format*")
+// - from pointer to value ([Value]) and reciprocally ([Pointer])
+// - from slice of values to slice of pointers ([PointerSlice]) and reciprocally ([ValueSlice])
+// - from map of values to map of pointers ([PointerMap]) and reciprocally ([ValueMap])
+package conv
diff --git a/vendor/github.com/go-openapi/swag/conv/format.go b/vendor/github.com/go-openapi/swag/conv/format.go
new file mode 100644
index 000000000..5b87b8e14
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/conv/format.go
@@ -0,0 +1,28 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package conv
+
+import (
+ "strconv"
+)
+
+// FormatInteger turns an integer type into a string.
+func FormatInteger[T Signed](value T) string {
+ return strconv.FormatInt(int64(value), 10)
+}
+
+// FormatUinteger turns an unsigned integer type into a string.
+func FormatUinteger[T Unsigned](value T) string {
+ return strconv.FormatUint(uint64(value), 10)
+}
+
+// FormatFloat turns a floating point numerical value into a string.
+func FormatFloat[T Float](value T) string {
+ return strconv.FormatFloat(float64(value), 'f', -1, bitsize(value))
+}
+
+// FormatBool turns a boolean into a string.
+func FormatBool(value bool) string {
+ return strconv.FormatBool(value)
+}
diff --git a/vendor/github.com/go-openapi/swag/conv/sizeof.go b/vendor/github.com/go-openapi/swag/conv/sizeof.go
new file mode 100644
index 000000000..494346557
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/conv/sizeof.go
@@ -0,0 +1,20 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package conv
+
+import "unsafe"
+
+// bitsize returns the size in bits of a type.
+//
+// NOTE: [unsafe.SizeOf] simply returns the size in bytes of the value.
+// For primitive types T, the generic stencil is precompiled and this value
+// is resolved at compile time, resulting in an immediate call to [strconv.ParseFloat].
+//
+// We may leave up to the go compiler to simplify this function into a
+// constant value, which happens in practice at least for primitive types
+// (e.g. numerical types).
+func bitsize[T Numerical](value T) int {
+ const bitsPerByte = 8
+ return int(unsafe.Sizeof(value)) * bitsPerByte
+}
diff --git a/vendor/github.com/go-openapi/swag/conv/type_constraints.go b/vendor/github.com/go-openapi/swag/conv/type_constraints.go
new file mode 100644
index 000000000..81135e827
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/conv/type_constraints.go
@@ -0,0 +1,29 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package conv
+
+type (
+ // these type constraints are redefined after golang.org/x/exp/constraints,
+ // because importing that package causes an undesired go upgrade.
+
+ // Signed integer types, cf. [golang.org/x/exp/constraints.Signed]
+ Signed interface {
+ ~int | ~int8 | ~int16 | ~int32 | ~int64
+ }
+
+ // Unsigned integer types, cf. [golang.org/x/exp/constraints.Unsigned]
+ Unsigned interface {
+ ~uint | ~uint8 | ~uint16 | ~uint32 | ~uint64 | ~uintptr
+ }
+
+ // Float numerical types, cf. [golang.org/x/exp/constraints.Float]
+ Float interface {
+ ~float32 | ~float64
+ }
+
+ // Numerical types
+ Numerical interface {
+ Signed | Unsigned | Float
+ }
+)
diff --git a/vendor/github.com/go-openapi/swag/conv_iface.go b/vendor/github.com/go-openapi/swag/conv_iface.go
new file mode 100644
index 000000000..eea7b2e56
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/conv_iface.go
@@ -0,0 +1,486 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import (
+ "time"
+
+ "github.com/go-openapi/swag/conv"
+)
+
+// IsFloat64AJSONInteger allows for integers [-2^53, 2^53-1] inclusive.
+//
+// Deprecated: use [conv.IsFloat64AJSONInteger] instead.
+func IsFloat64AJSONInteger(f float64) bool { return conv.IsFloat64AJSONInteger(f) }
+
+// ConvertBool turns a string into a boolean.
+//
+// Deprecated: use [conv.ConvertBool] instead.
+func ConvertBool(str string) (bool, error) { return conv.ConvertBool(str) }
+
+// ConvertFloat32 turns a string into a float32.
+//
+// Deprecated: use [conv.ConvertFloat32] instead. Alternatively, you may use the generic version [conv.ConvertFloat].
+func ConvertFloat32(str string) (float32, error) { return conv.ConvertFloat[float32](str) }
+
+// ConvertFloat64 turns a string into a float64.
+//
+// Deprecated: use [conv.ConvertFloat64] instead. Alternatively, you may use the generic version [conv.ConvertFloat].
+func ConvertFloat64(str string) (float64, error) { return conv.ConvertFloat[float64](str) }
+
+// ConvertInt8 turns a string into an int8.
+//
+// Deprecated: use [conv.ConvertInt8] instead. Alternatively, you may use the generic version [conv.ConvertInteger].
+func ConvertInt8(str string) (int8, error) { return conv.ConvertInteger[int8](str) }
+
+// ConvertInt16 turns a string into an int16.
+//
+// Deprecated: use [conv.ConvertInt16] instead. Alternatively, you may use the generic version [conv.ConvertInteger].
+func ConvertInt16(str string) (int16, error) { return conv.ConvertInteger[int16](str) }
+
+// ConvertInt32 turns a string into an int32.
+//
+// Deprecated: use [conv.ConvertInt32] instead. Alternatively, you may use the generic version [conv.ConvertInteger].
+func ConvertInt32(str string) (int32, error) { return conv.ConvertInteger[int32](str) }
+
+// ConvertInt64 turns a string into an int64.
+//
+// Deprecated: use [conv.ConvertInt64] instead. Alternatively, you may use the generic version [conv.ConvertInteger].
+func ConvertInt64(str string) (int64, error) { return conv.ConvertInteger[int64](str) }
+
+// ConvertUint8 turns a string into an uint8.
+//
+// Deprecated: use [conv.ConvertUint8] instead. Alternatively, you may use the generic version [conv.ConvertUinteger].
+func ConvertUint8(str string) (uint8, error) { return conv.ConvertUinteger[uint8](str) }
+
+// ConvertUint16 turns a string into an uint16.
+//
+// Deprecated: use [conv.ConvertUint16] instead. Alternatively, you may use the generic version [conv.ConvertUinteger].
+func ConvertUint16(str string) (uint16, error) { return conv.ConvertUinteger[uint16](str) }
+
+// ConvertUint32 turns a string into an uint32.
+//
+// Deprecated: use [conv.ConvertUint32] instead. Alternatively, you may use the generic version [conv.ConvertUinteger].
+func ConvertUint32(str string) (uint32, error) { return conv.ConvertUinteger[uint32](str) }
+
+// ConvertUint64 turns a string into an uint64.
+//
+// Deprecated: use [conv.ConvertUint64] instead. Alternatively, you may use the generic version [conv.ConvertUinteger].
+func ConvertUint64(str string) (uint64, error) { return conv.ConvertUinteger[uint64](str) }
+
+// FormatBool turns a boolean into a string.
+//
+// Deprecated: use [conv.FormatBool] instead.
+func FormatBool(value bool) string { return conv.FormatBool(value) }
+
+// FormatFloat32 turns a float32 into a string.
+//
+// Deprecated: use [conv.FormatFloat] instead.
+func FormatFloat32(value float32) string { return conv.FormatFloat(value) }
+
+// FormatFloat64 turns a float64 into a string.
+//
+// Deprecated: use [conv.FormatFloat] instead.
+func FormatFloat64(value float64) string { return conv.FormatFloat(value) }
+
+// FormatInt8 turns an int8 into a string.
+//
+// Deprecated: use [conv.FormatInteger] instead.
+func FormatInt8(value int8) string { return conv.FormatInteger(value) }
+
+// FormatInt16 turns an int16 into a string.
+//
+// Deprecated: use [conv.FormatInteger] instead.
+func FormatInt16(value int16) string { return conv.FormatInteger(value) }
+
+// FormatInt32 turns an int32 into a string
+//
+// Deprecated: use [conv.FormatInteger] instead.
+func FormatInt32(value int32) string { return conv.FormatInteger(value) }
+
+// FormatInt64 turns an int64 into a string.
+//
+// Deprecated: use [conv.FormatInteger] instead.
+func FormatInt64(value int64) string { return conv.FormatInteger(value) }
+
+// FormatUint8 turns an uint8 into a string.
+//
+// Deprecated: use [conv.FormatUinteger] instead.
+func FormatUint8(value uint8) string { return conv.FormatUinteger(value) }
+
+// FormatUint16 turns an uint16 into a string.
+//
+// Deprecated: use [conv.FormatUinteger] instead.
+func FormatUint16(value uint16) string { return conv.FormatUinteger(value) }
+
+// FormatUint32 turns an uint32 into a string.
+//
+// Deprecated: use [conv.FormatUinteger] instead.
+func FormatUint32(value uint32) string { return conv.FormatUinteger(value) }
+
+// FormatUint64 turns an uint64 into a string.
+//
+// Deprecated: use [conv.FormatUinteger] instead.
+func FormatUint64(value uint64) string { return conv.FormatUinteger(value) }
+
+// String turn a pointer to of the string value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func String(v string) *string { return conv.Pointer(v) }
+
+// StringValue turn the value of the string pointer passed in or
+// "" if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func StringValue(v *string) string { return conv.Value(v) }
+
+// StringSlice converts a slice of string values into a slice of string pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func StringSlice(src []string) []*string { return conv.PointerSlice(src) }
+
+// StringValueSlice converts a slice of string pointers into a slice of string values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func StringValueSlice(src []*string) []string { return conv.ValueSlice(src) }
+
+// StringMap converts a string map of string values into a string map of string pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func StringMap(src map[string]string) map[string]*string { return conv.PointerMap(src) }
+
+// StringValueMap converts a string map of string pointers into a string map of string values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func StringValueMap(src map[string]*string) map[string]string { return conv.ValueMap(src) }
+
+// Bool turn a pointer to of the bool value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Bool(v bool) *bool { return conv.Pointer(v) }
+
+// BoolValue turn the value of the bool pointer passed in or false if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func BoolValue(v *bool) bool { return conv.Value(v) }
+
+// BoolSlice converts a slice of bool values into a slice of bool pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func BoolSlice(src []bool) []*bool { return conv.PointerSlice(src) }
+
+// BoolValueSlice converts a slice of bool pointers into a slice of bool values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func BoolValueSlice(src []*bool) []bool { return conv.ValueSlice(src) }
+
+// BoolMap converts a string map of bool values into a string map of bool pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func BoolMap(src map[string]bool) map[string]*bool { return conv.PointerMap(src) }
+
+// BoolValueMap converts a string map of bool pointers into a string map of bool values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func BoolValueMap(src map[string]*bool) map[string]bool { return conv.ValueMap(src) }
+
+// Int turn a pointer to of the int value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Int(v int) *int { return conv.Pointer(v) }
+
+// IntValue turn the value of the int pointer passed in or 0 if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func IntValue(v *int) int { return conv.Value(v) }
+
+// IntSlice converts a slice of int values into a slice of int pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func IntSlice(src []int) []*int { return conv.PointerSlice(src) }
+
+// IntValueSlice converts a slice of int pointers into a slice of int values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func IntValueSlice(src []*int) []int { return conv.ValueSlice(src) }
+
+// IntMap converts a string map of int values into a string map of int pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func IntMap(src map[string]int) map[string]*int { return conv.PointerMap(src) }
+
+// IntValueMap converts a string map of int pointers into a string map of int values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func IntValueMap(src map[string]*int) map[string]int { return conv.ValueMap(src) }
+
+// Int32 turn a pointer to of the int32 value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Int32(v int32) *int32 { return conv.Pointer(v) }
+
+// Int32Value turn the value of the int32 pointer passed in or 0 if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func Int32Value(v *int32) int32 { return conv.Value(v) }
+
+// Int32Slice converts a slice of int32 values into a slice of int32 pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func Int32Slice(src []int32) []*int32 { return conv.PointerSlice(src) }
+
+// Int32ValueSlice converts a slice of int32 pointers into a slice of int32 values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func Int32ValueSlice(src []*int32) []int32 { return conv.ValueSlice(src) }
+
+// Int32Map converts a string map of int32 values into a string map of int32 pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func Int32Map(src map[string]int32) map[string]*int32 { return conv.PointerMap(src) }
+
+// Int32ValueMap converts a string map of int32 pointers into a string map of int32 values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func Int32ValueMap(src map[string]*int32) map[string]int32 { return conv.ValueMap(src) }
+
+// Int64 turn a pointer to of the int64 value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Int64(v int64) *int64 { return conv.Pointer(v) }
+
+// Int64Value turn the value of the int64 pointer passed in or 0 if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func Int64Value(v *int64) int64 { return conv.Value(v) }
+
+// Int64Slice converts a slice of int64 values into a slice of int64 pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func Int64Slice(src []int64) []*int64 { return conv.PointerSlice(src) }
+
+// Int64ValueSlice converts a slice of int64 pointers into a slice of int64 values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func Int64ValueSlice(src []*int64) []int64 { return conv.ValueSlice(src) }
+
+// Int64Map converts a string map of int64 values into a string map of int64 pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func Int64Map(src map[string]int64) map[string]*int64 { return conv.PointerMap(src) }
+
+// Int64ValueMap converts a string map of int64 pointers into a string map of int64 values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func Int64ValueMap(src map[string]*int64) map[string]int64 { return conv.ValueMap(src) }
+
+// Uint16 turn a pointer to of the uint16 value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Uint16(v uint16) *uint16 { return conv.Pointer(v) }
+
+// Uint16Value turn the value of the uint16 pointer passed in or 0 if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func Uint16Value(v *uint16) uint16 { return conv.Value(v) }
+
+// Uint16Slice converts a slice of uint16 values into a slice of uint16 pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func Uint16Slice(src []uint16) []*uint16 { return conv.PointerSlice(src) }
+
+// Uint16ValueSlice converts a slice of uint16 pointers into a slice of uint16 values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func Uint16ValueSlice(src []*uint16) []uint16 { return conv.ValueSlice(src) }
+
+// Uint16Map converts a string map of uint16 values into a string map of uint16 pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func Uint16Map(src map[string]uint16) map[string]*uint16 { return conv.PointerMap(src) }
+
+// Uint16ValueMap converts a string map of uint16 pointers into a string map of uint16 values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func Uint16ValueMap(src map[string]*uint16) map[string]uint16 { return conv.ValueMap(src) }
+
+// Uint turn a pointer to of the uint value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Uint(v uint) *uint { return conv.Pointer(v) }
+
+// UintValue turn the value of the uint pointer passed in or 0 if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func UintValue(v *uint) uint { return conv.Value(v) }
+
+// UintSlice converts a slice of uint values into a slice of uint pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func UintSlice(src []uint) []*uint { return conv.PointerSlice(src) }
+
+// UintValueSlice converts a slice of uint pointers into a slice of uint values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func UintValueSlice(src []*uint) []uint { return conv.ValueSlice(src) }
+
+// UintMap converts a string map of uint values into a string map of uint pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func UintMap(src map[string]uint) map[string]*uint { return conv.PointerMap(src) }
+
+// UintValueMap converts a string map of uint pointers into a string map of uint values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func UintValueMap(src map[string]*uint) map[string]uint { return conv.ValueMap(src) }
+
+// Uint32 turn a pointer to of the uint32 value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Uint32(v uint32) *uint32 { return conv.Pointer(v) }
+
+// Uint32Value turn the value of the uint32 pointer passed in or 0 if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func Uint32Value(v *uint32) uint32 { return conv.Value(v) }
+
+// Uint32Slice converts a slice of uint32 values into a slice of uint32 pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func Uint32Slice(src []uint32) []*uint32 { return conv.PointerSlice(src) }
+
+// Uint32ValueSlice converts a slice of uint32 pointers into a slice of uint32 values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func Uint32ValueSlice(src []*uint32) []uint32 { return conv.ValueSlice(src) }
+
+// Uint32Map converts a string map of uint32 values into a string map of uint32 pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func Uint32Map(src map[string]uint32) map[string]*uint32 { return conv.PointerMap(src) }
+
+// Uint32ValueMap converts a string map of uint32 pointers into a string map of uint32 values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func Uint32ValueMap(src map[string]*uint32) map[string]uint32 { return conv.ValueMap(src) }
+
+// Uint64 turn a pointer to of the uint64 value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Uint64(v uint64) *uint64 { return conv.Pointer(v) }
+
+// Uint64Value turn the value of the uint64 pointer passed in or 0 if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func Uint64Value(v *uint64) uint64 { return conv.Value(v) }
+
+// Uint64Slice converts a slice of uint64 values into a slice of uint64 pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func Uint64Slice(src []uint64) []*uint64 { return conv.PointerSlice(src) }
+
+// Uint64ValueSlice converts a slice of uint64 pointers into a slice of uint64 values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func Uint64ValueSlice(src []*uint64) []uint64 { return conv.ValueSlice(src) }
+
+// Uint64Map converts a string map of uint64 values into a string map of uint64 pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func Uint64Map(src map[string]uint64) map[string]*uint64 { return conv.PointerMap(src) }
+
+// Uint64ValueMap converts a string map of uint64 pointers into a string map of uint64 values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func Uint64ValueMap(src map[string]*uint64) map[string]uint64 { return conv.ValueMap(src) }
+
+// Float32 turn a pointer to of the float32 value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Float32(v float32) *float32 { return conv.Pointer(v) }
+
+// Float32Value turn the value of the float32 pointer passed in or 0 if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func Float32Value(v *float32) float32 { return conv.Value(v) }
+
+// Float32Slice converts a slice of float32 values into a slice of float32 pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func Float32Slice(src []float32) []*float32 { return conv.PointerSlice(src) }
+
+// Float32ValueSlice converts a slice of float32 pointers into a slice of float32 values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func Float32ValueSlice(src []*float32) []float32 { return conv.ValueSlice(src) }
+
+// Float32Map converts a string map of float32 values into a string map of float32 pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func Float32Map(src map[string]float32) map[string]*float32 { return conv.PointerMap(src) }
+
+// Float32ValueMap converts a string map of float32 pointers into a string map of float32 values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func Float32ValueMap(src map[string]*float32) map[string]float32 { return conv.ValueMap(src) }
+
+// Float64 turn a pointer to of the float64 value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Float64(v float64) *float64 { return conv.Pointer(v) }
+
+// Float64Value turn the value of the float64 pointer passed in or 0 if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func Float64Value(v *float64) float64 { return conv.Value(v) }
+
+// Float64Slice converts a slice of float64 values into a slice of float64 pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func Float64Slice(src []float64) []*float64 { return conv.PointerSlice(src) }
+
+// Float64ValueSlice converts a slice of float64 pointers into a slice of float64 values.
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func Float64ValueSlice(src []*float64) []float64 { return conv.ValueSlice(src) }
+
+// Float64Map converts a string map of float64 values into a string map of float64 pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func Float64Map(src map[string]float64) map[string]*float64 { return conv.PointerMap(src) }
+
+// Float64ValueMap converts a string map of float64 pointers into a string map of float64 values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func Float64ValueMap(src map[string]*float64) map[string]float64 { return conv.ValueMap(src) }
+
+// Time turn a pointer to of the time.Time value passed in.
+//
+// Deprecated: use [conv.Pointer] instead.
+func Time(v time.Time) *time.Time { return conv.Pointer(v) }
+
+// TimeValue turn the value of the time.Time pointer passed in or time.Time{} if the pointer is nil.
+//
+// Deprecated: use [conv.Value] instead.
+func TimeValue(v *time.Time) time.Time { return conv.Value(v) }
+
+// TimeSlice converts a slice of time.Time values into a slice of time.Time pointers.
+//
+// Deprecated: use [conv.PointerSlice] instead.
+func TimeSlice(src []time.Time) []*time.Time { return conv.PointerSlice(src) }
+
+// TimeValueSlice converts a slice of time.Time pointers into a slice of time.Time values
+//
+// Deprecated: use [conv.ValueSlice] instead.
+func TimeValueSlice(src []*time.Time) []time.Time { return conv.ValueSlice(src) }
+
+// TimeMap converts a string map of time.Time values into a string map of time.Time pointers.
+//
+// Deprecated: use [conv.PointerMap] instead.
+func TimeMap(src map[string]time.Time) map[string]*time.Time { return conv.PointerMap(src) }
+
+// TimeValueMap converts a string map of time.Time pointers into a string map of time.Time values.
+//
+// Deprecated: use [conv.ValueMap] instead.
+func TimeValueMap(src map[string]*time.Time) map[string]time.Time { return conv.ValueMap(src) }
diff --git a/vendor/github.com/go-openapi/swag/convert.go b/vendor/github.com/go-openapi/swag/convert.go
deleted file mode 100644
index fc085aeb8..000000000
--- a/vendor/github.com/go-openapi/swag/convert.go
+++ /dev/null
@@ -1,208 +0,0 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package swag
-
-import (
- "math"
- "strconv"
- "strings"
-)
-
-// same as ECMA Number.MAX_SAFE_INTEGER and Number.MIN_SAFE_INTEGER
-const (
- maxJSONFloat = float64(1<<53 - 1) // 9007199254740991.0 2^53 - 1
- minJSONFloat = -float64(1<<53 - 1) //-9007199254740991.0 -2^53 - 1
- epsilon float64 = 1e-9
-)
-
-// IsFloat64AJSONInteger allow for integers [-2^53, 2^53-1] inclusive
-func IsFloat64AJSONInteger(f float64) bool {
- if math.IsNaN(f) || math.IsInf(f, 0) || f < minJSONFloat || f > maxJSONFloat {
- return false
- }
- fa := math.Abs(f)
- g := float64(uint64(f))
- ga := math.Abs(g)
-
- diff := math.Abs(f - g)
-
- // more info: https://floating-point-gui.de/errors/comparison/#look-out-for-edge-cases
- switch {
- case f == g: // best case
- return true
- case f == float64(int64(f)) || f == float64(uint64(f)): // optimistic case
- return true
- case f == 0 || g == 0 || diff < math.SmallestNonzeroFloat64: // very close to 0 values
- return diff < (epsilon * math.SmallestNonzeroFloat64)
- }
- // check the relative error
- return diff/math.Min(fa+ga, math.MaxFloat64) < epsilon
-}
-
-var evaluatesAsTrue map[string]struct{}
-
-func init() {
- evaluatesAsTrue = map[string]struct{}{
- "true": {},
- "1": {},
- "yes": {},
- "ok": {},
- "y": {},
- "on": {},
- "selected": {},
- "checked": {},
- "t": {},
- "enabled": {},
- }
-}
-
-// ConvertBool turn a string into a boolean
-func ConvertBool(str string) (bool, error) {
- _, ok := evaluatesAsTrue[strings.ToLower(str)]
- return ok, nil
-}
-
-// ConvertFloat32 turn a string into a float32
-func ConvertFloat32(str string) (float32, error) {
- f, err := strconv.ParseFloat(str, 32)
- if err != nil {
- return 0, err
- }
- return float32(f), nil
-}
-
-// ConvertFloat64 turn a string into a float64
-func ConvertFloat64(str string) (float64, error) {
- return strconv.ParseFloat(str, 64)
-}
-
-// ConvertInt8 turn a string into an int8
-func ConvertInt8(str string) (int8, error) {
- i, err := strconv.ParseInt(str, 10, 8)
- if err != nil {
- return 0, err
- }
- return int8(i), nil
-}
-
-// ConvertInt16 turn a string into an int16
-func ConvertInt16(str string) (int16, error) {
- i, err := strconv.ParseInt(str, 10, 16)
- if err != nil {
- return 0, err
- }
- return int16(i), nil
-}
-
-// ConvertInt32 turn a string into an int32
-func ConvertInt32(str string) (int32, error) {
- i, err := strconv.ParseInt(str, 10, 32)
- if err != nil {
- return 0, err
- }
- return int32(i), nil
-}
-
-// ConvertInt64 turn a string into an int64
-func ConvertInt64(str string) (int64, error) {
- return strconv.ParseInt(str, 10, 64)
-}
-
-// ConvertUint8 turn a string into an uint8
-func ConvertUint8(str string) (uint8, error) {
- i, err := strconv.ParseUint(str, 10, 8)
- if err != nil {
- return 0, err
- }
- return uint8(i), nil
-}
-
-// ConvertUint16 turn a string into an uint16
-func ConvertUint16(str string) (uint16, error) {
- i, err := strconv.ParseUint(str, 10, 16)
- if err != nil {
- return 0, err
- }
- return uint16(i), nil
-}
-
-// ConvertUint32 turn a string into an uint32
-func ConvertUint32(str string) (uint32, error) {
- i, err := strconv.ParseUint(str, 10, 32)
- if err != nil {
- return 0, err
- }
- return uint32(i), nil
-}
-
-// ConvertUint64 turn a string into an uint64
-func ConvertUint64(str string) (uint64, error) {
- return strconv.ParseUint(str, 10, 64)
-}
-
-// FormatBool turns a boolean into a string
-func FormatBool(value bool) string {
- return strconv.FormatBool(value)
-}
-
-// FormatFloat32 turns a float32 into a string
-func FormatFloat32(value float32) string {
- return strconv.FormatFloat(float64(value), 'f', -1, 32)
-}
-
-// FormatFloat64 turns a float64 into a string
-func FormatFloat64(value float64) string {
- return strconv.FormatFloat(value, 'f', -1, 64)
-}
-
-// FormatInt8 turns an int8 into a string
-func FormatInt8(value int8) string {
- return strconv.FormatInt(int64(value), 10)
-}
-
-// FormatInt16 turns an int16 into a string
-func FormatInt16(value int16) string {
- return strconv.FormatInt(int64(value), 10)
-}
-
-// FormatInt32 turns an int32 into a string
-func FormatInt32(value int32) string {
- return strconv.Itoa(int(value))
-}
-
-// FormatInt64 turns an int64 into a string
-func FormatInt64(value int64) string {
- return strconv.FormatInt(value, 10)
-}
-
-// FormatUint8 turns an uint8 into a string
-func FormatUint8(value uint8) string {
- return strconv.FormatUint(uint64(value), 10)
-}
-
-// FormatUint16 turns an uint16 into a string
-func FormatUint16(value uint16) string {
- return strconv.FormatUint(uint64(value), 10)
-}
-
-// FormatUint32 turns an uint32 into a string
-func FormatUint32(value uint32) string {
- return strconv.FormatUint(uint64(value), 10)
-}
-
-// FormatUint64 turns an uint64 into a string
-func FormatUint64(value uint64) string {
- return strconv.FormatUint(value, 10)
-}
diff --git a/vendor/github.com/go-openapi/swag/convert_types.go b/vendor/github.com/go-openapi/swag/convert_types.go
deleted file mode 100644
index c49cc473a..000000000
--- a/vendor/github.com/go-openapi/swag/convert_types.go
+++ /dev/null
@@ -1,730 +0,0 @@
-package swag
-
-import "time"
-
-// This file was taken from the aws go sdk
-
-// String returns a pointer to of the string value passed in.
-func String(v string) *string {
- return &v
-}
-
-// StringValue returns the value of the string pointer passed in or
-// "" if the pointer is nil.
-func StringValue(v *string) string {
- if v != nil {
- return *v
- }
- return ""
-}
-
-// StringSlice converts a slice of string values into a slice of
-// string pointers
-func StringSlice(src []string) []*string {
- dst := make([]*string, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
- return dst
-}
-
-// StringValueSlice converts a slice of string pointers into a slice of
-// string values
-func StringValueSlice(src []*string) []string {
- dst := make([]string, len(src))
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
- return dst
-}
-
-// StringMap converts a string map of string values into a string
-// map of string pointers
-func StringMap(src map[string]string) map[string]*string {
- dst := make(map[string]*string)
- for k, val := range src {
- v := val
- dst[k] = &v
- }
- return dst
-}
-
-// StringValueMap converts a string map of string pointers into a string
-// map of string values
-func StringValueMap(src map[string]*string) map[string]string {
- dst := make(map[string]string)
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
- return dst
-}
-
-// Bool returns a pointer to of the bool value passed in.
-func Bool(v bool) *bool {
- return &v
-}
-
-// BoolValue returns the value of the bool pointer passed in or
-// false if the pointer is nil.
-func BoolValue(v *bool) bool {
- if v != nil {
- return *v
- }
- return false
-}
-
-// BoolSlice converts a slice of bool values into a slice of
-// bool pointers
-func BoolSlice(src []bool) []*bool {
- dst := make([]*bool, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
- return dst
-}
-
-// BoolValueSlice converts a slice of bool pointers into a slice of
-// bool values
-func BoolValueSlice(src []*bool) []bool {
- dst := make([]bool, len(src))
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
- return dst
-}
-
-// BoolMap converts a string map of bool values into a string
-// map of bool pointers
-func BoolMap(src map[string]bool) map[string]*bool {
- dst := make(map[string]*bool)
- for k, val := range src {
- v := val
- dst[k] = &v
- }
- return dst
-}
-
-// BoolValueMap converts a string map of bool pointers into a string
-// map of bool values
-func BoolValueMap(src map[string]*bool) map[string]bool {
- dst := make(map[string]bool)
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
- return dst
-}
-
-// Int returns a pointer to of the int value passed in.
-func Int(v int) *int {
- return &v
-}
-
-// IntValue returns the value of the int pointer passed in or
-// 0 if the pointer is nil.
-func IntValue(v *int) int {
- if v != nil {
- return *v
- }
- return 0
-}
-
-// IntSlice converts a slice of int values into a slice of
-// int pointers
-func IntSlice(src []int) []*int {
- dst := make([]*int, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
- return dst
-}
-
-// IntValueSlice converts a slice of int pointers into a slice of
-// int values
-func IntValueSlice(src []*int) []int {
- dst := make([]int, len(src))
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
- return dst
-}
-
-// IntMap converts a string map of int values into a string
-// map of int pointers
-func IntMap(src map[string]int) map[string]*int {
- dst := make(map[string]*int)
- for k, val := range src {
- v := val
- dst[k] = &v
- }
- return dst
-}
-
-// IntValueMap converts a string map of int pointers into a string
-// map of int values
-func IntValueMap(src map[string]*int) map[string]int {
- dst := make(map[string]int)
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
- return dst
-}
-
-// Int32 returns a pointer to of the int32 value passed in.
-func Int32(v int32) *int32 {
- return &v
-}
-
-// Int32Value returns the value of the int32 pointer passed in or
-// 0 if the pointer is nil.
-func Int32Value(v *int32) int32 {
- if v != nil {
- return *v
- }
- return 0
-}
-
-// Int32Slice converts a slice of int32 values into a slice of
-// int32 pointers
-func Int32Slice(src []int32) []*int32 {
- dst := make([]*int32, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
- return dst
-}
-
-// Int32ValueSlice converts a slice of int32 pointers into a slice of
-// int32 values
-func Int32ValueSlice(src []*int32) []int32 {
- dst := make([]int32, len(src))
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
- return dst
-}
-
-// Int32Map converts a string map of int32 values into a string
-// map of int32 pointers
-func Int32Map(src map[string]int32) map[string]*int32 {
- dst := make(map[string]*int32)
- for k, val := range src {
- v := val
- dst[k] = &v
- }
- return dst
-}
-
-// Int32ValueMap converts a string map of int32 pointers into a string
-// map of int32 values
-func Int32ValueMap(src map[string]*int32) map[string]int32 {
- dst := make(map[string]int32)
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
- return dst
-}
-
-// Int64 returns a pointer to of the int64 value passed in.
-func Int64(v int64) *int64 {
- return &v
-}
-
-// Int64Value returns the value of the int64 pointer passed in or
-// 0 if the pointer is nil.
-func Int64Value(v *int64) int64 {
- if v != nil {
- return *v
- }
- return 0
-}
-
-// Int64Slice converts a slice of int64 values into a slice of
-// int64 pointers
-func Int64Slice(src []int64) []*int64 {
- dst := make([]*int64, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
- return dst
-}
-
-// Int64ValueSlice converts a slice of int64 pointers into a slice of
-// int64 values
-func Int64ValueSlice(src []*int64) []int64 {
- dst := make([]int64, len(src))
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
- return dst
-}
-
-// Int64Map converts a string map of int64 values into a string
-// map of int64 pointers
-func Int64Map(src map[string]int64) map[string]*int64 {
- dst := make(map[string]*int64)
- for k, val := range src {
- v := val
- dst[k] = &v
- }
- return dst
-}
-
-// Int64ValueMap converts a string map of int64 pointers into a string
-// map of int64 values
-func Int64ValueMap(src map[string]*int64) map[string]int64 {
- dst := make(map[string]int64)
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
- return dst
-}
-
-// Uint16 returns a pointer to of the uint16 value passed in.
-func Uint16(v uint16) *uint16 {
- return &v
-}
-
-// Uint16Value returns the value of the uint16 pointer passed in or
-// 0 if the pointer is nil.
-func Uint16Value(v *uint16) uint16 {
- if v != nil {
- return *v
- }
-
- return 0
-}
-
-// Uint16Slice converts a slice of uint16 values into a slice of
-// uint16 pointers
-func Uint16Slice(src []uint16) []*uint16 {
- dst := make([]*uint16, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
-
- return dst
-}
-
-// Uint16ValueSlice converts a slice of uint16 pointers into a slice of
-// uint16 values
-func Uint16ValueSlice(src []*uint16) []uint16 {
- dst := make([]uint16, len(src))
-
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
-
- return dst
-}
-
-// Uint16Map converts a string map of uint16 values into a string
-// map of uint16 pointers
-func Uint16Map(src map[string]uint16) map[string]*uint16 {
- dst := make(map[string]*uint16)
-
- for k, val := range src {
- v := val
- dst[k] = &v
- }
-
- return dst
-}
-
-// Uint16ValueMap converts a string map of uint16 pointers into a string
-// map of uint16 values
-func Uint16ValueMap(src map[string]*uint16) map[string]uint16 {
- dst := make(map[string]uint16)
-
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
-
- return dst
-}
-
-// Uint returns a pointer to of the uint value passed in.
-func Uint(v uint) *uint {
- return &v
-}
-
-// UintValue returns the value of the uint pointer passed in or
-// 0 if the pointer is nil.
-func UintValue(v *uint) uint {
- if v != nil {
- return *v
- }
- return 0
-}
-
-// UintSlice converts a slice of uint values into a slice of
-// uint pointers
-func UintSlice(src []uint) []*uint {
- dst := make([]*uint, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
- return dst
-}
-
-// UintValueSlice converts a slice of uint pointers into a slice of
-// uint values
-func UintValueSlice(src []*uint) []uint {
- dst := make([]uint, len(src))
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
- return dst
-}
-
-// UintMap converts a string map of uint values into a string
-// map of uint pointers
-func UintMap(src map[string]uint) map[string]*uint {
- dst := make(map[string]*uint)
- for k, val := range src {
- v := val
- dst[k] = &v
- }
- return dst
-}
-
-// UintValueMap converts a string map of uint pointers into a string
-// map of uint values
-func UintValueMap(src map[string]*uint) map[string]uint {
- dst := make(map[string]uint)
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
- return dst
-}
-
-// Uint32 returns a pointer to of the uint32 value passed in.
-func Uint32(v uint32) *uint32 {
- return &v
-}
-
-// Uint32Value returns the value of the uint32 pointer passed in or
-// 0 if the pointer is nil.
-func Uint32Value(v *uint32) uint32 {
- if v != nil {
- return *v
- }
- return 0
-}
-
-// Uint32Slice converts a slice of uint32 values into a slice of
-// uint32 pointers
-func Uint32Slice(src []uint32) []*uint32 {
- dst := make([]*uint32, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
- return dst
-}
-
-// Uint32ValueSlice converts a slice of uint32 pointers into a slice of
-// uint32 values
-func Uint32ValueSlice(src []*uint32) []uint32 {
- dst := make([]uint32, len(src))
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
- return dst
-}
-
-// Uint32Map converts a string map of uint32 values into a string
-// map of uint32 pointers
-func Uint32Map(src map[string]uint32) map[string]*uint32 {
- dst := make(map[string]*uint32)
- for k, val := range src {
- v := val
- dst[k] = &v
- }
- return dst
-}
-
-// Uint32ValueMap converts a string map of uint32 pointers into a string
-// map of uint32 values
-func Uint32ValueMap(src map[string]*uint32) map[string]uint32 {
- dst := make(map[string]uint32)
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
- return dst
-}
-
-// Uint64 returns a pointer to of the uint64 value passed in.
-func Uint64(v uint64) *uint64 {
- return &v
-}
-
-// Uint64Value returns the value of the uint64 pointer passed in or
-// 0 if the pointer is nil.
-func Uint64Value(v *uint64) uint64 {
- if v != nil {
- return *v
- }
- return 0
-}
-
-// Uint64Slice converts a slice of uint64 values into a slice of
-// uint64 pointers
-func Uint64Slice(src []uint64) []*uint64 {
- dst := make([]*uint64, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
- return dst
-}
-
-// Uint64ValueSlice converts a slice of uint64 pointers into a slice of
-// uint64 values
-func Uint64ValueSlice(src []*uint64) []uint64 {
- dst := make([]uint64, len(src))
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
- return dst
-}
-
-// Uint64Map converts a string map of uint64 values into a string
-// map of uint64 pointers
-func Uint64Map(src map[string]uint64) map[string]*uint64 {
- dst := make(map[string]*uint64)
- for k, val := range src {
- v := val
- dst[k] = &v
- }
- return dst
-}
-
-// Uint64ValueMap converts a string map of uint64 pointers into a string
-// map of uint64 values
-func Uint64ValueMap(src map[string]*uint64) map[string]uint64 {
- dst := make(map[string]uint64)
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
- return dst
-}
-
-// Float32 returns a pointer to of the float32 value passed in.
-func Float32(v float32) *float32 {
- return &v
-}
-
-// Float32Value returns the value of the float32 pointer passed in or
-// 0 if the pointer is nil.
-func Float32Value(v *float32) float32 {
- if v != nil {
- return *v
- }
-
- return 0
-}
-
-// Float32Slice converts a slice of float32 values into a slice of
-// float32 pointers
-func Float32Slice(src []float32) []*float32 {
- dst := make([]*float32, len(src))
-
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
-
- return dst
-}
-
-// Float32ValueSlice converts a slice of float32 pointers into a slice of
-// float32 values
-func Float32ValueSlice(src []*float32) []float32 {
- dst := make([]float32, len(src))
-
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
-
- return dst
-}
-
-// Float32Map converts a string map of float32 values into a string
-// map of float32 pointers
-func Float32Map(src map[string]float32) map[string]*float32 {
- dst := make(map[string]*float32)
-
- for k, val := range src {
- v := val
- dst[k] = &v
- }
-
- return dst
-}
-
-// Float32ValueMap converts a string map of float32 pointers into a string
-// map of float32 values
-func Float32ValueMap(src map[string]*float32) map[string]float32 {
- dst := make(map[string]float32)
-
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
-
- return dst
-}
-
-// Float64 returns a pointer to of the float64 value passed in.
-func Float64(v float64) *float64 {
- return &v
-}
-
-// Float64Value returns the value of the float64 pointer passed in or
-// 0 if the pointer is nil.
-func Float64Value(v *float64) float64 {
- if v != nil {
- return *v
- }
- return 0
-}
-
-// Float64Slice converts a slice of float64 values into a slice of
-// float64 pointers
-func Float64Slice(src []float64) []*float64 {
- dst := make([]*float64, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
- return dst
-}
-
-// Float64ValueSlice converts a slice of float64 pointers into a slice of
-// float64 values
-func Float64ValueSlice(src []*float64) []float64 {
- dst := make([]float64, len(src))
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
- return dst
-}
-
-// Float64Map converts a string map of float64 values into a string
-// map of float64 pointers
-func Float64Map(src map[string]float64) map[string]*float64 {
- dst := make(map[string]*float64)
- for k, val := range src {
- v := val
- dst[k] = &v
- }
- return dst
-}
-
-// Float64ValueMap converts a string map of float64 pointers into a string
-// map of float64 values
-func Float64ValueMap(src map[string]*float64) map[string]float64 {
- dst := make(map[string]float64)
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
- return dst
-}
-
-// Time returns a pointer to of the time.Time value passed in.
-func Time(v time.Time) *time.Time {
- return &v
-}
-
-// TimeValue returns the value of the time.Time pointer passed in or
-// time.Time{} if the pointer is nil.
-func TimeValue(v *time.Time) time.Time {
- if v != nil {
- return *v
- }
- return time.Time{}
-}
-
-// TimeSlice converts a slice of time.Time values into a slice of
-// time.Time pointers
-func TimeSlice(src []time.Time) []*time.Time {
- dst := make([]*time.Time, len(src))
- for i := 0; i < len(src); i++ {
- dst[i] = &(src[i])
- }
- return dst
-}
-
-// TimeValueSlice converts a slice of time.Time pointers into a slice of
-// time.Time values
-func TimeValueSlice(src []*time.Time) []time.Time {
- dst := make([]time.Time, len(src))
- for i := 0; i < len(src); i++ {
- if src[i] != nil {
- dst[i] = *(src[i])
- }
- }
- return dst
-}
-
-// TimeMap converts a string map of time.Time values into a string
-// map of time.Time pointers
-func TimeMap(src map[string]time.Time) map[string]*time.Time {
- dst := make(map[string]*time.Time)
- for k, val := range src {
- v := val
- dst[k] = &v
- }
- return dst
-}
-
-// TimeValueMap converts a string map of time.Time pointers into a string
-// map of time.Time values
-func TimeValueMap(src map[string]*time.Time) map[string]time.Time {
- dst := make(map[string]time.Time)
- for k, val := range src {
- if val != nil {
- dst[k] = *val
- }
- }
- return dst
-}
diff --git a/vendor/github.com/go-openapi/swag/doc.go b/vendor/github.com/go-openapi/swag/doc.go
index 55094cb74..b54b57478 100644
--- a/vendor/github.com/go-openapi/swag/doc.go
+++ b/vendor/github.com/go-openapi/swag/doc.go
@@ -1,31 +1,47 @@
-// Copyright 2015 go-swagger maintainers
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package swag contains a bunch of helper functions for go-openapi and go-swagger projects.
//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
+// You may also use it standalone for your projects.
//
-// http://www.apache.org/licenses/LICENSE-2.0
+// NOTE: all features that used to be exposed as package-level members (constants, variables,
+// functions and types) are now deprecated and are superseded by equivalent features in
+// more specialized sub-packages.
+// Moving forward, no additional feature will be added to the [swag] API directly at the root package level,
+// which remains there for backward-compatibility purposes.
//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-/*
-Package swag contains a bunch of helper functions for go-openapi and go-swagger projects.
-
-You may also use it standalone for your projects.
-
- - convert between value and pointers for builtin types
- - convert from string to builtin types (wraps strconv)
- - fast json concatenation
- - search in path
- - load from file or http
- - name mangling
-
-This repo has only few dependencies outside of the standard library:
-
- - YAML utilities depend on gopkg.in/yaml.v2
-*/
+// Child modules will continue to evolve or some new ones may be added in the future.
+//
+// # Modules
+//
+// - [cmdutils] utilities to work with CLIs
+//
+// - [conv] type conversion utilities
+//
+// - [fileutils] file utilities
+//
+// - [jsonname] JSON utilities
+//
+// - [jsonutils] JSON utilities
+//
+// - [loading] file loading
+//
+// - [mangling] safe name generation
+//
+// - [netutils] networking utilities
+//
+// - [stringutils] `string` utilities
+//
+// - [typeutils] `go` types utilities
+//
+// - [yamlutils] YAML utilities
+//
+// # Dependencies
+//
+// This repo has a few dependencies outside of the standard library:
+//
+// - YAML utilities depend on [go.yaml.in/yaml/v3]
package swag
+
+//go:generate mockery
diff --git a/vendor/github.com/go-openapi/swag/errors.go b/vendor/github.com/go-openapi/swag/errors.go
deleted file mode 100644
index 6c67fbf92..000000000
--- a/vendor/github.com/go-openapi/swag/errors.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package swag
-
-type swagError string
-
-const (
- // ErrYAML is an error raised by YAML utilities
- ErrYAML swagError = "yaml error"
-
- // ErrLoader is an error raised by the file loader utility
- ErrLoader swagError = "loader error"
-)
-
-func (e swagError) Error() string {
- return string(e)
-}
diff --git a/vendor/github.com/go-openapi/swag/file.go b/vendor/github.com/go-openapi/swag/file.go
deleted file mode 100644
index 16accc55f..000000000
--- a/vendor/github.com/go-openapi/swag/file.go
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package swag
-
-import "mime/multipart"
-
-// File represents an uploaded file.
-type File struct {
- Data multipart.File
- Header *multipart.FileHeader
-}
-
-// Read bytes from the file
-func (f *File) Read(p []byte) (n int, err error) {
- return f.Data.Read(p)
-}
-
-// Close the file
-func (f *File) Close() error {
- return f.Data.Close()
-}
diff --git a/vendor/github.com/go-openapi/swag/fileutils/LICENSE b/vendor/github.com/go-openapi/swag/fileutils/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/fileutils/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/fileutils/doc.go b/vendor/github.com/go-openapi/swag/fileutils/doc.go
new file mode 100644
index 000000000..859a200d8
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/fileutils/doc.go
@@ -0,0 +1,10 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package fileutils exposes utilities to deal with files and paths.
+//
+// Currently, there is:
+// - [File] to represent an abstraction of an uploaded file.
+// For instance, this is used by [github.com/go-openapi/runtime.File].
+// - path search utilities (e.g. finding packages in the GO search path)
+package fileutils
diff --git a/vendor/github.com/go-openapi/swag/fileutils/file.go b/vendor/github.com/go-openapi/swag/fileutils/file.go
new file mode 100644
index 000000000..5ad4cfaea
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/fileutils/file.go
@@ -0,0 +1,22 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package fileutils
+
+import "mime/multipart"
+
+// File represents an uploaded file.
+type File struct {
+ Data multipart.File
+ Header *multipart.FileHeader
+}
+
+// Read bytes from the file
+func (f *File) Read(p []byte) (n int, err error) {
+ return f.Data.Read(p)
+}
+
+// Close the file
+func (f *File) Close() error {
+ return f.Data.Close()
+}
diff --git a/vendor/github.com/go-openapi/swag/path.go b/vendor/github.com/go-openapi/swag/fileutils/path.go
similarity index 58%
rename from vendor/github.com/go-openapi/swag/path.go
rename to vendor/github.com/go-openapi/swag/fileutils/path.go
index 941bd0176..dd09f690b 100644
--- a/vendor/github.com/go-openapi/swag/path.go
+++ b/vendor/github.com/go-openapi/swag/fileutils/path.go
@@ -1,18 +1,7 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
-package swag
+package fileutils
import (
"os"
@@ -21,10 +10,8 @@ import (
"strings"
)
-const (
- // GOPATHKey represents the env key for gopath
- GOPATHKey = "GOPATH"
-)
+// GOPATHKey represents the env key for gopath
+const GOPATHKey = "GOPATH"
// FindInSearchPath finds a package in a provided lists of paths
func FindInSearchPath(searchPath, pkg string) string {
@@ -40,11 +27,17 @@ func FindInSearchPath(searchPath, pkg string) string {
}
// FindInGoSearchPath finds a package in the $GOPATH:$GOROOT
+//
+// Deprecated: this function is no longer relevant with modern go.
+// It uses [runtime.GOROOT] under the hood, which is deprecated as of go1.24.
func FindInGoSearchPath(pkg string) string {
return FindInSearchPath(FullGoSearchPath(), pkg)
}
// FullGoSearchPath gets the search paths for finding packages
+//
+// Deprecated: this function is no longer relevant with modern go.
+// It uses [runtime.GOROOT] under the hood, which is deprecated as of go1.24.
func FullGoSearchPath() string {
allPaths := os.Getenv(GOPATHKey)
if allPaths == "" {
diff --git a/vendor/github.com/go-openapi/swag/fileutils_iface.go b/vendor/github.com/go-openapi/swag/fileutils_iface.go
new file mode 100644
index 000000000..f3e79a0e4
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/fileutils_iface.go
@@ -0,0 +1,33 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import "github.com/go-openapi/swag/fileutils"
+
+// GOPATHKey represents the env key for gopath
+//
+// Deprecated: use [fileutils.GOPATHKey] instead.
+const GOPATHKey = fileutils.GOPATHKey
+
+// File represents an uploaded file.
+//
+// Deprecated: use [fileutils.File] instead.
+type File = fileutils.File
+
+// FindInSearchPath finds a package in a provided lists of paths.
+//
+// Deprecated: use [fileutils.FindInSearchPath] instead.
+func FindInSearchPath(searchPath, pkg string) string {
+ return fileutils.FindInSearchPath(searchPath, pkg)
+}
+
+// FindInGoSearchPath finds a package in the $GOPATH:$GOROOT
+//
+// Deprecated: use [fileutils.FindInGoSearchPath] instead.
+func FindInGoSearchPath(pkg string) string { return fileutils.FindInGoSearchPath(pkg) }
+
+// FullGoSearchPath gets the search paths for finding packages
+//
+// Deprecated: use [fileutils.FullGoSearchPath] instead.
+func FullGoSearchPath() string { return fileutils.FullGoSearchPath() }
diff --git a/vendor/github.com/go-openapi/swag/go.work b/vendor/github.com/go-openapi/swag/go.work
new file mode 100644
index 000000000..1e537f074
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/go.work
@@ -0,0 +1,20 @@
+use (
+ .
+ ./cmdutils
+ ./conv
+ ./fileutils
+ ./jsonname
+ ./jsonutils
+ ./jsonutils/adapters/easyjson
+ ./jsonutils/adapters/testintegration
+ ./jsonutils/adapters/testintegration/benchmarks
+ ./jsonutils/fixtures_test
+ ./loading
+ ./mangling
+ ./netutils
+ ./stringutils
+ ./typeutils
+ ./yamlutils
+)
+
+go 1.24.0
diff --git a/vendor/github.com/go-openapi/swag/go.work.sum b/vendor/github.com/go-openapi/swag/go.work.sum
new file mode 100644
index 000000000..c1308cafa
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/go.work.sum
@@ -0,0 +1,7 @@
+github.com/go-openapi/testify/v2 v2.0.1/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
diff --git a/vendor/github.com/go-openapi/swag/initialism_index.go b/vendor/github.com/go-openapi/swag/initialism_index.go
deleted file mode 100644
index 20a359bb6..000000000
--- a/vendor/github.com/go-openapi/swag/initialism_index.go
+++ /dev/null
@@ -1,202 +0,0 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package swag
-
-import (
- "sort"
- "strings"
- "sync"
-)
-
-var (
- // commonInitialisms are common acronyms that are kept as whole uppercased words.
- commonInitialisms *indexOfInitialisms
-
- // initialisms is a slice of sorted initialisms
- initialisms []string
-
- // a copy of initialisms pre-baked as []rune
- initialismsRunes [][]rune
- initialismsUpperCased [][]rune
-
- isInitialism func(string) bool
-
- maxAllocMatches int
-)
-
-func init() {
- // Taken from https://github.com/golang/lint/blob/3390df4df2787994aea98de825b964ac7944b817/lint.go#L732-L769
- configuredInitialisms := map[string]bool{
- "ACL": true,
- "API": true,
- "ASCII": true,
- "CPU": true,
- "CSS": true,
- "DNS": true,
- "EOF": true,
- "GUID": true,
- "HTML": true,
- "HTTPS": true,
- "HTTP": true,
- "ID": true,
- "IP": true,
- "IPv4": true,
- "IPv6": true,
- "JSON": true,
- "LHS": true,
- "OAI": true,
- "QPS": true,
- "RAM": true,
- "RHS": true,
- "RPC": true,
- "SLA": true,
- "SMTP": true,
- "SQL": true,
- "SSH": true,
- "TCP": true,
- "TLS": true,
- "TTL": true,
- "UDP": true,
- "UI": true,
- "UID": true,
- "UUID": true,
- "URI": true,
- "URL": true,
- "UTF8": true,
- "VM": true,
- "XML": true,
- "XMPP": true,
- "XSRF": true,
- "XSS": true,
- }
-
- // a thread-safe index of initialisms
- commonInitialisms = newIndexOfInitialisms().load(configuredInitialisms)
- initialisms = commonInitialisms.sorted()
- initialismsRunes = asRunes(initialisms)
- initialismsUpperCased = asUpperCased(initialisms)
- maxAllocMatches = maxAllocHeuristic(initialismsRunes)
-
- // a test function
- isInitialism = commonInitialisms.isInitialism
-}
-
-func asRunes(in []string) [][]rune {
- out := make([][]rune, len(in))
- for i, initialism := range in {
- out[i] = []rune(initialism)
- }
-
- return out
-}
-
-func asUpperCased(in []string) [][]rune {
- out := make([][]rune, len(in))
-
- for i, initialism := range in {
- out[i] = []rune(upper(trim(initialism)))
- }
-
- return out
-}
-
-func maxAllocHeuristic(in [][]rune) int {
- heuristic := make(map[rune]int)
- for _, initialism := range in {
- heuristic[initialism[0]]++
- }
-
- var maxAlloc int
- for _, val := range heuristic {
- if val > maxAlloc {
- maxAlloc = val
- }
- }
-
- return maxAlloc
-}
-
-// AddInitialisms add additional initialisms
-func AddInitialisms(words ...string) {
- for _, word := range words {
- // commonInitialisms[upper(word)] = true
- commonInitialisms.add(upper(word))
- }
- // sort again
- initialisms = commonInitialisms.sorted()
- initialismsRunes = asRunes(initialisms)
- initialismsUpperCased = asUpperCased(initialisms)
-}
-
-// indexOfInitialisms is a thread-safe implementation of the sorted index of initialisms.
-// Since go1.9, this may be implemented with sync.Map.
-type indexOfInitialisms struct {
- sortMutex *sync.Mutex
- index *sync.Map
-}
-
-func newIndexOfInitialisms() *indexOfInitialisms {
- return &indexOfInitialisms{
- sortMutex: new(sync.Mutex),
- index: new(sync.Map),
- }
-}
-
-func (m *indexOfInitialisms) load(initial map[string]bool) *indexOfInitialisms {
- m.sortMutex.Lock()
- defer m.sortMutex.Unlock()
- for k, v := range initial {
- m.index.Store(k, v)
- }
- return m
-}
-
-func (m *indexOfInitialisms) isInitialism(key string) bool {
- _, ok := m.index.Load(key)
- return ok
-}
-
-func (m *indexOfInitialisms) add(key string) *indexOfInitialisms {
- m.index.Store(key, true)
- return m
-}
-
-func (m *indexOfInitialisms) sorted() (result []string) {
- m.sortMutex.Lock()
- defer m.sortMutex.Unlock()
- m.index.Range(func(key, _ interface{}) bool {
- k := key.(string)
- result = append(result, k)
- return true
- })
- sort.Sort(sort.Reverse(byInitialism(result)))
- return
-}
-
-type byInitialism []string
-
-func (s byInitialism) Len() int {
- return len(s)
-}
-func (s byInitialism) Swap(i, j int) {
- s[i], s[j] = s[j], s[i]
-}
-func (s byInitialism) Less(i, j int) bool {
- if len(s[i]) != len(s[j]) {
- return len(s[i]) < len(s[j])
- }
-
- return strings.Compare(s[i], s[j]) > 0
-}
diff --git a/vendor/github.com/go-openapi/swag/json.go b/vendor/github.com/go-openapi/swag/json.go
deleted file mode 100644
index c7caa9908..000000000
--- a/vendor/github.com/go-openapi/swag/json.go
+++ /dev/null
@@ -1,313 +0,0 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package swag
-
-import (
- "bytes"
- "encoding/json"
- "log"
- "reflect"
- "strings"
- "sync"
-
- "github.com/mailru/easyjson/jlexer"
- "github.com/mailru/easyjson/jwriter"
-)
-
-// nullJSON represents a JSON object with null type
-var nullJSON = []byte("null")
-
-// DefaultJSONNameProvider the default cache for types
-var DefaultJSONNameProvider = NewNameProvider()
-
-const comma = byte(',')
-
-var closers map[byte]byte
-
-func init() {
- closers = map[byte]byte{
- '{': '}',
- '[': ']',
- }
-}
-
-type ejMarshaler interface {
- MarshalEasyJSON(w *jwriter.Writer)
-}
-
-type ejUnmarshaler interface {
- UnmarshalEasyJSON(w *jlexer.Lexer)
-}
-
-// WriteJSON writes json data, prefers finding an appropriate interface to short-circuit the marshaler
-// so it takes the fastest option available.
-func WriteJSON(data interface{}) ([]byte, error) {
- if d, ok := data.(ejMarshaler); ok {
- jw := new(jwriter.Writer)
- d.MarshalEasyJSON(jw)
- return jw.BuildBytes()
- }
- if d, ok := data.(json.Marshaler); ok {
- return d.MarshalJSON()
- }
- return json.Marshal(data)
-}
-
-// ReadJSON reads json data, prefers finding an appropriate interface to short-circuit the unmarshaler
-// so it takes the fastest option available
-func ReadJSON(data []byte, value interface{}) error {
- trimmedData := bytes.Trim(data, "\x00")
- if d, ok := value.(ejUnmarshaler); ok {
- jl := &jlexer.Lexer{Data: trimmedData}
- d.UnmarshalEasyJSON(jl)
- return jl.Error()
- }
- if d, ok := value.(json.Unmarshaler); ok {
- return d.UnmarshalJSON(trimmedData)
- }
- return json.Unmarshal(trimmedData, value)
-}
-
-// DynamicJSONToStruct converts an untyped json structure into a struct
-func DynamicJSONToStruct(data interface{}, target interface{}) error {
- // TODO: convert straight to a json typed map (mergo + iterate?)
- b, err := WriteJSON(data)
- if err != nil {
- return err
- }
- return ReadJSON(b, target)
-}
-
-// ConcatJSON concatenates multiple json objects efficiently
-func ConcatJSON(blobs ...[]byte) []byte {
- if len(blobs) == 0 {
- return nil
- }
-
- last := len(blobs) - 1
- for blobs[last] == nil || bytes.Equal(blobs[last], nullJSON) {
- // strips trailing null objects
- last--
- if last < 0 {
- // there was nothing but "null"s or nil...
- return nil
- }
- }
- if last == 0 {
- return blobs[0]
- }
-
- var opening, closing byte
- var idx, a int
- buf := bytes.NewBuffer(nil)
-
- for i, b := range blobs[:last+1] {
- if b == nil || bytes.Equal(b, nullJSON) {
- // a null object is in the list: skip it
- continue
- }
- if len(b) > 0 && opening == 0 { // is this an array or an object?
- opening, closing = b[0], closers[b[0]]
- }
-
- if opening != '{' && opening != '[' {
- continue // don't know how to concatenate non container objects
- }
-
- const minLengthIfNotEmpty = 3
- if len(b) < minLengthIfNotEmpty { // yep empty but also the last one, so closing this thing
- if i == last && a > 0 {
- if err := buf.WriteByte(closing); err != nil {
- log.Println(err)
- }
- }
- continue
- }
-
- idx = 0
- if a > 0 { // we need to join with a comma for everything beyond the first non-empty item
- if err := buf.WriteByte(comma); err != nil {
- log.Println(err)
- }
- idx = 1 // this is not the first or the last so we want to drop the leading bracket
- }
-
- if i != last { // not the last one, strip brackets
- if _, err := buf.Write(b[idx : len(b)-1]); err != nil {
- log.Println(err)
- }
- } else { // last one, strip only the leading bracket
- if _, err := buf.Write(b[idx:]); err != nil {
- log.Println(err)
- }
- }
- a++
- }
- // somehow it ended up being empty, so provide a default value
- if buf.Len() == 0 {
- if err := buf.WriteByte(opening); err != nil {
- log.Println(err)
- }
- if err := buf.WriteByte(closing); err != nil {
- log.Println(err)
- }
- }
- return buf.Bytes()
-}
-
-// ToDynamicJSON turns an object into a properly JSON typed structure
-func ToDynamicJSON(data interface{}) interface{} {
- // TODO: convert straight to a json typed map (mergo + iterate?)
- b, err := json.Marshal(data)
- if err != nil {
- log.Println(err)
- }
- var res interface{}
- if err := json.Unmarshal(b, &res); err != nil {
- log.Println(err)
- }
- return res
-}
-
-// FromDynamicJSON turns an object into a properly JSON typed structure
-func FromDynamicJSON(data, target interface{}) error {
- b, err := json.Marshal(data)
- if err != nil {
- log.Println(err)
- }
- return json.Unmarshal(b, target)
-}
-
-// NameProvider represents an object capable of translating from go property names
-// to json property names
-// This type is thread-safe.
-type NameProvider struct {
- lock *sync.Mutex
- index map[reflect.Type]nameIndex
-}
-
-type nameIndex struct {
- jsonNames map[string]string
- goNames map[string]string
-}
-
-// NewNameProvider creates a new name provider
-func NewNameProvider() *NameProvider {
- return &NameProvider{
- lock: &sync.Mutex{},
- index: make(map[reflect.Type]nameIndex),
- }
-}
-
-func buildnameIndex(tpe reflect.Type, idx, reverseIdx map[string]string) {
- for i := 0; i < tpe.NumField(); i++ {
- targetDes := tpe.Field(i)
-
- if targetDes.PkgPath != "" { // unexported
- continue
- }
-
- if targetDes.Anonymous { // walk embedded structures tree down first
- buildnameIndex(targetDes.Type, idx, reverseIdx)
- continue
- }
-
- if tag := targetDes.Tag.Get("json"); tag != "" {
-
- parts := strings.Split(tag, ",")
- if len(parts) == 0 {
- continue
- }
-
- nm := parts[0]
- if nm == "-" {
- continue
- }
- if nm == "" { // empty string means we want to use the Go name
- nm = targetDes.Name
- }
-
- idx[nm] = targetDes.Name
- reverseIdx[targetDes.Name] = nm
- }
- }
-}
-
-func newNameIndex(tpe reflect.Type) nameIndex {
- var idx = make(map[string]string, tpe.NumField())
- var reverseIdx = make(map[string]string, tpe.NumField())
-
- buildnameIndex(tpe, idx, reverseIdx)
- return nameIndex{jsonNames: idx, goNames: reverseIdx}
-}
-
-// GetJSONNames gets all the json property names for a type
-func (n *NameProvider) GetJSONNames(subject interface{}) []string {
- n.lock.Lock()
- defer n.lock.Unlock()
- tpe := reflect.Indirect(reflect.ValueOf(subject)).Type()
- names, ok := n.index[tpe]
- if !ok {
- names = n.makeNameIndex(tpe)
- }
-
- res := make([]string, 0, len(names.jsonNames))
- for k := range names.jsonNames {
- res = append(res, k)
- }
- return res
-}
-
-// GetJSONName gets the json name for a go property name
-func (n *NameProvider) GetJSONName(subject interface{}, name string) (string, bool) {
- tpe := reflect.Indirect(reflect.ValueOf(subject)).Type()
- return n.GetJSONNameForType(tpe, name)
-}
-
-// GetJSONNameForType gets the json name for a go property name on a given type
-func (n *NameProvider) GetJSONNameForType(tpe reflect.Type, name string) (string, bool) {
- n.lock.Lock()
- defer n.lock.Unlock()
- names, ok := n.index[tpe]
- if !ok {
- names = n.makeNameIndex(tpe)
- }
- nme, ok := names.goNames[name]
- return nme, ok
-}
-
-func (n *NameProvider) makeNameIndex(tpe reflect.Type) nameIndex {
- names := newNameIndex(tpe)
- n.index[tpe] = names
- return names
-}
-
-// GetGoName gets the go name for a json property name
-func (n *NameProvider) GetGoName(subject interface{}, name string) (string, bool) {
- tpe := reflect.Indirect(reflect.ValueOf(subject)).Type()
- return n.GetGoNameForType(tpe, name)
-}
-
-// GetGoNameForType gets the go name for a given type for a json property name
-func (n *NameProvider) GetGoNameForType(tpe reflect.Type, name string) (string, bool) {
- n.lock.Lock()
- defer n.lock.Unlock()
- names, ok := n.index[tpe]
- if !ok {
- names = n.makeNameIndex(tpe)
- }
- nme, ok := names.jsonNames[name]
- return nme, ok
-}
diff --git a/vendor/github.com/go-openapi/swag/jsonname/LICENSE b/vendor/github.com/go-openapi/swag/jsonname/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonname/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/jsonname/doc.go b/vendor/github.com/go-openapi/swag/jsonname/doc.go
new file mode 100644
index 000000000..79232eaca
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonname/doc.go
@@ -0,0 +1,5 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package jsonname is a provider of json property names from go properties.
+package jsonname
diff --git a/vendor/github.com/go-openapi/swag/jsonname/name_provider.go b/vendor/github.com/go-openapi/swag/jsonname/name_provider.go
new file mode 100644
index 000000000..8eaf1bece
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonname/name_provider.go
@@ -0,0 +1,138 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package jsonname
+
+import (
+ "reflect"
+ "strings"
+ "sync"
+)
+
+// DefaultJSONNameProvider is the default cache for types.
+var DefaultJSONNameProvider = NewNameProvider()
+
+// NameProvider represents an object capable of translating from go property names
+// to json property names.
+//
+// This type is thread-safe.
+//
+// See [github.com/go-openapi/jsonpointer.Pointer] for an example.
+type NameProvider struct {
+ lock *sync.Mutex
+ index map[reflect.Type]nameIndex
+}
+
+type nameIndex struct {
+ jsonNames map[string]string
+ goNames map[string]string
+}
+
+// NewNameProvider creates a new name provider
+func NewNameProvider() *NameProvider {
+ return &NameProvider{
+ lock: &sync.Mutex{},
+ index: make(map[reflect.Type]nameIndex),
+ }
+}
+
+func buildnameIndex(tpe reflect.Type, idx, reverseIdx map[string]string) {
+ for i := 0; i < tpe.NumField(); i++ {
+ targetDes := tpe.Field(i)
+
+ if targetDes.PkgPath != "" { // unexported
+ continue
+ }
+
+ if targetDes.Anonymous { // walk embedded structures tree down first
+ buildnameIndex(targetDes.Type, idx, reverseIdx)
+ continue
+ }
+
+ if tag := targetDes.Tag.Get("json"); tag != "" {
+
+ parts := strings.Split(tag, ",")
+ if len(parts) == 0 {
+ continue
+ }
+
+ nm := parts[0]
+ if nm == "-" {
+ continue
+ }
+ if nm == "" { // empty string means we want to use the Go name
+ nm = targetDes.Name
+ }
+
+ idx[nm] = targetDes.Name
+ reverseIdx[targetDes.Name] = nm
+ }
+ }
+}
+
+func newNameIndex(tpe reflect.Type) nameIndex {
+ var idx = make(map[string]string, tpe.NumField())
+ var reverseIdx = make(map[string]string, tpe.NumField())
+
+ buildnameIndex(tpe, idx, reverseIdx)
+ return nameIndex{jsonNames: idx, goNames: reverseIdx}
+}
+
+// GetJSONNames gets all the json property names for a type
+func (n *NameProvider) GetJSONNames(subject any) []string {
+ n.lock.Lock()
+ defer n.lock.Unlock()
+ tpe := reflect.Indirect(reflect.ValueOf(subject)).Type()
+ names, ok := n.index[tpe]
+ if !ok {
+ names = n.makeNameIndex(tpe)
+ }
+
+ res := make([]string, 0, len(names.jsonNames))
+ for k := range names.jsonNames {
+ res = append(res, k)
+ }
+ return res
+}
+
+// GetJSONName gets the json name for a go property name
+func (n *NameProvider) GetJSONName(subject any, name string) (string, bool) {
+ tpe := reflect.Indirect(reflect.ValueOf(subject)).Type()
+ return n.GetJSONNameForType(tpe, name)
+}
+
+// GetJSONNameForType gets the json name for a go property name on a given type
+func (n *NameProvider) GetJSONNameForType(tpe reflect.Type, name string) (string, bool) {
+ n.lock.Lock()
+ defer n.lock.Unlock()
+ names, ok := n.index[tpe]
+ if !ok {
+ names = n.makeNameIndex(tpe)
+ }
+ nme, ok := names.goNames[name]
+ return nme, ok
+}
+
+// GetGoName gets the go name for a json property name
+func (n *NameProvider) GetGoName(subject any, name string) (string, bool) {
+ tpe := reflect.Indirect(reflect.ValueOf(subject)).Type()
+ return n.GetGoNameForType(tpe, name)
+}
+
+// GetGoNameForType gets the go name for a given type for a json property name
+func (n *NameProvider) GetGoNameForType(tpe reflect.Type, name string) (string, bool) {
+ n.lock.Lock()
+ defer n.lock.Unlock()
+ names, ok := n.index[tpe]
+ if !ok {
+ names = n.makeNameIndex(tpe)
+ }
+ nme, ok := names.jsonNames[name]
+ return nme, ok
+}
+
+func (n *NameProvider) makeNameIndex(tpe reflect.Type) nameIndex {
+ names := newNameIndex(tpe)
+ n.index[tpe] = names
+ return names
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonname_iface.go b/vendor/github.com/go-openapi/swag/jsonname_iface.go
new file mode 100644
index 000000000..303a007f6
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonname_iface.go
@@ -0,0 +1,24 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import (
+ "github.com/go-openapi/swag/jsonname"
+)
+
+// DefaultJSONNameProvider is the default cache for types
+//
+// Deprecated: use [jsonname.DefaultJSONNameProvider] instead.
+var DefaultJSONNameProvider = jsonname.DefaultJSONNameProvider
+
+// NameProvider represents an object capable of translating from go property names
+// to json property names.
+//
+// Deprecated: use [jsonname.NameProvider] instead.
+type NameProvider = jsonname.NameProvider
+
+// NewNameProvider creates a new name provider
+//
+// Deprecated: use [jsonname.NewNameProvider] instead.
+func NewNameProvider() *NameProvider { return jsonname.NewNameProvider() }
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/LICENSE b/vendor/github.com/go-openapi/swag/jsonutils/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/README.md b/vendor/github.com/go-openapi/swag/jsonutils/README.md
new file mode 100644
index 000000000..d745cdb46
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/README.md
@@ -0,0 +1,108 @@
+ # jsonutils
+
+`jsonutils` exposes a few tools to work with JSON:
+
+- a fast, simple `Concat` to concatenate (not merge) JSON objects and arrays
+- `FromDynamicJSON` to convert a data structure into a "dynamic JSON" data structure
+- `ReadJSON` and `WriteJSON` behave like `json.Unmarshal` and `json.Marshal`,
+ with the ability to use another underlying serialization library through an `Adapter`
+ configured at runtime
+- a `JSONMapSlice` structure that may be used to store JSON objects with the order of keys maintained
+
+## Dynamic JSON
+
+We call "dynamic JSON" the go data structure that results from unmarshaling JSON like this:
+
+```go
+ var value any
+ jsonBytes := `{"a": 1, ... }`
+ _ = json.Unmarshal(jsonBytes, &value)
+```
+
+In this configuration, the standard library mappings are as follows:
+
+| JSON | go |
+|-----------|------------------|
+| `number` | `float64` |
+| `string` | `string` |
+| `boolean` | `bool` |
+| `null` | `nil` |
+| `object` | `map[string]any` |
+| `array` | `[]any` |
+
+## Map slices
+
+When using `JSONMapSlice`, the ordering of keys is ensured by replacing
+mappings to `map[string]any` by a `JSONMapSlice` which is an (ordered)
+slice of `JSONMapItem`s.
+
+Notice that a similar feature is available for YAML (see [`yamlutils`](../yamlutils)),
+with a `YAMLMapSlice` type based on the `JSONMapSlice`.
+
+`JSONMapSlice` is similar to an ordered map, but the keys are not retrieved
+in constant time.
+
+Another difference with the the above standard mappings is that numbers don't always map
+to a `float64`: if the value is a JSON integer, it unmarshals to `int64`.
+
+See also [some examples](https://pkg.go.dev/github.com/go-openapi/swag/jsonutils#pkg-examples)
+
+## Adapters
+
+`ReadJSON`, `WriteJSON` and `FromDynamicJSON` (which is a combination of the latter two)
+are wrappers on top of `json.Unmarshal` and `json.Marshal`.
+
+By default, the adapter merely wraps the standard library.
+
+The adapter may be used to register other JSON serialization libraries,
+possibly several ones at the same time.
+
+If the value passed is identified as an "ordered map" (i.e. implements `ifaces.Ordered`
+or `ifaces.SetOrdered`, the adapter favors the "ordered" JSON behavior and tries to
+find a registered implementation that support ordered keys in objects.
+
+Our standard library implementation supports this.
+
+As of `v0.25.0`, we support through such an adapter the popular `mailru/easyjson`
+library, which kicks in when the passed values support the `easyjson.Unmarshaler`
+or `easyjson.Marshaler` interfaces.
+
+In the future, we plan to add more similar libraries that compete on the go JSON
+serializers scene.
+
+## Registering an adapter
+
+In package `github.com/go-openapi/swag/easyjson/adapters`, several adapters are available.
+
+Each adapter is an independent go module. Hence you'll pick its dependencies only if you import it.
+
+At this moment we provide:
+* `stdlib`: JSON adapter based on the standard library
+* `easyjson`: JSON adapter based on the `github.com/mailru/easyjson`
+
+The adapters provide the basic `Marshal` and `Unmarshal` capabilities, plus an implementation
+of the `MapSlice` pattern.
+
+You may also build your own adapter based on your specific use-case. An adapter is not required to implement
+all capabilities.
+
+Every adapter comes with a `Register` function, possibly with some options, to register the adapter
+to a global registry.
+
+For example, to enable `easyjson` to be used in `ReadJSON` and `WriteJSON`, you would write something like:
+
+```go
+ import (
+ "github.com/go-openapi/swag/jsonutils/adapters"
+ easyjson "github.com/go-openapi/swag/jsonutils/adapters/easyjson/json"
+ )
+
+ func init() {
+ easyjson.Register(adapters.Registry)
+ }
+```
+
+You may register several adapters. In this case, capability matching is evaluated from the last registered
+adapters (LIFO).
+
+## [Benchmarks](./adapters/testintegration/benchmarks/README.md)
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/doc.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/doc.go
new file mode 100644
index 000000000..76d3898fc
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/doc.go
@@ -0,0 +1,8 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package adapters exposes a registry of adapters to multiple
+// JSON serialization libraries.
+//
+// All interfaces are defined in package [ifaces.Adapter].
+package adapters
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/doc.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/doc.go
new file mode 100644
index 000000000..1fd43a1fa
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/doc.go
@@ -0,0 +1,5 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package ifaces exposes all interfaces to work with adapters.
+package ifaces
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/ifaces.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/ifaces.go
new file mode 100644
index 000000000..7805e5e5e
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/ifaces.go
@@ -0,0 +1,84 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package ifaces
+
+import (
+ _ "encoding/json" // for documentation purpose
+ "iter"
+)
+
+// Ordered knows how to iterate over the (key,value) pairs of a JSON object.
+type Ordered interface {
+ OrderedItems() iter.Seq2[string, any]
+}
+
+// SetOrdered knows how to append or update the keys of a JSON object,
+// given an iterator over (key,value) pairs.
+//
+// If the provided iterator is nil then the receiver should be set to nil.
+type SetOrdered interface {
+ SetOrderedItems(iter.Seq2[string, any])
+}
+
+// OrderedMap represent a JSON object (i.e. like a map[string,any]),
+// and knows how to serialize and deserialize JSON with the order of keys maintained.
+type OrderedMap interface {
+ Ordered
+ SetOrdered
+
+ OrderedMarshalJSON() ([]byte, error)
+ OrderedUnmarshalJSON([]byte) error
+}
+
+// MarshalAdapter behaves likes the standard library [json.Marshal].
+type MarshalAdapter interface {
+ Poolable
+
+ Marshal(any) ([]byte, error)
+}
+
+// OrderedMarshalAdapter behaves likes the standard library [json.Marshal], preserving the order of keys in objects.
+type OrderedMarshalAdapter interface {
+ Poolable
+
+ OrderedMarshal(Ordered) ([]byte, error)
+}
+
+// UnmarshalAdapter behaves likes the standard library [json.Unmarshal].
+type UnmarshalAdapter interface {
+ Poolable
+
+ Unmarshal([]byte, any) error
+}
+
+// OrderedUnmarshalAdapter behaves likes the standard library [json.Unmarshal], preserving the order of keys in objects.
+type OrderedUnmarshalAdapter interface {
+ Poolable
+
+ OrderedUnmarshal([]byte, SetOrdered) error
+}
+
+// Adapter exposes an interface like the standard [json] library.
+type Adapter interface {
+ MarshalAdapter
+ UnmarshalAdapter
+
+ OrderedAdapter
+}
+
+// OrderedAdapter exposes interfaces to process JSON and keep the order of object keys.
+type OrderedAdapter interface {
+ OrderedMarshalAdapter
+ OrderedUnmarshalAdapter
+ NewOrderedMap(capacity int) OrderedMap
+}
+
+type Poolable interface {
+ // Self-redeem: for [Adapter] s that are allocated from a pool.
+ // The [Adapter] must not be used after calling [Redeem].
+ Redeem()
+
+ // Reset the state of the [Adapter], if any.
+ Reset()
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/registry_iface.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/registry_iface.go
new file mode 100644
index 000000000..2d6c69f4e
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/registry_iface.go
@@ -0,0 +1,91 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package ifaces
+
+import (
+ "strings"
+)
+
+// Capability indicates what a JSON adapter is capable of.
+type Capability uint8
+
+const (
+ CapabilityMarshalJSON Capability = 1 << iota
+ CapabilityUnmarshalJSON
+ CapabilityOrderedMarshalJSON
+ CapabilityOrderedUnmarshalJSON
+ CapabilityOrderedMap
+)
+
+func (c Capability) String() string {
+ switch c {
+ case CapabilityMarshalJSON:
+ return "MarshalJSON"
+ case CapabilityUnmarshalJSON:
+ return "UnmarshalJSON"
+ case CapabilityOrderedMarshalJSON:
+ return "OrderedMarshalJSON"
+ case CapabilityOrderedUnmarshalJSON:
+ return "OrderedUnmarshalJSON"
+ case CapabilityOrderedMap:
+ return "OrderedMap"
+ default:
+ return ""
+ }
+}
+
+// Capabilities holds several unitary capability flags
+type Capabilities uint8
+
+// Has some capability flag enabled.
+func (c Capabilities) Has(capability Capability) bool {
+ return Capability(c)&capability > 0
+}
+
+func (c Capabilities) String() string {
+ var w strings.Builder
+
+ first := true
+ for _, capability := range []Capability{
+ CapabilityMarshalJSON,
+ CapabilityUnmarshalJSON,
+ CapabilityOrderedMarshalJSON,
+ CapabilityOrderedUnmarshalJSON,
+ CapabilityOrderedMap,
+ } {
+ if c.Has(capability) {
+ if !first {
+ w.WriteByte('|')
+ } else {
+ first = false
+ }
+ w.WriteString(capability.String())
+ }
+ }
+
+ return w.String()
+}
+
+const (
+ AllCapabilities Capabilities = Capabilities(uint8(CapabilityMarshalJSON) |
+ uint8(CapabilityUnmarshalJSON) |
+ uint8(CapabilityOrderedMarshalJSON) |
+ uint8(CapabilityOrderedUnmarshalJSON) |
+ uint8(CapabilityOrderedMap))
+
+ AllUnorderedCapabilities Capabilities = Capabilities(uint8(CapabilityMarshalJSON) | uint8(CapabilityUnmarshalJSON))
+)
+
+// RegistryEntry describes how any given adapter registers its capabilities to the [Registrar].
+type RegistryEntry struct {
+ Who string
+ What Capabilities
+ Constructor func() Adapter
+ Support func(what Capability, value any) bool
+}
+
+// Registrar is a type that knows how to keep registration calls from adapters.
+type Registrar interface {
+ RegisterFor(RegistryEntry)
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/registry.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/registry.go
new file mode 100644
index 000000000..3062acaff
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/registry.go
@@ -0,0 +1,229 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package adapters
+
+import (
+ "fmt"
+ "reflect"
+ "slices"
+ "sync"
+
+ "github.com/go-openapi/swag/jsonutils/adapters/ifaces"
+ stdlib "github.com/go-openapi/swag/jsonutils/adapters/stdlib/json"
+)
+
+// Registry holds the global registry for registered adapters.
+var Registry = NewRegistrar()
+
+var (
+ defaultRegistered = stdlib.Register
+
+ _ ifaces.Registrar = &Registrar{}
+)
+
+type registryError string
+
+func (e registryError) Error() string {
+ return string(e)
+}
+
+// ErrRegistry indicates an error returned by the [Registrar].
+var ErrRegistry registryError = "JSON adapters registry error"
+
+type registry []*ifaces.RegistryEntry
+
+// Registrar holds registered [ifaces.Adapters] for different serialization capabilities.
+//
+// Internally, it maintains a cache for data types that favor a given adapter.
+type Registrar struct {
+ marshalerRegistry registry
+ unmarshalerRegistry registry
+ orderedMarshalerRegistry registry
+ orderedUnmarshalerRegistry registry
+ orderedMapRegistry registry
+
+ gmx sync.RWMutex
+
+ // cache indexed by value type, so we don't have to lookup
+ marshalerCache map[reflect.Type]*ifaces.RegistryEntry
+ unmarshalerCache map[reflect.Type]*ifaces.RegistryEntry
+ orderedMarshalerCache map[reflect.Type]*ifaces.RegistryEntry
+ orderedUnmarshalerCache map[reflect.Type]*ifaces.RegistryEntry
+ orderedMapCache map[reflect.Type]*ifaces.RegistryEntry
+}
+
+func NewRegistrar() *Registrar {
+ r := &Registrar{}
+
+ r.marshalerRegistry = make(registry, 0, 1)
+ r.unmarshalerRegistry = make(registry, 0, 1)
+ r.orderedMarshalerRegistry = make(registry, 0, 1)
+ r.orderedUnmarshalerRegistry = make(registry, 0, 1)
+ r.orderedMapRegistry = make(registry, 0, 1)
+
+ r.marshalerCache = make(map[reflect.Type]*ifaces.RegistryEntry)
+ r.unmarshalerCache = make(map[reflect.Type]*ifaces.RegistryEntry)
+ r.orderedMarshalerCache = make(map[reflect.Type]*ifaces.RegistryEntry)
+ r.orderedUnmarshalerCache = make(map[reflect.Type]*ifaces.RegistryEntry)
+ r.orderedMapCache = make(map[reflect.Type]*ifaces.RegistryEntry)
+
+ defaultRegistered(r)
+
+ return r
+}
+
+// ClearCache resets the internal type cache.
+func (r *Registrar) ClearCache() {
+ r.gmx.Lock()
+ r.clearCache()
+ r.gmx.Unlock()
+}
+
+// Reset the [Registrar] to its defaults.
+func (r *Registrar) Reset() {
+ r.gmx.Lock()
+ r.clearCache()
+ r.marshalerRegistry = r.marshalerRegistry[:0]
+ r.unmarshalerRegistry = r.unmarshalerRegistry[:0]
+ r.orderedMarshalerRegistry = r.orderedMarshalerRegistry[:0]
+ r.orderedUnmarshalerRegistry = r.orderedUnmarshalerRegistry[:0]
+ r.orderedMapRegistry = r.orderedMapRegistry[:0]
+ r.gmx.Unlock()
+
+ defaultRegistered(r)
+}
+
+// RegisterFor registers an adapter for some JSON capabilities.
+func (r *Registrar) RegisterFor(entry ifaces.RegistryEntry) {
+ r.gmx.Lock()
+ if entry.What.Has(ifaces.CapabilityMarshalJSON) {
+ e := entry
+ e.What &= ifaces.Capabilities(ifaces.CapabilityMarshalJSON)
+ r.marshalerRegistry = slices.Insert(r.marshalerRegistry, 0, &e)
+ }
+ if entry.What.Has(ifaces.CapabilityUnmarshalJSON) {
+ e := entry
+ e.What &= ifaces.Capabilities(ifaces.CapabilityUnmarshalJSON)
+ r.unmarshalerRegistry = slices.Insert(r.unmarshalerRegistry, 0, &e)
+ }
+ if entry.What.Has(ifaces.CapabilityOrderedMarshalJSON) {
+ e := entry
+ e.What &= ifaces.Capabilities(ifaces.CapabilityOrderedMarshalJSON)
+ r.orderedMarshalerRegistry = slices.Insert(r.orderedMarshalerRegistry, 0, &e)
+ }
+ if entry.What.Has(ifaces.CapabilityOrderedUnmarshalJSON) {
+ e := entry
+ e.What &= ifaces.Capabilities(ifaces.CapabilityOrderedUnmarshalJSON)
+ r.orderedUnmarshalerRegistry = slices.Insert(r.orderedUnmarshalerRegistry, 0, &e)
+ }
+ if entry.What.Has(ifaces.CapabilityOrderedMap) {
+ e := entry
+ e.What &= ifaces.Capabilities(ifaces.CapabilityOrderedMap)
+ r.orderedMapRegistry = slices.Insert(r.orderedMapRegistry, 0, &e)
+ }
+ r.gmx.Unlock()
+}
+
+// AdapterFor returns an [ifaces.Adapter] that supports this capability for this type of value.
+//
+// The [ifaces.Adapter] may be redeemed to its pool using its Redeem() method, for adapters that support global
+// pooling. When this is not the case, the redeem function is just a no-operation.
+func (r *Registrar) AdapterFor(capability ifaces.Capability, value any) ifaces.Adapter {
+ entry := r.findFirstFor(capability, value)
+ if entry == nil {
+ return nil
+ }
+
+ return entry.Constructor()
+}
+
+func (r *Registrar) clearCache() {
+ clear(r.marshalerCache)
+ clear(r.unmarshalerCache)
+ clear(r.orderedMarshalerCache)
+ clear(r.orderedUnmarshalerCache)
+ clear(r.orderedMapCache)
+}
+
+func (r *Registrar) findFirstFor(capability ifaces.Capability, value any) *ifaces.RegistryEntry {
+ switch capability {
+ case ifaces.CapabilityMarshalJSON:
+ return r.findFirstInRegistryFor(r.marshalerRegistry, r.marshalerCache, capability, value)
+ case ifaces.CapabilityUnmarshalJSON:
+ return r.findFirstInRegistryFor(r.unmarshalerRegistry, r.unmarshalerCache, capability, value)
+ case ifaces.CapabilityOrderedMarshalJSON:
+ return r.findFirstInRegistryFor(r.orderedMarshalerRegistry, r.orderedMarshalerCache, capability, value)
+ case ifaces.CapabilityOrderedUnmarshalJSON:
+ return r.findFirstInRegistryFor(r.orderedUnmarshalerRegistry, r.orderedUnmarshalerCache, capability, value)
+ case ifaces.CapabilityOrderedMap:
+ return r.findFirstInRegistryFor(r.orderedMapRegistry, r.orderedMapCache, capability, value)
+ default:
+ panic(fmt.Errorf("unsupported capability %d: %w", capability, ErrRegistry))
+ }
+}
+
+func (r *Registrar) findFirstInRegistryFor(reg registry, cache map[reflect.Type]*ifaces.RegistryEntry, capability ifaces.Capability, value any) *ifaces.RegistryEntry {
+ r.gmx.RLock()
+ if len(reg) > 1 {
+ if entry, ok := cache[reflect.TypeOf(value)]; ok {
+ // cache hit
+ r.gmx.RUnlock()
+ return entry
+ }
+ }
+
+ for _, entry := range reg {
+ if !entry.Support(capability, value) {
+ continue
+ }
+
+ r.gmx.RUnlock()
+
+ // update the internal cache
+ r.gmx.Lock()
+ cache[reflect.TypeOf(value)] = entry
+ r.gmx.Unlock()
+
+ return entry
+ }
+
+ // no adapter found
+ r.gmx.RUnlock()
+
+ return nil
+}
+
+// MarshalAdapterFor returns the first adapter that knows how to Marshal this type of value.
+func MarshalAdapterFor(value any) ifaces.MarshalAdapter {
+ return Registry.AdapterFor(ifaces.CapabilityMarshalJSON, value)
+}
+
+// OrderedMarshalAdapterFor returns the first adapter that knows how to OrderedMarshal this type of value.
+func OrderedMarshalAdapterFor(value ifaces.Ordered) ifaces.OrderedMarshalAdapter {
+ return Registry.AdapterFor(ifaces.CapabilityOrderedMarshalJSON, value)
+}
+
+// UnmarshalAdapterFor returns the first adapter that knows how to Unmarshal this type of value.
+func UnmarshalAdapterFor(value any) ifaces.UnmarshalAdapter {
+ return Registry.AdapterFor(ifaces.CapabilityUnmarshalJSON, value)
+}
+
+// OrderedUnmarshalAdapterFor provides the first adapter that knows how to OrderedUnmarshal this type of value.
+func OrderedUnmarshalAdapterFor(value ifaces.SetOrdered) ifaces.OrderedUnmarshalAdapter {
+ return Registry.AdapterFor(ifaces.CapabilityOrderedUnmarshalJSON, value)
+}
+
+// NewOrderedMap provides the "ordered map" implementation provided by the registry.
+func NewOrderedMap(capacity int) ifaces.OrderedMap {
+ var v any
+ adapter := Registry.AdapterFor(ifaces.CapabilityOrderedUnmarshalJSON, v)
+ if adapter == nil {
+ return nil
+ }
+
+ defer adapter.Redeem()
+ return adapter.NewOrderedMap(capacity)
+}
+
+func noopRedeemer() {}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/adapter.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/adapter.go
new file mode 100644
index 000000000..0213ff5c2
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/adapter.go
@@ -0,0 +1,115 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package json
+
+import (
+ stdjson "encoding/json"
+
+ "github.com/go-openapi/swag/jsonutils/adapters/ifaces"
+ "github.com/go-openapi/swag/typeutils"
+)
+
+const sensibleBufferSize = 8192
+
+type jsonError string
+
+func (e jsonError) Error() string {
+ return string(e)
+}
+
+// ErrStdlib indicates that an error comes from the stdlib JSON adapter
+var ErrStdlib jsonError = "error from the JSON adapter stdlib"
+
+var _ ifaces.Adapter = &Adapter{}
+
+type Adapter struct {
+}
+
+// NewAdapter yields an [ifaces.Adapter] using the standard library.
+func NewAdapter() *Adapter {
+ return &Adapter{}
+}
+
+func (a *Adapter) Marshal(value any) ([]byte, error) {
+ return stdjson.Marshal(value)
+}
+
+func (a *Adapter) Unmarshal(data []byte, value any) error {
+ return stdjson.Unmarshal(data, value)
+}
+
+func (a *Adapter) OrderedMarshal(value ifaces.Ordered) ([]byte, error) {
+ w := poolOfWriters.Borrow()
+ defer func() {
+ poolOfWriters.Redeem(w)
+ }()
+
+ if typeutils.IsNil(value) {
+ w.RawString("null")
+
+ return w.BuildBytes()
+ }
+
+ w.RawByte('{')
+ first := true
+ for k, v := range value.OrderedItems() {
+ if first {
+ first = false
+ } else {
+ w.RawByte(',')
+ }
+
+ w.String(k)
+ w.RawByte(':')
+
+ switch val := v.(type) {
+ case ifaces.Ordered:
+ w.Raw(a.OrderedMarshal(val))
+ default:
+ w.Raw(stdjson.Marshal(v))
+ }
+ }
+
+ w.RawByte('}')
+
+ return w.BuildBytes()
+}
+
+func (a *Adapter) OrderedUnmarshal(data []byte, value ifaces.SetOrdered) error {
+ var m MapSlice
+ if err := m.OrderedUnmarshalJSON(data); err != nil {
+ return err
+ }
+
+ if typeutils.IsNil(m) {
+ // force input value to nil
+ value.SetOrderedItems(nil)
+
+ return nil
+ }
+
+ value.SetOrderedItems(m.OrderedItems())
+
+ return nil
+}
+
+func (a *Adapter) NewOrderedMap(capacity int) ifaces.OrderedMap {
+ m := make(MapSlice, 0, capacity)
+
+ return &m
+}
+
+// Redeem the [Adapter] when it comes from a pool.
+//
+// The adapter becomes immediately unusable once redeemed.
+func (a *Adapter) Redeem() {
+ if a == nil {
+ return
+ }
+
+ RedeemAdapter(a)
+}
+
+func (a *Adapter) Reset() {
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/doc.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/doc.go
new file mode 100644
index 000000000..5ea1b4404
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/doc.go
@@ -0,0 +1,5 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package json implements an [ifaces.Adapter] using the standard library.
+package json
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/lexer.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/lexer.go
new file mode 100644
index 000000000..b5aa1c797
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/lexer.go
@@ -0,0 +1,320 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package json
+
+import (
+ stdjson "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "math"
+ "strconv"
+
+ "github.com/go-openapi/swag/conv"
+)
+
+type token struct {
+ stdjson.Token
+}
+
+func (t token) String() string {
+ if t == invalidToken {
+ return "invalid token"
+ }
+ if t == eofToken {
+ return "EOF"
+ }
+
+ return fmt.Sprintf("%v", t.Token)
+}
+
+func (t token) Kind() tokenKind {
+ switch t.Token.(type) {
+ case nil:
+ return tokenNull
+ case stdjson.Delim:
+ return tokenDelim
+ case bool:
+ return tokenBool
+ case float64:
+ return tokenFloat
+ case stdjson.Number:
+ return tokenNumber
+ case string:
+ return tokenString
+ default:
+ return tokenUndef
+ }
+}
+
+func (t token) Delim() byte {
+ r, ok := t.Token.(stdjson.Delim)
+ if !ok {
+ return 0
+ }
+
+ return byte(r)
+}
+
+type tokenKind uint8
+
+const (
+ tokenUndef tokenKind = iota
+ tokenString
+ tokenNumber
+ tokenFloat
+ tokenBool
+ tokenNull
+ tokenDelim
+)
+
+var (
+ invalidToken = token{
+ Token: stdjson.Token(struct{}{}),
+ }
+
+ eofToken = token{
+ Token: stdjson.Token(&struct{}{}),
+ }
+
+ undefToken = token{
+ Token: stdjson.Token(uint8(0)),
+ }
+)
+
+// jlexer apes easyjson's jlexer, but uses the standard library decoder under the hood.
+type jlexer struct {
+ buf *bytesReader
+ dec *stdjson.Decoder
+ err error
+ // current token
+ next token
+ // started bool
+}
+
+type bytesReader struct {
+ buf []byte
+ offset int
+}
+
+func (b *bytesReader) Reset() {
+ b.buf = nil
+ b.offset = 0
+}
+
+func (b *bytesReader) Read(p []byte) (int, error) {
+ if b.offset >= len(b.buf) {
+ return 0, io.EOF
+ }
+
+ n := len(p)
+ buf := b.buf[b.offset:]
+ m := len(buf)
+
+ if n >= m {
+ copy(p, buf)
+ b.offset += m
+
+ return m, nil
+ }
+
+ copy(p, buf[:n])
+ b.offset += n
+
+ return n, nil
+}
+
+var _ io.Reader = &bytesReader{}
+
+func newLexer(data []byte) *jlexer {
+ l := &jlexer{
+ // current: undefToken,
+ next: undefToken,
+ }
+ l.buf = &bytesReader{
+ buf: data,
+ }
+ l.dec = stdjson.NewDecoder(l.buf) // unfortunately, cannot pool this
+
+ return l
+}
+
+func (l *jlexer) Reset() {
+ l.err = nil
+ l.next = undefToken
+ // leave l.dec and l.buf alone, since they are replaced at every Borrow
+}
+
+func (l *jlexer) Error() error {
+ return l.err
+}
+
+func (l *jlexer) SetErr(err error) {
+ l.err = err
+}
+
+func (l *jlexer) Ok() bool {
+ return l.err == nil
+}
+
+// NextToken consumes a token
+func (l *jlexer) NextToken() token {
+ if !l.Ok() {
+ return invalidToken
+ }
+
+ if l.next != undefToken {
+ next := l.next
+ l.next = undefToken
+
+ return next
+ }
+
+ return l.fetchToken()
+}
+
+// PeekToken returns the next token without consuming it
+func (l *jlexer) PeekToken() token {
+ if l.next == undefToken {
+ l.next = l.fetchToken()
+ }
+
+ return l.next
+}
+
+func (l *jlexer) Skip() {
+ _ = l.NextToken()
+}
+
+func (l *jlexer) IsDelim(c byte) bool {
+ if !l.Ok() {
+ return false
+ }
+
+ next := l.PeekToken()
+ if next.Kind() != tokenDelim {
+ return false
+ }
+
+ if next.Delim() != c {
+ return false
+ }
+
+ return true
+}
+
+func (l *jlexer) IsNull() bool {
+ if !l.Ok() {
+ return false
+ }
+
+ next := l.PeekToken()
+
+ return next.Kind() == tokenNull
+}
+
+func (l *jlexer) Delim(c byte) {
+ if !l.Ok() {
+ return
+ }
+
+ tok := l.NextToken()
+ if tok.Kind() != tokenDelim {
+ l.err = fmt.Errorf("expected a delimiter token but got '%v': %w", tok, ErrStdlib)
+
+ return
+ }
+
+ if tok.Delim() != c {
+ l.err = fmt.Errorf("expected delimiter '%q' but got '%q': %w", c, tok.Delim(), ErrStdlib)
+ }
+}
+
+func (l *jlexer) Null() {
+ if !l.Ok() {
+ return
+ }
+
+ tok := l.NextToken()
+ if tok.Kind() != tokenNull {
+ l.err = fmt.Errorf("expected a null token but got '%v': %w", tok, ErrStdlib)
+ }
+}
+
+func (l *jlexer) Number() any {
+ if !l.Ok() {
+ return 0
+ }
+
+ tok := l.NextToken()
+
+ switch tok.Kind() { //nolint:exhaustive
+ case tokenNumber:
+ n := tok.Token.(stdjson.Number).String()
+ f, _ := strconv.ParseFloat(n, 64)
+ if conv.IsFloat64AJSONInteger(f) {
+ return int64(math.Trunc(f))
+ }
+
+ return f
+
+ case tokenFloat:
+ f := tok.Token.(float64)
+ if conv.IsFloat64AJSONInteger(f) {
+ return int64(math.Trunc(f))
+ }
+
+ return f
+
+ default:
+ l.err = fmt.Errorf("expected a number token but got '%v': %w", tok, ErrStdlib)
+
+ return 0
+ }
+}
+
+func (l *jlexer) Bool() bool {
+ if !l.Ok() {
+ return false
+ }
+
+ tok := l.NextToken()
+ if tok.Kind() != tokenBool {
+ l.err = fmt.Errorf("expected a bool token but got '%v': %w", tok, ErrStdlib)
+
+ return false
+ }
+
+ return tok.Token.(bool)
+}
+
+func (l *jlexer) String() string {
+ if !l.Ok() {
+ return ""
+ }
+
+ tok := l.NextToken()
+ if tok.Kind() != tokenString {
+ l.err = fmt.Errorf("expected a string token but got '%v': %w", tok, ErrStdlib)
+
+ return ""
+ }
+
+ return tok.Token.(string)
+}
+
+// Commas and colons are elided.
+func (l *jlexer) fetchToken() token {
+ jtok, err := l.dec.Token()
+ if err != nil {
+ if errors.Is(err, io.EOF) {
+ return eofToken
+ }
+
+ l.err = errors.Join(err, ErrStdlib)
+ return invalidToken
+ }
+
+ return token{Token: jtok}
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/ordered_map.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/ordered_map.go
new file mode 100644
index 000000000..54deef406
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/ordered_map.go
@@ -0,0 +1,266 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package json
+
+import (
+ stdjson "encoding/json"
+ "fmt"
+ "iter"
+
+ "github.com/go-openapi/swag/jsonutils/adapters/ifaces"
+)
+
+var _ ifaces.OrderedMap = &MapSlice{}
+
+// MapSlice represents a JSON object, with the order of keys maintained.
+type MapSlice []MapItem
+
+func (s MapSlice) OrderedItems() iter.Seq2[string, any] {
+ return func(yield func(string, any) bool) {
+ for _, item := range s {
+ if !yield(item.Key, item.Value) {
+ return
+ }
+ }
+ }
+}
+
+func (s *MapSlice) SetOrderedItems(items iter.Seq2[string, any]) {
+ if items == nil {
+ *s = nil
+
+ return
+ }
+
+ m := *s
+ if len(m) > 0 {
+ // update mode
+ idx := make(map[string]int, len(m))
+
+ for i, item := range m {
+ idx[item.Key] = i
+ }
+
+ for k, v := range items {
+ idx, ok := idx[k]
+ if ok {
+ m[idx].Value = v
+
+ continue
+ }
+ m = append(m, MapItem{Key: k, Value: v})
+ }
+
+ *s = m
+
+ return
+ }
+
+ for k, v := range items {
+ m = append(m, MapItem{Key: k, Value: v})
+ }
+
+ *s = m
+}
+
+// MarshalJSON renders a [MapSlice] as JSON bytes, preserving the order of keys.
+func (s MapSlice) MarshalJSON() ([]byte, error) {
+ return s.OrderedMarshalJSON()
+}
+
+func (s MapSlice) OrderedMarshalJSON() ([]byte, error) {
+ w := poolOfWriters.Borrow()
+ defer func() {
+ poolOfWriters.Redeem(w)
+ }()
+
+ s.marshalObject(w)
+
+ return w.BuildBytes() // this clones data, so it's okay to redeem the writer and its buffer
+}
+
+// UnmarshalJSON builds a [MapSlice] from JSON bytes, preserving the order of keys.
+//
+// Inner objects are unmarshaled as [MapSlice] slices and not map[string]any.
+func (s *MapSlice) UnmarshalJSON(data []byte) error {
+ return s.OrderedUnmarshalJSON(data)
+}
+
+func (s *MapSlice) OrderedUnmarshalJSON(data []byte) error {
+ l := poolOfLexers.Borrow(data)
+ defer func() {
+ poolOfLexers.Redeem(l)
+ }()
+
+ s.unmarshalObject(l)
+
+ return l.Error()
+}
+
+func (s MapSlice) marshalObject(w *jwriter) {
+ if s == nil {
+ w.RawString("null")
+
+ return
+ }
+
+ w.RawByte('{')
+
+ if len(s) == 0 {
+ w.RawByte('}')
+
+ return
+ }
+
+ s[0].marshalJSON(w)
+
+ for i := 1; i < len(s); i++ {
+ w.RawByte(',')
+ s[i].marshalJSON(w)
+ }
+
+ w.RawByte('}')
+}
+
+func (s *MapSlice) unmarshalObject(in *jlexer) {
+ if in.IsNull() {
+ in.Skip()
+
+ return
+ }
+
+ in.Delim('{') // consume token
+ if !in.Ok() {
+ return
+ }
+
+ result := make(MapSlice, 0)
+
+ for in.Ok() && !in.IsDelim('}') {
+ var mi MapItem
+
+ mi.unmarshalKeyValue(in)
+ result = append(result, mi)
+ }
+
+ in.Delim('}')
+
+ if !in.Ok() {
+ return
+ }
+
+ *s = result
+}
+
+// MapItem represents the value of a key in a JSON object held by [MapSlice].
+//
+// Notice that [MapItem] should not be marshaled to or unmarshaled from JSON directly,
+// use this type as part of a [MapSlice] when dealing with JSON bytes.
+type MapItem struct {
+ Key string
+ Value any
+}
+
+func (s MapItem) marshalJSON(w *jwriter) {
+ w.String(s.Key)
+ w.RawByte(':')
+ w.Raw(stdjson.Marshal(s.Value))
+}
+
+func (s *MapItem) unmarshalKeyValue(in *jlexer) {
+ key := in.String() // consume string
+ value := s.asInterface(in) // consume any value, including termination tokens '}' or ']'
+
+ if !in.Ok() {
+ return
+ }
+
+ s.Key = key
+ s.Value = value
+}
+
+func (s *MapItem) unmarshalArray(in *jlexer) []any {
+ if in.IsNull() {
+ in.Skip()
+
+ return nil
+ }
+
+ in.Delim('[') // consume token
+ if !in.Ok() {
+ return nil
+ }
+
+ ret := make([]any, 0)
+
+ for in.Ok() && !in.IsDelim(']') {
+ ret = append(ret, s.asInterface(in))
+ }
+
+ in.Delim(']')
+ if !in.Ok() {
+ return nil
+ }
+
+ return ret
+}
+
+// asInterface is very much like [jlexer.Lexer.Interface], but unmarshals an object
+// into a [MapSlice], not a map[string]any.
+//
+// We have to force parsing errors somehow, since [jlexer.Lexer] doesn't let us
+// set a parsing error directly.
+func (s *MapItem) asInterface(in *jlexer) any {
+ if !in.Ok() {
+ return nil
+ }
+
+ tok := in.PeekToken() // look-ahead what the next token looks like
+ kind := tok.Kind()
+
+ switch kind {
+ case tokenString:
+ return in.String() // consume string
+
+ case tokenNumber, tokenFloat:
+ return in.Number()
+
+ case tokenBool:
+ return in.Bool()
+
+ case tokenNull:
+ in.Null()
+
+ return nil
+
+ case tokenDelim:
+ switch tok.Delim() {
+ case '{': // not consumed yet
+ ret := make(MapSlice, 0)
+ ret.unmarshalObject(in) // consumes the terminating '}'
+
+ if in.Ok() {
+ return ret
+ }
+
+ // lexer is in an error state: will exhaust
+ return nil
+
+ case '[': // not consumed yet
+ return s.unmarshalArray(in) // consumes the terminating ']'
+ default:
+ in.SetErr(fmt.Errorf("unexpected delimiter: %v: %w", tok, ErrStdlib)) // force error
+ return nil
+ }
+
+ case tokenUndef:
+ fallthrough
+ default:
+ if in.Ok() {
+ in.SetErr(fmt.Errorf("unexpected token: %v: %w", tok, ErrStdlib)) // force error
+ }
+
+ return nil
+ }
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/pool.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/pool.go
new file mode 100644
index 000000000..709b97c30
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/pool.go
@@ -0,0 +1,143 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package json
+
+import (
+ "encoding/json"
+ "sync"
+
+ "github.com/go-openapi/swag/jsonutils/adapters/ifaces"
+)
+
+type adaptersPool struct {
+ sync.Pool
+}
+
+func (p *adaptersPool) Borrow() *Adapter {
+ return p.Get().(*Adapter)
+}
+
+func (p *adaptersPool) BorrowIface() ifaces.Adapter {
+ return p.Get().(*Adapter)
+}
+
+func (p *adaptersPool) Redeem(a *Adapter) {
+ p.Put(a)
+}
+
+type writersPool struct {
+ sync.Pool
+}
+
+func (p *writersPool) Borrow() *jwriter {
+ ptr := p.Get()
+
+ jw := ptr.(*jwriter)
+ jw.Reset()
+
+ return jw
+}
+
+func (p *writersPool) Redeem(w *jwriter) {
+ p.Put(w)
+}
+
+type lexersPool struct {
+ sync.Pool
+}
+
+func (p *lexersPool) Borrow(data []byte) *jlexer {
+ ptr := p.Get()
+
+ l := ptr.(*jlexer)
+ l.buf = poolOfReaders.Borrow(data)
+ l.dec = json.NewDecoder(l.buf) // cannot pool, not exposed by the encoding/json API
+ l.Reset()
+
+ return l
+}
+
+func (p *lexersPool) Redeem(l *jlexer) {
+ l.dec = nil
+ discard := l.buf
+ l.buf = nil
+ poolOfReaders.Redeem(discard)
+ p.Put(l)
+}
+
+type readersPool struct {
+ sync.Pool
+}
+
+func (p *readersPool) Borrow(data []byte) *bytesReader {
+ ptr := p.Get()
+
+ b := ptr.(*bytesReader)
+ b.Reset()
+ b.buf = data
+
+ return b
+}
+
+func (p *readersPool) Redeem(b *bytesReader) {
+ p.Put(b)
+}
+
+var (
+ poolOfAdapters = &adaptersPool{
+ Pool: sync.Pool{
+ New: func() any {
+ return NewAdapter()
+ },
+ },
+ }
+
+ poolOfWriters = &writersPool{
+ Pool: sync.Pool{
+ New: func() any {
+ return newJWriter()
+ },
+ },
+ }
+
+ poolOfLexers = &lexersPool{
+ Pool: sync.Pool{
+ New: func() any {
+ return newLexer(nil)
+ },
+ },
+ }
+
+ poolOfReaders = &readersPool{
+ Pool: sync.Pool{
+ New: func() any {
+ return &bytesReader{}
+ },
+ },
+ }
+)
+
+// BorrowAdapter borrows an [Adapter] from the pool, recycling already allocated instances.
+func BorrowAdapter() *Adapter {
+ return poolOfAdapters.Borrow()
+}
+
+// BorrowAdapterIface borrows a stdlib [Adapter] and converts it directly
+// to [ifaces.Adapter]. This is useful to avoid further allocations when
+// translating the concrete type into an interface.
+func BorrowAdapterIface() ifaces.Adapter {
+ return poolOfAdapters.BorrowIface()
+}
+
+// RedeemAdapter redeems an [Adapter] to the pool, so it may be recycled.
+func RedeemAdapter(a *Adapter) {
+ poolOfAdapters.Redeem(a)
+}
+
+func RedeemAdapterIface(a ifaces.Adapter) {
+ concrete, ok := a.(*Adapter)
+ if ok {
+ poolOfAdapters.Redeem(concrete)
+ }
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/register.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/register.go
new file mode 100644
index 000000000..fc8818694
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/register.go
@@ -0,0 +1,26 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package json
+
+import (
+ "fmt"
+ "reflect"
+
+ "github.com/go-openapi/swag/jsonutils/adapters/ifaces"
+)
+
+func Register(dispatcher ifaces.Registrar) {
+ t := reflect.TypeOf(Adapter{})
+ dispatcher.RegisterFor(
+ ifaces.RegistryEntry{
+ Who: fmt.Sprintf("%s.%s", t.PkgPath(), t.Name()),
+ What: ifaces.AllCapabilities,
+ Constructor: BorrowAdapterIface,
+ Support: support,
+ })
+}
+
+func support(_ ifaces.Capability, _ any) bool {
+ return true
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/writer.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/writer.go
new file mode 100644
index 000000000..dc2325c1a
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/writer.go
@@ -0,0 +1,75 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package json
+
+import (
+ "bytes"
+ "encoding/json"
+ "strings"
+)
+
+type jwriter struct {
+ buf *bytes.Buffer
+ err error
+}
+
+func newJWriter() *jwriter {
+ buf := make([]byte, 0, sensibleBufferSize)
+
+ return &jwriter{buf: bytes.NewBuffer(buf)}
+}
+
+func (w *jwriter) Reset() {
+ w.buf.Reset()
+ w.err = nil
+}
+
+func (w *jwriter) RawString(s string) {
+ if w.err != nil {
+ return
+ }
+ w.buf.WriteString(s)
+}
+
+func (w *jwriter) Raw(b []byte, err error) {
+ if w.err != nil {
+ return
+ }
+ if err != nil {
+ w.err = err
+ return
+ }
+
+ _, _ = w.buf.Write(b)
+}
+
+func (w *jwriter) RawByte(c byte) {
+ if w.err != nil {
+ return
+ }
+ w.buf.WriteByte(c)
+}
+
+var quoteReplacer = strings.NewReplacer(`"`, `\"`, `\`, `\\`)
+
+func (w *jwriter) String(s string) {
+ if w.err != nil {
+ return
+ }
+ // escape quotes and \
+ s = quoteReplacer.Replace(s)
+
+ _ = w.buf.WriteByte('"')
+ json.HTMLEscape(w.buf, []byte(s))
+ _ = w.buf.WriteByte('"')
+}
+
+// BuildBytes returns a clone of the internal buffer.
+func (w *jwriter) BuildBytes() ([]byte, error) {
+ if w.err != nil {
+ return nil, w.err
+ }
+
+ return bytes.Clone(w.buf.Bytes()), nil
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/concat.go b/vendor/github.com/go-openapi/swag/jsonutils/concat.go
new file mode 100644
index 000000000..2068503af
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/concat.go
@@ -0,0 +1,92 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package jsonutils
+
+import (
+ "bytes"
+)
+
+// nullJSON represents a JSON object with null type
+var nullJSON = []byte("null")
+
+const comma = byte(',')
+
+var closers map[byte]byte
+
+func init() {
+ closers = map[byte]byte{
+ '{': '}',
+ '[': ']',
+ }
+}
+
+// ConcatJSON concatenates multiple json objects or arrays efficiently.
+//
+// Note that [ConcatJSON] performs a very simple (and fast) concatenation
+// operation: it does not attempt to merge objects.
+func ConcatJSON(blobs ...[]byte) []byte {
+ if len(blobs) == 0 {
+ return nil
+ }
+
+ last := len(blobs) - 1
+ for blobs[last] == nil || bytes.Equal(blobs[last], nullJSON) {
+ // strips trailing null objects
+ last--
+ if last < 0 {
+ // there was nothing but "null"s or nil...
+ return nil
+ }
+ }
+ if last == 0 {
+ return blobs[0]
+ }
+
+ var opening, closing byte
+ var idx, a int
+ buf := bytes.NewBuffer(nil)
+
+ for i, b := range blobs[:last+1] {
+ if b == nil || bytes.Equal(b, nullJSON) {
+ // a null object is in the list: skip it
+ continue
+ }
+ if len(b) > 0 && opening == 0 { // is this an array or an object?
+ opening, closing = b[0], closers[b[0]]
+ }
+
+ if opening != '{' && opening != '[' {
+ continue // don't know how to concatenate non container objects
+ }
+
+ const minLengthIfNotEmpty = 3
+ if len(b) < minLengthIfNotEmpty { // yep empty but also the last one, so closing this thing
+ if i == last && a > 0 {
+ _ = buf.WriteByte(closing) // never returns err != nil
+ }
+ continue
+ }
+
+ idx = 0
+ if a > 0 { // we need to join with a comma for everything beyond the first non-empty item
+ _ = buf.WriteByte(comma) // never returns err != nil
+ idx = 1 // this is not the first or the last so we want to drop the leading bracket
+ }
+
+ if i != last { // not the last one, strip brackets
+ _, _ = buf.Write(b[idx : len(b)-1]) // never returns err != nil
+ } else { // last one, strip only the leading bracket
+ _, _ = buf.Write(b[idx:])
+ }
+ a++
+ }
+
+ // somehow it ended up being empty, so provide a default value
+ if buf.Len() == 0 && (opening == '{' || opening == '[') {
+ _ = buf.WriteByte(opening) // never returns err != nil
+ _ = buf.WriteByte(closing)
+ }
+
+ return buf.Bytes()
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/doc.go b/vendor/github.com/go-openapi/swag/jsonutils/doc.go
new file mode 100644
index 000000000..3926cc58d
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/doc.go
@@ -0,0 +1,7 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package jsonutils provides helpers to work with JSON.
+//
+// These utilities work with dynamic go structures to and from JSON.
+package jsonutils
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/json.go b/vendor/github.com/go-openapi/swag/jsonutils/json.go
new file mode 100644
index 000000000..40753ce03
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/json.go
@@ -0,0 +1,116 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package jsonutils
+
+import (
+ "bytes"
+ "encoding/json"
+
+ "github.com/go-openapi/swag/jsonutils/adapters"
+ "github.com/go-openapi/swag/jsonutils/adapters/ifaces"
+)
+
+// WriteJSON marshals a data structure as JSON.
+//
+// The difference with [json.Marshal] is that it may check among several alternatives
+// to do so.
+//
+// See [adapters.Registrar] for more details about how to configure
+// multiple serialization alternatives.
+//
+// NOTE: to allow types that are [easyjson.Marshaler] s to use that route to process JSON,
+// you now need to register the adapter for easyjson at runtime.
+func WriteJSON(value any) ([]byte, error) {
+ if orderedMap, isOrdered := value.(ifaces.Ordered); isOrdered {
+ orderedMarshaler := adapters.OrderedMarshalAdapterFor(orderedMap)
+
+ if orderedMarshaler != nil {
+ defer orderedMarshaler.Redeem()
+
+ return orderedMarshaler.OrderedMarshal(orderedMap)
+ }
+
+ // no support found in registered adapters, fallback to the default (unordered) case
+ }
+
+ marshaler := adapters.MarshalAdapterFor(value)
+ if marshaler != nil {
+ defer marshaler.Redeem()
+
+ return marshaler.Marshal(value)
+ }
+
+ // no support found in registered adapters, fallback to the default standard library.
+ //
+ // This only happens when tinkering with the global registry of adapters, since the default handles all the above cases.
+ return json.Marshal(value) // Codecov ignore // this is a safeguard not easily simulated in tests
+}
+
+// ReadJSON unmarshals JSON data into a data structure.
+//
+// The difference with [json.Unmarshal] is that it may check among several alternatives
+// to do so.
+//
+// See [adapters.Registrar] for more details about how to configure
+// multiple serialization alternatives.
+//
+// NOTE: value must be a pointer.
+//
+// If the provided value implements [ifaces.SetOrdered], it is a considered an "ordered map" and [ReadJSON]
+// will favor an adapter that supports the [ifaces.OrderedUnmarshal] feature, or fallback to
+// an unordered behavior if none is found.
+//
+// NOTE: to allow types that are [easyjson.Unmarshaler] s to use that route to process JSON,
+// you now need to register the adapter for easyjson at runtime.
+func ReadJSON(data []byte, value any) error {
+ trimmedData := bytes.Trim(data, "\x00")
+
+ if orderedMap, isOrdered := value.(ifaces.SetOrdered); isOrdered {
+ // if the value is an ordered map, favors support for OrderedUnmarshal.
+
+ orderedUnmarshaler := adapters.OrderedUnmarshalAdapterFor(orderedMap)
+
+ if orderedUnmarshaler != nil {
+ defer orderedUnmarshaler.Redeem()
+
+ return orderedUnmarshaler.OrderedUnmarshal(trimmedData, orderedMap)
+ }
+
+ // no support found in registered adapters, fallback to the default (unordered) case
+ }
+
+ unmarshaler := adapters.UnmarshalAdapterFor(value)
+ if unmarshaler != nil {
+ defer unmarshaler.Redeem()
+
+ return unmarshaler.Unmarshal(trimmedData, value)
+ }
+
+ // no support found in registered adapters, fallback to the default standard library.
+ //
+ // This only happens when tinkering with the global registry of adapters, since the default handles all the above cases.
+ return json.Unmarshal(trimmedData, value) // Codecov ignore // this is a safeguard not easily simulated in tests
+}
+
+// FromDynamicJSON turns a go value into a properly JSON typed structure.
+//
+// "Dynamic JSON" refers to what you get when unmarshaling JSON into an untyped any,
+// i.e. objects are represented by map[string]any, arrays by []any, and
+// all numbers are represented as float64.
+//
+// NOTE: target must be a pointer.
+//
+// # Maintaining the order of keys in objects
+//
+// If source and target implement [ifaces.Ordered] and [ifaces.SetOrdered] respectively,
+// they are considered "ordered maps" and the order of keys is maintained in the
+// "jsonification" process. In that case, map[string]any values are replaced by (ordered) [JSONMapSlice] ones.
+func FromDynamicJSON(source, target any) error {
+ b, err := WriteJSON(source)
+ if err != nil {
+ return err
+ }
+
+ return ReadJSON(b, target)
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils/ordered_map.go b/vendor/github.com/go-openapi/swag/jsonutils/ordered_map.go
new file mode 100644
index 000000000..38dd3e244
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils/ordered_map.go
@@ -0,0 +1,114 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package jsonutils
+
+import (
+ "iter"
+
+ "github.com/go-openapi/swag/jsonutils/adapters"
+ "github.com/go-openapi/swag/typeutils"
+)
+
+// JSONMapSlice represents a JSON object, with the order of keys maintained.
+//
+// It behaves like an ordered map, but keys can't be accessed in constant time.
+type JSONMapSlice []JSONMapItem
+
+// OrderedItems iterates over all (key,value) pairs with the order of keys maintained.
+//
+// This implements the [ifaces.Ordered] interface, so that [ifaces.Adapter] s know how to marshal
+// keys in the desired order.
+func (s JSONMapSlice) OrderedItems() iter.Seq2[string, any] {
+ return func(yield func(string, any) bool) {
+ for _, item := range s {
+ if !yield(item.Key, item.Value) {
+ return
+ }
+ }
+ }
+}
+
+// SetOrderedItems sets keys in the [JSONMapSlice] objects, as presented by
+// the provided iterator.
+//
+// As a special case, if items is nil, this sets to receiver to a nil slice.
+//
+// This implements the [ifaces.SetOrdered] interface, so that [ifaces.Adapter] s know how to unmarshal
+// keys in the desired order.
+func (s *JSONMapSlice) SetOrderedItems(items iter.Seq2[string, any]) {
+ if items == nil {
+ // force receiver to be a nil slice
+ *s = nil
+
+ return
+ }
+
+ m := *s
+ if len(m) > 0 {
+ // update mode: short-circuited when unmarshaling fresh data structures
+ idx := make(map[string]int, len(m))
+
+ for i, item := range m {
+ idx[item.Key] = i
+ }
+
+ for k, v := range items {
+ idx, ok := idx[k]
+ if ok {
+ m[idx].Value = v
+
+ continue
+ }
+
+ m = append(m, JSONMapItem{Key: k, Value: v})
+ }
+
+ *s = m
+
+ return
+ }
+
+ for k, v := range items {
+ m = append(m, JSONMapItem{Key: k, Value: v})
+ }
+
+ *s = m
+}
+
+// MarshalJSON renders a [JSONMapSlice] as JSON bytes, preserving the order of keys.
+//
+// It will pick the JSON library currently configured by the [adapters.Registry] (defaults to the standard library).
+func (s JSONMapSlice) MarshalJSON() ([]byte, error) {
+ orderedMarshaler := adapters.OrderedMarshalAdapterFor(s)
+ defer orderedMarshaler.Redeem()
+
+ return orderedMarshaler.OrderedMarshal(s)
+}
+
+// UnmarshalJSON builds a [JSONMapSlice] from JSON bytes, preserving the order of keys.
+//
+// Inner objects are unmarshaled as ordered [JSONMapSlice] slices and not map[string]any.
+//
+// It will pick the JSON library currently configured by the [adapters.Registry] (defaults to the standard library).
+func (s *JSONMapSlice) UnmarshalJSON(data []byte) error {
+ if typeutils.IsNil(*s) {
+ // allow to unmarshal with a simple var declaration (nil slice)
+ *s = JSONMapSlice{}
+ }
+
+ orderedUnmarshaler := adapters.OrderedUnmarshalAdapterFor(s)
+ defer orderedUnmarshaler.Redeem()
+
+ return orderedUnmarshaler.OrderedUnmarshal(data, s)
+}
+
+// JSONMapItem represents the value of a key in a JSON object held by [JSONMapSlice].
+//
+// Notice that JSONMapItem should not be marshaled to or unmarshaled from JSON directly.
+//
+// Use this type as part of a [JSONMapSlice] when dealing with JSON bytes.
+type JSONMapItem struct {
+ Key string
+ Value any
+}
diff --git a/vendor/github.com/go-openapi/swag/jsonutils_iface.go b/vendor/github.com/go-openapi/swag/jsonutils_iface.go
new file mode 100644
index 000000000..7bd4105fa
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/jsonutils_iface.go
@@ -0,0 +1,65 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import (
+ "log"
+
+ "github.com/go-openapi/swag/jsonutils"
+)
+
+// JSONMapSlice represents a JSON object, with the order of keys maintained
+//
+// Deprecated: use [jsonutils.JSONMapSlice] instead, or [yamlutils.YAMLMapSlice] if you marshal YAML.
+type JSONMapSlice = jsonutils.JSONMapSlice
+
+// JSONMapItem represents a JSON object, with the order of keys maintained
+//
+// Deprecated: use [jsonutils.JSONMapItem] instead.
+type JSONMapItem = jsonutils.JSONMapItem
+
+// WriteJSON writes json data.
+//
+// Deprecated: use [jsonutils.WriteJSON] instead.
+func WriteJSON(data any) ([]byte, error) { return jsonutils.WriteJSON(data) }
+
+// ReadJSON reads json data.
+//
+// Deprecated: use [jsonutils.ReadJSON] instead.
+func ReadJSON(data []byte, value any) error { return jsonutils.ReadJSON(data, value) }
+
+// DynamicJSONToStruct converts an untyped JSON structure into a target data type.
+//
+// Deprecated: use [jsonutils.FromDynamicJSON] instead.
+func DynamicJSONToStruct(data any, target any) error {
+ return jsonutils.FromDynamicJSON(data, target)
+}
+
+// ConcatJSON concatenates multiple JSON objects efficiently.
+//
+// Deprecated: use [jsonutils.ConcatJSON] instead.
+func ConcatJSON(blobs ...[]byte) []byte { return jsonutils.ConcatJSON(blobs...) }
+
+// ToDynamicJSON turns a go value into a properly JSON untyped structure.
+//
+// It is the same as [FromDynamicJSON], but doesn't check for errors.
+//
+// Deprecated: this function is a misnomer and is unsafe. Use [jsonutils.FromDynamicJSON] instead.
+func ToDynamicJSON(value any) any {
+ var res any
+ if err := FromDynamicJSON(value, &res); err != nil {
+ log.Println(err)
+ }
+
+ return res
+}
+
+// FromDynamicJSON turns a go value into a properly JSON typed structure.
+//
+// "Dynamic JSON" refers to what you get when unmarshaling JSON into an untyped any,
+// i.e. objects are represented by map[string]any, arrays by []any, and all
+// scalar values are any.
+//
+// Deprecated: use [jsonutils.FromDynamicJSON] instead.
+func FromDynamicJSON(data, target any) error { return jsonutils.FromDynamicJSON(data, target) }
diff --git a/vendor/github.com/go-openapi/swag/loading/LICENSE b/vendor/github.com/go-openapi/swag/loading/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/loading/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/loading/doc.go b/vendor/github.com/go-openapi/swag/loading/doc.go
new file mode 100644
index 000000000..8cf7bcb8b
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/loading/doc.go
@@ -0,0 +1,5 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package loading provides tools to load a file from http or from a local file system.
+package loading
diff --git a/vendor/github.com/go-openapi/swag/loading/errors.go b/vendor/github.com/go-openapi/swag/loading/errors.go
new file mode 100644
index 000000000..b3964289c
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/loading/errors.go
@@ -0,0 +1,15 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package loading
+
+type loadingError string
+
+const (
+ // ErrLoader is an error raised by the file loader utility
+ ErrLoader loadingError = "loader error"
+)
+
+func (e loadingError) Error() string {
+ return string(e)
+}
diff --git a/vendor/github.com/go-openapi/swag/loading/json.go b/vendor/github.com/go-openapi/swag/loading/json.go
new file mode 100644
index 000000000..59db12f5c
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/loading/json.go
@@ -0,0 +1,25 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package loading
+
+import (
+ "encoding/json"
+ "errors"
+ "path/filepath"
+)
+
+// JSONMatcher matches json for a file loader.
+func JSONMatcher(path string) bool {
+ ext := filepath.Ext(path)
+ return ext == ".json" || ext == ".jsn" || ext == ".jso"
+}
+
+// JSONDoc loads a json document from either a file or a remote url.
+func JSONDoc(path string, opts ...Option) (json.RawMessage, error) {
+ data, err := LoadFromFileOrHTTP(path, opts...)
+ if err != nil {
+ return nil, errors.Join(err, ErrLoader)
+ }
+ return json.RawMessage(data), nil
+}
diff --git a/vendor/github.com/go-openapi/swag/loading.go b/vendor/github.com/go-openapi/swag/loading/loading.go
similarity index 61%
rename from vendor/github.com/go-openapi/swag/loading.go
rename to vendor/github.com/go-openapi/swag/loading/loading.go
index 658a24b78..269fb74d1 100644
--- a/vendor/github.com/go-openapi/swag/loading.go
+++ b/vendor/github.com/go-openapi/swag/loading/loading.go
@@ -1,54 +1,26 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
-package swag
+package loading
import (
+ "context"
+ "embed"
"fmt"
"io"
"log"
"net/http"
"net/url"
- "os"
"path"
"path/filepath"
"runtime"
"strings"
- "time"
)
-// LoadHTTPTimeout the default timeout for load requests
-var LoadHTTPTimeout = 30 * time.Second
-
-// LoadHTTPBasicAuthUsername the username to use when load requests require basic auth
-var LoadHTTPBasicAuthUsername = ""
-
-// LoadHTTPBasicAuthPassword the password to use when load requests require basic auth
-var LoadHTTPBasicAuthPassword = ""
-
-// LoadHTTPCustomHeaders an optional collection of custom HTTP headers for load requests
-var LoadHTTPCustomHeaders = map[string]string{}
-
// LoadFromFileOrHTTP loads the bytes from a file or a remote http server based on the path passed in
-func LoadFromFileOrHTTP(pth string) ([]byte, error) {
- return LoadStrategy(pth, os.ReadFile, loadHTTPBytes(LoadHTTPTimeout))(pth)
-}
-
-// LoadFromFileOrHTTPWithTimeout loads the bytes from a file or a remote http server based on the path passed in
-// timeout arg allows for per request overriding of the request timeout
-func LoadFromFileOrHTTPWithTimeout(pth string, timeout time.Duration) ([]byte, error) {
- return LoadStrategy(pth, os.ReadFile, loadHTTPBytes(timeout))(pth)
+func LoadFromFileOrHTTP(pth string, opts ...Option) ([]byte, error) {
+ o := optionsWithDefaults(opts)
+ return LoadStrategy(pth, o.ReadFileFunc(), loadHTTPBytes(opts...), opts...)(pth)
}
// LoadStrategy returns a loader function for a given path or URI.
@@ -81,10 +53,12 @@ func LoadFromFileOrHTTPWithTimeout(pth string, timeout time.Duration) ([]byte, e
// - `file://host/folder/file` becomes an UNC path like `\\host\folder\file` (no port specification is supported)
// - `file:///c:/folder/file` becomes `C:\folder\file`
// - `file://c:/folder/file` is tolerated (without leading `/`) and becomes `c:\folder\file`
-func LoadStrategy(pth string, local, remote func(string) ([]byte, error)) func(string) ([]byte, error) {
+func LoadStrategy(pth string, local, remote func(string) ([]byte, error), opts ...Option) func(string) ([]byte, error) {
if strings.HasPrefix(pth, "http") {
return remote
}
+ o := optionsWithDefaults(opts)
+ _, isEmbedFS := o.fs.(embed.FS)
return func(p string) ([]byte, error) {
upth, err := url.PathUnescape(p)
@@ -92,19 +66,19 @@ func LoadStrategy(pth string, local, remote func(string) ([]byte, error)) func(s
return nil, err
}
- if !strings.HasPrefix(p, `file://`) {
+ cpth, hasPrefix := strings.CutPrefix(upth, "file://")
+ if !hasPrefix || isEmbedFS || runtime.GOOS != "windows" {
+ // crude processing: trim the file:// prefix. This leaves full URIs with a host with a (mostly) unexpected result
// regular file path provided: just normalize slashes
- return local(filepath.FromSlash(upth))
- }
-
- if runtime.GOOS != "windows" {
- // crude processing: this leaves full URIs with a host with a (mostly) unexpected result
- upth = strings.TrimPrefix(upth, `file://`)
+ if isEmbedFS {
+ // on windows, we need to slash the path if FS is an embed FS.
+ return local(strings.TrimLeft(filepath.ToSlash(cpth), "./")) // remove invalid leading characters for embed FS
+ }
- return local(filepath.FromSlash(upth))
+ return local(filepath.FromSlash(cpth))
}
- // windows-only pre-processing of file://... URIs
+ // windows-only pre-processing of file://... URIs, excluding embed.FS
// support for canonical file URIs on windows.
u, err := url.Parse(filepath.ToSlash(upth))
@@ -139,19 +113,29 @@ func LoadStrategy(pth string, local, remote func(string) ([]byte, error)) func(s
}
}
-func loadHTTPBytes(timeout time.Duration) func(path string) ([]byte, error) {
+func loadHTTPBytes(opts ...Option) func(path string) ([]byte, error) {
+ o := optionsWithDefaults(opts)
+
return func(path string) ([]byte, error) {
- client := &http.Client{Timeout: timeout}
- req, err := http.NewRequest(http.MethodGet, path, nil) //nolint:noctx
+ client := o.client
+ timeoutCtx := context.Background()
+ var cancel func()
+
+ if o.httpTimeout > 0 {
+ timeoutCtx, cancel = context.WithTimeout(timeoutCtx, o.httpTimeout)
+ defer cancel()
+ }
+
+ req, err := http.NewRequestWithContext(timeoutCtx, http.MethodGet, path, nil)
if err != nil {
return nil, err
}
- if LoadHTTPBasicAuthUsername != "" && LoadHTTPBasicAuthPassword != "" {
- req.SetBasicAuth(LoadHTTPBasicAuthUsername, LoadHTTPBasicAuthPassword)
+ if o.basicAuthUsername != "" && o.basicAuthPassword != "" {
+ req.SetBasicAuth(o.basicAuthUsername, o.basicAuthPassword)
}
- for key, val := range LoadHTTPCustomHeaders {
+ for key, val := range o.customHeaders {
req.Header.Set(key, val)
}
diff --git a/vendor/github.com/go-openapi/swag/loading/options.go b/vendor/github.com/go-openapi/swag/loading/options.go
new file mode 100644
index 000000000..6674ac69e
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/loading/options.go
@@ -0,0 +1,125 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package loading
+
+import (
+ "io/fs"
+ "net/http"
+ "os"
+ "time"
+)
+
+type (
+ // Option provides options for loading a file over HTTP or from a file.
+ Option func(*options)
+
+ httpOptions struct {
+ httpTimeout time.Duration
+ basicAuthUsername string
+ basicAuthPassword string
+ customHeaders map[string]string
+ client *http.Client
+ }
+
+ fileOptions struct {
+ fs fs.ReadFileFS
+ }
+
+ options struct {
+ httpOptions
+ fileOptions
+ }
+)
+
+func (fo fileOptions) ReadFileFunc() func(string) ([]byte, error) {
+ if fo.fs == nil {
+ return os.ReadFile
+ }
+
+ return fo.fs.ReadFile
+}
+
+// WithTimeout sets a timeout for the remote file loader.
+//
+// The default timeout is 30s.
+func WithTimeout(timeout time.Duration) Option {
+ return func(o *options) {
+ o.httpTimeout = timeout
+ }
+}
+
+// WithBasicAuth sets a basic authentication scheme for the remote file loader.
+func WithBasicAuth(username, password string) Option {
+ return func(o *options) {
+ o.basicAuthUsername = username
+ o.basicAuthPassword = password
+ }
+}
+
+// WithCustomHeaders sets custom headers for the remote file loader.
+func WithCustomHeaders(headers map[string]string) Option {
+ return func(o *options) {
+ if o.customHeaders == nil {
+ o.customHeaders = make(map[string]string, len(headers))
+ }
+
+ for header, value := range headers {
+ o.customHeaders[header] = value
+ }
+ }
+}
+
+// WithHTTPClient overrides the default HTTP client used to fetch a remote file.
+//
+// By default, [http.DefaultClient] is used.
+func WithHTTPClient(client *http.Client) Option {
+ return func(o *options) {
+ o.client = client
+ }
+}
+
+// WithFS sets a file system for the local file loader.
+//
+// If the provided file system is a [fs.ReadFileFS], the ReadFile function is used.
+// Otherwise, ReadFile is wrapped using [fs.ReadFile].
+//
+// By default, the file system is the one provided by the os package.
+//
+// For example, this may be set to consume from an embedded file system, or a rooted FS.
+func WithFS(filesystem fs.FS) Option {
+ return func(o *options) {
+ if rfs, ok := filesystem.(fs.ReadFileFS); ok {
+ o.fs = rfs
+
+ return
+ }
+ o.fs = readFileFS{FS: filesystem}
+ }
+}
+
+type readFileFS struct {
+ fs.FS
+}
+
+func (r readFileFS) ReadFile(name string) ([]byte, error) {
+ return fs.ReadFile(r.FS, name)
+}
+
+func optionsWithDefaults(opts []Option) options {
+ const defaultTimeout = 30 * time.Second
+
+ o := options{
+ // package level defaults
+ httpOptions: httpOptions{
+ httpTimeout: defaultTimeout,
+ client: http.DefaultClient,
+ },
+ }
+
+ for _, apply := range opts {
+ apply(&o)
+ }
+
+ return o
+}
diff --git a/vendor/github.com/go-openapi/swag/loading/yaml.go b/vendor/github.com/go-openapi/swag/loading/yaml.go
new file mode 100644
index 000000000..3ebb53668
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/loading/yaml.go
@@ -0,0 +1,37 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package loading
+
+import (
+ "encoding/json"
+ "path/filepath"
+
+ "github.com/go-openapi/swag/yamlutils"
+)
+
+// YAMLMatcher matches yaml for a file loader.
+func YAMLMatcher(path string) bool {
+ ext := filepath.Ext(path)
+ return ext == ".yaml" || ext == ".yml"
+}
+
+// YAMLDoc loads a yaml document from either http or a file and converts it to json.
+func YAMLDoc(path string, opts ...Option) (json.RawMessage, error) {
+ yamlDoc, err := YAMLData(path, opts...)
+ if err != nil {
+ return nil, err
+ }
+
+ return yamlutils.YAMLToJSON(yamlDoc)
+}
+
+// YAMLData loads a yaml document from either http or a file.
+func YAMLData(path string, opts ...Option) (any, error) {
+ data, err := LoadFromFileOrHTTP(path, opts...)
+ if err != nil {
+ return nil, err
+ }
+
+ return yamlutils.BytesToYAMLDoc(data)
+}
diff --git a/vendor/github.com/go-openapi/swag/loading_iface.go b/vendor/github.com/go-openapi/swag/loading_iface.go
new file mode 100644
index 000000000..27ec3fb8c
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/loading_iface.go
@@ -0,0 +1,91 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import (
+ "encoding/json"
+ "time"
+
+ "github.com/go-openapi/swag/loading"
+)
+
+var (
+ // Package-level defaults for the file loading utilities (deprecated).
+
+ // LoadHTTPTimeout the default timeout for load requests.
+ //
+ // Deprecated: use [loading.WithTimeout] instead.
+ LoadHTTPTimeout = 30 * time.Second
+
+ // LoadHTTPBasicAuthUsername the username to use when load requests require basic auth.
+ //
+ // Deprecated: use [loading.WithBasicAuth] instead.
+ LoadHTTPBasicAuthUsername = ""
+
+ // LoadHTTPBasicAuthPassword the password to use when load requests require basic auth.
+ //
+ // Deprecated: use [loading.WithBasicAuth] instead.
+ LoadHTTPBasicAuthPassword = ""
+
+ // LoadHTTPCustomHeaders an optional collection of custom HTTP headers for load requests.
+ //
+ // Deprecated: use [loading.WithCustomHeaders] instead.
+ LoadHTTPCustomHeaders = map[string]string{}
+)
+
+// LoadFromFileOrHTTP loads the bytes from a file or a remote http server based on the provided path.
+//
+// Deprecated: use [loading.LoadFromFileOrHTTP] instead.
+func LoadFromFileOrHTTP(pth string, opts ...loading.Option) ([]byte, error) {
+ return loading.LoadFromFileOrHTTP(pth, loadingOptionsWithDefaults(opts)...)
+}
+
+// LoadFromFileOrHTTPWithTimeout loads the bytes from a file or a remote http server based on the path passed in
+// timeout arg allows for per request overriding of the request timeout.
+//
+// Deprecated: use [loading.LoadFileOrHTTP] with the [loading.WithTimeout] option instead.
+func LoadFromFileOrHTTPWithTimeout(pth string, timeout time.Duration, opts ...loading.Option) ([]byte, error) {
+ opts = append(opts, loading.WithTimeout(timeout))
+
+ return LoadFromFileOrHTTP(pth, opts...)
+}
+
+// LoadStrategy returns a loader function for a given path or URL.
+//
+// Deprecated: use [loading.LoadStrategy] instead.
+func LoadStrategy(pth string, local, remote func(string) ([]byte, error), opts ...loading.Option) func(string) ([]byte, error) {
+ return loading.LoadStrategy(pth, local, remote, loadingOptionsWithDefaults(opts)...)
+}
+
+// YAMLMatcher matches yaml for a file loader.
+//
+// Deprecated: use [loading.YAMLMatcher] instead.
+func YAMLMatcher(path string) bool { return loading.YAMLMatcher(path) }
+
+// YAMLDoc loads a yaml document from either http or a file and converts it to json.
+//
+// Deprecated: use [loading.YAMLDoc] instead.
+func YAMLDoc(path string) (json.RawMessage, error) {
+ return loading.YAMLDoc(path)
+}
+
+// YAMLData loads a yaml document from either http or a file.
+//
+// Deprecated: use [loading.YAMLData] instead.
+func YAMLData(path string) (any, error) {
+ return loading.YAMLData(path)
+}
+
+// loadingOptionsWithDefaults bridges deprecated default settings that use package-level variables,
+// with the recommended use of loading.Option.
+func loadingOptionsWithDefaults(opts []loading.Option) []loading.Option {
+ o := []loading.Option{
+ loading.WithTimeout(LoadHTTPTimeout),
+ loading.WithBasicAuth(LoadHTTPBasicAuthUsername, LoadHTTPBasicAuthPassword),
+ loading.WithCustomHeaders(LoadHTTPCustomHeaders),
+ }
+ o = append(o, opts...)
+
+ return o
+}
diff --git a/vendor/github.com/go-openapi/swag/BENCHMARK.md b/vendor/github.com/go-openapi/swag/mangling/BENCHMARK.md
similarity index 53%
rename from vendor/github.com/go-openapi/swag/BENCHMARK.md
rename to vendor/github.com/go-openapi/swag/mangling/BENCHMARK.md
index e7f28ed6b..6674c63b7 100644
--- a/vendor/github.com/go-openapi/swag/BENCHMARK.md
+++ b/vendor/github.com/go-openapi/swag/mangling/BENCHMARK.md
@@ -1,12 +1,10 @@
-# Benchmarks
-
-## Name mangling utilities
+# Benchmarking name mangling utilities
```bash
go test -bench XXX -run XXX -benchtime 30s
```
-### Benchmarks at b3e7a5386f996177e4808f11acb2aa93a0f660df
+## Benchmarks at b3e7a5386f996177e4808f11acb2aa93a0f660df
```
goos: linux
@@ -21,7 +19,7 @@ BenchmarkToXXXName/ToHumanNameLower-4 895334 40354 ns/op 10472 B/op
BenchmarkToXXXName/ToHumanNameTitle-4 882441 40678 ns/op 10566 B/op 749 allocs/op
```
-### Benchmarks after PR #79
+## Benchmarks after PR #79
~ x10 performance improvement and ~ /100 memory allocations.
@@ -50,3 +48,43 @@ BenchmarkToXXXName/ToCommandName-16 32256634 1137 ns/op 147 B/op
BenchmarkToXXXName/ToHumanNameLower-16 18599661 1946 ns/op 92 B/op 6 allocs/op
BenchmarkToXXXName/ToHumanNameTitle-16 17581353 2054 ns/op 105 B/op 6 allocs/op
```
+
+## Benchmarks at d7d2d1b895f5b6747afaff312dd2a402e69e818b
+
+go1.24
+
+```
+goos: linux
+goarch: amd64
+pkg: github.com/go-openapi/swag
+cpu: AMD Ryzen 7 5800X 8-Core Processor
+BenchmarkToXXXName/ToGoName-16 19757858 1881 ns/op 42 B/op 5 allocs/op
+BenchmarkToXXXName/ToVarName-16 17494111 2094 ns/op 74 B/op 7 allocs/op
+BenchmarkToXXXName/ToFileName-16 28161226 1492 ns/op 158 B/op 7 allocs/op
+BenchmarkToXXXName/ToCommandName-16 23787333 1489 ns/op 158 B/op 7 allocs/op
+BenchmarkToXXXName/ToHumanNameLower-16 17537257 2030 ns/op 103 B/op 6 allocs/op
+BenchmarkToXXXName/ToHumanNameTitle-16 16977453 2156 ns/op 105 B/op 6 allocs/op
+```
+
+## Benchmarks after PR #106
+
+Moving the scope of everything down to a struct allowed to reduce a bit garbage and pooling.
+
+On top of that, ToGoName (and thus ToVarName) have been subject to a minor optimization, removing a few allocations.
+
+Overall timings improve by ~ -10%.
+
+go1.24
+
+```
+goos: linux
+goarch: amd64
+pkg: github.com/go-openapi/swag/mangling
+cpu: AMD Ryzen 7 5800X 8-Core Processor
+BenchmarkToXXXName/ToGoName-16 22496130 1618 ns/op 31 B/op 3 allocs/op
+BenchmarkToXXXName/ToVarName-16 22538068 1618 ns/op 33 B/op 3 allocs/op
+BenchmarkToXXXName/ToFileName-16 27722977 1236 ns/op 105 B/op 6 allocs/op
+BenchmarkToXXXName/ToCommandName-16 27967395 1258 ns/op 105 B/op 6 allocs/op
+BenchmarkToXXXName/ToHumanNameLower-16 18587901 1917 ns/op 103 B/op 6 allocs/op
+BenchmarkToXXXName/ToHumanNameTitle-16 17193208 2019 ns/op 108 B/op 7 allocs/op
+```
diff --git a/vendor/github.com/go-openapi/swag/mangling/LICENSE b/vendor/github.com/go-openapi/swag/mangling/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/mangling/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/mangling/doc.go b/vendor/github.com/go-openapi/swag/mangling/doc.go
new file mode 100644
index 000000000..ce0d89048
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/mangling/doc.go
@@ -0,0 +1,25 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package mangling provides name mangling capabilities.
+//
+// Name mangling is an important stage when generating code:
+// it helps construct safe program identifiers that abide by the language rules
+// and play along with linters.
+//
+// Examples:
+//
+// Suppose we get an object name taken from an API spec: "json_object",
+//
+// We may generate a legit go type name using [NameMangler.ToGoName]: "JsonObject".
+//
+// We may then locate this type in a source file named using [NameMangler.ToFileName]: "json_object.go".
+//
+// The methods exposed by the NameMangler are used to generate code in many different contexts, such as:
+//
+// - generating exported or unexported go identifiers from a JSON schema or an API spec
+// - generating file names
+// - generating human-readable comments for types and variables
+// - generating JSON-like API identifiers from go code
+// - ...
+package mangling
diff --git a/vendor/github.com/go-openapi/swag/mangling/initialism_index.go b/vendor/github.com/go-openapi/swag/mangling/initialism_index.go
new file mode 100644
index 000000000..e5b70c149
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/mangling/initialism_index.go
@@ -0,0 +1,270 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package mangling
+
+import (
+ "sort"
+ "strings"
+ "unicode"
+ "unicode/utf8"
+)
+
+// DefaultInitialisms returns all the initialisms configured by default for this package.
+//
+// # Motivation
+//
+// Common initialisms are acronyms for which the ordinary camel-casing rules are altered and
+// for which we retain the original case.
+//
+// This is largely specific to the go naming conventions enforced by golint (now revive).
+//
+// # Example
+//
+// In go, "id" is a good-looking identifier, but "Id" is not and "ID" is preferred
+// (notice that this stems only from conventions: the go compiler accepts all of these).
+//
+// Similarly, we may use "http", but not "Http". In this case, "HTTP" is preferred.
+//
+// # Reference and customization
+//
+// The default list of these casing-style exceptions is taken from the [github.com/mgechev/revive] linter for go:
+// https://github.com/mgechev/revive/blob/master/lint/name.go#L93
+//
+// There are a few additions to the original list, such as IPv4, IPv6 and OAI ("OpenAPI").
+//
+// For these additions, "IPv4" would be preferred to "Ipv4" or "IPV4", and "OAI" to "Oai"
+//
+// You may redefine this list entirely using the mangler option [WithInitialisms], or simply add extra definitions
+// using [WithAdditionalInitialisms].
+//
+// # Mixed-case and plurals
+//
+// Notice that initialisms are not necessarily fully upper-cased: a mixed-case initialism indicates the preferred casing.
+//
+// Obviously, lower-case only initialisms do not make a lot of sense: if lower-case only initialisms are added,
+// they will be considered fully capitalized.
+//
+// Plural forms use mixed case like "IDs". And so do values like "IPv4" or "IPv6".
+//
+// The [NameMangler] automatically detects simple plurals for words such as "IDs" or "APIs",
+// so you don't need to configure these variants.
+//
+// At this moment, it doesn't support pluralization of terms that ends with an 's' (or 'S'), since there is
+// no clear consensus on whether a word like DNS should be pluralized as DNSes or remain invariant.
+// The [NameMangler] consider those invariant. Therefore DNSs or DNSes are not recognized as plurals for DNS.
+//
+// Besids, we don't want to support pluralization of terms which would otherwise conflict with another one,
+// like "HTTPs" vs "HTTPS". All these should be considered invariant. Hence: "Https" matches "HTTPS" and
+// "HTTPSS" is "HTTPS" followed by "S".
+func DefaultInitialisms() []string {
+ return []string{
+ "ACL",
+ "API",
+ "ASCII",
+ "CPU",
+ "CSS",
+ "DNS",
+ "EOF",
+ "GUID",
+ "HTML",
+ "HTTPS",
+ "HTTP",
+ "ID",
+ "IP",
+ "IPv4", // prefer the mixed case outcome IPv4 over the capitalized IPV4
+ "IPv6", // prefer the mixed case outcome IPv6 over the capitalized IPV6
+ "JSON",
+ "LHS",
+ "OAI",
+ "QPS",
+ "RAM",
+ "RHS",
+ "RPC",
+ "SLA",
+ "SMTP",
+ "SQL",
+ "SSH",
+ "TCP",
+ "TLS",
+ "TTL",
+ "UDP",
+ "UI",
+ "UID",
+ "UUID",
+ "URI",
+ "URL",
+ "UTF8",
+ "VM",
+ "XML",
+ "XMPP",
+ "XSRF",
+ "XSS",
+ }
+}
+
+type indexOfInitialisms struct {
+ initialismsCache
+
+ index map[string]struct{}
+}
+
+func newIndexOfInitialisms() *indexOfInitialisms {
+ return &indexOfInitialisms{
+ index: make(map[string]struct{}),
+ }
+}
+
+func (m *indexOfInitialisms) add(words ...string) *indexOfInitialisms {
+ for _, word := range words {
+ // sanitization of injected words: trimmed from blanks, and must start with a letter
+ trimmed := strings.TrimSpace(word)
+
+ firstRune, _ := utf8.DecodeRuneInString(trimmed)
+ if !unicode.IsLetter(firstRune) {
+ continue
+ }
+
+ // Initialisms are case-sensitive. This means that we support mixed-case words.
+ // However, if specified as a lower-case string, the initialism should be fully capitalized.
+ if trimmed == strings.ToLower(trimmed) {
+ m.index[strings.ToUpper(trimmed)] = struct{}{}
+
+ continue
+ }
+
+ m.index[trimmed] = struct{}{}
+ }
+ return m
+}
+
+func (m *indexOfInitialisms) sorted() []string {
+ result := make([]string, 0, len(m.index))
+ for k := range m.index {
+ result = append(result, k)
+ }
+ sort.Sort(sort.Reverse(byInitialism(result)))
+ return result
+}
+
+func (m *indexOfInitialisms) buildCache() {
+ m.build(m.sorted(), m.pluralForm)
+}
+
+// initialismsCache caches all needed pre-computed and converted initialism entries,
+// in the desired resolution order.
+type initialismsCache struct {
+ initialisms []string
+ initialismsRunes [][]rune
+ initialismsUpperCased [][]rune // initialisms cached in their trimmed, upper-cased version
+ initialismsPluralForm []pluralForm
+}
+
+func (c *initialismsCache) build(in []string, pluralfunc func(string) pluralForm) {
+ c.initialisms = in
+ c.initialismsRunes = asRunes(c.initialisms)
+ c.initialismsUpperCased = asUpperCased(c.initialisms)
+ c.initialismsPluralForm = asPluralForms(c.initialisms, pluralfunc)
+}
+
+// pluralForm denotes the kind of pluralization to be used for initialisms.
+//
+// At this moment, initialisms are either invariant or follow a simple plural form with an
+// extra (lower case) "s".
+type pluralForm uint8
+
+const (
+ notPlural pluralForm = iota
+ invariantPlural
+ simplePlural
+)
+
+func (f pluralForm) String() string {
+ switch f {
+ case notPlural:
+ return "notPlural"
+ case invariantPlural:
+ return "invariantPlural"
+ case simplePlural:
+ return "simplePlural"
+ default:
+ return ""
+ }
+}
+
+// pluralForm indicates how we want to pluralize a given initialism.
+//
+// Besides configured invariant forms (like HTTP and HTTPS),
+// an initialism is normally pluralized by adding a single 's', like in IDs.
+//
+// Initialisms ending with an 'S' or an 's' are configured as invariant (we don't
+// support plural forms like CSSes or DNSes, however the mechanism could be extended to
+// do just that).
+func (m *indexOfInitialisms) pluralForm(key string) pluralForm {
+ if _, ok := m.index[key]; !ok {
+ return notPlural
+ }
+
+ if strings.HasSuffix(strings.ToUpper(key), "S") {
+ return invariantPlural
+ }
+
+ if _, ok := m.index[key+"s"]; ok {
+ return invariantPlural
+ }
+
+ if _, ok := m.index[key+"S"]; ok {
+ return invariantPlural
+ }
+
+ return simplePlural
+}
+
+type byInitialism []string
+
+func (s byInitialism) Len() int {
+ return len(s)
+}
+func (s byInitialism) Swap(i, j int) {
+ s[i], s[j] = s[j], s[i]
+}
+
+// Less specifies the order in which initialisms are prioritized:
+// 1. match longest first
+// 2. when equal length, match in reverse lexicographical order, lower case match comes first
+func (s byInitialism) Less(i, j int) bool {
+ if len(s[i]) != len(s[j]) {
+ return len(s[i]) < len(s[j])
+ }
+
+ return s[i] < s[j]
+}
+
+func asRunes(in []string) [][]rune {
+ out := make([][]rune, len(in))
+ for i, initialism := range in {
+ out[i] = []rune(initialism)
+ }
+
+ return out
+}
+
+func asUpperCased(in []string) [][]rune {
+ out := make([][]rune, len(in))
+
+ for i, initialism := range in {
+ out[i] = []rune(upper(trim(initialism)))
+ }
+
+ return out
+}
+
+// asPluralForms bakes an index of pluralization support.
+func asPluralForms(in []string, pluralFunc func(string) pluralForm) []pluralForm {
+ out := make([]pluralForm, len(in))
+ for i, initialism := range in {
+ out[i] = pluralFunc(initialism)
+ }
+
+ return out
+}
diff --git a/vendor/github.com/go-openapi/swag/mangling/name_lexem.go b/vendor/github.com/go-openapi/swag/mangling/name_lexem.go
new file mode 100644
index 000000000..bc837e3b9
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/mangling/name_lexem.go
@@ -0,0 +1,186 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package mangling
+
+import (
+ "bytes"
+ "strings"
+ "unicode"
+ "unicode/utf8"
+)
+
+type (
+ lexemKind uint8
+
+ nameLexem struct {
+ original string
+ matchedInitialism string
+ kind lexemKind
+ }
+)
+
+const (
+ lexemKindCasualName lexemKind = iota
+ lexemKindInitialismName
+)
+
+func newInitialismNameLexem(original, matchedInitialism string) nameLexem {
+ return nameLexem{
+ kind: lexemKindInitialismName,
+ original: original,
+ matchedInitialism: matchedInitialism,
+ }
+}
+
+func newCasualNameLexem(original string) nameLexem {
+ return nameLexem{
+ kind: lexemKindCasualName,
+ original: trim(original), // TODO: save on calls to trim
+ }
+}
+
+// WriteTitleized writes the titleized lexeme to a bytes.Buffer.
+//
+// If the first letter cannot be capitalized, it doesn't write anything and return false,
+// so the caller may attempt some workaround strategy.
+func (l nameLexem) WriteTitleized(w *bytes.Buffer, alwaysUpper bool) bool {
+ if l.kind == lexemKindInitialismName {
+ w.WriteString(l.matchedInitialism)
+
+ return true
+ }
+
+ if len(l.original) == 0 {
+ return true
+ }
+
+ if len(l.original) == 1 {
+ // identifier is too short: casing will depend on the context
+ firstByte := l.original[0]
+ switch {
+ case 'A' <= firstByte && firstByte <= 'Z':
+ // safe
+ w.WriteByte(firstByte)
+
+ return true
+ case alwaysUpper && 'a' <= firstByte && firstByte <= 'z':
+ w.WriteByte(firstByte - 'a' + 'A')
+
+ return true
+ default:
+
+ // not a letter: skip and let the caller decide
+ return false
+ }
+ }
+
+ if firstByte := l.original[0]; firstByte < utf8.RuneSelf {
+ // ASCII
+ switch {
+ case 'A' <= firstByte && firstByte <= 'Z':
+ // already an upper case letter
+ w.WriteString(l.original)
+
+ return true
+ case 'a' <= firstByte && firstByte <= 'z':
+ w.WriteByte(firstByte - 'a' + 'A')
+ w.WriteString(l.original[1:])
+
+ return true
+ default:
+ // not a good candidate: doesn't start with a letter
+ return false
+ }
+ }
+
+ // unicode
+ firstRune, idx := utf8.DecodeRuneInString(l.original)
+ if !unicode.IsLetter(firstRune) || !unicode.IsUpper(unicode.ToUpper(firstRune)) {
+ // not a good candidate: doesn't start with a letter
+ // or a rune for which case doesn't make sense (e.g. East-Asian runes etc)
+ return false
+ }
+
+ rest := l.original[idx:]
+ w.WriteRune(unicode.ToUpper(firstRune))
+ w.WriteString(strings.ToLower(rest))
+
+ return true
+}
+
+// WriteLower is like write titleized but it writes a lower-case version of the lexeme.
+//
+// Similarly, there is no writing if the casing of the first rune doesn't make sense.
+func (l nameLexem) WriteLower(w *bytes.Buffer, alwaysLower bool) bool {
+ if l.kind == lexemKindInitialismName {
+ w.WriteString(lower(l.matchedInitialism))
+
+ return true
+ }
+
+ if len(l.original) == 0 {
+ return true
+ }
+
+ if len(l.original) == 1 {
+ // identifier is too short: casing will depend on the context
+ firstByte := l.original[0]
+ switch {
+ case 'a' <= firstByte && firstByte <= 'z':
+ // safe
+ w.WriteByte(firstByte)
+
+ return true
+ case alwaysLower && 'A' <= firstByte && firstByte <= 'Z':
+ w.WriteByte(firstByte - 'A' + 'a')
+
+ return true
+ default:
+
+ // not a letter: skip and let the caller decide
+ return false
+ }
+ }
+
+ if firstByte := l.original[0]; firstByte < utf8.RuneSelf {
+ // ASCII
+ switch {
+ case 'a' <= firstByte && firstByte <= 'z':
+ // already a lower case letter
+ w.WriteString(l.original)
+
+ return true
+ case 'A' <= firstByte && firstByte <= 'Z':
+ w.WriteByte(firstByte - 'A' + 'a')
+ w.WriteString(l.original[1:])
+
+ return true
+ default:
+ // not a good candidate: doesn't start with a letter
+ return false
+ }
+ }
+
+ // unicode
+ firstRune, idx := utf8.DecodeRuneInString(l.original)
+ if !unicode.IsLetter(firstRune) || !unicode.IsLower(unicode.ToLower(firstRune)) {
+ // not a good candidate: doesn't start with a letter
+ // or a rune for which case doesn't make sense (e.g. East-Asian runes etc)
+ return false
+ }
+
+ rest := l.original[idx:]
+ w.WriteRune(unicode.ToLower(firstRune))
+ w.WriteString(rest)
+
+ return true
+}
+
+func (l nameLexem) GetOriginal() string {
+ return l.original
+}
+
+func (l nameLexem) IsInitialism() bool {
+ return l.kind == lexemKindInitialismName
+}
diff --git a/vendor/github.com/go-openapi/swag/mangling/name_mangler.go b/vendor/github.com/go-openapi/swag/mangling/name_mangler.go
new file mode 100644
index 000000000..da685681d
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/mangling/name_mangler.go
@@ -0,0 +1,370 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package mangling
+
+import (
+ "strings"
+ "unicode"
+)
+
+// NameMangler knows how to transform sentences or words into
+// identifiers that are a better fit in contexts such as:
+//
+// - unexported or exported go variable identifiers
+// - file names
+// - camel cased identifiers
+// - ...
+//
+// The [NameMangler] is safe for concurrent use, save for its [NameMangler.AddInitialisms] method,
+// which is not.
+//
+// # Known limitations
+//
+// At this moment, the [NameMangler] doesn't play well with "all caps" text:
+//
+// unless every single upper-cased word is declared as an initialism, capitalized words would generally
+// not be transformed with the expected result, e.g.
+//
+// ToFileName("THIS_IS_ALL_CAPS")
+//
+// yields the weird outcome
+//
+// "t_h_i_s_i_s_a_l_l_c_a_p_s"
+type NameMangler struct {
+ options
+
+ index *indexOfInitialisms
+
+ splitter splitter
+ splitterWithPostSplit splitter
+
+ _ struct{}
+}
+
+// NewNameMangler builds a name mangler ready to convert strings.
+//
+// The default name mangler is configured with default common initialisms and all default options.
+func NewNameMangler(opts ...Option) NameMangler {
+ m := NameMangler{
+ options: optionsWithDefaults(opts),
+ index: newIndexOfInitialisms(),
+ }
+ m.addInitialisms(m.commonInitialisms...)
+
+ // a splitter that returns matches lexemes as ready-to-assemble strings:
+ // details of the lexemes are redeemed.
+ m.splitter = newSplitter(
+ withInitialismsCache(&m.index.initialismsCache),
+ withReplaceFunc(m.replaceFunc),
+ )
+
+ // a splitter that returns matches lexemes ready for post-processing
+ m.splitterWithPostSplit = newSplitter(
+ withInitialismsCache(&m.index.initialismsCache),
+ withReplaceFunc(m.replaceFunc),
+ withPostSplitInitialismCheck,
+ )
+
+ return m
+}
+
+// AddInitialisms declares extra initialisms to the mangler.
+//
+// It declares extra words as "initialisms" (i.e. words that won't be camel cased or titled cased),
+// on top of the existing list of common initialisms (such as ID, HTTP...).
+//
+// Added words must start with a (unicode) letter. If some don't, they are ignored.
+// Added words are either fully capitalized or mixed-cased. Lower-case only words are considered capitalized.
+//
+// It is typically used just after initializing the [NameMangler].
+//
+// When all initialisms are known at the time the mangler is initialized, it is preferable to
+// use [NewNameMangler] with the option [WithAdditionalInitialisms].
+//
+// Adding initialisms mutates the mangler and should not be carried out concurrently with other calls to the mangler.
+func (m *NameMangler) AddInitialisms(words ...string) {
+ m.addInitialisms(words...)
+}
+
+// Initialisms renders the list of initialisms supported by this mangler.
+func (m *NameMangler) Initialisms() []string {
+ return m.index.initialisms
+}
+
+// Camelize a single word.
+//
+// Example:
+//
+// - "HELLO" and "hello" become "Hello".
+func (m NameMangler) Camelize(word string) string {
+ ru := []rune(word)
+
+ switch len(ru) {
+ case 0:
+ return ""
+ case 1:
+ return string(unicode.ToUpper(ru[0]))
+ default:
+ camelized := poolOfBuffers.BorrowBuffer(len(word))
+ camelized.Grow(len(word))
+ defer func() {
+ poolOfBuffers.RedeemBuffer(camelized)
+ }()
+
+ camelized.WriteRune(unicode.ToUpper(ru[0]))
+ for _, ru := range ru[1:] {
+ camelized.WriteRune(unicode.ToLower(ru))
+ }
+
+ return camelized.String()
+ }
+}
+
+// ToFileName generates a suitable snake-case file name from a sentence.
+//
+// It lower-cases everything with underscore (_) as a word separator.
+//
+// Examples:
+//
+// - "Hello, Swagger" becomes "hello_swagger"
+// - "HelloSwagger" becomes "hello_swagger"
+func (m NameMangler) ToFileName(name string) string {
+ inptr := m.split(name)
+ in := *inptr
+ out := make([]string, 0, len(in))
+
+ for _, w := range in {
+ out = append(out, lower(w))
+ }
+ poolOfStrings.RedeemStrings(inptr)
+
+ return strings.Join(out, "_")
+}
+
+// ToCommandName generates a suitable CLI command name from a sentence.
+//
+// It lower-cases everything with dash (-) as a word separator.
+//
+// Examples:
+//
+// - "Hello, Swagger" becomes "hello-swagger"
+// - "HelloSwagger" becomes "hello-swagger"
+func (m NameMangler) ToCommandName(name string) string {
+ inptr := m.split(name)
+ in := *inptr
+ out := make([]string, 0, len(in))
+
+ for _, w := range in {
+ out = append(out, lower(w))
+ }
+ poolOfStrings.RedeemStrings(inptr)
+
+ return strings.Join(out, "-")
+}
+
+// ToHumanNameLower represents a code name as a human-readable series of words.
+//
+// It lower-cases everything with blank space as a word separator.
+//
+// NOTE: parts recognized as initialisms just keep their original casing.
+//
+// Examples:
+//
+// - "Hello, Swagger" becomes "hello swagger"
+// - "HelloSwagger" or "Hello-Swagger" become "hello swagger"
+func (m NameMangler) ToHumanNameLower(name string) string {
+ s := m.splitterWithPostSplit
+ in := s.split(name)
+ out := make([]string, 0, len(*in))
+
+ for _, w := range *in {
+ if !w.IsInitialism() {
+ out = append(out, lower(w.GetOriginal()))
+ } else {
+ out = append(out, trim(w.GetOriginal()))
+ }
+ }
+
+ poolOfLexems.RedeemLexems(in)
+
+ return strings.Join(out, " ")
+}
+
+// ToHumanNameTitle represents a code name as a human-readable series of titleized words.
+//
+// It titleizes every word with blank space as a word separator.
+//
+// Examples:
+//
+// - "hello, Swagger" becomes "Hello Swagger"
+// - "helloSwagger" becomes "Hello Swagger"
+func (m NameMangler) ToHumanNameTitle(name string) string {
+ s := m.splitterWithPostSplit
+ in := s.split(name)
+
+ out := make([]string, 0, len(*in))
+ for _, w := range *in {
+ original := trim(w.GetOriginal())
+ if !w.IsInitialism() {
+ out = append(out, m.Camelize(original))
+ } else {
+ out = append(out, original)
+ }
+ }
+ poolOfLexems.RedeemLexems(in)
+
+ return strings.Join(out, " ")
+}
+
+// ToJSONName generates a camelized single-word version of a sentence.
+//
+// The output assembles every camelized word, but for the first word, which
+// is lower-cased.
+//
+// Example:
+//
+// - "Hello_swagger" becomes "helloSwagger"
+func (m NameMangler) ToJSONName(name string) string {
+ inptr := m.split(name)
+ in := *inptr
+ out := make([]string, 0, len(in))
+
+ for i, w := range in {
+ if i == 0 {
+ out = append(out, lower(w))
+ continue
+ }
+ out = append(out, m.Camelize(trim(w)))
+ }
+
+ poolOfStrings.RedeemStrings(inptr)
+
+ return strings.Join(out, "")
+}
+
+// ToVarName generates a legit unexported go variable name from a sentence.
+//
+// The generated name plays well with linters (see also [NameMangler.ToGoName]).
+//
+// Examples:
+//
+// - "Hello_swagger" becomes "helloSwagger"
+// - "Http_server" becomes "httpServer"
+//
+// This name applies the same rules as [NameMangler.ToGoName] (legit exported variable), save the
+// capitalization of the initial rune.
+//
+// Special case: when the initial part is a recognized as an initialism (like in the example above),
+// the full part is lower-cased.
+func (m NameMangler) ToVarName(name string) string {
+ return m.goIdentifier(name, false)
+}
+
+// ToGoName generates a legit exported go variable name from a sentence.
+//
+// The generated name plays well with most linters.
+//
+// ToGoName abides by the go "exported" symbol rule starting with an upper-case letter.
+//
+// Examples:
+//
+// - "hello_swagger" becomes "HelloSwagger"
+// - "Http_server" becomes "HTTPServer"
+//
+// # Edge cases
+//
+// Whenever the first rune is not eligible to upper case, a special prefix is prepended to the resulting name.
+// By default this is simply "X" and you may customize this behavior using the [WithGoNamePrefixFunc] option.
+//
+// This happens when the first rune is not a letter, e.g. a digit, or a symbol that has no word transliteration
+// (see also [WithReplaceFunc] about symbol transliterations),
+// as well as for most East Asian or Devanagari runes, for which there is no such concept as upper-case.
+//
+// # Linting
+//
+// [revive], the successor of golint is the reference linter.
+//
+// This means that [NameMangler.ToGoName] supports the initialisms that revive checks (see also [DefaultInitialisms]).
+//
+// At this moment, there is no attempt to transliterate unicode into ascii, meaning that some linters
+// (e.g. asciicheck, gosmopolitan) may croak on go identifiers generated from unicode input.
+//
+// [revive]: https://github.com/mgechev/revive
+func (m NameMangler) ToGoName(name string) string {
+ return m.goIdentifier(name, true)
+}
+
+func (m NameMangler) goIdentifier(name string, exported bool) string {
+ s := m.splitterWithPostSplit
+ lexems := s.split(name)
+ defer func() {
+ poolOfLexems.RedeemLexems(lexems)
+ }()
+ lexemes := *lexems
+
+ if len(lexemes) == 0 {
+ return ""
+ }
+
+ result := poolOfBuffers.BorrowBuffer(len(name))
+ defer func() {
+ poolOfBuffers.RedeemBuffer(result)
+ }()
+
+ firstPart := lexemes[0]
+ if !exported {
+ if ok := firstPart.WriteLower(result, true); !ok {
+ // NOTE: an initialism as the first part is lower-cased: no longer generates stuff like hTTPxyz.
+ //
+ // same prefixing rule applied to unexported variable as to an exported one, so that we have consistent
+ // names, whether the generated identifier is exported or not.
+ result.WriteString(strings.ToLower(m.prefixFunc()(name)))
+ result.WriteString(lexemes[0].GetOriginal())
+ }
+ } else {
+ if ok := firstPart.WriteTitleized(result, true); !ok {
+ // "repairs" a lexeme that doesn't start with a letter to become
+ // the start a legit go name. The current strategy is very crude and simply adds a fixed prefix,
+ // e.g. "X".
+ // For instance "1_sesame_street" would be split into lexemes ["1", "sesame", "street"] and
+ // the first one ("1") would result in something like "X1" (with the default prefix function).
+ //
+ // NOTE: no longer forcing the first part to be fully upper-cased
+ result.WriteString(m.prefixFunc()(name))
+ result.WriteString(lexemes[0].GetOriginal())
+ }
+ }
+
+ for _, lexem := range lexemes[1:] {
+ // NOTE: no longer forcing initialism parts to be fully upper-cased:
+ // * pluralized initialism preserve their trailing "s"
+ // * mixed-cased initialisms, such as IPv4, are preserved
+ if ok := lexem.WriteTitleized(result, false); !ok {
+ // it's not titleized: perhaps it's too short, perhaps the first rune is not a letter.
+ // write anyway
+ result.WriteString(lexem.GetOriginal())
+ }
+ }
+
+ return result.String()
+}
+
+func (m *NameMangler) addInitialisms(words ...string) {
+ m.index.add(words...)
+ m.index.buildCache()
+}
+
+// split calls the inner splitter.
+func (m NameMangler) split(str string) *[]string {
+ s := m.splitter
+ lexems := s.split(str)
+ result := poolOfStrings.BorrowStrings()
+
+ for _, lexem := range *lexems {
+ *result = append(*result, lexem.GetOriginal())
+ }
+ poolOfLexems.RedeemLexems(lexems)
+
+ return result
+}
diff --git a/vendor/github.com/go-openapi/swag/mangling/options.go b/vendor/github.com/go-openapi/swag/mangling/options.go
new file mode 100644
index 000000000..3c92b2f18
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/mangling/options.go
@@ -0,0 +1,150 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package mangling
+
+type (
+ // PrefixFunc defines a safeguard rule (that may depend on the input string), to prefix
+ // a generated go name (in [NameMangler.ToGoName] and [NameMangler.ToVarName]).
+ //
+ // See [NameMangler.ToGoName] for more about which edge cases the prefix function covers.
+ PrefixFunc func(string) string
+
+ // ReplaceFunc is a transliteration function to replace special runes by a word.
+ ReplaceFunc func(r rune) (string, bool)
+
+ // Option to configure a [NameMangler].
+ Option func(*options)
+
+ options struct {
+ commonInitialisms []string
+
+ goNamePrefixFunc PrefixFunc
+ goNamePrefixFuncPtr *PrefixFunc
+ replaceFunc func(r rune) (string, bool)
+ }
+)
+
+func (o *options) prefixFunc() PrefixFunc {
+ if o.goNamePrefixFuncPtr != nil && *o.goNamePrefixFuncPtr != nil {
+ return *o.goNamePrefixFuncPtr
+ }
+
+ return o.goNamePrefixFunc
+}
+
+// WithGoNamePrefixFunc overrides the default prefix rule to safeguard generated go names.
+//
+// Example:
+//
+// This helps convert "123" into "{prefix}123" (a very crude strategy indeed, but it works).
+//
+// See [github.com/go-swagger/go-swagger/generator.DefaultFuncMap] for an example.
+//
+// The prefix function is assumed to return a string that starts with an upper case letter.
+//
+// The default is to prefix with "X".
+//
+// See [NameMangler.ToGoName] for more about which edge cases the prefix function covers.
+func WithGoNamePrefixFunc(fn PrefixFunc) Option {
+ return func(o *options) {
+ o.goNamePrefixFunc = fn
+ }
+}
+
+// WithGoNamePrefixFuncPtr is like [WithGoNamePrefixFunc] but it specifies a pointer to a function.
+//
+// [WithGoNamePrefixFunc] should be preferred in most situations. This option should only serve the
+// purpose of handling special situations where the prefix function is not an internal variable
+// (e.g. an exported package global).
+//
+// [WithGoNamePrefixFuncPtr] supersedes [WithGoNamePrefixFunc] if it also specified.
+//
+// If the provided pointer is nil or points to a nil value, this option has no effect.
+//
+// The caller should ensure that no undesirable concurrent changes are applied to the function pointed to.
+func WithGoNamePrefixFuncPtr(ptr *PrefixFunc) Option {
+ return func(o *options) {
+ o.goNamePrefixFuncPtr = ptr
+ }
+}
+
+// WithInitialisms declares the initialisms this mangler supports.
+//
+// This supersedes any pre-loaded defaults (see [DefaultInitialisms] for more about what initialisms are).
+//
+// It declares words to be recognized as "initialisms" (i.e. words that won't be camel cased or titled cased).
+//
+// Words must start with a (unicode) letter. If some don't, they are ignored.
+// Words are either fully capitalized or mixed-cased. Lower-case only words are considered capitalized.
+func WithInitialisms(words ...string) Option {
+ return func(o *options) {
+ o.commonInitialisms = words
+ }
+}
+
+// WithAdditionalInitialisms adds new initialisms to the currently supported list (see [DefaultInitialisms]).
+//
+// The same sanitization rules apply as those described for [WithInitialisms].
+func WithAdditionalInitialisms(words ...string) Option {
+ return func(o *options) {
+ o.commonInitialisms = append(o.commonInitialisms, words...)
+ }
+}
+
+// WithReplaceFunc specifies a custom transliteration function instead of the default.
+//
+// The default translates the following characters into words as follows:
+//
+// - '@' -> 'At'
+// - '&' -> 'And'
+// - '|' -> 'Pipe'
+// - '$' -> 'Dollar'
+// - '!' -> 'Bang'
+//
+// Notice that the outcome of a transliteration should always be titleized.
+func WithReplaceFunc(fn ReplaceFunc) Option {
+ return func(o *options) {
+ o.replaceFunc = fn
+ }
+}
+
+func defaultPrefixFunc(_ string) string {
+ return "X"
+}
+
+// defaultReplaceTable finds a word representation for special characters.
+func defaultReplaceTable(r rune) (string, bool) {
+ switch r {
+ case '@':
+ return "At ", true
+ case '&':
+ return "And ", true
+ case '|':
+ return "Pipe ", true
+ case '$':
+ return "Dollar ", true
+ case '!':
+ return "Bang ", true
+ case '-':
+ return "", true
+ case '_':
+ return "", true
+ default:
+ return "", false
+ }
+}
+
+func optionsWithDefaults(opts []Option) options {
+ o := options{
+ commonInitialisms: DefaultInitialisms(),
+ goNamePrefixFunc: defaultPrefixFunc,
+ replaceFunc: defaultReplaceTable,
+ }
+
+ for _, apply := range opts {
+ apply(&o)
+ }
+
+ return o
+}
diff --git a/vendor/github.com/go-openapi/swag/mangling/pools.go b/vendor/github.com/go-openapi/swag/mangling/pools.go
new file mode 100644
index 000000000..f81043514
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/mangling/pools.go
@@ -0,0 +1,123 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package mangling
+
+import (
+ "bytes"
+ "sync"
+)
+
+const maxAllocMatches = 8
+
+type (
+ // memory pools of temporary objects.
+ //
+ // These are used to recycle temporarily allocated objects
+ // and relieve the GC from undue pressure.
+
+ matchesPool struct {
+ *sync.Pool
+ }
+
+ buffersPool struct {
+ *sync.Pool
+ }
+
+ lexemsPool struct {
+ *sync.Pool
+ }
+
+ stringsPool struct {
+ *sync.Pool
+ }
+)
+
+var (
+ // poolOfMatches holds temporary slices for recycling during the initialism match process
+ poolOfMatches = matchesPool{
+ Pool: &sync.Pool{
+ New: func() any {
+ s := make(initialismMatches, 0, maxAllocMatches)
+
+ return &s
+ },
+ },
+ }
+
+ poolOfBuffers = buffersPool{
+ Pool: &sync.Pool{
+ New: func() any {
+ return new(bytes.Buffer)
+ },
+ },
+ }
+
+ poolOfLexems = lexemsPool{
+ Pool: &sync.Pool{
+ New: func() any {
+ s := make([]nameLexem, 0, maxAllocMatches)
+
+ return &s
+ },
+ },
+ }
+
+ poolOfStrings = stringsPool{
+ Pool: &sync.Pool{
+ New: func() any {
+ s := make([]string, 0, maxAllocMatches)
+
+ return &s
+ },
+ },
+ }
+)
+
+func (p matchesPool) BorrowMatches() *initialismMatches {
+ s := p.Get().(*initialismMatches)
+ *s = (*s)[:0] // reset slice, keep allocated capacity
+
+ return s
+}
+
+func (p buffersPool) BorrowBuffer(size int) *bytes.Buffer {
+ s := p.Get().(*bytes.Buffer)
+ s.Reset()
+
+ if s.Cap() < size {
+ s.Grow(size)
+ }
+
+ return s
+}
+
+func (p lexemsPool) BorrowLexems() *[]nameLexem {
+ s := p.Get().(*[]nameLexem)
+ *s = (*s)[:0] // reset slice, keep allocated capacity
+
+ return s
+}
+
+func (p stringsPool) BorrowStrings() *[]string {
+ s := p.Get().(*[]string)
+ *s = (*s)[:0] // reset slice, keep allocated capacity
+
+ return s
+}
+
+func (p matchesPool) RedeemMatches(s *initialismMatches) {
+ p.Put(s)
+}
+
+func (p buffersPool) RedeemBuffer(s *bytes.Buffer) {
+ p.Put(s)
+}
+
+func (p lexemsPool) RedeemLexems(s *[]nameLexem) {
+ p.Put(s)
+}
+
+func (p stringsPool) RedeemStrings(s *[]string) {
+ p.Put(s)
+}
diff --git a/vendor/github.com/go-openapi/swag/mangling/split.go b/vendor/github.com/go-openapi/swag/mangling/split.go
new file mode 100644
index 000000000..ed12ea256
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/mangling/split.go
@@ -0,0 +1,341 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package mangling
+
+import (
+ "fmt"
+ "unicode"
+)
+
+type splitterOption func(*splitter)
+
+// withPostSplitInitialismCheck allows to catch initialisms after main split process
+func withPostSplitInitialismCheck(s *splitter) {
+ s.postSplitInitialismCheck = true
+}
+
+func withReplaceFunc(fn ReplaceFunc) func(*splitter) {
+ return func(s *splitter) {
+ s.replaceFunc = fn
+ }
+}
+
+func withInitialismsCache(c *initialismsCache) splitterOption {
+ return func(s *splitter) {
+ s.initialismsCache = c
+ }
+}
+
+type (
+ initialismMatch struct {
+ body []rune
+ start, end int
+ complete bool
+ hasPlural pluralForm
+ }
+ initialismMatches []initialismMatch
+)
+
+// String representation of a match, e.g. for debugging.
+func (m initialismMatch) String() string {
+ return fmt.Sprintf("{body: %s (%d), start: %d, end; %d, complete: %t, hasPlural: %v}",
+ string(m.body), len(m.body), m.start, m.end, m.complete, m.hasPlural,
+ )
+}
+
+func (m initialismMatch) isZero() bool {
+ return m.start == 0 && m.end == 0
+}
+
+type splitter struct {
+ *initialismsCache
+
+ postSplitInitialismCheck bool
+ replaceFunc ReplaceFunc
+}
+
+func newSplitter(options ...splitterOption) splitter {
+ var s splitter
+
+ for _, option := range options {
+ option(&s)
+ }
+
+ if s.replaceFunc == nil {
+ s.replaceFunc = defaultReplaceTable
+ }
+
+ return s
+}
+
+func (s splitter) split(name string) *[]nameLexem {
+ nameRunes := []rune(name)
+ matches := s.gatherInitialismMatches(nameRunes)
+ if matches == nil {
+ return poolOfLexems.BorrowLexems()
+ }
+
+ return s.mapMatchesToNameLexems(nameRunes, matches)
+}
+
+func (s splitter) gatherInitialismMatches(nameRunes []rune) *initialismMatches {
+ matches := poolOfMatches.BorrowMatches()
+ const minLenInitialism = 1
+ if len(nameRunes) < minLenInitialism+1 {
+ // can't match initialism with 0 or 1 rune
+ return matches
+ }
+
+ // first iteration
+ s.findMatches(matches, nameRunes, nameRunes[0], 0)
+
+ for i, currentRune := range nameRunes[1:] {
+ currentRunePosition := i + 1
+ // recycle allocations as we loop over runes
+ // with such recycling, only 2 slices should be allocated per call
+ // instead of o(n).
+ //
+ // BorrowMatches always yields slices with zero length (with some capacity)
+ newMatches := poolOfMatches.BorrowMatches()
+
+ // check current initialism matches
+ for _, match := range *matches {
+ if keepCompleteMatch := match.complete; keepCompleteMatch {
+ // the match is already complete: keep it then move on to the next match
+ *newMatches = append(*newMatches, match)
+ continue
+ }
+
+ if currentRunePosition-match.start == len(match.body) {
+ // unmatched: skip
+ continue
+ }
+
+ // 1. by construction of the matches, we can't have currentRunePosition - match.start < 0
+ // because matches have been computed with their start <= currentRunePosition in the previous
+ // iterations.
+ // 2. by construction of the matches, we can't have currentRunePosition - match.start >= len(match.body)
+
+ currentMatchRune := match.body[currentRunePosition-match.start]
+ if currentMatchRune != currentRune {
+ // failed match, discard it then move on to the next match
+ continue
+ }
+
+ // try to complete the current match
+ if currentRunePosition-match.start == len(match.body)-1 {
+ // we are close: the next step is to check the symbol ahead
+ // if it is a lowercase letter, then it is not the end of match
+ // but the beginning of the next word.
+ //
+ // NOTE(fredbi): this heuristic sometimes leads to counterintuitive splits and
+ // perhaps (not sure yet) we should check against case _alternance_.
+ //
+ // Example:
+ //
+ // In the current version, in the sentence "IDS initialism", "ID" is recognized as an initialism,
+ // leading to a split like "id_s_initialism" (or IDSInitialism),
+ // whereas in the sentence "IDx initialism", it is not and produces something like
+ // "i_d_x_initialism" (or IDxInitialism). The generated file name is not great.
+ //
+ // Both go identifiers are tolerated by linters.
+ //
+ // Notice that the slightly different input "IDs initialism" is correctly detected
+ // as a pluralized initialism and produces something like "ids_initialism" (or IDsInitialism).
+
+ if currentRunePosition < len(nameRunes)-1 { // when before the last rune
+ nextRune := nameRunes[currentRunePosition+1]
+
+ // recognize a plural form for this initialism (only simple english pluralization is supported).
+ if nextRune == 's' && match.hasPlural == simplePlural {
+ // detected a pluralized initialism
+ match.body = append(match.body, nextRune)
+ lookAhead := currentRunePosition + 1
+ if lookAhead < len(nameRunes)-1 {
+ nextRune = nameRunes[lookAhead+1]
+ if newWord := unicode.IsLower(nextRune); newWord {
+ // it is the start of a new word.
+ // Match is only partial and the initialism is not recognized:
+ // move on to the next match, but do not advance the rune position
+ continue
+ }
+ }
+
+ // this is a pluralized match: keep it
+ currentRunePosition++
+ match.complete = true
+ match.hasPlural = simplePlural
+ match.end = currentRunePosition
+ *newMatches = append(*newMatches, match)
+
+ // match is complete: keep it then move on to the next match
+ continue
+ }
+
+ // other cases
+ // example: invariant plural such as "TLS"
+ if newWord := unicode.IsLower(nextRune); newWord {
+ // it is the start of a new word
+ // Match is only partial and the initialism is not recognized : move on
+ continue
+ }
+ }
+
+ match.complete = true
+ match.end = currentRunePosition
+ }
+
+ // append the ongoing matching attempt: it is not necessarily complete, but was successful so far.
+ // Let's see if it still matches on the next rune.
+ *newMatches = append(*newMatches, match)
+ }
+
+ s.findMatches(newMatches, nameRunes, currentRune, currentRunePosition)
+
+ poolOfMatches.RedeemMatches(matches)
+ matches = newMatches
+ }
+
+ // it is up to the caller to redeem this last slice
+ return matches
+}
+
+func (s splitter) findMatches(newMatches *initialismMatches, nameRunes []rune, currentRune rune, currentRunePosition int) {
+ // check for new initialism matches, based on the first character
+ for i, r := range s.initialismsRunes {
+ if r[0] != currentRune {
+ continue
+ }
+
+ if currentRunePosition+len(r) > len(nameRunes) {
+ continue // not eligible: would spilll over the initial string
+ }
+
+ // possible matches: all initialisms starting with the current rune and that can fit the given string (nameRunes)
+ *newMatches = append(*newMatches, initialismMatch{
+ start: currentRunePosition,
+ body: r,
+ complete: false,
+ hasPlural: s.initialismsPluralForm[i],
+ })
+ }
+}
+
+func (s splitter) mapMatchesToNameLexems(nameRunes []rune, matches *initialismMatches) *[]nameLexem {
+ nameLexems := poolOfLexems.BorrowLexems()
+
+ var lastAcceptedMatch initialismMatch
+ for _, match := range *matches {
+ if !match.complete {
+ continue
+ }
+
+ if firstMatch := lastAcceptedMatch.isZero(); firstMatch {
+ s.appendBrokenDownCasualString(nameLexems, nameRunes[:match.start])
+ *nameLexems = append(*nameLexems, s.breakInitialism(string(match.body)))
+
+ lastAcceptedMatch = match
+
+ continue
+ }
+
+ if overlappedMatch := match.start <= lastAcceptedMatch.end; overlappedMatch {
+ continue
+ }
+
+ middle := nameRunes[lastAcceptedMatch.end+1 : match.start]
+ s.appendBrokenDownCasualString(nameLexems, middle)
+ *nameLexems = append(*nameLexems, s.breakInitialism(string(match.body)))
+
+ lastAcceptedMatch = match
+ }
+
+ // we have not found any accepted matches
+ if lastAcceptedMatch.isZero() {
+ *nameLexems = (*nameLexems)[:0]
+ s.appendBrokenDownCasualString(nameLexems, nameRunes)
+ } else if lastAcceptedMatch.end+1 != len(nameRunes) {
+ rest := nameRunes[lastAcceptedMatch.end+1:]
+ s.appendBrokenDownCasualString(nameLexems, rest)
+ }
+
+ poolOfMatches.RedeemMatches(matches)
+
+ return nameLexems
+}
+
+func (s splitter) breakInitialism(original string) nameLexem {
+ return newInitialismNameLexem(original, original)
+}
+
+func (s splitter) appendBrokenDownCasualString(segments *[]nameLexem, str []rune) {
+ currentSegment := poolOfBuffers.BorrowBuffer(len(str)) // unlike strings.Builder, bytes.Buffer initial storage can reused
+ defer func() {
+ poolOfBuffers.RedeemBuffer(currentSegment)
+ }()
+
+ addCasualNameLexem := func(original string) {
+ *segments = append(*segments, newCasualNameLexem(original))
+ }
+
+ addInitialismNameLexem := func(original, match string) {
+ *segments = append(*segments, newInitialismNameLexem(original, match))
+ }
+
+ var addNameLexem func(string)
+ if s.postSplitInitialismCheck {
+ addNameLexem = func(original string) {
+ for i := range s.initialisms {
+ if isEqualFoldIgnoreSpace(s.initialismsUpperCased[i], original) {
+ addInitialismNameLexem(original, s.initialisms[i])
+
+ return
+ }
+ }
+
+ addCasualNameLexem(original)
+ }
+ } else {
+ addNameLexem = addCasualNameLexem
+ }
+
+ // NOTE: (performance). The few remaining non-amortized allocations
+ // lay in the code below: using String() forces
+ for _, rn := range str {
+ if replace, found := s.replaceFunc(rn); found {
+ if currentSegment.Len() > 0 {
+ addNameLexem(currentSegment.String())
+ currentSegment.Reset()
+ }
+
+ if replace != "" {
+ addNameLexem(replace)
+ }
+
+ continue
+ }
+
+ if !unicode.In(rn, unicode.L, unicode.M, unicode.N, unicode.Pc) {
+ if currentSegment.Len() > 0 {
+ addNameLexem(currentSegment.String())
+ currentSegment.Reset()
+ }
+
+ continue
+ }
+
+ if unicode.IsUpper(rn) {
+ if currentSegment.Len() > 0 {
+ addNameLexem(currentSegment.String())
+ }
+ currentSegment.Reset()
+ }
+
+ currentSegment.WriteRune(rn)
+ }
+
+ if currentSegment.Len() > 0 {
+ addNameLexem(currentSegment.String())
+ }
+}
diff --git a/vendor/github.com/go-openapi/swag/string_bytes.go b/vendor/github.com/go-openapi/swag/mangling/string_bytes.go
similarity index 60%
rename from vendor/github.com/go-openapi/swag/string_bytes.go
rename to vendor/github.com/go-openapi/swag/mangling/string_bytes.go
index 90745d5ca..28daaf72b 100644
--- a/vendor/github.com/go-openapi/swag/string_bytes.go
+++ b/vendor/github.com/go-openapi/swag/mangling/string_bytes.go
@@ -1,4 +1,7 @@
-package swag
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package mangling
import "unsafe"
diff --git a/vendor/github.com/go-openapi/swag/mangling/util.go b/vendor/github.com/go-openapi/swag/mangling/util.go
new file mode 100644
index 000000000..0636417e3
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/mangling/util.go
@@ -0,0 +1,118 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package mangling
+
+import (
+ "strings"
+ "unicode"
+ "unicode/utf8"
+)
+
+// Removes leading whitespaces
+func trim(str string) string { return strings.TrimSpace(str) }
+
+// upper is strings.ToUpper() combined with trim
+func upper(str string) string {
+ return strings.ToUpper(trim(str))
+}
+
+// lower is strings.ToLower() combined with trim
+func lower(str string) string {
+ return strings.ToLower(trim(str))
+}
+
+// isEqualFoldIgnoreSpace is the same as strings.EqualFold, but
+// it ignores leading and trailing blank spaces in the compared
+// string.
+//
+// base is assumed to be composed of upper-cased runes, and be already
+// trimmed.
+//
+// This code is heavily inspired from strings.EqualFold.
+func isEqualFoldIgnoreSpace(base []rune, str string) bool {
+ var i, baseIndex int
+ // equivalent to b := []byte(str), but without data copy
+ b := hackStringBytes(str)
+
+ for i < len(b) {
+ if c := b[i]; c < utf8.RuneSelf {
+ // fast path for ASCII
+ if c != ' ' && c != '\t' {
+ break
+ }
+ i++
+
+ continue
+ }
+
+ // unicode case
+ r, size := utf8.DecodeRune(b[i:])
+ if !unicode.IsSpace(r) {
+ break
+ }
+ i += size
+ }
+
+ if i >= len(b) {
+ return len(base) == 0
+ }
+
+ for _, baseRune := range base {
+ if i >= len(b) {
+ break
+ }
+
+ if c := b[i]; c < utf8.RuneSelf {
+ // single byte rune case (ASCII)
+ if baseRune >= utf8.RuneSelf {
+ return false
+ }
+
+ baseChar := byte(baseRune)
+ if c != baseChar && ((c < 'a') || (c > 'z') || (c-'a'+'A' != baseChar)) {
+ return false
+ }
+
+ baseIndex++
+ i++
+
+ continue
+ }
+
+ // unicode case
+ r, size := utf8.DecodeRune(b[i:])
+ if unicode.ToUpper(r) != baseRune {
+ return false
+ }
+ baseIndex++
+ i += size
+ }
+
+ if baseIndex != len(base) {
+ return false
+ }
+
+ // all passed: now we should only have blanks
+ for i < len(b) {
+ if c := b[i]; c < utf8.RuneSelf {
+ // fast path for ASCII
+ if c != ' ' && c != '\t' {
+ return false
+ }
+ i++
+
+ continue
+ }
+
+ // unicode case
+ r, size := utf8.DecodeRune(b[i:])
+ if !unicode.IsSpace(r) {
+ return false
+ }
+
+ i += size
+ }
+
+ return true
+}
diff --git a/vendor/github.com/go-openapi/swag/mangling_iface.go b/vendor/github.com/go-openapi/swag/mangling_iface.go
new file mode 100644
index 000000000..98b9a9992
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/mangling_iface.go
@@ -0,0 +1,69 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import "github.com/go-openapi/swag/mangling"
+
+// GoNamePrefixFunc sets an optional rule to prefix go names
+// which do not start with a letter.
+//
+// GoNamePrefixFunc should not be written to while concurrently using the other mangling functions of this package.
+//
+// Deprecated: use [mangling.WithGoNamePrefixFunc] instead.
+var GoNamePrefixFunc mangling.PrefixFunc
+
+// swagNameMangler is a global instance of the name mangler specifically alloted
+// to support deprecated functions.
+var swagNameMangler = mangling.NewNameMangler(
+ mangling.WithGoNamePrefixFuncPtr(&GoNamePrefixFunc),
+)
+
+// AddInitialisms adds additional initialisms to the default list (see [mangling.DefaultInitialisms]).
+//
+// AddInitialisms is not safe to be called concurrently.
+//
+// Deprecated: use [mangling.WithAdditionalInitialisms] instead.
+func AddInitialisms(words ...string) {
+ swagNameMangler.AddInitialisms(words...)
+}
+
+// Camelize a single word.
+//
+// Deprecated: use [mangling.NameMangler.Camelize] instead.
+func Camelize(word string) string { return swagNameMangler.Camelize(word) }
+
+// ToFileName lowercases and underscores a go type name.
+//
+// Deprecated: use [mangling.NameMangler.ToFileName] instead.
+func ToFileName(name string) string { return swagNameMangler.ToFileName(name) }
+
+// ToCommandName lowercases and underscores a go type name.
+//
+// Deprecated: use [mangling.NameMangler.ToCommandName] instead.
+func ToCommandName(name string) string { return swagNameMangler.ToCommandName(name) }
+
+// ToHumanNameLower represents a code name as a human series of words.
+//
+// Deprecated: use [mangling.NameMangler.ToHumanNameLower] instead.
+func ToHumanNameLower(name string) string { return swagNameMangler.ToHumanNameLower(name) }
+
+// ToHumanNameTitle represents a code name as a human series of words with the first letters titleized.
+//
+// Deprecated: use [mangling.NameMangler.ToHumanNameTitle] instead.
+func ToHumanNameTitle(name string) string { return swagNameMangler.ToHumanNameTitle(name) }
+
+// ToJSONName camel-cases a name which can be underscored or pascal-cased.
+//
+// Deprecated: use [mangling.NameMangler.ToJSONName] instead.
+func ToJSONName(name string) string { return swagNameMangler.ToJSONName(name) }
+
+// ToVarName camel-cases a name which can be underscored or pascal-cased.
+//
+// Deprecated: use [mangling.NameMangler.ToVarName] instead.
+func ToVarName(name string) string { return swagNameMangler.ToVarName(name) }
+
+// ToGoName translates a swagger name which can be underscored or camel cased to a name that golint likes.
+//
+// Deprecated: use [mangling.NameMangler.ToGoName] instead.
+func ToGoName(name string) string { return swagNameMangler.ToGoName(name) }
diff --git a/vendor/github.com/go-openapi/swag/name_lexem.go b/vendor/github.com/go-openapi/swag/name_lexem.go
deleted file mode 100644
index 8bb64ac32..000000000
--- a/vendor/github.com/go-openapi/swag/name_lexem.go
+++ /dev/null
@@ -1,93 +0,0 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package swag
-
-import (
- "unicode"
- "unicode/utf8"
-)
-
-type (
- lexemKind uint8
-
- nameLexem struct {
- original string
- matchedInitialism string
- kind lexemKind
- }
-)
-
-const (
- lexemKindCasualName lexemKind = iota
- lexemKindInitialismName
-)
-
-func newInitialismNameLexem(original, matchedInitialism string) nameLexem {
- return nameLexem{
- kind: lexemKindInitialismName,
- original: original,
- matchedInitialism: matchedInitialism,
- }
-}
-
-func newCasualNameLexem(original string) nameLexem {
- return nameLexem{
- kind: lexemKindCasualName,
- original: original,
- }
-}
-
-func (l nameLexem) GetUnsafeGoName() string {
- if l.kind == lexemKindInitialismName {
- return l.matchedInitialism
- }
-
- var (
- first rune
- rest string
- )
-
- for i, orig := range l.original {
- if i == 0 {
- first = orig
- continue
- }
-
- if i > 0 {
- rest = l.original[i:]
- break
- }
- }
-
- if len(l.original) > 1 {
- b := poolOfBuffers.BorrowBuffer(utf8.UTFMax + len(rest))
- defer func() {
- poolOfBuffers.RedeemBuffer(b)
- }()
- b.WriteRune(unicode.ToUpper(first))
- b.WriteString(lower(rest))
- return b.String()
- }
-
- return l.original
-}
-
-func (l nameLexem) GetOriginal() string {
- return l.original
-}
-
-func (l nameLexem) IsInitialism() bool {
- return l.kind == lexemKindInitialismName
-}
diff --git a/vendor/github.com/go-openapi/swag/net.go b/vendor/github.com/go-openapi/swag/net.go
deleted file mode 100644
index 821235f84..000000000
--- a/vendor/github.com/go-openapi/swag/net.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package swag
-
-import (
- "net"
- "strconv"
-)
-
-// SplitHostPort splits a network address into a host and a port.
-// The port is -1 when there is no port to be found
-func SplitHostPort(addr string) (host string, port int, err error) {
- h, p, err := net.SplitHostPort(addr)
- if err != nil {
- return "", -1, err
- }
- if p == "" {
- return "", -1, &net.AddrError{Err: "missing port in address", Addr: addr}
- }
-
- pi, err := strconv.Atoi(p)
- if err != nil {
- return "", -1, err
- }
- return h, pi, nil
-}
diff --git a/vendor/github.com/go-openapi/swag/netutils/LICENSE b/vendor/github.com/go-openapi/swag/netutils/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/netutils/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/netutils/doc.go b/vendor/github.com/go-openapi/swag/netutils/doc.go
new file mode 100644
index 000000000..74282f8e5
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/netutils/doc.go
@@ -0,0 +1,5 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package netutils provides helpers for network-related tasks.
+package netutils
diff --git a/vendor/github.com/go-openapi/swag/netutils/net.go b/vendor/github.com/go-openapi/swag/netutils/net.go
new file mode 100644
index 000000000..82a1544af
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/netutils/net.go
@@ -0,0 +1,31 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package netutils
+
+import (
+ "net"
+ "strconv"
+)
+
+// SplitHostPort splits a network address into a host and a port.
+//
+// The difference with the standard net.SplitHostPort is that the port is converted to an int.
+//
+// The port is -1 when there is no port to be found.
+func SplitHostPort(addr string) (host string, port int, err error) {
+ h, p, err := net.SplitHostPort(addr)
+ if err != nil {
+ return "", -1, err
+ }
+ if p == "" {
+ return "", -1, &net.AddrError{Err: "missing port in address", Addr: addr}
+ }
+
+ pi, err := strconv.Atoi(p)
+ if err != nil {
+ return "", -1, err
+ }
+
+ return h, pi, nil
+}
diff --git a/vendor/github.com/go-openapi/swag/netutils_iface.go b/vendor/github.com/go-openapi/swag/netutils_iface.go
new file mode 100644
index 000000000..d658de25b
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/netutils_iface.go
@@ -0,0 +1,13 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import "github.com/go-openapi/swag/netutils"
+
+// SplitHostPort splits a network address into a host and a port.
+//
+// Deprecated: use [netutils.SplitHostPort] instead.
+func SplitHostPort(addr string) (host string, port int, err error) {
+ return netutils.SplitHostPort(addr)
+}
diff --git a/vendor/github.com/go-openapi/swag/split.go b/vendor/github.com/go-openapi/swag/split.go
deleted file mode 100644
index 274727a86..000000000
--- a/vendor/github.com/go-openapi/swag/split.go
+++ /dev/null
@@ -1,508 +0,0 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package swag
-
-import (
- "bytes"
- "sync"
- "unicode"
- "unicode/utf8"
-)
-
-type (
- splitter struct {
- initialisms []string
- initialismsRunes [][]rune
- initialismsUpperCased [][]rune // initialisms cached in their trimmed, upper-cased version
- postSplitInitialismCheck bool
- }
-
- splitterOption func(*splitter)
-
- initialismMatch struct {
- body []rune
- start, end int
- complete bool
- }
- initialismMatches []initialismMatch
-)
-
-type (
- // memory pools of temporary objects.
- //
- // These are used to recycle temporarily allocated objects
- // and relieve the GC from undue pressure.
-
- matchesPool struct {
- *sync.Pool
- }
-
- buffersPool struct {
- *sync.Pool
- }
-
- lexemsPool struct {
- *sync.Pool
- }
-
- splittersPool struct {
- *sync.Pool
- }
-)
-
-var (
- // poolOfMatches holds temporary slices for recycling during the initialism match process
- poolOfMatches = matchesPool{
- Pool: &sync.Pool{
- New: func() any {
- s := make(initialismMatches, 0, maxAllocMatches)
-
- return &s
- },
- },
- }
-
- poolOfBuffers = buffersPool{
- Pool: &sync.Pool{
- New: func() any {
- return new(bytes.Buffer)
- },
- },
- }
-
- poolOfLexems = lexemsPool{
- Pool: &sync.Pool{
- New: func() any {
- s := make([]nameLexem, 0, maxAllocMatches)
-
- return &s
- },
- },
- }
-
- poolOfSplitters = splittersPool{
- Pool: &sync.Pool{
- New: func() any {
- s := newSplitter()
-
- return &s
- },
- },
- }
-)
-
-// nameReplaceTable finds a word representation for special characters.
-func nameReplaceTable(r rune) (string, bool) {
- switch r {
- case '@':
- return "At ", true
- case '&':
- return "And ", true
- case '|':
- return "Pipe ", true
- case '$':
- return "Dollar ", true
- case '!':
- return "Bang ", true
- case '-':
- return "", true
- case '_':
- return "", true
- default:
- return "", false
- }
-}
-
-// split calls the splitter.
-//
-// Use newSplitter for more control and options
-func split(str string) []string {
- s := poolOfSplitters.BorrowSplitter()
- lexems := s.split(str)
- result := make([]string, 0, len(*lexems))
-
- for _, lexem := range *lexems {
- result = append(result, lexem.GetOriginal())
- }
- poolOfLexems.RedeemLexems(lexems)
- poolOfSplitters.RedeemSplitter(s)
-
- return result
-
-}
-
-func newSplitter(options ...splitterOption) splitter {
- s := splitter{
- postSplitInitialismCheck: false,
- initialisms: initialisms,
- initialismsRunes: initialismsRunes,
- initialismsUpperCased: initialismsUpperCased,
- }
-
- for _, option := range options {
- option(&s)
- }
-
- return s
-}
-
-// withPostSplitInitialismCheck allows to catch initialisms after main split process
-func withPostSplitInitialismCheck(s *splitter) {
- s.postSplitInitialismCheck = true
-}
-
-func (p matchesPool) BorrowMatches() *initialismMatches {
- s := p.Get().(*initialismMatches)
- *s = (*s)[:0] // reset slice, keep allocated capacity
-
- return s
-}
-
-func (p buffersPool) BorrowBuffer(size int) *bytes.Buffer {
- s := p.Get().(*bytes.Buffer)
- s.Reset()
-
- if s.Cap() < size {
- s.Grow(size)
- }
-
- return s
-}
-
-func (p lexemsPool) BorrowLexems() *[]nameLexem {
- s := p.Get().(*[]nameLexem)
- *s = (*s)[:0] // reset slice, keep allocated capacity
-
- return s
-}
-
-func (p splittersPool) BorrowSplitter(options ...splitterOption) *splitter {
- s := p.Get().(*splitter)
- s.postSplitInitialismCheck = false // reset options
- for _, apply := range options {
- apply(s)
- }
-
- return s
-}
-
-func (p matchesPool) RedeemMatches(s *initialismMatches) {
- p.Put(s)
-}
-
-func (p buffersPool) RedeemBuffer(s *bytes.Buffer) {
- p.Put(s)
-}
-
-func (p lexemsPool) RedeemLexems(s *[]nameLexem) {
- p.Put(s)
-}
-
-func (p splittersPool) RedeemSplitter(s *splitter) {
- p.Put(s)
-}
-
-func (m initialismMatch) isZero() bool {
- return m.start == 0 && m.end == 0
-}
-
-func (s splitter) split(name string) *[]nameLexem {
- nameRunes := []rune(name)
- matches := s.gatherInitialismMatches(nameRunes)
- if matches == nil {
- return poolOfLexems.BorrowLexems()
- }
-
- return s.mapMatchesToNameLexems(nameRunes, matches)
-}
-
-func (s splitter) gatherInitialismMatches(nameRunes []rune) *initialismMatches {
- var matches *initialismMatches
-
- for currentRunePosition, currentRune := range nameRunes {
- // recycle these allocations as we loop over runes
- // with such recycling, only 2 slices should be allocated per call
- // instead of o(n).
- newMatches := poolOfMatches.BorrowMatches()
-
- // check current initialism matches
- if matches != nil { // skip first iteration
- for _, match := range *matches {
- if keepCompleteMatch := match.complete; keepCompleteMatch {
- *newMatches = append(*newMatches, match)
- continue
- }
-
- // drop failed match
- currentMatchRune := match.body[currentRunePosition-match.start]
- if currentMatchRune != currentRune {
- continue
- }
-
- // try to complete ongoing match
- if currentRunePosition-match.start == len(match.body)-1 {
- // we are close; the next step is to check the symbol ahead
- // if it is a small letter, then it is not the end of match
- // but beginning of the next word
-
- if currentRunePosition < len(nameRunes)-1 {
- nextRune := nameRunes[currentRunePosition+1]
- if newWord := unicode.IsLower(nextRune); newWord {
- // oh ok, it was the start of a new word
- continue
- }
- }
-
- match.complete = true
- match.end = currentRunePosition
- }
-
- *newMatches = append(*newMatches, match)
- }
- }
-
- // check for new initialism matches
- for i := range s.initialisms {
- initialismRunes := s.initialismsRunes[i]
- if initialismRunes[0] == currentRune {
- *newMatches = append(*newMatches, initialismMatch{
- start: currentRunePosition,
- body: initialismRunes,
- complete: false,
- })
- }
- }
-
- if matches != nil {
- poolOfMatches.RedeemMatches(matches)
- }
- matches = newMatches
- }
-
- // up to the caller to redeem this last slice
- return matches
-}
-
-func (s splitter) mapMatchesToNameLexems(nameRunes []rune, matches *initialismMatches) *[]nameLexem {
- nameLexems := poolOfLexems.BorrowLexems()
-
- var lastAcceptedMatch initialismMatch
- for _, match := range *matches {
- if !match.complete {
- continue
- }
-
- if firstMatch := lastAcceptedMatch.isZero(); firstMatch {
- s.appendBrokenDownCasualString(nameLexems, nameRunes[:match.start])
- *nameLexems = append(*nameLexems, s.breakInitialism(string(match.body)))
-
- lastAcceptedMatch = match
-
- continue
- }
-
- if overlappedMatch := match.start <= lastAcceptedMatch.end; overlappedMatch {
- continue
- }
-
- middle := nameRunes[lastAcceptedMatch.end+1 : match.start]
- s.appendBrokenDownCasualString(nameLexems, middle)
- *nameLexems = append(*nameLexems, s.breakInitialism(string(match.body)))
-
- lastAcceptedMatch = match
- }
-
- // we have not found any accepted matches
- if lastAcceptedMatch.isZero() {
- *nameLexems = (*nameLexems)[:0]
- s.appendBrokenDownCasualString(nameLexems, nameRunes)
- } else if lastAcceptedMatch.end+1 != len(nameRunes) {
- rest := nameRunes[lastAcceptedMatch.end+1:]
- s.appendBrokenDownCasualString(nameLexems, rest)
- }
-
- poolOfMatches.RedeemMatches(matches)
-
- return nameLexems
-}
-
-func (s splitter) breakInitialism(original string) nameLexem {
- return newInitialismNameLexem(original, original)
-}
-
-func (s splitter) appendBrokenDownCasualString(segments *[]nameLexem, str []rune) {
- currentSegment := poolOfBuffers.BorrowBuffer(len(str)) // unlike strings.Builder, bytes.Buffer initial storage can reused
- defer func() {
- poolOfBuffers.RedeemBuffer(currentSegment)
- }()
-
- addCasualNameLexem := func(original string) {
- *segments = append(*segments, newCasualNameLexem(original))
- }
-
- addInitialismNameLexem := func(original, match string) {
- *segments = append(*segments, newInitialismNameLexem(original, match))
- }
-
- var addNameLexem func(string)
- if s.postSplitInitialismCheck {
- addNameLexem = func(original string) {
- for i := range s.initialisms {
- if isEqualFoldIgnoreSpace(s.initialismsUpperCased[i], original) {
- addInitialismNameLexem(original, s.initialisms[i])
-
- return
- }
- }
-
- addCasualNameLexem(original)
- }
- } else {
- addNameLexem = addCasualNameLexem
- }
-
- for _, rn := range str {
- if replace, found := nameReplaceTable(rn); found {
- if currentSegment.Len() > 0 {
- addNameLexem(currentSegment.String())
- currentSegment.Reset()
- }
-
- if replace != "" {
- addNameLexem(replace)
- }
-
- continue
- }
-
- if !unicode.In(rn, unicode.L, unicode.M, unicode.N, unicode.Pc) {
- if currentSegment.Len() > 0 {
- addNameLexem(currentSegment.String())
- currentSegment.Reset()
- }
-
- continue
- }
-
- if unicode.IsUpper(rn) {
- if currentSegment.Len() > 0 {
- addNameLexem(currentSegment.String())
- }
- currentSegment.Reset()
- }
-
- currentSegment.WriteRune(rn)
- }
-
- if currentSegment.Len() > 0 {
- addNameLexem(currentSegment.String())
- }
-}
-
-// isEqualFoldIgnoreSpace is the same as strings.EqualFold, but
-// it ignores leading and trailing blank spaces in the compared
-// string.
-//
-// base is assumed to be composed of upper-cased runes, and be already
-// trimmed.
-//
-// This code is heavily inspired from strings.EqualFold.
-func isEqualFoldIgnoreSpace(base []rune, str string) bool {
- var i, baseIndex int
- // equivalent to b := []byte(str), but without data copy
- b := hackStringBytes(str)
-
- for i < len(b) {
- if c := b[i]; c < utf8.RuneSelf {
- // fast path for ASCII
- if c != ' ' && c != '\t' {
- break
- }
- i++
-
- continue
- }
-
- // unicode case
- r, size := utf8.DecodeRune(b[i:])
- if !unicode.IsSpace(r) {
- break
- }
- i += size
- }
-
- if i >= len(b) {
- return len(base) == 0
- }
-
- for _, baseRune := range base {
- if i >= len(b) {
- break
- }
-
- if c := b[i]; c < utf8.RuneSelf {
- // single byte rune case (ASCII)
- if baseRune >= utf8.RuneSelf {
- return false
- }
-
- baseChar := byte(baseRune)
- if c != baseChar &&
- !('a' <= c && c <= 'z' && c-'a'+'A' == baseChar) {
- return false
- }
-
- baseIndex++
- i++
-
- continue
- }
-
- // unicode case
- r, size := utf8.DecodeRune(b[i:])
- if unicode.ToUpper(r) != baseRune {
- return false
- }
- baseIndex++
- i += size
- }
-
- if baseIndex != len(base) {
- return false
- }
-
- // all passed: now we should only have blanks
- for i < len(b) {
- if c := b[i]; c < utf8.RuneSelf {
- // fast path for ASCII
- if c != ' ' && c != '\t' {
- return false
- }
- i++
-
- continue
- }
-
- // unicode case
- r, size := utf8.DecodeRune(b[i:])
- if !unicode.IsSpace(r) {
- return false
- }
-
- i += size
- }
-
- return true
-}
diff --git a/vendor/github.com/go-openapi/swag/stringutils/LICENSE b/vendor/github.com/go-openapi/swag/stringutils/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/stringutils/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/stringutils/collection_formats.go b/vendor/github.com/go-openapi/swag/stringutils/collection_formats.go
new file mode 100644
index 000000000..28056ad25
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/stringutils/collection_formats.go
@@ -0,0 +1,74 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package stringutils
+
+import "strings"
+
+const (
+ // collectionFormatComma = "csv"
+ collectionFormatSpace = "ssv"
+ collectionFormatTab = "tsv"
+ collectionFormatPipe = "pipes"
+ collectionFormatMulti = "multi"
+
+ collectionFormatDefaultSep = ","
+)
+
+// JoinByFormat joins a string array by a known format (e.g. swagger's collectionFormat attribute):
+//
+// ssv: space separated value
+// tsv: tab separated value
+// pipes: pipe (|) separated value
+// csv: comma separated value (default)
+func JoinByFormat(data []string, format string) []string {
+ if len(data) == 0 {
+ return data
+ }
+ var sep string
+ switch format {
+ case collectionFormatSpace:
+ sep = " "
+ case collectionFormatTab:
+ sep = "\t"
+ case collectionFormatPipe:
+ sep = "|"
+ case collectionFormatMulti:
+ return data
+ default:
+ sep = collectionFormatDefaultSep
+ }
+ return []string{strings.Join(data, sep)}
+}
+
+// SplitByFormat splits a string by a known format:
+//
+// ssv: space separated value
+// tsv: tab separated value
+// pipes: pipe (|) separated value
+// csv: comma separated value (default)
+func SplitByFormat(data, format string) []string {
+ if data == "" {
+ return nil
+ }
+ var sep string
+ switch format {
+ case collectionFormatSpace:
+ sep = " "
+ case collectionFormatTab:
+ sep = "\t"
+ case collectionFormatPipe:
+ sep = "|"
+ case collectionFormatMulti:
+ return nil
+ default:
+ sep = collectionFormatDefaultSep
+ }
+ var result []string
+ for _, s := range strings.Split(data, sep) {
+ if ts := strings.TrimSpace(s); ts != "" {
+ result = append(result, ts)
+ }
+ }
+ return result
+}
diff --git a/vendor/github.com/go-openapi/swag/stringutils/doc.go b/vendor/github.com/go-openapi/swag/stringutils/doc.go
new file mode 100644
index 000000000..c6d17a116
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/stringutils/doc.go
@@ -0,0 +1,5 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package stringutils exposes helpers to search and process strings.
+package stringutils
diff --git a/vendor/github.com/go-openapi/swag/stringutils/strings.go b/vendor/github.com/go-openapi/swag/stringutils/strings.go
new file mode 100644
index 000000000..cd792b7d0
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/stringutils/strings.go
@@ -0,0 +1,23 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package stringutils
+
+import (
+ "slices"
+ "strings"
+)
+
+// ContainsStrings searches a slice of strings for a case-sensitive match
+//
+// Now equivalent to the standard library [slice.Contains].
+func ContainsStrings(coll []string, item string) bool {
+ return slices.Contains(coll, item)
+}
+
+// ContainsStringsCI searches a slice of strings for a case-insensitive match
+func ContainsStringsCI(coll []string, item string) bool {
+ return slices.ContainsFunc(coll, func(e string) bool {
+ return strings.EqualFold(e, item)
+ })
+}
diff --git a/vendor/github.com/go-openapi/swag/stringutils_iface.go b/vendor/github.com/go-openapi/swag/stringutils_iface.go
new file mode 100644
index 000000000..dbfa48484
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/stringutils_iface.go
@@ -0,0 +1,34 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import "github.com/go-openapi/swag/stringutils"
+
+// ContainsStrings searches a slice of strings for a case-sensitive match.
+//
+// Deprecated: use [slices.Contains] or [stringutils.ContainsStrings] instead.
+func ContainsStrings(coll []string, item string) bool {
+ return stringutils.ContainsStrings(coll, item)
+}
+
+// ContainsStringsCI searches a slice of strings for a case-insensitive match.
+//
+// Deprecated: use [stringutils.ContainsStringsCI] instead.
+func ContainsStringsCI(coll []string, item string) bool {
+ return stringutils.ContainsStringsCI(coll, item)
+}
+
+// JoinByFormat joins a string array by a known format (e.g. swagger's collectionFormat attribute).
+//
+// Deprecated: use [stringutils.JoinByFormat] instead.
+func JoinByFormat(data []string, format string) []string {
+ return stringutils.JoinByFormat(data, format)
+}
+
+// SplitByFormat splits a string by a known format.
+//
+// Deprecated: use [stringutils.SplitByFormat] instead.
+func SplitByFormat(data, format string) []string {
+ return stringutils.SplitByFormat(data, format)
+}
diff --git a/vendor/github.com/go-openapi/swag/typeutils/LICENSE b/vendor/github.com/go-openapi/swag/typeutils/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/typeutils/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/typeutils/doc.go b/vendor/github.com/go-openapi/swag/typeutils/doc.go
new file mode 100644
index 000000000..66bed20df
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/typeutils/doc.go
@@ -0,0 +1,5 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package typeutils exposes utilities to inspect generic types.
+package typeutils
diff --git a/vendor/github.com/go-openapi/swag/typeutils/types.go b/vendor/github.com/go-openapi/swag/typeutils/types.go
new file mode 100644
index 000000000..55487a673
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/typeutils/types.go
@@ -0,0 +1,80 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package typeutils
+
+import "reflect"
+
+type zeroable interface {
+ IsZero() bool
+}
+
+// IsZero returns true when the value passed into the function is a zero value.
+// This allows for safer checking of interface values.
+func IsZero(data any) bool {
+ v := reflect.ValueOf(data)
+ // check for nil data
+ switch v.Kind() { //nolint:exhaustive
+ case
+ reflect.Interface,
+ reflect.Func,
+ reflect.Chan,
+ reflect.Pointer,
+ reflect.UnsafePointer,
+ reflect.Map,
+ reflect.Slice:
+ if v.IsNil() {
+ return true
+ }
+ }
+
+ // check for things that have an IsZero method instead
+ if vv, ok := data.(zeroable); ok {
+ return vv.IsZero()
+ }
+
+ // continue with slightly more complex reflection
+ switch v.Kind() { //nolint:exhaustive
+ case reflect.String:
+ return v.Len() == 0
+ case reflect.Bool:
+ return !v.Bool()
+ case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+ return v.Int() == 0
+ case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+ return v.Uint() == 0
+ case reflect.Float32, reflect.Float64:
+ return v.Float() == 0
+ case reflect.Struct, reflect.Array:
+ return reflect.DeepEqual(data, reflect.Zero(v.Type()).Interface())
+ case reflect.Invalid:
+ return true
+ default:
+ return false
+ }
+}
+
+// IsNil checks if input is nil.
+//
+// For types chan, func, interface, map, pointer, or slice it returns true if its argument is nil.
+//
+// See [reflect.Value.IsNil].
+func IsNil(input any) bool {
+ if input == nil {
+ return true
+ }
+
+ kind := reflect.TypeOf(input).Kind()
+ switch kind { //nolint:exhaustive
+ case reflect.Pointer,
+ reflect.UnsafePointer,
+ reflect.Map,
+ reflect.Slice,
+ reflect.Chan,
+ reflect.Interface,
+ reflect.Func:
+ return reflect.ValueOf(input).IsNil()
+ default:
+ return false
+ }
+}
diff --git a/vendor/github.com/go-openapi/swag/typeutils_iface.go b/vendor/github.com/go-openapi/swag/typeutils_iface.go
new file mode 100644
index 000000000..b63813ea4
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/typeutils_iface.go
@@ -0,0 +1,12 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import "github.com/go-openapi/swag/typeutils"
+
+// IsZero returns true when the value passed into the function is a zero value.
+// This allows for safer checking of interface values.
+//
+// Deprecated: use [typeutils.IsZero] instead.
+func IsZero(data any) bool { return typeutils.IsZero(data) }
diff --git a/vendor/github.com/go-openapi/swag/util.go b/vendor/github.com/go-openapi/swag/util.go
deleted file mode 100644
index 5051401c4..000000000
--- a/vendor/github.com/go-openapi/swag/util.go
+++ /dev/null
@@ -1,364 +0,0 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package swag
-
-import (
- "reflect"
- "strings"
- "unicode"
- "unicode/utf8"
-)
-
-// GoNamePrefixFunc sets an optional rule to prefix go names
-// which do not start with a letter.
-//
-// The prefix function is assumed to return a string that starts with an upper case letter.
-//
-// e.g. to help convert "123" into "{prefix}123"
-//
-// The default is to prefix with "X"
-var GoNamePrefixFunc func(string) string
-
-func prefixFunc(name, in string) string {
- if GoNamePrefixFunc == nil {
- return "X" + in
- }
-
- return GoNamePrefixFunc(name) + in
-}
-
-const (
- // collectionFormatComma = "csv"
- collectionFormatSpace = "ssv"
- collectionFormatTab = "tsv"
- collectionFormatPipe = "pipes"
- collectionFormatMulti = "multi"
-)
-
-// JoinByFormat joins a string array by a known format (e.g. swagger's collectionFormat attribute):
-//
-// ssv: space separated value
-// tsv: tab separated value
-// pipes: pipe (|) separated value
-// csv: comma separated value (default)
-func JoinByFormat(data []string, format string) []string {
- if len(data) == 0 {
- return data
- }
- var sep string
- switch format {
- case collectionFormatSpace:
- sep = " "
- case collectionFormatTab:
- sep = "\t"
- case collectionFormatPipe:
- sep = "|"
- case collectionFormatMulti:
- return data
- default:
- sep = ","
- }
- return []string{strings.Join(data, sep)}
-}
-
-// SplitByFormat splits a string by a known format:
-//
-// ssv: space separated value
-// tsv: tab separated value
-// pipes: pipe (|) separated value
-// csv: comma separated value (default)
-func SplitByFormat(data, format string) []string {
- if data == "" {
- return nil
- }
- var sep string
- switch format {
- case collectionFormatSpace:
- sep = " "
- case collectionFormatTab:
- sep = "\t"
- case collectionFormatPipe:
- sep = "|"
- case collectionFormatMulti:
- return nil
- default:
- sep = ","
- }
- var result []string
- for _, s := range strings.Split(data, sep) {
- if ts := strings.TrimSpace(s); ts != "" {
- result = append(result, ts)
- }
- }
- return result
-}
-
-// Removes leading whitespaces
-func trim(str string) string {
- return strings.TrimSpace(str)
-}
-
-// Shortcut to strings.ToUpper()
-func upper(str string) string {
- return strings.ToUpper(trim(str))
-}
-
-// Shortcut to strings.ToLower()
-func lower(str string) string {
- return strings.ToLower(trim(str))
-}
-
-// Camelize an uppercased word
-func Camelize(word string) string {
- camelized := poolOfBuffers.BorrowBuffer(len(word))
- defer func() {
- poolOfBuffers.RedeemBuffer(camelized)
- }()
-
- for pos, ru := range []rune(word) {
- if pos > 0 {
- camelized.WriteRune(unicode.ToLower(ru))
- } else {
- camelized.WriteRune(unicode.ToUpper(ru))
- }
- }
- return camelized.String()
-}
-
-// ToFileName lowercases and underscores a go type name
-func ToFileName(name string) string {
- in := split(name)
- out := make([]string, 0, len(in))
-
- for _, w := range in {
- out = append(out, lower(w))
- }
-
- return strings.Join(out, "_")
-}
-
-// ToCommandName lowercases and underscores a go type name
-func ToCommandName(name string) string {
- in := split(name)
- out := make([]string, 0, len(in))
-
- for _, w := range in {
- out = append(out, lower(w))
- }
- return strings.Join(out, "-")
-}
-
-// ToHumanNameLower represents a code name as a human series of words
-func ToHumanNameLower(name string) string {
- s := poolOfSplitters.BorrowSplitter(withPostSplitInitialismCheck)
- in := s.split(name)
- poolOfSplitters.RedeemSplitter(s)
- out := make([]string, 0, len(*in))
-
- for _, w := range *in {
- if !w.IsInitialism() {
- out = append(out, lower(w.GetOriginal()))
- } else {
- out = append(out, trim(w.GetOriginal()))
- }
- }
- poolOfLexems.RedeemLexems(in)
-
- return strings.Join(out, " ")
-}
-
-// ToHumanNameTitle represents a code name as a human series of words with the first letters titleized
-func ToHumanNameTitle(name string) string {
- s := poolOfSplitters.BorrowSplitter(withPostSplitInitialismCheck)
- in := s.split(name)
- poolOfSplitters.RedeemSplitter(s)
-
- out := make([]string, 0, len(*in))
- for _, w := range *in {
- original := trim(w.GetOriginal())
- if !w.IsInitialism() {
- out = append(out, Camelize(original))
- } else {
- out = append(out, original)
- }
- }
- poolOfLexems.RedeemLexems(in)
-
- return strings.Join(out, " ")
-}
-
-// ToJSONName camelcases a name which can be underscored or pascal cased
-func ToJSONName(name string) string {
- in := split(name)
- out := make([]string, 0, len(in))
-
- for i, w := range in {
- if i == 0 {
- out = append(out, lower(w))
- continue
- }
- out = append(out, Camelize(trim(w)))
- }
- return strings.Join(out, "")
-}
-
-// ToVarName camelcases a name which can be underscored or pascal cased
-func ToVarName(name string) string {
- res := ToGoName(name)
- if isInitialism(res) {
- return lower(res)
- }
- if len(res) <= 1 {
- return lower(res)
- }
- return lower(res[:1]) + res[1:]
-}
-
-// ToGoName translates a swagger name which can be underscored or camel cased to a name that golint likes
-func ToGoName(name string) string {
- s := poolOfSplitters.BorrowSplitter(withPostSplitInitialismCheck)
- lexems := s.split(name)
- poolOfSplitters.RedeemSplitter(s)
- defer func() {
- poolOfLexems.RedeemLexems(lexems)
- }()
- lexemes := *lexems
-
- if len(lexemes) == 0 {
- return ""
- }
-
- result := poolOfBuffers.BorrowBuffer(len(name))
- defer func() {
- poolOfBuffers.RedeemBuffer(result)
- }()
-
- // check if not starting with a letter, upper case
- firstPart := lexemes[0].GetUnsafeGoName()
- if lexemes[0].IsInitialism() {
- firstPart = upper(firstPart)
- }
-
- if c := firstPart[0]; c < utf8.RuneSelf {
- // ASCII
- switch {
- case 'A' <= c && c <= 'Z':
- result.WriteString(firstPart)
- case 'a' <= c && c <= 'z':
- result.WriteByte(c - 'a' + 'A')
- result.WriteString(firstPart[1:])
- default:
- result.WriteString(prefixFunc(name, firstPart))
- // NOTE: no longer check if prefixFunc returns a string that starts with uppercase:
- // assume this is always the case
- }
- } else {
- // unicode
- firstRune, _ := utf8.DecodeRuneInString(firstPart)
- switch {
- case !unicode.IsLetter(firstRune):
- result.WriteString(prefixFunc(name, firstPart))
- case !unicode.IsUpper(firstRune):
- result.WriteString(prefixFunc(name, firstPart))
- /*
- result.WriteRune(unicode.ToUpper(firstRune))
- result.WriteString(firstPart[offset:])
- */
- default:
- result.WriteString(firstPart)
- }
- }
-
- for _, lexem := range lexemes[1:] {
- goName := lexem.GetUnsafeGoName()
-
- // to support old behavior
- if lexem.IsInitialism() {
- goName = upper(goName)
- }
- result.WriteString(goName)
- }
-
- return result.String()
-}
-
-// ContainsStrings searches a slice of strings for a case-sensitive match
-func ContainsStrings(coll []string, item string) bool {
- for _, a := range coll {
- if a == item {
- return true
- }
- }
- return false
-}
-
-// ContainsStringsCI searches a slice of strings for a case-insensitive match
-func ContainsStringsCI(coll []string, item string) bool {
- for _, a := range coll {
- if strings.EqualFold(a, item) {
- return true
- }
- }
- return false
-}
-
-type zeroable interface {
- IsZero() bool
-}
-
-// IsZero returns true when the value passed into the function is a zero value.
-// This allows for safer checking of interface values.
-func IsZero(data interface{}) bool {
- v := reflect.ValueOf(data)
- // check for nil data
- switch v.Kind() { //nolint:exhaustive
- case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice:
- if v.IsNil() {
- return true
- }
- }
-
- // check for things that have an IsZero method instead
- if vv, ok := data.(zeroable); ok {
- return vv.IsZero()
- }
-
- // continue with slightly more complex reflection
- switch v.Kind() { //nolint:exhaustive
- case reflect.String:
- return v.Len() == 0
- case reflect.Bool:
- return !v.Bool()
- case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
- return v.Int() == 0
- case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
- return v.Uint() == 0
- case reflect.Float32, reflect.Float64:
- return v.Float() == 0
- case reflect.Struct, reflect.Array:
- return reflect.DeepEqual(data, reflect.Zero(v.Type()).Interface())
- case reflect.Invalid:
- return true
- default:
- return false
- }
-}
-
-// CommandLineOptionsGroup represents a group of user-defined command line options
-type CommandLineOptionsGroup struct {
- ShortDescription string
- LongDescription string
- Options interface{}
-}
diff --git a/vendor/github.com/go-openapi/swag/yaml.go b/vendor/github.com/go-openapi/swag/yaml.go
deleted file mode 100644
index 575346539..000000000
--- a/vendor/github.com/go-openapi/swag/yaml.go
+++ /dev/null
@@ -1,481 +0,0 @@
-// Copyright 2015 go-swagger maintainers
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package swag
-
-import (
- "encoding/json"
- "fmt"
- "path/filepath"
- "reflect"
- "sort"
- "strconv"
-
- "github.com/mailru/easyjson/jlexer"
- "github.com/mailru/easyjson/jwriter"
- yaml "gopkg.in/yaml.v3"
-)
-
-// YAMLMatcher matches yaml
-func YAMLMatcher(path string) bool {
- ext := filepath.Ext(path)
- return ext == ".yaml" || ext == ".yml"
-}
-
-// YAMLToJSON converts YAML unmarshaled data into json compatible data
-func YAMLToJSON(data interface{}) (json.RawMessage, error) {
- jm, err := transformData(data)
- if err != nil {
- return nil, err
- }
- b, err := WriteJSON(jm)
- return json.RawMessage(b), err
-}
-
-// BytesToYAMLDoc converts a byte slice into a YAML document
-func BytesToYAMLDoc(data []byte) (interface{}, error) {
- var document yaml.Node // preserve order that is present in the document
- if err := yaml.Unmarshal(data, &document); err != nil {
- return nil, err
- }
- if document.Kind != yaml.DocumentNode || len(document.Content) != 1 || document.Content[0].Kind != yaml.MappingNode {
- return nil, fmt.Errorf("only YAML documents that are objects are supported: %w", ErrYAML)
- }
- return &document, nil
-}
-
-func yamlNode(root *yaml.Node) (interface{}, error) {
- switch root.Kind {
- case yaml.DocumentNode:
- return yamlDocument(root)
- case yaml.SequenceNode:
- return yamlSequence(root)
- case yaml.MappingNode:
- return yamlMapping(root)
- case yaml.ScalarNode:
- return yamlScalar(root)
- case yaml.AliasNode:
- return yamlNode(root.Alias)
- default:
- return nil, fmt.Errorf("unsupported YAML node type: %v: %w", root.Kind, ErrYAML)
- }
-}
-
-func yamlDocument(node *yaml.Node) (interface{}, error) {
- if len(node.Content) != 1 {
- return nil, fmt.Errorf("unexpected YAML Document node content length: %d: %w", len(node.Content), ErrYAML)
- }
- return yamlNode(node.Content[0])
-}
-
-func yamlMapping(node *yaml.Node) (interface{}, error) {
- const sensibleAllocDivider = 2
- m := make(JSONMapSlice, len(node.Content)/sensibleAllocDivider)
-
- var j int
- for i := 0; i < len(node.Content); i += 2 {
- var nmi JSONMapItem
- k, err := yamlStringScalarC(node.Content[i])
- if err != nil {
- return nil, fmt.Errorf("unable to decode YAML map key: %w: %w", err, ErrYAML)
- }
- nmi.Key = k
- v, err := yamlNode(node.Content[i+1])
- if err != nil {
- return nil, fmt.Errorf("unable to process YAML map value for key %q: %w: %w", k, err, ErrYAML)
- }
- nmi.Value = v
- m[j] = nmi
- j++
- }
- return m, nil
-}
-
-func yamlSequence(node *yaml.Node) (interface{}, error) {
- s := make([]interface{}, 0)
-
- for i := 0; i < len(node.Content); i++ {
-
- v, err := yamlNode(node.Content[i])
- if err != nil {
- return nil, fmt.Errorf("unable to decode YAML sequence value: %w: %w", err, ErrYAML)
- }
- s = append(s, v)
- }
- return s, nil
-}
-
-const ( // See https://yaml.org/type/
- yamlStringScalar = "tag:yaml.org,2002:str"
- yamlIntScalar = "tag:yaml.org,2002:int"
- yamlBoolScalar = "tag:yaml.org,2002:bool"
- yamlFloatScalar = "tag:yaml.org,2002:float"
- yamlTimestamp = "tag:yaml.org,2002:timestamp"
- yamlNull = "tag:yaml.org,2002:null"
-)
-
-func yamlScalar(node *yaml.Node) (interface{}, error) {
- switch node.LongTag() {
- case yamlStringScalar:
- return node.Value, nil
- case yamlBoolScalar:
- b, err := strconv.ParseBool(node.Value)
- if err != nil {
- return nil, fmt.Errorf("unable to process scalar node. Got %q. Expecting bool content: %w: %w", node.Value, err, ErrYAML)
- }
- return b, nil
- case yamlIntScalar:
- i, err := strconv.ParseInt(node.Value, 10, 64)
- if err != nil {
- return nil, fmt.Errorf("unable to process scalar node. Got %q. Expecting integer content: %w: %w", node.Value, err, ErrYAML)
- }
- return i, nil
- case yamlFloatScalar:
- f, err := strconv.ParseFloat(node.Value, 64)
- if err != nil {
- return nil, fmt.Errorf("unable to process scalar node. Got %q. Expecting float content: %w: %w", node.Value, err, ErrYAML)
- }
- return f, nil
- case yamlTimestamp:
- return node.Value, nil
- case yamlNull:
- return nil, nil //nolint:nilnil
- default:
- return nil, fmt.Errorf("YAML tag %q is not supported: %w", node.LongTag(), ErrYAML)
- }
-}
-
-func yamlStringScalarC(node *yaml.Node) (string, error) {
- if node.Kind != yaml.ScalarNode {
- return "", fmt.Errorf("expecting a string scalar but got %q: %w", node.Kind, ErrYAML)
- }
- switch node.LongTag() {
- case yamlStringScalar, yamlIntScalar, yamlFloatScalar:
- return node.Value, nil
- default:
- return "", fmt.Errorf("YAML tag %q is not supported as map key: %w", node.LongTag(), ErrYAML)
- }
-}
-
-// JSONMapSlice represent a JSON object, with the order of keys maintained
-type JSONMapSlice []JSONMapItem
-
-// MarshalJSON renders a JSONMapSlice as JSON
-func (s JSONMapSlice) MarshalJSON() ([]byte, error) {
- w := &jwriter.Writer{Flags: jwriter.NilMapAsEmpty | jwriter.NilSliceAsEmpty}
- s.MarshalEasyJSON(w)
- return w.BuildBytes()
-}
-
-// MarshalEasyJSON renders a JSONMapSlice as JSON, using easyJSON
-func (s JSONMapSlice) MarshalEasyJSON(w *jwriter.Writer) {
- w.RawByte('{')
-
- ln := len(s)
- last := ln - 1
- for i := 0; i < ln; i++ {
- s[i].MarshalEasyJSON(w)
- if i != last { // last item
- w.RawByte(',')
- }
- }
-
- w.RawByte('}')
-}
-
-// UnmarshalJSON makes a JSONMapSlice from JSON
-func (s *JSONMapSlice) UnmarshalJSON(data []byte) error {
- l := jlexer.Lexer{Data: data}
- s.UnmarshalEasyJSON(&l)
- return l.Error()
-}
-
-// UnmarshalEasyJSON makes a JSONMapSlice from JSON, using easyJSON
-func (s *JSONMapSlice) UnmarshalEasyJSON(in *jlexer.Lexer) {
- if in.IsNull() {
- in.Skip()
- return
- }
-
- var result JSONMapSlice
- in.Delim('{')
- for !in.IsDelim('}') {
- var mi JSONMapItem
- mi.UnmarshalEasyJSON(in)
- result = append(result, mi)
- }
- *s = result
-}
-
-func (s JSONMapSlice) MarshalYAML() (interface{}, error) {
- var n yaml.Node
- n.Kind = yaml.DocumentNode
- var nodes []*yaml.Node
- for _, item := range s {
- nn, err := json2yaml(item.Value)
- if err != nil {
- return nil, err
- }
- ns := []*yaml.Node{
- {
- Kind: yaml.ScalarNode,
- Tag: yamlStringScalar,
- Value: item.Key,
- },
- nn,
- }
- nodes = append(nodes, ns...)
- }
-
- n.Content = []*yaml.Node{
- {
- Kind: yaml.MappingNode,
- Content: nodes,
- },
- }
-
- return yaml.Marshal(&n)
-}
-
-func isNil(input interface{}) bool {
- if input == nil {
- return true
- }
- kind := reflect.TypeOf(input).Kind()
- switch kind { //nolint:exhaustive
- case reflect.Ptr, reflect.Map, reflect.Slice, reflect.Chan:
- return reflect.ValueOf(input).IsNil()
- default:
- return false
- }
-}
-
-func json2yaml(item interface{}) (*yaml.Node, error) {
- if isNil(item) {
- return &yaml.Node{
- Kind: yaml.ScalarNode,
- Value: "null",
- }, nil
- }
-
- switch val := item.(type) {
- case JSONMapSlice:
- var n yaml.Node
- n.Kind = yaml.MappingNode
- for i := range val {
- childNode, err := json2yaml(&val[i].Value)
- if err != nil {
- return nil, err
- }
- n.Content = append(n.Content, &yaml.Node{
- Kind: yaml.ScalarNode,
- Tag: yamlStringScalar,
- Value: val[i].Key,
- }, childNode)
- }
- return &n, nil
- case map[string]interface{}:
- var n yaml.Node
- n.Kind = yaml.MappingNode
- keys := make([]string, 0, len(val))
- for k := range val {
- keys = append(keys, k)
- }
- sort.Strings(keys)
-
- for _, k := range keys {
- v := val[k]
- childNode, err := json2yaml(v)
- if err != nil {
- return nil, err
- }
- n.Content = append(n.Content, &yaml.Node{
- Kind: yaml.ScalarNode,
- Tag: yamlStringScalar,
- Value: k,
- }, childNode)
- }
- return &n, nil
- case []interface{}:
- var n yaml.Node
- n.Kind = yaml.SequenceNode
- for i := range val {
- childNode, err := json2yaml(val[i])
- if err != nil {
- return nil, err
- }
- n.Content = append(n.Content, childNode)
- }
- return &n, nil
- case string:
- return &yaml.Node{
- Kind: yaml.ScalarNode,
- Tag: yamlStringScalar,
- Value: val,
- }, nil
- case float64:
- return &yaml.Node{
- Kind: yaml.ScalarNode,
- Tag: yamlFloatScalar,
- Value: strconv.FormatFloat(val, 'f', -1, 64),
- }, nil
- case int64:
- return &yaml.Node{
- Kind: yaml.ScalarNode,
- Tag: yamlIntScalar,
- Value: strconv.FormatInt(val, 10),
- }, nil
- case uint64:
- return &yaml.Node{
- Kind: yaml.ScalarNode,
- Tag: yamlIntScalar,
- Value: strconv.FormatUint(val, 10),
- }, nil
- case bool:
- return &yaml.Node{
- Kind: yaml.ScalarNode,
- Tag: yamlBoolScalar,
- Value: strconv.FormatBool(val),
- }, nil
- default:
- return nil, fmt.Errorf("unhandled type: %T: %w", val, ErrYAML)
- }
-}
-
-// JSONMapItem represents the value of a key in a JSON object held by JSONMapSlice
-type JSONMapItem struct {
- Key string
- Value interface{}
-}
-
-// MarshalJSON renders a JSONMapItem as JSON
-func (s JSONMapItem) MarshalJSON() ([]byte, error) {
- w := &jwriter.Writer{Flags: jwriter.NilMapAsEmpty | jwriter.NilSliceAsEmpty}
- s.MarshalEasyJSON(w)
- return w.BuildBytes()
-}
-
-// MarshalEasyJSON renders a JSONMapItem as JSON, using easyJSON
-func (s JSONMapItem) MarshalEasyJSON(w *jwriter.Writer) {
- w.String(s.Key)
- w.RawByte(':')
- w.Raw(WriteJSON(s.Value))
-}
-
-// UnmarshalJSON makes a JSONMapItem from JSON
-func (s *JSONMapItem) UnmarshalJSON(data []byte) error {
- l := jlexer.Lexer{Data: data}
- s.UnmarshalEasyJSON(&l)
- return l.Error()
-}
-
-// UnmarshalEasyJSON makes a JSONMapItem from JSON, using easyJSON
-func (s *JSONMapItem) UnmarshalEasyJSON(in *jlexer.Lexer) {
- key := in.UnsafeString()
- in.WantColon()
- value := in.Interface()
- in.WantComma()
- s.Key = key
- s.Value = value
-}
-
-func transformData(input interface{}) (out interface{}, err error) {
- format := func(t interface{}) (string, error) {
- switch k := t.(type) {
- case string:
- return k, nil
- case uint:
- return strconv.FormatUint(uint64(k), 10), nil
- case uint8:
- return strconv.FormatUint(uint64(k), 10), nil
- case uint16:
- return strconv.FormatUint(uint64(k), 10), nil
- case uint32:
- return strconv.FormatUint(uint64(k), 10), nil
- case uint64:
- return strconv.FormatUint(k, 10), nil
- case int:
- return strconv.Itoa(k), nil
- case int8:
- return strconv.FormatInt(int64(k), 10), nil
- case int16:
- return strconv.FormatInt(int64(k), 10), nil
- case int32:
- return strconv.FormatInt(int64(k), 10), nil
- case int64:
- return strconv.FormatInt(k, 10), nil
- default:
- return "", fmt.Errorf("unexpected map key type, got: %T: %w", k, ErrYAML)
- }
- }
-
- switch in := input.(type) {
- case yaml.Node:
- return yamlNode(&in)
- case *yaml.Node:
- return yamlNode(in)
- case map[interface{}]interface{}:
- o := make(JSONMapSlice, 0, len(in))
- for ke, va := range in {
- var nmi JSONMapItem
- if nmi.Key, err = format(ke); err != nil {
- return nil, err
- }
-
- v, ert := transformData(va)
- if ert != nil {
- return nil, ert
- }
- nmi.Value = v
- o = append(o, nmi)
- }
- return o, nil
- case []interface{}:
- len1 := len(in)
- o := make([]interface{}, len1)
- for i := 0; i < len1; i++ {
- o[i], err = transformData(in[i])
- if err != nil {
- return nil, err
- }
- }
- return o, nil
- }
- return input, nil
-}
-
-// YAMLDoc loads a yaml document from either http or a file and converts it to json
-func YAMLDoc(path string) (json.RawMessage, error) {
- yamlDoc, err := YAMLData(path)
- if err != nil {
- return nil, err
- }
-
- data, err := YAMLToJSON(yamlDoc)
- if err != nil {
- return nil, err
- }
-
- return data, nil
-}
-
-// YAMLData loads a yaml document from either http or a file
-func YAMLData(path string) (interface{}, error) {
- data, err := LoadFromFileOrHTTP(path)
- if err != nil {
- return nil, err
- }
-
- return BytesToYAMLDoc(data)
-}
diff --git a/vendor/github.com/go-openapi/swag/yamlutils/LICENSE b/vendor/github.com/go-openapi/swag/yamlutils/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/yamlutils/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/go-openapi/swag/yamlutils/doc.go b/vendor/github.com/go-openapi/swag/yamlutils/doc.go
new file mode 100644
index 000000000..7bb92a82f
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/yamlutils/doc.go
@@ -0,0 +1,13 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+// Package yamlutils provides utilities to work with YAML documents.
+//
+// - [BytesToYAMLDoc] to construct a [yaml.Node] document
+// - [YAMLToJSON] to convert a [yaml.Node] document to JSON bytes
+// - [YAMLMapSlice] to serialize and deserialize YAML with the order of keys maintained
+package yamlutils
+
+import (
+ _ "go.yaml.in/yaml/v3" // for documentation purpose only
+)
diff --git a/vendor/github.com/go-openapi/swag/yamlutils/errors.go b/vendor/github.com/go-openapi/swag/yamlutils/errors.go
new file mode 100644
index 000000000..e87bc5e8b
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/yamlutils/errors.go
@@ -0,0 +1,15 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package yamlutils
+
+type yamlError string
+
+const (
+ // ErrYAML is an error raised by YAML utilities
+ ErrYAML yamlError = "yaml error"
+)
+
+func (e yamlError) Error() string {
+ return string(e)
+}
diff --git a/vendor/github.com/go-openapi/swag/yamlutils/ordered_map.go b/vendor/github.com/go-openapi/swag/yamlutils/ordered_map.go
new file mode 100644
index 000000000..3daf68dbb
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/yamlutils/ordered_map.go
@@ -0,0 +1,316 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package yamlutils
+
+import (
+ "fmt"
+ "iter"
+ "slices"
+ "sort"
+ "strconv"
+
+ "github.com/go-openapi/swag/conv"
+ "github.com/go-openapi/swag/jsonutils"
+ "github.com/go-openapi/swag/jsonutils/adapters/ifaces"
+ "github.com/go-openapi/swag/typeutils"
+ yaml "go.yaml.in/yaml/v3"
+)
+
+var (
+ _ yaml.Marshaler = YAMLMapSlice{}
+ _ yaml.Unmarshaler = &YAMLMapSlice{}
+)
+
+// YAMLMapSlice represents a YAML object, with the order of keys maintained.
+//
+// It is similar to [jsonutils.JSONMapSlice] and also knows how to marshal and unmarshal YAML.
+//
+// It behaves like an ordered map, but keys can't be accessed in constant time.
+type YAMLMapSlice []YAMLMapItem
+
+// YAMLMapItem represents the value of a key in a YAML object held by [YAMLMapSlice].
+//
+// It is entirely equivalent to [jsonutils.JSONMapItem], with the same limitation that
+// you should not Marshal or Unmarshal directly this type, outside of a [YAMLMapSlice].
+type YAMLMapItem = jsonutils.JSONMapItem
+
+func (s YAMLMapSlice) OrderedItems() iter.Seq2[string, any] {
+ return func(yield func(string, any) bool) {
+ for _, item := range s {
+ if !yield(item.Key, item.Value) {
+ return
+ }
+ }
+ }
+}
+
+// SetOrderedItems implements [ifaces.SetOrdered]: it merges keys passed by the iterator argument
+// into the [YAMLMapSlice].
+func (s *YAMLMapSlice) SetOrderedItems(items iter.Seq2[string, any]) {
+ if items == nil {
+ // force receiver to be a nil slice
+ *s = nil
+
+ return
+ }
+
+ m := *s
+ if len(m) > 0 {
+ // update mode: short-circuited when unmarshaling fresh data structures
+ idx := make(map[string]int, len(m))
+
+ for i, item := range m {
+ idx[item.Key] = i
+ }
+
+ for k, v := range items {
+ idx, ok := idx[k]
+ if ok {
+ m[idx].Value = v
+
+ continue
+ }
+
+ m = append(m, YAMLMapItem{Key: k, Value: v})
+ }
+
+ *s = m
+
+ return
+ }
+
+ for k, v := range items {
+ m = append(m, YAMLMapItem{Key: k, Value: v})
+ }
+
+ *s = m
+}
+
+// MarshalJSON renders this YAML object as JSON bytes.
+//
+// The difference with standard JSON marshaling is that the order of keys is maintained.
+func (s YAMLMapSlice) MarshalJSON() ([]byte, error) {
+ return jsonutils.JSONMapSlice(s).MarshalJSON()
+}
+
+// UnmarshalJSON builds this YAML object from JSON bytes.
+//
+// The difference with standard JSON marshaling is that the order of keys is maintained.
+func (s *YAMLMapSlice) UnmarshalJSON(data []byte) error {
+ js := jsonutils.JSONMapSlice(*s)
+
+ if err := js.UnmarshalJSON(data); err != nil {
+ return err
+ }
+
+ *s = YAMLMapSlice(js)
+
+ return nil
+}
+
+// MarshalYAML produces a YAML document as bytes
+//
+// The difference with standard YAML marshaling is that the order of keys is maintained.
+//
+// It implements [yaml.Marshaler].
+func (s YAMLMapSlice) MarshalYAML() (any, error) {
+ if typeutils.IsNil(s) {
+ return []byte("null\n"), nil
+ }
+ var n yaml.Node
+ n.Kind = yaml.DocumentNode
+ var nodes []*yaml.Node
+
+ for _, item := range s {
+ nn, err := json2yaml(item.Value)
+ if err != nil {
+ return nil, err
+ }
+
+ ns := []*yaml.Node{
+ {
+ Kind: yaml.ScalarNode,
+ Tag: yamlStringScalar,
+ Value: item.Key,
+ },
+ nn,
+ }
+ nodes = append(nodes, ns...)
+ }
+
+ n.Content = []*yaml.Node{
+ {
+ Kind: yaml.MappingNode,
+ Content: nodes,
+ },
+ }
+
+ return yaml.Marshal(&n)
+}
+
+// UnmarshalYAML builds a YAMLMapSlice object from a YAML document [yaml.Node].
+//
+// It implements [yaml.Unmarshaler].
+func (s *YAMLMapSlice) UnmarshalYAML(node *yaml.Node) error {
+ if typeutils.IsNil(*s) {
+ // allow to unmarshal with a simple var declaration (nil slice)
+ *s = YAMLMapSlice{}
+ }
+ if node == nil {
+ *s = nil
+ return nil
+ }
+
+ const sensibleAllocDivider = 2
+ m := slices.Grow(*s, len(node.Content)/sensibleAllocDivider)
+ m = m[:0]
+
+ for i := 0; i < len(node.Content); i += 2 {
+ var nmi YAMLMapItem
+ k, err := yamlStringScalarC(node.Content[i])
+ if err != nil {
+ return fmt.Errorf("unable to decode YAML map key: %w: %w", err, ErrYAML)
+ }
+ nmi.Key = k
+ v, err := yamlNode(node.Content[i+1])
+ if err != nil {
+ return fmt.Errorf("unable to process YAML map value for key %q: %w: %w", k, err, ErrYAML)
+ }
+ nmi.Value = v
+ m = append(m, nmi)
+ }
+
+ *s = m
+
+ return nil
+}
+
+func json2yaml(item any) (*yaml.Node, error) {
+ if typeutils.IsNil(item) {
+ return &yaml.Node{
+ Kind: yaml.ScalarNode,
+ Value: "null",
+ }, nil
+ }
+
+ switch val := item.(type) {
+ case ifaces.Ordered:
+ return orderedYAML(val)
+
+ case map[string]any:
+ var n yaml.Node
+ n.Kind = yaml.MappingNode
+ keys := make([]string, 0, len(val))
+ for k := range val {
+ keys = append(keys, k)
+ }
+ sort.Strings(keys)
+
+ for _, k := range keys {
+ v := val[k]
+ childNode, err := json2yaml(v)
+ if err != nil {
+ return nil, err
+ }
+ n.Content = append(n.Content, &yaml.Node{
+ Kind: yaml.ScalarNode,
+ Tag: yamlStringScalar,
+ Value: k,
+ }, childNode)
+ }
+ return &n, nil
+
+ case []any:
+ var n yaml.Node
+ n.Kind = yaml.SequenceNode
+ for i := range val {
+ childNode, err := json2yaml(val[i])
+ if err != nil {
+ return nil, err
+ }
+ n.Content = append(n.Content, childNode)
+ }
+ return &n, nil
+ case string:
+ return &yaml.Node{
+ Kind: yaml.ScalarNode,
+ Tag: yamlStringScalar,
+ Value: val,
+ }, nil
+ case float32:
+ return floatNode(val)
+ case float64:
+ return floatNode(val)
+ case int:
+ return integerNode(val)
+ case int8:
+ return integerNode(val)
+ case int16:
+ return integerNode(val)
+ case int32:
+ return integerNode(val)
+ case int64:
+ return integerNode(val)
+ case uint:
+ return uintegerNode(val)
+ case uint8:
+ return uintegerNode(val)
+ case uint16:
+ return uintegerNode(val)
+ case uint32:
+ return uintegerNode(val)
+ case uint64:
+ return uintegerNode(val)
+ case bool:
+ return &yaml.Node{
+ Kind: yaml.ScalarNode,
+ Tag: yamlBoolScalar,
+ Value: strconv.FormatBool(val),
+ }, nil
+ default:
+ return nil, fmt.Errorf("unhandled type: %T: %w", val, ErrYAML)
+ }
+}
+
+func floatNode[T conv.Float](val T) (*yaml.Node, error) {
+ return &yaml.Node{
+ Kind: yaml.ScalarNode,
+ Tag: yamlFloatScalar,
+ Value: conv.FormatFloat(val),
+ }, nil
+}
+
+func integerNode[T conv.Signed](val T) (*yaml.Node, error) {
+ return &yaml.Node{
+ Kind: yaml.ScalarNode,
+ Tag: yamlIntScalar,
+ Value: conv.FormatInteger(val),
+ }, nil
+}
+
+func uintegerNode[T conv.Unsigned](val T) (*yaml.Node, error) {
+ return &yaml.Node{
+ Kind: yaml.ScalarNode,
+ Tag: yamlIntScalar,
+ Value: conv.FormatUinteger(val),
+ }, nil
+}
+
+func orderedYAML[T ifaces.Ordered](val T) (*yaml.Node, error) {
+ var n yaml.Node
+ n.Kind = yaml.MappingNode
+ for key, value := range val.OrderedItems() {
+ childNode, err := json2yaml(value)
+ if err != nil {
+ return nil, err
+ }
+
+ n.Content = append(n.Content, &yaml.Node{
+ Kind: yaml.ScalarNode,
+ Tag: yamlStringScalar,
+ Value: key,
+ }, childNode)
+ }
+ return &n, nil
+}
diff --git a/vendor/github.com/go-openapi/swag/yamlutils/yaml.go b/vendor/github.com/go-openapi/swag/yamlutils/yaml.go
new file mode 100644
index 000000000..e3aff3c2f
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/yamlutils/yaml.go
@@ -0,0 +1,211 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package yamlutils
+
+import (
+ json "encoding/json"
+ "fmt"
+ "strconv"
+
+ "github.com/go-openapi/swag/jsonutils"
+ yaml "go.yaml.in/yaml/v3"
+)
+
+// YAMLToJSON converts a YAML document into JSON bytes.
+//
+// Note: a YAML document is the output from a [yaml.Marshaler], e.g a pointer to a [yaml.Node].
+//
+// [YAMLToJSON] is typically called after [BytesToYAMLDoc].
+func YAMLToJSON(value any) (json.RawMessage, error) {
+ jm, err := transformData(value)
+ if err != nil {
+ return nil, err
+ }
+
+ b, err := jsonutils.WriteJSON(jm)
+
+ return json.RawMessage(b), err
+}
+
+// BytesToYAMLDoc converts a byte slice into a YAML document.
+//
+// This function only supports root documents that are objects.
+//
+// A YAML document is a pointer to a [yaml.Node].
+func BytesToYAMLDoc(data []byte) (any, error) {
+ var document yaml.Node // preserve order that is present in the document
+ if err := yaml.Unmarshal(data, &document); err != nil {
+ return nil, err
+ }
+ if document.Kind != yaml.DocumentNode || len(document.Content) != 1 || document.Content[0].Kind != yaml.MappingNode {
+ return nil, fmt.Errorf("only YAML documents that are objects are supported: %w", ErrYAML)
+ }
+ return &document, nil
+}
+
+func yamlNode(root *yaml.Node) (any, error) {
+ switch root.Kind {
+ case yaml.DocumentNode:
+ return yamlDocument(root)
+ case yaml.SequenceNode:
+ return yamlSequence(root)
+ case yaml.MappingNode:
+ return yamlMapping(root)
+ case yaml.ScalarNode:
+ return yamlScalar(root)
+ case yaml.AliasNode:
+ return yamlNode(root.Alias)
+ default:
+ return nil, fmt.Errorf("unsupported YAML node type: %v: %w", root.Kind, ErrYAML)
+ }
+}
+
+func yamlDocument(node *yaml.Node) (any, error) {
+ if len(node.Content) != 1 {
+ return nil, fmt.Errorf("unexpected YAML Document node content length: %d: %w", len(node.Content), ErrYAML)
+ }
+ return yamlNode(node.Content[0])
+}
+
+func yamlMapping(node *yaml.Node) (any, error) {
+ const sensibleAllocDivider = 2 // nodes concatenate (key,value) sequences
+ m := make(YAMLMapSlice, len(node.Content)/sensibleAllocDivider)
+
+ if err := m.UnmarshalYAML(node); err != nil {
+ return nil, err
+ }
+
+ return m, nil
+}
+
+func yamlSequence(node *yaml.Node) (any, error) {
+ s := make([]any, 0)
+
+ for i := range len(node.Content) {
+ v, err := yamlNode(node.Content[i])
+ if err != nil {
+ return nil, fmt.Errorf("unable to decode YAML sequence value: %w: %w", err, ErrYAML)
+ }
+ s = append(s, v)
+ }
+ return s, nil
+}
+
+const ( // See https://yaml.org/type/
+ yamlStringScalar = "tag:yaml.org,2002:str"
+ yamlIntScalar = "tag:yaml.org,2002:int"
+ yamlBoolScalar = "tag:yaml.org,2002:bool"
+ yamlFloatScalar = "tag:yaml.org,2002:float"
+ yamlTimestamp = "tag:yaml.org,2002:timestamp"
+ yamlNull = "tag:yaml.org,2002:null"
+)
+
+func yamlScalar(node *yaml.Node) (any, error) {
+ switch node.LongTag() {
+ case yamlStringScalar:
+ return node.Value, nil
+ case yamlBoolScalar:
+ b, err := strconv.ParseBool(node.Value)
+ if err != nil {
+ return nil, fmt.Errorf("unable to process scalar node. Got %q. Expecting bool content: %w: %w", node.Value, err, ErrYAML)
+ }
+ return b, nil
+ case yamlIntScalar:
+ i, err := strconv.ParseInt(node.Value, 10, 64)
+ if err != nil {
+ return nil, fmt.Errorf("unable to process scalar node. Got %q. Expecting integer content: %w: %w", node.Value, err, ErrYAML)
+ }
+ return i, nil
+ case yamlFloatScalar:
+ f, err := strconv.ParseFloat(node.Value, 64)
+ if err != nil {
+ return nil, fmt.Errorf("unable to process scalar node. Got %q. Expecting float content: %w: %w", node.Value, err, ErrYAML)
+ }
+ return f, nil
+ case yamlTimestamp:
+ // YAML timestamp is marshaled as string, not time
+ return node.Value, nil
+ case yamlNull:
+ return nil, nil //nolint:nilnil
+ default:
+ return nil, fmt.Errorf("YAML tag %q is not supported: %w", node.LongTag(), ErrYAML)
+ }
+}
+
+func yamlStringScalarC(node *yaml.Node) (string, error) {
+ if node.Kind != yaml.ScalarNode {
+ return "", fmt.Errorf("expecting a string scalar but got %q: %w", node.Kind, ErrYAML)
+ }
+ switch node.LongTag() {
+ case yamlStringScalar, yamlIntScalar, yamlFloatScalar:
+ return node.Value, nil
+ default:
+ return "", fmt.Errorf("YAML tag %q is not supported as map key: %w", node.LongTag(), ErrYAML)
+ }
+}
+
+func format(t any) (string, error) {
+ switch k := t.(type) {
+ case string:
+ return k, nil
+ case uint:
+ return strconv.FormatUint(uint64(k), 10), nil
+ case uint8:
+ return strconv.FormatUint(uint64(k), 10), nil
+ case uint16:
+ return strconv.FormatUint(uint64(k), 10), nil
+ case uint32:
+ return strconv.FormatUint(uint64(k), 10), nil
+ case uint64:
+ return strconv.FormatUint(k, 10), nil
+ case int:
+ return strconv.Itoa(k), nil
+ case int8:
+ return strconv.FormatInt(int64(k), 10), nil
+ case int16:
+ return strconv.FormatInt(int64(k), 10), nil
+ case int32:
+ return strconv.FormatInt(int64(k), 10), nil
+ case int64:
+ return strconv.FormatInt(k, 10), nil
+ default:
+ return "", fmt.Errorf("unexpected map key type, got: %T: %w", k, ErrYAML)
+ }
+}
+
+func transformData(input any) (out any, err error) {
+ switch in := input.(type) {
+ case yaml.Node:
+ return yamlNode(&in)
+ case *yaml.Node:
+ return yamlNode(in)
+ case map[any]any:
+ o := make(YAMLMapSlice, 0, len(in))
+ for ke, va := range in {
+ var nmi YAMLMapItem
+ if nmi.Key, err = format(ke); err != nil {
+ return nil, err
+ }
+
+ v, ert := transformData(va)
+ if ert != nil {
+ return nil, ert
+ }
+ nmi.Value = v
+ o = append(o, nmi)
+ }
+ return o, nil
+ case []any:
+ len1 := len(in)
+ o := make([]any, len1)
+ for i := range len1 {
+ o[i], err = transformData(in[i])
+ if err != nil {
+ return nil, err
+ }
+ }
+ return o, nil
+ }
+ return input, nil
+}
diff --git a/vendor/github.com/go-openapi/swag/yamlutils_iface.go b/vendor/github.com/go-openapi/swag/yamlutils_iface.go
new file mode 100644
index 000000000..57767efc5
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/yamlutils_iface.go
@@ -0,0 +1,20 @@
+// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
+// SPDX-License-Identifier: Apache-2.0
+
+package swag
+
+import (
+ "encoding/json"
+
+ "github.com/go-openapi/swag/yamlutils"
+)
+
+// YAMLToJSON converts YAML unmarshaled data into json compatible data
+//
+// Deprecated: use [yamlutils.YAMLToJSON] instead.
+func YAMLToJSON(data any) (json.RawMessage, error) { return yamlutils.YAMLToJSON(data) }
+
+// BytesToYAMLDoc converts a byte slice into a YAML document
+//
+// Deprecated: use [yamlutils.BytesToYAMLDoc] instead.
+func BytesToYAMLDoc(data []byte) (any, error) { return yamlutils.BytesToYAMLDoc(data) }
diff --git a/vendor/github.com/josharian/intern/README.md b/vendor/github.com/josharian/intern/README.md
deleted file mode 100644
index ffc44b219..000000000
--- a/vendor/github.com/josharian/intern/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-Docs: https://godoc.org/github.com/josharian/intern
-
-See also [Go issue 5160](https://golang.org/issue/5160).
-
-License: MIT
diff --git a/vendor/github.com/josharian/intern/intern.go b/vendor/github.com/josharian/intern/intern.go
deleted file mode 100644
index 7acb1fe90..000000000
--- a/vendor/github.com/josharian/intern/intern.go
+++ /dev/null
@@ -1,44 +0,0 @@
-// Package intern interns strings.
-// Interning is best effort only.
-// Interned strings may be removed automatically
-// at any time without notification.
-// All functions may be called concurrently
-// with themselves and each other.
-package intern
-
-import "sync"
-
-var (
- pool sync.Pool = sync.Pool{
- New: func() interface{} {
- return make(map[string]string)
- },
- }
-)
-
-// String returns s, interned.
-func String(s string) string {
- m := pool.Get().(map[string]string)
- c, ok := m[s]
- if ok {
- pool.Put(m)
- return c
- }
- m[s] = s
- pool.Put(m)
- return s
-}
-
-// Bytes returns b converted to a string, interned.
-func Bytes(b []byte) string {
- m := pool.Get().(map[string]string)
- c, ok := m[string(b)]
- if ok {
- pool.Put(m)
- return c
- }
- s := string(b)
- m[s] = s
- pool.Put(m)
- return s
-}
diff --git a/vendor/github.com/josharian/intern/license.md b/vendor/github.com/josharian/intern/license.md
deleted file mode 100644
index 353d3055f..000000000
--- a/vendor/github.com/josharian/intern/license.md
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2019 Josh Bleecher Snyder
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/vendor/github.com/mailru/easyjson/LICENSE b/vendor/github.com/mailru/easyjson/LICENSE
deleted file mode 100644
index fbff658f7..000000000
--- a/vendor/github.com/mailru/easyjson/LICENSE
+++ /dev/null
@@ -1,7 +0,0 @@
-Copyright (c) 2016 Mail.Ru Group
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/mailru/easyjson/buffer/pool.go b/vendor/github.com/mailru/easyjson/buffer/pool.go
deleted file mode 100644
index 598a54af9..000000000
--- a/vendor/github.com/mailru/easyjson/buffer/pool.go
+++ /dev/null
@@ -1,278 +0,0 @@
-// Package buffer implements a buffer for serialization, consisting of a chain of []byte-s to
-// reduce copying and to allow reuse of individual chunks.
-package buffer
-
-import (
- "io"
- "net"
- "sync"
-)
-
-// PoolConfig contains configuration for the allocation and reuse strategy.
-type PoolConfig struct {
- StartSize int // Minimum chunk size that is allocated.
- PooledSize int // Minimum chunk size that is reused, reusing chunks too small will result in overhead.
- MaxSize int // Maximum chunk size that will be allocated.
-}
-
-var config = PoolConfig{
- StartSize: 128,
- PooledSize: 512,
- MaxSize: 32768,
-}
-
-// Reuse pool: chunk size -> pool.
-var buffers = map[int]*sync.Pool{}
-
-func initBuffers() {
- for l := config.PooledSize; l <= config.MaxSize; l *= 2 {
- buffers[l] = new(sync.Pool)
- }
-}
-
-func init() {
- initBuffers()
-}
-
-// Init sets up a non-default pooling and allocation strategy. Should be run before serialization is done.
-func Init(cfg PoolConfig) {
- config = cfg
- initBuffers()
-}
-
-// putBuf puts a chunk to reuse pool if it can be reused.
-func putBuf(buf []byte) {
- size := cap(buf)
- if size < config.PooledSize {
- return
- }
- if c := buffers[size]; c != nil {
- c.Put(buf[:0])
- }
-}
-
-// getBuf gets a chunk from reuse pool or creates a new one if reuse failed.
-func getBuf(size int) []byte {
- if size >= config.PooledSize {
- if c := buffers[size]; c != nil {
- v := c.Get()
- if v != nil {
- return v.([]byte)
- }
- }
- }
- return make([]byte, 0, size)
-}
-
-// Buffer is a buffer optimized for serialization without extra copying.
-type Buffer struct {
-
- // Buf is the current chunk that can be used for serialization.
- Buf []byte
-
- toPool []byte
- bufs [][]byte
-}
-
-// EnsureSpace makes sure that the current chunk contains at least s free bytes,
-// possibly creating a new chunk.
-func (b *Buffer) EnsureSpace(s int) {
- if cap(b.Buf)-len(b.Buf) < s {
- b.ensureSpaceSlow(s)
- }
-}
-
-func (b *Buffer) ensureSpaceSlow(s int) {
- l := len(b.Buf)
- if l > 0 {
- if cap(b.toPool) != cap(b.Buf) {
- // Chunk was reallocated, toPool can be pooled.
- putBuf(b.toPool)
- }
- if cap(b.bufs) == 0 {
- b.bufs = make([][]byte, 0, 8)
- }
- b.bufs = append(b.bufs, b.Buf)
- l = cap(b.toPool) * 2
- } else {
- l = config.StartSize
- }
-
- if l > config.MaxSize {
- l = config.MaxSize
- }
- b.Buf = getBuf(l)
- b.toPool = b.Buf
-}
-
-// AppendByte appends a single byte to buffer.
-func (b *Buffer) AppendByte(data byte) {
- b.EnsureSpace(1)
- b.Buf = append(b.Buf, data)
-}
-
-// AppendBytes appends a byte slice to buffer.
-func (b *Buffer) AppendBytes(data []byte) {
- if len(data) <= cap(b.Buf)-len(b.Buf) {
- b.Buf = append(b.Buf, data...) // fast path
- } else {
- b.appendBytesSlow(data)
- }
-}
-
-func (b *Buffer) appendBytesSlow(data []byte) {
- for len(data) > 0 {
- b.EnsureSpace(1)
-
- sz := cap(b.Buf) - len(b.Buf)
- if sz > len(data) {
- sz = len(data)
- }
-
- b.Buf = append(b.Buf, data[:sz]...)
- data = data[sz:]
- }
-}
-
-// AppendString appends a string to buffer.
-func (b *Buffer) AppendString(data string) {
- if len(data) <= cap(b.Buf)-len(b.Buf) {
- b.Buf = append(b.Buf, data...) // fast path
- } else {
- b.appendStringSlow(data)
- }
-}
-
-func (b *Buffer) appendStringSlow(data string) {
- for len(data) > 0 {
- b.EnsureSpace(1)
-
- sz := cap(b.Buf) - len(b.Buf)
- if sz > len(data) {
- sz = len(data)
- }
-
- b.Buf = append(b.Buf, data[:sz]...)
- data = data[sz:]
- }
-}
-
-// Size computes the size of a buffer by adding sizes of every chunk.
-func (b *Buffer) Size() int {
- size := len(b.Buf)
- for _, buf := range b.bufs {
- size += len(buf)
- }
- return size
-}
-
-// DumpTo outputs the contents of a buffer to a writer and resets the buffer.
-func (b *Buffer) DumpTo(w io.Writer) (written int, err error) {
- bufs := net.Buffers(b.bufs)
- if len(b.Buf) > 0 {
- bufs = append(bufs, b.Buf)
- }
- n, err := bufs.WriteTo(w)
-
- for _, buf := range b.bufs {
- putBuf(buf)
- }
- putBuf(b.toPool)
-
- b.bufs = nil
- b.Buf = nil
- b.toPool = nil
-
- return int(n), err
-}
-
-// BuildBytes creates a single byte slice with all the contents of the buffer. Data is
-// copied if it does not fit in a single chunk. You can optionally provide one byte
-// slice as argument that it will try to reuse.
-func (b *Buffer) BuildBytes(reuse ...[]byte) []byte {
- if len(b.bufs) == 0 {
- ret := b.Buf
- b.toPool = nil
- b.Buf = nil
- return ret
- }
-
- var ret []byte
- size := b.Size()
-
- // If we got a buffer as argument and it is big enough, reuse it.
- if len(reuse) == 1 && cap(reuse[0]) >= size {
- ret = reuse[0][:0]
- } else {
- ret = make([]byte, 0, size)
- }
- for _, buf := range b.bufs {
- ret = append(ret, buf...)
- putBuf(buf)
- }
-
- ret = append(ret, b.Buf...)
- putBuf(b.toPool)
-
- b.bufs = nil
- b.toPool = nil
- b.Buf = nil
-
- return ret
-}
-
-type readCloser struct {
- offset int
- bufs [][]byte
-}
-
-func (r *readCloser) Read(p []byte) (n int, err error) {
- for _, buf := range r.bufs {
- // Copy as much as we can.
- x := copy(p[n:], buf[r.offset:])
- n += x // Increment how much we filled.
-
- // Did we empty the whole buffer?
- if r.offset+x == len(buf) {
- // On to the next buffer.
- r.offset = 0
- r.bufs = r.bufs[1:]
-
- // We can release this buffer.
- putBuf(buf)
- } else {
- r.offset += x
- }
-
- if n == len(p) {
- break
- }
- }
- // No buffers left or nothing read?
- if len(r.bufs) == 0 {
- err = io.EOF
- }
- return
-}
-
-func (r *readCloser) Close() error {
- // Release all remaining buffers.
- for _, buf := range r.bufs {
- putBuf(buf)
- }
- // In case Close gets called multiple times.
- r.bufs = nil
-
- return nil
-}
-
-// ReadCloser creates an io.ReadCloser with all the contents of the buffer.
-func (b *Buffer) ReadCloser() io.ReadCloser {
- ret := &readCloser{0, append(b.bufs, b.Buf)}
-
- b.bufs = nil
- b.toPool = nil
- b.Buf = nil
-
- return ret
-}
diff --git a/vendor/github.com/mailru/easyjson/jlexer/bytestostr.go b/vendor/github.com/mailru/easyjson/jlexer/bytestostr.go
deleted file mode 100644
index e68108f86..000000000
--- a/vendor/github.com/mailru/easyjson/jlexer/bytestostr.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// This file will only be included to the build if neither
-// easyjson_nounsafe nor appengine build tag is set. See README notes
-// for more details.
-
-//+build !easyjson_nounsafe
-//+build !appengine
-
-package jlexer
-
-import (
- "unsafe"
-)
-
-// bytesToStr creates a string pointing at the slice to avoid copying.
-//
-// Warning: the string returned by the function should be used with care, as the whole input data
-// chunk may be either blocked from being freed by GC because of a single string or the buffer.Data
-// may be garbage-collected even when the string exists.
-func bytesToStr(data []byte) string {
- return *(*string)(unsafe.Pointer(&data))
-}
diff --git a/vendor/github.com/mailru/easyjson/jlexer/bytestostr_nounsafe.go b/vendor/github.com/mailru/easyjson/jlexer/bytestostr_nounsafe.go
deleted file mode 100644
index 864d1be67..000000000
--- a/vendor/github.com/mailru/easyjson/jlexer/bytestostr_nounsafe.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// This file is included to the build if any of the buildtags below
-// are defined. Refer to README notes for more details.
-
-//+build easyjson_nounsafe appengine
-
-package jlexer
-
-// bytesToStr creates a string normally from []byte
-//
-// Note that this method is roughly 1.5x slower than using the 'unsafe' method.
-func bytesToStr(data []byte) string {
- return string(data)
-}
diff --git a/vendor/github.com/mailru/easyjson/jlexer/error.go b/vendor/github.com/mailru/easyjson/jlexer/error.go
deleted file mode 100644
index e90ec40d0..000000000
--- a/vendor/github.com/mailru/easyjson/jlexer/error.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package jlexer
-
-import "fmt"
-
-// LexerError implements the error interface and represents all possible errors that can be
-// generated during parsing the JSON data.
-type LexerError struct {
- Reason string
- Offset int
- Data string
-}
-
-func (l *LexerError) Error() string {
- return fmt.Sprintf("parse error: %s near offset %d of '%s'", l.Reason, l.Offset, l.Data)
-}
diff --git a/vendor/github.com/mailru/easyjson/jlexer/lexer.go b/vendor/github.com/mailru/easyjson/jlexer/lexer.go
deleted file mode 100644
index a27705b12..000000000
--- a/vendor/github.com/mailru/easyjson/jlexer/lexer.go
+++ /dev/null
@@ -1,1257 +0,0 @@
-// Package jlexer contains a JSON lexer implementation.
-//
-// It is expected that it is mostly used with generated parser code, so the interface is tuned
-// for a parser that knows what kind of data is expected.
-package jlexer
-
-import (
- "bytes"
- "encoding/base64"
- "encoding/json"
- "errors"
- "fmt"
- "io"
- "strconv"
- "unicode"
- "unicode/utf16"
- "unicode/utf8"
-
- "github.com/josharian/intern"
-)
-
-// TokenKind determines type of a token.
-type TokenKind byte
-
-const (
- TokenUndef TokenKind = iota // No token.
- TokenDelim // Delimiter: one of '{', '}', '[' or ']'.
- TokenString // A string literal, e.g. "abc\u1234"
- TokenNumber // Number literal, e.g. 1.5e5
- TokenBool // Boolean literal: true or false.
- TokenNull // null keyword.
-)
-
-// token describes a single token: type, position in the input and value.
-type token struct {
- kind TokenKind // Type of a token.
-
- boolValue bool // Value if a boolean literal token.
- byteValueCloned bool // true if byteValue was allocated and does not refer to original json body
- byteValue []byte // Raw value of a token.
- delimValue byte
-}
-
-// Lexer is a JSON lexer: it iterates over JSON tokens in a byte slice.
-type Lexer struct {
- Data []byte // Input data given to the lexer.
-
- start int // Start of the current token.
- pos int // Current unscanned position in the input stream.
- token token // Last scanned token, if token.kind != TokenUndef.
-
- firstElement bool // Whether current element is the first in array or an object.
- wantSep byte // A comma or a colon character, which need to occur before a token.
-
- UseMultipleErrors bool // If we want to use multiple errors.
- fatalError error // Fatal error occurred during lexing. It is usually a syntax error.
- multipleErrors []*LexerError // Semantic errors occurred during lexing. Marshalling will be continued after finding this errors.
-}
-
-// FetchToken scans the input for the next token.
-func (r *Lexer) FetchToken() {
- r.token.kind = TokenUndef
- r.start = r.pos
-
- // Check if r.Data has r.pos element
- // If it doesn't, it mean corrupted input data
- if len(r.Data) < r.pos {
- r.errParse("Unexpected end of data")
- return
- }
- // Determine the type of a token by skipping whitespace and reading the
- // first character.
- for _, c := range r.Data[r.pos:] {
- switch c {
- case ':', ',':
- if r.wantSep == c {
- r.pos++
- r.start++
- r.wantSep = 0
- } else {
- r.errSyntax()
- }
-
- case ' ', '\t', '\r', '\n':
- r.pos++
- r.start++
-
- case '"':
- if r.wantSep != 0 {
- r.errSyntax()
- }
-
- r.token.kind = TokenString
- r.fetchString()
- return
-
- case '{', '[':
- if r.wantSep != 0 {
- r.errSyntax()
- }
- r.firstElement = true
- r.token.kind = TokenDelim
- r.token.delimValue = r.Data[r.pos]
- r.pos++
- return
-
- case '}', ']':
- if !r.firstElement && (r.wantSep != ',') {
- r.errSyntax()
- }
- r.wantSep = 0
- r.token.kind = TokenDelim
- r.token.delimValue = r.Data[r.pos]
- r.pos++
- return
-
- case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '-':
- if r.wantSep != 0 {
- r.errSyntax()
- }
- r.token.kind = TokenNumber
- r.fetchNumber()
- return
-
- case 'n':
- if r.wantSep != 0 {
- r.errSyntax()
- }
-
- r.token.kind = TokenNull
- r.fetchNull()
- return
-
- case 't':
- if r.wantSep != 0 {
- r.errSyntax()
- }
-
- r.token.kind = TokenBool
- r.token.boolValue = true
- r.fetchTrue()
- return
-
- case 'f':
- if r.wantSep != 0 {
- r.errSyntax()
- }
-
- r.token.kind = TokenBool
- r.token.boolValue = false
- r.fetchFalse()
- return
-
- default:
- r.errSyntax()
- return
- }
- }
- r.fatalError = io.EOF
- return
-}
-
-// isTokenEnd returns true if the char can follow a non-delimiter token
-func isTokenEnd(c byte) bool {
- return c == ' ' || c == '\t' || c == '\r' || c == '\n' || c == '[' || c == ']' || c == '{' || c == '}' || c == ',' || c == ':'
-}
-
-// fetchNull fetches and checks remaining bytes of null keyword.
-func (r *Lexer) fetchNull() {
- r.pos += 4
- if r.pos > len(r.Data) ||
- r.Data[r.pos-3] != 'u' ||
- r.Data[r.pos-2] != 'l' ||
- r.Data[r.pos-1] != 'l' ||
- (r.pos != len(r.Data) && !isTokenEnd(r.Data[r.pos])) {
-
- r.pos -= 4
- r.errSyntax()
- }
-}
-
-// fetchTrue fetches and checks remaining bytes of true keyword.
-func (r *Lexer) fetchTrue() {
- r.pos += 4
- if r.pos > len(r.Data) ||
- r.Data[r.pos-3] != 'r' ||
- r.Data[r.pos-2] != 'u' ||
- r.Data[r.pos-1] != 'e' ||
- (r.pos != len(r.Data) && !isTokenEnd(r.Data[r.pos])) {
-
- r.pos -= 4
- r.errSyntax()
- }
-}
-
-// fetchFalse fetches and checks remaining bytes of false keyword.
-func (r *Lexer) fetchFalse() {
- r.pos += 5
- if r.pos > len(r.Data) ||
- r.Data[r.pos-4] != 'a' ||
- r.Data[r.pos-3] != 'l' ||
- r.Data[r.pos-2] != 's' ||
- r.Data[r.pos-1] != 'e' ||
- (r.pos != len(r.Data) && !isTokenEnd(r.Data[r.pos])) {
-
- r.pos -= 5
- r.errSyntax()
- }
-}
-
-// fetchNumber scans a number literal token.
-func (r *Lexer) fetchNumber() {
- hasE := false
- afterE := false
- hasDot := false
-
- r.pos++
- for i, c := range r.Data[r.pos:] {
- switch {
- case c >= '0' && c <= '9':
- afterE = false
- case c == '.' && !hasDot:
- hasDot = true
- case (c == 'e' || c == 'E') && !hasE:
- hasE = true
- hasDot = true
- afterE = true
- case (c == '+' || c == '-') && afterE:
- afterE = false
- default:
- r.pos += i
- if !isTokenEnd(c) {
- r.errSyntax()
- } else {
- r.token.byteValue = r.Data[r.start:r.pos]
- }
- return
- }
- }
-
- r.pos = len(r.Data)
- r.token.byteValue = r.Data[r.start:]
-}
-
-// findStringLen tries to scan into the string literal for ending quote char to determine required size.
-// The size will be exact if no escapes are present and may be inexact if there are escaped chars.
-func findStringLen(data []byte) (isValid bool, length int) {
- for {
- idx := bytes.IndexByte(data, '"')
- if idx == -1 {
- return false, len(data)
- }
- if idx == 0 || (idx > 0 && data[idx-1] != '\\') {
- return true, length + idx
- }
-
- // count \\\\\\\ sequences. even number of slashes means quote is not really escaped
- cnt := 1
- for idx-cnt-1 >= 0 && data[idx-cnt-1] == '\\' {
- cnt++
- }
- if cnt%2 == 0 {
- return true, length + idx
- }
-
- length += idx + 1
- data = data[idx+1:]
- }
-}
-
-// unescapeStringToken performs unescaping of string token.
-// if no escaping is needed, original string is returned, otherwise - a new one allocated
-func (r *Lexer) unescapeStringToken() (err error) {
- data := r.token.byteValue
- var unescapedData []byte
-
- for {
- i := bytes.IndexByte(data, '\\')
- if i == -1 {
- break
- }
-
- escapedRune, escapedBytes, err := decodeEscape(data[i:])
- if err != nil {
- r.errParse(err.Error())
- return err
- }
-
- if unescapedData == nil {
- unescapedData = make([]byte, 0, len(r.token.byteValue))
- }
-
- var d [4]byte
- s := utf8.EncodeRune(d[:], escapedRune)
- unescapedData = append(unescapedData, data[:i]...)
- unescapedData = append(unescapedData, d[:s]...)
-
- data = data[i+escapedBytes:]
- }
-
- if unescapedData != nil {
- r.token.byteValue = append(unescapedData, data...)
- r.token.byteValueCloned = true
- }
- return
-}
-
-// getu4 decodes \uXXXX from the beginning of s, returning the hex value,
-// or it returns -1.
-func getu4(s []byte) rune {
- if len(s) < 6 || s[0] != '\\' || s[1] != 'u' {
- return -1
- }
- var val rune
- for i := 2; i < len(s) && i < 6; i++ {
- var v byte
- c := s[i]
- switch c {
- case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
- v = c - '0'
- case 'a', 'b', 'c', 'd', 'e', 'f':
- v = c - 'a' + 10
- case 'A', 'B', 'C', 'D', 'E', 'F':
- v = c - 'A' + 10
- default:
- return -1
- }
-
- val <<= 4
- val |= rune(v)
- }
- return val
-}
-
-// decodeEscape processes a single escape sequence and returns number of bytes processed.
-func decodeEscape(data []byte) (decoded rune, bytesProcessed int, err error) {
- if len(data) < 2 {
- return 0, 0, errors.New("incorrect escape symbol \\ at the end of token")
- }
-
- c := data[1]
- switch c {
- case '"', '/', '\\':
- return rune(c), 2, nil
- case 'b':
- return '\b', 2, nil
- case 'f':
- return '\f', 2, nil
- case 'n':
- return '\n', 2, nil
- case 'r':
- return '\r', 2, nil
- case 't':
- return '\t', 2, nil
- case 'u':
- rr := getu4(data)
- if rr < 0 {
- return 0, 0, errors.New("incorrectly escaped \\uXXXX sequence")
- }
-
- read := 6
- if utf16.IsSurrogate(rr) {
- rr1 := getu4(data[read:])
- if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar {
- read += 6
- rr = dec
- } else {
- rr = unicode.ReplacementChar
- }
- }
- return rr, read, nil
- }
-
- return 0, 0, errors.New("incorrectly escaped bytes")
-}
-
-// fetchString scans a string literal token.
-func (r *Lexer) fetchString() {
- r.pos++
- data := r.Data[r.pos:]
-
- isValid, length := findStringLen(data)
- if !isValid {
- r.pos += length
- r.errParse("unterminated string literal")
- return
- }
- r.token.byteValue = data[:length]
- r.pos += length + 1 // skip closing '"' as well
-}
-
-// scanToken scans the next token if no token is currently available in the lexer.
-func (r *Lexer) scanToken() {
- if r.token.kind != TokenUndef || r.fatalError != nil {
- return
- }
-
- r.FetchToken()
-}
-
-// consume resets the current token to allow scanning the next one.
-func (r *Lexer) consume() {
- r.token.kind = TokenUndef
- r.token.byteValueCloned = false
- r.token.delimValue = 0
-}
-
-// Ok returns true if no error (including io.EOF) was encountered during scanning.
-func (r *Lexer) Ok() bool {
- return r.fatalError == nil
-}
-
-const maxErrorContextLen = 13
-
-func (r *Lexer) errParse(what string) {
- if r.fatalError == nil {
- var str string
- if len(r.Data)-r.pos <= maxErrorContextLen {
- str = string(r.Data)
- } else {
- str = string(r.Data[r.pos:r.pos+maxErrorContextLen-3]) + "..."
- }
- r.fatalError = &LexerError{
- Reason: what,
- Offset: r.pos,
- Data: str,
- }
- }
-}
-
-func (r *Lexer) errSyntax() {
- r.errParse("syntax error")
-}
-
-func (r *Lexer) errInvalidToken(expected string) {
- if r.fatalError != nil {
- return
- }
- if r.UseMultipleErrors {
- r.pos = r.start
- r.consume()
- r.SkipRecursive()
- switch expected {
- case "[":
- r.token.delimValue = ']'
- r.token.kind = TokenDelim
- case "{":
- r.token.delimValue = '}'
- r.token.kind = TokenDelim
- }
- r.addNonfatalError(&LexerError{
- Reason: fmt.Sprintf("expected %s", expected),
- Offset: r.start,
- Data: string(r.Data[r.start:r.pos]),
- })
- return
- }
-
- var str string
- if len(r.token.byteValue) <= maxErrorContextLen {
- str = string(r.token.byteValue)
- } else {
- str = string(r.token.byteValue[:maxErrorContextLen-3]) + "..."
- }
- r.fatalError = &LexerError{
- Reason: fmt.Sprintf("expected %s", expected),
- Offset: r.pos,
- Data: str,
- }
-}
-
-func (r *Lexer) GetPos() int {
- return r.pos
-}
-
-// Delim consumes a token and verifies that it is the given delimiter.
-func (r *Lexer) Delim(c byte) {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
-
- if !r.Ok() || r.token.delimValue != c {
- r.consume() // errInvalidToken can change token if UseMultipleErrors is enabled.
- r.errInvalidToken(string([]byte{c}))
- } else {
- r.consume()
- }
-}
-
-// IsDelim returns true if there was no scanning error and next token is the given delimiter.
-func (r *Lexer) IsDelim(c byte) bool {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- return !r.Ok() || r.token.delimValue == c
-}
-
-// Null verifies that the next token is null and consumes it.
-func (r *Lexer) Null() {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- if !r.Ok() || r.token.kind != TokenNull {
- r.errInvalidToken("null")
- }
- r.consume()
-}
-
-// IsNull returns true if the next token is a null keyword.
-func (r *Lexer) IsNull() bool {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- return r.Ok() && r.token.kind == TokenNull
-}
-
-// Skip skips a single token.
-func (r *Lexer) Skip() {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- r.consume()
-}
-
-// SkipRecursive skips next array or object completely, or just skips a single token if not
-// an array/object.
-//
-// Note: no syntax validation is performed on the skipped data.
-func (r *Lexer) SkipRecursive() {
- r.scanToken()
- var start, end byte
- startPos := r.start
-
- switch r.token.delimValue {
- case '{':
- start, end = '{', '}'
- case '[':
- start, end = '[', ']'
- default:
- r.consume()
- return
- }
-
- r.consume()
-
- level := 1
- inQuotes := false
- wasEscape := false
-
- for i, c := range r.Data[r.pos:] {
- switch {
- case c == start && !inQuotes:
- level++
- case c == end && !inQuotes:
- level--
- if level == 0 {
- r.pos += i + 1
- if !json.Valid(r.Data[startPos:r.pos]) {
- r.pos = len(r.Data)
- r.fatalError = &LexerError{
- Reason: "skipped array/object json value is invalid",
- Offset: r.pos,
- Data: string(r.Data[r.pos:]),
- }
- }
- return
- }
- case c == '\\' && inQuotes:
- wasEscape = !wasEscape
- continue
- case c == '"' && inQuotes:
- inQuotes = wasEscape
- case c == '"':
- inQuotes = true
- }
- wasEscape = false
- }
- r.pos = len(r.Data)
- r.fatalError = &LexerError{
- Reason: "EOF reached while skipping array/object or token",
- Offset: r.pos,
- Data: string(r.Data[r.pos:]),
- }
-}
-
-// Raw fetches the next item recursively as a data slice
-func (r *Lexer) Raw() []byte {
- r.SkipRecursive()
- if !r.Ok() {
- return nil
- }
- return r.Data[r.start:r.pos]
-}
-
-// IsStart returns whether the lexer is positioned at the start
-// of an input string.
-func (r *Lexer) IsStart() bool {
- return r.pos == 0
-}
-
-// Consumed reads all remaining bytes from the input, publishing an error if
-// there is anything but whitespace remaining.
-func (r *Lexer) Consumed() {
- if r.pos > len(r.Data) || !r.Ok() {
- return
- }
-
- for _, c := range r.Data[r.pos:] {
- if c != ' ' && c != '\t' && c != '\r' && c != '\n' {
- r.AddError(&LexerError{
- Reason: "invalid character '" + string(c) + "' after top-level value",
- Offset: r.pos,
- Data: string(r.Data[r.pos:]),
- })
- return
- }
-
- r.pos++
- r.start++
- }
-}
-
-func (r *Lexer) unsafeString(skipUnescape bool) (string, []byte) {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- if !r.Ok() || r.token.kind != TokenString {
- r.errInvalidToken("string")
- return "", nil
- }
- if !skipUnescape {
- if err := r.unescapeStringToken(); err != nil {
- r.errInvalidToken("string")
- return "", nil
- }
- }
-
- bytes := r.token.byteValue
- ret := bytesToStr(r.token.byteValue)
- r.consume()
- return ret, bytes
-}
-
-// UnsafeString returns the string value if the token is a string literal.
-//
-// Warning: returned string may point to the input buffer, so the string should not outlive
-// the input buffer. Intended pattern of usage is as an argument to a switch statement.
-func (r *Lexer) UnsafeString() string {
- ret, _ := r.unsafeString(false)
- return ret
-}
-
-// UnsafeBytes returns the byte slice if the token is a string literal.
-func (r *Lexer) UnsafeBytes() []byte {
- _, ret := r.unsafeString(false)
- return ret
-}
-
-// UnsafeFieldName returns current member name string token
-func (r *Lexer) UnsafeFieldName(skipUnescape bool) string {
- ret, _ := r.unsafeString(skipUnescape)
- return ret
-}
-
-// String reads a string literal.
-func (r *Lexer) String() string {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- if !r.Ok() || r.token.kind != TokenString {
- r.errInvalidToken("string")
- return ""
- }
- if err := r.unescapeStringToken(); err != nil {
- r.errInvalidToken("string")
- return ""
- }
- var ret string
- if r.token.byteValueCloned {
- ret = bytesToStr(r.token.byteValue)
- } else {
- ret = string(r.token.byteValue)
- }
- r.consume()
- return ret
-}
-
-// StringIntern reads a string literal, and performs string interning on it.
-func (r *Lexer) StringIntern() string {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- if !r.Ok() || r.token.kind != TokenString {
- r.errInvalidToken("string")
- return ""
- }
- if err := r.unescapeStringToken(); err != nil {
- r.errInvalidToken("string")
- return ""
- }
- ret := intern.Bytes(r.token.byteValue)
- r.consume()
- return ret
-}
-
-// Bytes reads a string literal and base64 decodes it into a byte slice.
-func (r *Lexer) Bytes() []byte {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- if !r.Ok() || r.token.kind != TokenString {
- r.errInvalidToken("string")
- return nil
- }
- if err := r.unescapeStringToken(); err != nil {
- r.errInvalidToken("string")
- return nil
- }
- ret := make([]byte, base64.StdEncoding.DecodedLen(len(r.token.byteValue)))
- n, err := base64.StdEncoding.Decode(ret, r.token.byteValue)
- if err != nil {
- r.fatalError = &LexerError{
- Reason: err.Error(),
- }
- return nil
- }
-
- r.consume()
- return ret[:n]
-}
-
-// Bool reads a true or false boolean keyword.
-func (r *Lexer) Bool() bool {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- if !r.Ok() || r.token.kind != TokenBool {
- r.errInvalidToken("bool")
- return false
- }
- ret := r.token.boolValue
- r.consume()
- return ret
-}
-
-func (r *Lexer) number() string {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- if !r.Ok() || r.token.kind != TokenNumber {
- r.errInvalidToken("number")
- return ""
- }
- ret := bytesToStr(r.token.byteValue)
- r.consume()
- return ret
-}
-
-func (r *Lexer) Uint8() uint8 {
- s := r.number()
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseUint(s, 10, 8)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: s,
- })
- }
- return uint8(n)
-}
-
-func (r *Lexer) Uint16() uint16 {
- s := r.number()
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseUint(s, 10, 16)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: s,
- })
- }
- return uint16(n)
-}
-
-func (r *Lexer) Uint32() uint32 {
- s := r.number()
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseUint(s, 10, 32)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: s,
- })
- }
- return uint32(n)
-}
-
-func (r *Lexer) Uint64() uint64 {
- s := r.number()
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseUint(s, 10, 64)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: s,
- })
- }
- return n
-}
-
-func (r *Lexer) Uint() uint {
- return uint(r.Uint64())
-}
-
-func (r *Lexer) Int8() int8 {
- s := r.number()
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseInt(s, 10, 8)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: s,
- })
- }
- return int8(n)
-}
-
-func (r *Lexer) Int16() int16 {
- s := r.number()
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseInt(s, 10, 16)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: s,
- })
- }
- return int16(n)
-}
-
-func (r *Lexer) Int32() int32 {
- s := r.number()
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseInt(s, 10, 32)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: s,
- })
- }
- return int32(n)
-}
-
-func (r *Lexer) Int64() int64 {
- s := r.number()
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseInt(s, 10, 64)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: s,
- })
- }
- return n
-}
-
-func (r *Lexer) Int() int {
- return int(r.Int64())
-}
-
-func (r *Lexer) Uint8Str() uint8 {
- s, b := r.unsafeString(false)
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseUint(s, 10, 8)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: string(b),
- })
- }
- return uint8(n)
-}
-
-func (r *Lexer) Uint16Str() uint16 {
- s, b := r.unsafeString(false)
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseUint(s, 10, 16)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: string(b),
- })
- }
- return uint16(n)
-}
-
-func (r *Lexer) Uint32Str() uint32 {
- s, b := r.unsafeString(false)
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseUint(s, 10, 32)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: string(b),
- })
- }
- return uint32(n)
-}
-
-func (r *Lexer) Uint64Str() uint64 {
- s, b := r.unsafeString(false)
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseUint(s, 10, 64)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: string(b),
- })
- }
- return n
-}
-
-func (r *Lexer) UintStr() uint {
- return uint(r.Uint64Str())
-}
-
-func (r *Lexer) UintptrStr() uintptr {
- return uintptr(r.Uint64Str())
-}
-
-func (r *Lexer) Int8Str() int8 {
- s, b := r.unsafeString(false)
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseInt(s, 10, 8)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: string(b),
- })
- }
- return int8(n)
-}
-
-func (r *Lexer) Int16Str() int16 {
- s, b := r.unsafeString(false)
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseInt(s, 10, 16)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: string(b),
- })
- }
- return int16(n)
-}
-
-func (r *Lexer) Int32Str() int32 {
- s, b := r.unsafeString(false)
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseInt(s, 10, 32)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: string(b),
- })
- }
- return int32(n)
-}
-
-func (r *Lexer) Int64Str() int64 {
- s, b := r.unsafeString(false)
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseInt(s, 10, 64)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: string(b),
- })
- }
- return n
-}
-
-func (r *Lexer) IntStr() int {
- return int(r.Int64Str())
-}
-
-func (r *Lexer) Float32() float32 {
- s := r.number()
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseFloat(s, 32)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: s,
- })
- }
- return float32(n)
-}
-
-func (r *Lexer) Float32Str() float32 {
- s, b := r.unsafeString(false)
- if !r.Ok() {
- return 0
- }
- n, err := strconv.ParseFloat(s, 32)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: string(b),
- })
- }
- return float32(n)
-}
-
-func (r *Lexer) Float64() float64 {
- s := r.number()
- if !r.Ok() {
- return 0
- }
-
- n, err := strconv.ParseFloat(s, 64)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: s,
- })
- }
- return n
-}
-
-func (r *Lexer) Float64Str() float64 {
- s, b := r.unsafeString(false)
- if !r.Ok() {
- return 0
- }
- n, err := strconv.ParseFloat(s, 64)
- if err != nil {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Reason: err.Error(),
- Data: string(b),
- })
- }
- return n
-}
-
-func (r *Lexer) Error() error {
- return r.fatalError
-}
-
-func (r *Lexer) AddError(e error) {
- if r.fatalError == nil {
- r.fatalError = e
- }
-}
-
-func (r *Lexer) AddNonFatalError(e error) {
- r.addNonfatalError(&LexerError{
- Offset: r.start,
- Data: string(r.Data[r.start:r.pos]),
- Reason: e.Error(),
- })
-}
-
-func (r *Lexer) addNonfatalError(err *LexerError) {
- if r.UseMultipleErrors {
- // We don't want to add errors with the same offset.
- if len(r.multipleErrors) != 0 && r.multipleErrors[len(r.multipleErrors)-1].Offset == err.Offset {
- return
- }
- r.multipleErrors = append(r.multipleErrors, err)
- return
- }
- r.fatalError = err
-}
-
-func (r *Lexer) GetNonFatalErrors() []*LexerError {
- return r.multipleErrors
-}
-
-// JsonNumber fetches and json.Number from 'encoding/json' package.
-// Both int, float or string, contains them are valid values
-func (r *Lexer) JsonNumber() json.Number {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
- if !r.Ok() {
- r.errInvalidToken("json.Number")
- return json.Number("")
- }
-
- switch r.token.kind {
- case TokenString:
- return json.Number(r.String())
- case TokenNumber:
- return json.Number(r.Raw())
- case TokenNull:
- r.Null()
- return json.Number("")
- default:
- r.errSyntax()
- return json.Number("")
- }
-}
-
-// Interface fetches an interface{} analogous to the 'encoding/json' package.
-func (r *Lexer) Interface() interface{} {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
-
- if !r.Ok() {
- return nil
- }
- switch r.token.kind {
- case TokenString:
- return r.String()
- case TokenNumber:
- return r.Float64()
- case TokenBool:
- return r.Bool()
- case TokenNull:
- r.Null()
- return nil
- }
-
- if r.token.delimValue == '{' {
- r.consume()
-
- ret := map[string]interface{}{}
- for !r.IsDelim('}') {
- key := r.String()
- r.WantColon()
- ret[key] = r.Interface()
- r.WantComma()
- }
- r.Delim('}')
-
- if r.Ok() {
- return ret
- } else {
- return nil
- }
- } else if r.token.delimValue == '[' {
- r.consume()
-
- ret := []interface{}{}
- for !r.IsDelim(']') {
- ret = append(ret, r.Interface())
- r.WantComma()
- }
- r.Delim(']')
-
- if r.Ok() {
- return ret
- } else {
- return nil
- }
- }
- r.errSyntax()
- return nil
-}
-
-// WantComma requires a comma to be present before fetching next token.
-func (r *Lexer) WantComma() {
- r.wantSep = ','
- r.firstElement = false
-}
-
-// WantColon requires a colon to be present before fetching next token.
-func (r *Lexer) WantColon() {
- r.wantSep = ':'
- r.firstElement = false
-}
-
-// CurrentToken returns current token kind if there were no errors and TokenUndef otherwise
-func (r *Lexer) CurrentToken() TokenKind {
- if r.token.kind == TokenUndef && r.Ok() {
- r.FetchToken()
- }
-
- if !r.Ok() {
- return TokenUndef
- }
-
- return r.token.kind
-}
diff --git a/vendor/github.com/mailru/easyjson/jwriter/writer.go b/vendor/github.com/mailru/easyjson/jwriter/writer.go
deleted file mode 100644
index 34b0ade46..000000000
--- a/vendor/github.com/mailru/easyjson/jwriter/writer.go
+++ /dev/null
@@ -1,417 +0,0 @@
-// Package jwriter contains a JSON writer.
-package jwriter
-
-import (
- "io"
- "strconv"
- "unicode/utf8"
-
- "github.com/mailru/easyjson/buffer"
-)
-
-// Flags describe various encoding options. The behavior may be actually implemented in the encoder, but
-// Flags field in Writer is used to set and pass them around.
-type Flags int
-
-const (
- NilMapAsEmpty Flags = 1 << iota // Encode nil map as '{}' rather than 'null'.
- NilSliceAsEmpty // Encode nil slice as '[]' rather than 'null'.
-)
-
-// Writer is a JSON writer.
-type Writer struct {
- Flags Flags
-
- Error error
- Buffer buffer.Buffer
- NoEscapeHTML bool
-}
-
-// Size returns the size of the data that was written out.
-func (w *Writer) Size() int {
- return w.Buffer.Size()
-}
-
-// DumpTo outputs the data to given io.Writer, resetting the buffer.
-func (w *Writer) DumpTo(out io.Writer) (written int, err error) {
- return w.Buffer.DumpTo(out)
-}
-
-// BuildBytes returns writer data as a single byte slice. You can optionally provide one byte slice
-// as argument that it will try to reuse.
-func (w *Writer) BuildBytes(reuse ...[]byte) ([]byte, error) {
- if w.Error != nil {
- return nil, w.Error
- }
-
- return w.Buffer.BuildBytes(reuse...), nil
-}
-
-// ReadCloser returns an io.ReadCloser that can be used to read the data.
-// ReadCloser also resets the buffer.
-func (w *Writer) ReadCloser() (io.ReadCloser, error) {
- if w.Error != nil {
- return nil, w.Error
- }
-
- return w.Buffer.ReadCloser(), nil
-}
-
-// RawByte appends raw binary data to the buffer.
-func (w *Writer) RawByte(c byte) {
- w.Buffer.AppendByte(c)
-}
-
-// RawByte appends raw binary data to the buffer.
-func (w *Writer) RawString(s string) {
- w.Buffer.AppendString(s)
-}
-
-// RawBytesString appends string from bytes to the buffer.
-func (w *Writer) RawBytesString(data []byte, err error) {
- switch {
- case w.Error != nil:
- return
- case err != nil:
- w.Error = err
- default:
- w.String(string(data))
- }
-}
-
-// Raw appends raw binary data to the buffer or sets the error if it is given. Useful for
-// calling with results of MarshalJSON-like functions.
-func (w *Writer) Raw(data []byte, err error) {
- switch {
- case w.Error != nil:
- return
- case err != nil:
- w.Error = err
- case len(data) > 0:
- w.Buffer.AppendBytes(data)
- default:
- w.RawString("null")
- }
-}
-
-// RawText encloses raw binary data in quotes and appends in to the buffer.
-// Useful for calling with results of MarshalText-like functions.
-func (w *Writer) RawText(data []byte, err error) {
- switch {
- case w.Error != nil:
- return
- case err != nil:
- w.Error = err
- case len(data) > 0:
- w.String(string(data))
- default:
- w.RawString("null")
- }
-}
-
-// Base64Bytes appends data to the buffer after base64 encoding it
-func (w *Writer) Base64Bytes(data []byte) {
- if data == nil {
- w.Buffer.AppendString("null")
- return
- }
- w.Buffer.AppendByte('"')
- w.base64(data)
- w.Buffer.AppendByte('"')
-}
-
-func (w *Writer) Uint8(n uint8) {
- w.Buffer.EnsureSpace(3)
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, uint64(n), 10)
-}
-
-func (w *Writer) Uint16(n uint16) {
- w.Buffer.EnsureSpace(5)
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, uint64(n), 10)
-}
-
-func (w *Writer) Uint32(n uint32) {
- w.Buffer.EnsureSpace(10)
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, uint64(n), 10)
-}
-
-func (w *Writer) Uint(n uint) {
- w.Buffer.EnsureSpace(20)
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, uint64(n), 10)
-}
-
-func (w *Writer) Uint64(n uint64) {
- w.Buffer.EnsureSpace(20)
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, n, 10)
-}
-
-func (w *Writer) Int8(n int8) {
- w.Buffer.EnsureSpace(4)
- w.Buffer.Buf = strconv.AppendInt(w.Buffer.Buf, int64(n), 10)
-}
-
-func (w *Writer) Int16(n int16) {
- w.Buffer.EnsureSpace(6)
- w.Buffer.Buf = strconv.AppendInt(w.Buffer.Buf, int64(n), 10)
-}
-
-func (w *Writer) Int32(n int32) {
- w.Buffer.EnsureSpace(11)
- w.Buffer.Buf = strconv.AppendInt(w.Buffer.Buf, int64(n), 10)
-}
-
-func (w *Writer) Int(n int) {
- w.Buffer.EnsureSpace(21)
- w.Buffer.Buf = strconv.AppendInt(w.Buffer.Buf, int64(n), 10)
-}
-
-func (w *Writer) Int64(n int64) {
- w.Buffer.EnsureSpace(21)
- w.Buffer.Buf = strconv.AppendInt(w.Buffer.Buf, n, 10)
-}
-
-func (w *Writer) Uint8Str(n uint8) {
- w.Buffer.EnsureSpace(3)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, uint64(n), 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) Uint16Str(n uint16) {
- w.Buffer.EnsureSpace(5)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, uint64(n), 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) Uint32Str(n uint32) {
- w.Buffer.EnsureSpace(10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, uint64(n), 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) UintStr(n uint) {
- w.Buffer.EnsureSpace(20)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, uint64(n), 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) Uint64Str(n uint64) {
- w.Buffer.EnsureSpace(20)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, n, 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) UintptrStr(n uintptr) {
- w.Buffer.EnsureSpace(20)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendUint(w.Buffer.Buf, uint64(n), 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) Int8Str(n int8) {
- w.Buffer.EnsureSpace(4)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendInt(w.Buffer.Buf, int64(n), 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) Int16Str(n int16) {
- w.Buffer.EnsureSpace(6)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendInt(w.Buffer.Buf, int64(n), 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) Int32Str(n int32) {
- w.Buffer.EnsureSpace(11)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendInt(w.Buffer.Buf, int64(n), 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) IntStr(n int) {
- w.Buffer.EnsureSpace(21)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendInt(w.Buffer.Buf, int64(n), 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) Int64Str(n int64) {
- w.Buffer.EnsureSpace(21)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendInt(w.Buffer.Buf, n, 10)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) Float32(n float32) {
- w.Buffer.EnsureSpace(20)
- w.Buffer.Buf = strconv.AppendFloat(w.Buffer.Buf, float64(n), 'g', -1, 32)
-}
-
-func (w *Writer) Float32Str(n float32) {
- w.Buffer.EnsureSpace(20)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendFloat(w.Buffer.Buf, float64(n), 'g', -1, 32)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) Float64(n float64) {
- w.Buffer.EnsureSpace(20)
- w.Buffer.Buf = strconv.AppendFloat(w.Buffer.Buf, n, 'g', -1, 64)
-}
-
-func (w *Writer) Float64Str(n float64) {
- w.Buffer.EnsureSpace(20)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
- w.Buffer.Buf = strconv.AppendFloat(w.Buffer.Buf, float64(n), 'g', -1, 64)
- w.Buffer.Buf = append(w.Buffer.Buf, '"')
-}
-
-func (w *Writer) Bool(v bool) {
- w.Buffer.EnsureSpace(5)
- if v {
- w.Buffer.Buf = append(w.Buffer.Buf, "true"...)
- } else {
- w.Buffer.Buf = append(w.Buffer.Buf, "false"...)
- }
-}
-
-const chars = "0123456789abcdef"
-
-func getTable(falseValues ...int) [128]bool {
- table := [128]bool{}
-
- for i := 0; i < 128; i++ {
- table[i] = true
- }
-
- for _, v := range falseValues {
- table[v] = false
- }
-
- return table
-}
-
-var (
- htmlEscapeTable = getTable(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, '"', '&', '<', '>', '\\')
- htmlNoEscapeTable = getTable(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, '"', '\\')
-)
-
-func (w *Writer) String(s string) {
- w.Buffer.AppendByte('"')
-
- // Portions of the string that contain no escapes are appended as
- // byte slices.
-
- p := 0 // last non-escape symbol
-
- escapeTable := &htmlEscapeTable
- if w.NoEscapeHTML {
- escapeTable = &htmlNoEscapeTable
- }
-
- for i := 0; i < len(s); {
- c := s[i]
-
- if c < utf8.RuneSelf {
- if escapeTable[c] {
- // single-width character, no escaping is required
- i++
- continue
- }
-
- w.Buffer.AppendString(s[p:i])
- switch c {
- case '\t':
- w.Buffer.AppendString(`\t`)
- case '\r':
- w.Buffer.AppendString(`\r`)
- case '\n':
- w.Buffer.AppendString(`\n`)
- case '\\':
- w.Buffer.AppendString(`\\`)
- case '"':
- w.Buffer.AppendString(`\"`)
- default:
- w.Buffer.AppendString(`\u00`)
- w.Buffer.AppendByte(chars[c>>4])
- w.Buffer.AppendByte(chars[c&0xf])
- }
-
- i++
- p = i
- continue
- }
-
- // broken utf
- runeValue, runeWidth := utf8.DecodeRuneInString(s[i:])
- if runeValue == utf8.RuneError && runeWidth == 1 {
- w.Buffer.AppendString(s[p:i])
- w.Buffer.AppendString(`\ufffd`)
- i++
- p = i
- continue
- }
-
- // jsonp stuff - tab separator and line separator
- if runeValue == '\u2028' || runeValue == '\u2029' {
- w.Buffer.AppendString(s[p:i])
- w.Buffer.AppendString(`\u202`)
- w.Buffer.AppendByte(chars[runeValue&0xf])
- i += runeWidth
- p = i
- continue
- }
- i += runeWidth
- }
- w.Buffer.AppendString(s[p:])
- w.Buffer.AppendByte('"')
-}
-
-const encode = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
-const padChar = '='
-
-func (w *Writer) base64(in []byte) {
-
- if len(in) == 0 {
- return
- }
-
- w.Buffer.EnsureSpace(((len(in)-1)/3 + 1) * 4)
-
- si := 0
- n := (len(in) / 3) * 3
-
- for si < n {
- // Convert 3x 8bit source bytes into 4 bytes
- val := uint(in[si+0])<<16 | uint(in[si+1])<<8 | uint(in[si+2])
-
- w.Buffer.Buf = append(w.Buffer.Buf, encode[val>>18&0x3F], encode[val>>12&0x3F], encode[val>>6&0x3F], encode[val&0x3F])
-
- si += 3
- }
-
- remain := len(in) - si
- if remain == 0 {
- return
- }
-
- // Add the remaining small block
- val := uint(in[si+0]) << 16
- if remain == 2 {
- val |= uint(in[si+1]) << 8
- }
-
- w.Buffer.Buf = append(w.Buffer.Buf, encode[val>>18&0x3F], encode[val>>12&0x3F])
-
- switch remain {
- case 2:
- w.Buffer.Buf = append(w.Buffer.Buf, encode[val>>6&0x3F], byte(padChar))
- case 1:
- w.Buffer.Buf = append(w.Buffer.Buf, byte(padChar), byte(padChar))
- }
-}
diff --git a/vendor/github.com/openshift/api/.ci-operator.yaml b/vendor/github.com/openshift/api/.ci-operator.yaml
index a3628cf24..1d88a59fd 100644
--- a/vendor/github.com/openshift/api/.ci-operator.yaml
+++ b/vendor/github.com/openshift/api/.ci-operator.yaml
@@ -1,4 +1,4 @@
build_root_image:
name: release
namespace: openshift
- tag: rhel-9-release-golang-1.25-openshift-4.22
+ tag: rhel-9-release-golang-1.26-openshift-5.0
diff --git a/vendor/github.com/openshift/api/Dockerfile.ocp b/vendor/github.com/openshift/api/Dockerfile.ocp
index e04ec9fbc..98870518c 100644
--- a/vendor/github.com/openshift/api/Dockerfile.ocp
+++ b/vendor/github.com/openshift/api/Dockerfile.ocp
@@ -1,10 +1,10 @@
-FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 AS builder
+FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.26-openshift-5.0 AS builder
WORKDIR /go/src/github.com/openshift/api
COPY . .
ENV GO_PACKAGE github.com/openshift/api
RUN make build --warn-undefined-variables
-FROM registry.ci.openshift.org/ocp/4.22:base-rhel9
+FROM registry.ci.openshift.org/ocp/5.0:base-rhel9
# copy the built binaries to /usr/bin
COPY --from=builder /go/src/github.com/openshift/api/render /usr/bin/
diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile
index ac20137fa..8b85144ea 100644
--- a/vendor/github.com/openshift/api/Makefile
+++ b/vendor/github.com/openshift/api/Makefile
@@ -179,6 +179,27 @@ generate-with-container:
integration:
make -C tests integration
+# Run API review evals. Requires claude CLI.
+# EVAL_RUNS=5 Number of runs per test case (default: 1)
+# EVAL_THRESHOLD=0.8 Minimum pass rate (default: 0.8)
+# EVAL_GOLDEN_MODEL=... Model for golden tests (default: sonnet)
+# EVAL_INTEGRATION_MODEL=... Model for integration tests (default: opus)
+# EVAL_JUDGE_MODEL=... Model for judging results (default: haiku)
+# EVAL_GOLDEN_PROCS=4 Max parallel golden tests (default: 4)
+# EVAL_INTEGRATION_PROCS=2 Max parallel integration tests (default: 2)
+# EVAL_GINKGO_ARGS=... Extra ginkgo args
+.PHONY: eval
+eval:
+ $(MAKE) -C tests eval
+
+.PHONY: eval-golden
+eval-golden:
+ $(MAKE) -C tests eval-golden
+
+.PHONY: eval-integration
+eval-integration:
+ $(MAKE) -C tests eval-integration
+
tests-vendor:
make -C tests vendor
diff --git a/vendor/github.com/openshift/api/apiextensions/v1alpha1/doc.go b/vendor/github.com/openshift/api/apiextensions/v1alpha1/doc.go
index e5d665fbb..ff9b7416a 100644
--- a/vendor/github.com/openshift/api/apiextensions/v1alpha1/doc.go
+++ b/vendor/github.com/openshift/api/apiextensions/v1alpha1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.apiextensions.v1alpha1
// +openshift:featuregated-schema-gen=true
// +groupName=apiextensions.openshift.io
diff --git a/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.model_name.go
new file mode 100644
index 000000000..1f0482e4f
--- /dev/null
+++ b/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.model_name.go
@@ -0,0 +1,61 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1alpha1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIExcludedField) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.APIExcludedField"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIVersions) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.APIVersions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CRDData) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.CRDData"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CompatibilityRequirement) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirement"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CompatibilityRequirementList) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CompatibilityRequirementSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CompatibilityRequirementStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CompatibilitySchema) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.CompatibilitySchema"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CustomResourceDefinitionSchemaValidation) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.CustomResourceDefinitionSchemaValidation"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ObjectSchemaValidation) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.ObjectSchemaValidation"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ObservedCRD) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiextensions.v1alpha1.ObservedCRD"
+}
diff --git a/vendor/github.com/openshift/api/apiserver/v1/doc.go b/vendor/github.com/openshift/api/apiserver/v1/doc.go
index cc6a8aa61..598fd6e75 100644
--- a/vendor/github.com/openshift/api/apiserver/v1/doc.go
+++ b/vendor/github.com/openshift/api/apiserver/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.apiserver.v1
// +kubebuilder:validation:Optional
// +groupName=apiserver.openshift.io
diff --git a/vendor/github.com/openshift/api/apiserver/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/apiserver/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..69b62d04f
--- /dev/null
+++ b/vendor/github.com/openshift/api/apiserver/v1/zz_generated.model_name.go
@@ -0,0 +1,46 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIRequestCount) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiserver.v1.APIRequestCount"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIRequestCountList) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiserver.v1.APIRequestCountList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIRequestCountSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiserver.v1.APIRequestCountSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIRequestCountStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiserver.v1.APIRequestCountStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PerNodeAPIRequestLog) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiserver.v1.PerNodeAPIRequestLog"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PerResourceAPIRequestLog) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PerUserAPIRequestCount) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiserver.v1.PerUserAPIRequestCount"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PerVerbAPIRequestCount) OpenAPIModelName() string {
+ return "com.github.openshift.api.apiserver.v1.PerVerbAPIRequestCount"
+}
diff --git a/vendor/github.com/openshift/api/apps/v1/doc.go b/vendor/github.com/openshift/api/apps/v1/doc.go
index f0fb3f59a..9ba23002d 100644
--- a/vendor/github.com/openshift/api/apps/v1/doc.go
+++ b/vendor/github.com/openshift/api/apps/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/apps/apis/apps
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.apps.v1
// +k8s:prerelease-lifecycle-gen=true
// +groupName=apps.openshift.io
diff --git a/vendor/github.com/openshift/api/apps/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/apps/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..3eea1fc87
--- /dev/null
+++ b/vendor/github.com/openshift/api/apps/v1/zz_generated.model_name.go
@@ -0,0 +1,116 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CustomDeploymentStrategyParams) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentCause) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentCause"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentCauseImageTrigger) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentConfigRollback) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentConfigRollback"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentConfigRollbackSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentConfigStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentConfigStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentDetails) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentDetails"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentLog) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentLog"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentLogOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentLogOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentRequest) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentRequest"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentTriggerImageChangeParams) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeploymentTriggerPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.DeploymentTriggerPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExecNewPodHook) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.ExecNewPodHook"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LifecycleHook) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.LifecycleHook"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RecreateDeploymentStrategyParams) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RollingDeploymentStrategyParams) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TagImageHook) OpenAPIModelName() string {
+ return "com.github.openshift.api.apps.v1.TagImageHook"
+}
diff --git a/vendor/github.com/openshift/api/authorization/v1/doc.go b/vendor/github.com/openshift/api/authorization/v1/doc.go
index a66741dce..8b4e927d6 100644
--- a/vendor/github.com/openshift/api/authorization/v1/doc.go
+++ b/vendor/github.com/openshift/api/authorization/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/authorization/apis/authorization
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.authorization.v1
// +kubebuilder:validation:Optional
// +groupName=authorization.openshift.io
diff --git a/vendor/github.com/openshift/api/authorization/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/authorization/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..47987773b
--- /dev/null
+++ b/vendor/github.com/openshift/api/authorization/v1/zz_generated.model_name.go
@@ -0,0 +1,171 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Action) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.Action"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterRole) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.ClusterRole"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterRoleBinding) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.ClusterRoleBinding"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterRoleBindingList) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.ClusterRoleBindingList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterRoleList) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.ClusterRoleList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GroupRestriction) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.GroupRestriction"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IsPersonalSubjectAccessReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.IsPersonalSubjectAccessReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LocalResourceAccessReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.LocalResourceAccessReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LocalSubjectAccessReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.LocalSubjectAccessReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NamedClusterRole) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.NamedClusterRole"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NamedClusterRoleBinding) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.NamedClusterRoleBinding"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NamedRole) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.NamedRole"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NamedRoleBinding) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.NamedRoleBinding"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PolicyRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.PolicyRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ResourceAccessReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.ResourceAccessReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ResourceAccessReviewResponse) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.ResourceAccessReviewResponse"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Role) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.Role"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RoleBinding) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.RoleBinding"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RoleBindingList) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.RoleBindingList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RoleBindingRestriction) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.RoleBindingRestriction"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RoleBindingRestrictionList) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.RoleBindingRestrictionList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RoleBindingRestrictionSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.RoleBindingRestrictionSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RoleList) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.RoleList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SelfSubjectRulesReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.SelfSubjectRulesReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SelfSubjectRulesReviewSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceAccountReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.ServiceAccountReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceAccountRestriction) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.ServiceAccountRestriction"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SubjectAccessReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.SubjectAccessReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SubjectAccessReviewResponse) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.SubjectAccessReviewResponse"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SubjectRulesReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.SubjectRulesReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SubjectRulesReviewSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SubjectRulesReviewStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserRestriction) OpenAPIModelName() string {
+ return "com.github.openshift.api.authorization.v1.UserRestriction"
+}
diff --git a/vendor/github.com/openshift/api/build/v1/doc.go b/vendor/github.com/openshift/api/build/v1/doc.go
index 9bc16f64b..6fe1839e9 100644
--- a/vendor/github.com/openshift/api/build/v1/doc.go
+++ b/vendor/github.com/openshift/api/build/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/build/apis/build
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.build.v1
// +groupName=build.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/build/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/build/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..dd144e3af
--- /dev/null
+++ b/vendor/github.com/openshift/api/build/v1/zz_generated.model_name.go
@@ -0,0 +1,301 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BinaryBuildRequestOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BinaryBuildRequestOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BinaryBuildSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BinaryBuildSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BitbucketWebHookCause) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BitbucketWebHookCause"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Build) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.Build"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildConfigStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildConfigStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildList) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildLog) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildLog"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildLogOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildLogOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildOutput) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildOutput"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildPostCommitSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildPostCommitSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildRequest) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildRequest"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildStatusOutput) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildStatusOutput"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildStatusOutputTo) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildStatusOutputTo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildTriggerCause) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildTriggerCause"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildTriggerPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildTriggerPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildVolume) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildVolume"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildVolumeMount) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildVolumeMount"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildVolumeSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.BuildVolumeSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CommonSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.CommonSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CommonWebHookCause) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.CommonWebHookCause"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigMapBuildSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.ConfigMapBuildSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CustomBuildStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.CustomBuildStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DockerBuildStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.DockerBuildStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DockerStrategyOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.DockerStrategyOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GenericWebHookCause) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.GenericWebHookCause"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GenericWebHookEvent) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.GenericWebHookEvent"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitBuildSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.GitBuildSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitHubWebHookCause) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.GitHubWebHookCause"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.GitInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitLabWebHookCause) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.GitLabWebHookCause"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitRefInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.GitRefInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitSourceRevision) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.GitSourceRevision"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageChangeCause) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.ImageChangeCause"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageChangeTrigger) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.ImageChangeTrigger"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageChangeTriggerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.ImageChangeTriggerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageLabel) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.ImageLabel"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.ImageSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageSourcePath) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.ImageSourcePath"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamTagReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.ImageStreamTagReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in JenkinsPipelineBuildStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProxyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.ProxyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecretBuildSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.SecretBuildSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecretLocalReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.SecretLocalReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecretSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.SecretSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SourceBuildStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.SourceBuildStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SourceControlUser) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.SourceControlUser"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SourceRevision) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.SourceRevision"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SourceStrategyOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.SourceStrategyOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StageInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.StageInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StepInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.StepInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in WebHookTrigger) OpenAPIModelName() string {
+ return "com.github.openshift.api.build.v1.WebHookTrigger"
+}
diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/doc.go b/vendor/github.com/openshift/api/cloudnetwork/v1/doc.go
index 1d495ee24..006a1705b 100644
--- a/vendor/github.com/openshift/api/cloudnetwork/v1/doc.go
+++ b/vendor/github.com/openshift/api/cloudnetwork/v1/doc.go
@@ -1,5 +1,6 @@
// Package v1 contains API Schema definitions for the cloud network v1 API group
// +k8s:deepcopy-gen=package,register
+// +k8s:openapi-model-package=com.github.openshift.api.cloudnetwork.v1
// +groupName=cloud.network.openshift.io
// +kubebuilder:validation:Optional
package v1
diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..540988397
--- /dev/null
+++ b/vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.model_name.go
@@ -0,0 +1,26 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudPrivateIPConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudPrivateIPConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudPrivateIPConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudPrivateIPConfigStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigStatus"
+}
diff --git a/vendor/github.com/openshift/api/config/v1/doc.go b/vendor/github.com/openshift/api/config/v1/doc.go
index f99454758..867a4f43f 100644
--- a/vendor/github.com/openshift/api/config/v1/doc.go
+++ b/vendor/github.com/openshift/api/config/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.config.v1
// +openshift:featuregated-schema-gen=true
// +kubebuilder:validation:Optional
diff --git a/vendor/github.com/openshift/api/config/v1/register.go b/vendor/github.com/openshift/api/config/v1/register.go
index 222c7f0cc..1f27d821a 100644
--- a/vendor/github.com/openshift/api/config/v1/register.go
+++ b/vendor/github.com/openshift/api/config/v1/register.go
@@ -78,6 +78,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&ClusterImagePolicyList{},
&InsightsDataGather{},
&InsightsDataGatherList{},
+ &CRIOCredentialProviderConfig{},
+ &CRIOCredentialProviderConfigList{},
)
metav1.AddToGroupVersion(scheme, GroupVersion)
return nil
diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go
index b92a04ed0..7de714ebf 100644
--- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go
+++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go
@@ -209,6 +209,7 @@ type APIServerNamedServingCert struct {
}
// APIServerEncryption is used to encrypt sensitive resources on the cluster.
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=KMSEncryption,rule="has(self.type) && self.type == 'KMS' ? has(self.kms) : !has(self.kms)",message="kms config is required when encryption type is KMS, and forbidden otherwise"
// +union
type APIServerEncryption struct {
// type defines what encryption type should be used to encrypt resources at the datastore layer.
@@ -240,7 +241,7 @@ type APIServerEncryption struct {
// +openshift:enable:FeatureGate=KMSEncryption
// +unionMember
// +optional
- KMS *KMSConfig `json:"kms,omitempty"`
+ KMS KMSPluginConfig `json:"kms,omitempty,omitzero"`
}
// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum="";identity;aescbc;aesgcm
diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go
index 1a036bbb6..348ee0401 100644
--- a/vendor/github.com/openshift/api/config/v1/types_authentication.go
+++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go
@@ -5,7 +5,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC;ExternalOIDCWithUIDAndExtraClaimMappings;ExternalOIDCWithUpstreamParity,rule="!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))",message="all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC;ExternalOIDCWithUIDAndExtraClaimMappings;ExternalOIDCWithUpstreamParity;ExternalOIDCExternalClaimsSourcing,rule="!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))",message="all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients"
// Authentication specifies cluster-wide settings for authentication (like OAuth and
// webhook token authenticators). The canonical name of an instance is `cluster`.
@@ -91,6 +91,7 @@ type AuthenticationSpec struct {
// +openshift:enable:FeatureGate=ExternalOIDC
// +openshift:enable:FeatureGate=ExternalOIDCWithUIDAndExtraClaimMappings
// +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity
+ // +openshift:enable:FeatureGate=ExternalOIDCExternalClaimsSourcing
// +optional
OIDCProviders []OIDCProvider `json:"oidcProviders,omitempty"`
}
@@ -245,6 +246,36 @@ type OIDCProvider struct {
// +optional
// +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity
UserValidationRules []TokenUserValidationRule `json:"userValidationRules,omitempty"`
+
+ // externalClaimsSources is an optional field that can be used to configure
+ // sources, external to the token provided in a request, in which claims
+ // should be fetched from and made available to the claim mapping process
+ // that is used to build the identity of a token holder.
+ //
+ // For example, fetching additional user metadata from an OIDC provider's UserInfo endpoint.
+ //
+ // When not specified, only claims present in the token itself will be available
+ // in the claim mapping process.
+ //
+ // When specified, at least one external claim source must be specified and no more than 5
+ // sources may be specified.
+ // All external claim sources must have unique claim mappings.
+ // When an external source responds and resolves additional claims successfully, they will
+ // be made available as claims during the claim mapping process.
+ // Externally sourced claims with the same name as a claim existing within the token will
+ // overwrite the claim data from the token with the externally sourced information.
+ // If an external source does not respond, responds with an error, or the additional
+ // claim data cannot be resolved from the response successfully it will not be
+ // included in the claim data passed to the claim mapping process.
+ //
+ // +openshift:enable:FeatureGate=ExternalOIDCExternalClaimsSourcing
+ //
+ // +optional
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=5
+ // +kubebuilder:validation:XValidation:rule="self.all(s, s.mappings.all(m, self.filter(s2, s2.mappings.exists(m2, m2.name == m.name)).size() == 1))",message="mapping names must be unique across all external claim sources."
+ // +listType=atomic
+ ExternalClaimsSources []ExternalClaimsSource `json:"externalClaimsSources,omitempty"`
}
// +kubebuilder:validation:MinLength=1
@@ -831,3 +862,355 @@ type TokenUserValidationRule struct {
// +kubebuilder:validation:MaxLength=256
Message string `json:"message,omitempty"`
}
+
+// ExternalClaimsSource provides the configuration for a single external claim source.
+type ExternalClaimsSource struct {
+ // authentication is an optional field that configures how the apiserver authenticates with an external claims source.
+ // When not specified, anonymous authentication is used which means no 'Authorization' header
+ // is sent in the HTTP request to fetch the external claims.
+ //
+ // +optional
+ Authentication ExternalSourceAuthentication `json:"authentication,omitzero"`
+
+ // tls is an optional field that configures the http client TLS
+ // settings when fetching external claims from this source.
+ //
+ // When omitted, system default TLS settings will be used
+ // for fetching claims from the external source.
+ //
+ // +optional
+ TLS ExternalSourceTLS `json:"tls,omitzero"`
+
+ // url is a required configuration of the URL
+ // for which the external claims are located.
+ //
+ // +required
+ URL SourceURL `json:"url,omitzero"`
+
+ // mappings is a required list of the claim
+ // and response handling expression pairs
+ // that produces the claims from the external source.
+ // mappings must have at least 1 entry and must not exceed 16 entries.
+ // Entries must have a unique name across all external claim sources.
+ //
+ // +required
+ // +listType=map
+ // +listMapKey=name
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=16
+ Mappings []SourcedClaimMapping `json:"mappings,omitempty"`
+
+ // predicates is an optional list of constraints in
+ // which claims should attempt to be fetched from this
+ // external source.
+ //
+ // When omitted, claims are always fetched
+ // from this external source.
+ //
+ // When specified, all predicates must evaluate to 'true'
+ // before claims are attempted to be fetched from this external source.
+ // predicates must have at least 1 entry and must not exceed 16 entries.
+ // Entries must have unique expressions.
+ //
+ // +optional
+ // +listType=map
+ // +listMapKey=expression
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=16
+ Predicates []ExternalSourcePredicate `json:"predicates,omitempty"`
+}
+
+// ExternalSourceAuthenticationType is the type of authentication that should be used
+// when fetching claims from an external source.
+//
+// +enum
+// +kubebuilder:validation:Enum=RequestProvidedToken;ClientCredential
+type ExternalSourceAuthenticationType string
+
+const (
+ // ExternalSourceAuthenticationTypeRequestProvidedToken is an ExternalSourceAuthenticationType
+ // that represents that the token being evaluated for authentication
+ // should be used for authenticating with the external claims source.
+ // This is useful for scenarios where a token has multiple audiences
+ // and scopes so that it can be used to access both the cluster and
+ // the UserInfo endpoint that contains additional information about the
+ // user not present in the token.
+ ExternalSourceAuthenticationTypeRequestProvidedToken ExternalSourceAuthenticationType = "RequestProvidedToken"
+
+ // ExternalSourceAuthenticationTypeClientCredential is an ExternalSourceAuthenticationType
+ // that represents that the authenticator should use the OAuth2
+ // client credentials grant flow to obtain an access token for
+ // authenticating with the external claims source.
+ // This is useful for scenarios such as fetching user information
+ // from Microsoft's Graph API where a separate client credential
+ // is needed to access the API.
+ ExternalSourceAuthenticationTypeClientCredential ExternalSourceAuthenticationType = "ClientCredential"
+)
+
+// ExternalSourceAuthentication configures how the apiserver should attempt
+// to authenticate with an external claims source.
+//
+// +kubebuilder:validation:XValidation:rule="self.type == 'ClientCredential' ? has(self.clientCredential) : !has(self.clientCredential)",message="clientCredential is required when type is ClientCredential, and forbidden otherwise"
+type ExternalSourceAuthentication struct {
+ // type is a required field that sets the type of
+ // authentication method used by the authenticator
+ // when fetching external claims.
+ //
+ // Allowed values are 'RequestProvidedToken' and 'ClientCredential'.
+ //
+ // When set to 'RequestProvidedToken', the authenticator will
+ // use the token provided to the kube-apiserver as part of the
+ // request to authenticate with the external claims source.
+ //
+ // When set to 'ClientCredential', the authenticator will
+ // use the configured client-id, client-secret, and token endpoint
+ // to fetch an access token using the OAuth2 client credentials grant
+ // flow. The fetched access token will then be used to authenticate
+ // with the external claims source.
+ //
+ // +required
+ Type ExternalSourceAuthenticationType `json:"type,omitempty"`
+
+ // clientCredential configures the client credentials
+ // and token endpoint to use to get an access token.
+ // clientCredential is required when type is 'ClientCredential', and forbidden otherwise.
+ //
+ // +optional
+ ClientCredential ClientCredentialConfig `json:"clientCredential,omitzero"`
+}
+
+// ExternalSourceTLS configures the TLS options that the apiserver uses as a client
+// when making a request to the external claim source.
+type ExternalSourceTLS struct {
+ // certificateAuthority is a required reference to a ConfigMap in the openshift-config
+ // namespace that contains the CA certificate to use to validate TLS connections with the external claims source.
+ // The key "ca-bundle.crt" must be present in the referenced ConfigMap and must contain the CA certificate to be used
+ // to verify the external source's TLS certificate.
+ //
+ // +required
+ CertificateAuthority ExternalSourceCertificateAuthorityConfigMapReference `json:"certificateAuthority,omitzero"`
+}
+
+// ClientCredentialConfig configures the client credentials and token endpoint
+// to use to get an access token via the OAuth2 client credentials grant flow.
+type ClientCredentialConfig struct {
+ // clientID is a required client identifier to use during the OAuth2 client credentials flow.
+ // clientID must be at least 1 character in length, must not exceed 256 characters in length,
+ // and must only contain printable ASCII characters.
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=256
+ // +kubebuilder:validation:XValidation:rule="self.matches('^[[:print:]]+$')",message="clientID must only contain printable ASCII characters"
+ ClientID string `json:"clientID,omitempty"`
+
+ // clientSecret is a required reference to a Secret in the openshift-config namespace to be used
+ // as the client secret during the OAuth2 client credentials flow.
+ //
+ // The key 'client-secret' is used to locate the client secret data in the Secret.
+ //
+ // +required
+ ClientSecret ClientSecretSecretReference `json:"clientSecret,omitzero"`
+
+ // tokenEndpoint is a required URL to query for an access token using
+ // the client credential OAuth2 flow.
+ // tokenEndpoint must be at least 1 character in length and must not exceed 2048 characters in length.
+ // tokenEndpoint must be a valid HTTPS URL.
+ // tokenEndpoint must have a host and a path.
+ // tokenEndpoint must not contain query parameters, fragments,
+ // or user information (e.g., "user:password@host").
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=2048
+ // +kubebuilder:validation:XValidation:rule="isURL(self)",message="tokenEndpoint must be a valid HTTPS url"
+ // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getScheme() == 'https'",message="tokenEndpoint must be a valid HTTPS url"
+ // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getHost() != ''",message="tokenEndpoint must have a hostname"
+ // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getEscapedPath() != ''",message="tokenEndpoint must have a path"
+ // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getQuery() == {}",message="tokenEndpoint must not have query parameters"
+ // +kubebuilder:validation:XValidation:rule="isURL(self) && self.find('#(.+)$') == ''",message="tokenEndpoint must not have a fragment"
+ // +kubebuilder:validation:XValidation:rule="isURL(self) && !self.matches('^https://[^/]+@.+$')",message="tokenEndpoint must not have user info"
+ TokenEndpoint string `json:"tokenEndpoint,omitempty"`
+
+ // scopes is an optional list of OAuth2 scopes to request when obtaining
+ // an access token.
+ //
+ // If not specified, the token endpoint's default scopes
+ // will be used.
+ //
+ // When specified, there must be at least 1 entry and must not exceed 16 entries.
+ // Each entry must be at least 1 character in length and must not exceed 256 characters in length.
+ // Each entry must only contain printable ASCII characters, excluding spaces, double quotes and backslashes.
+ // Entries must be unique.
+ //
+ // +optional
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=16
+ // +listType=set
+ Scopes []OAuth2Scope `json:"scopes,omitempty"`
+
+ // tls is an optional field that allows configuring the TLS
+ // settings used to interact with the identity provider
+ // as an OAuth2 client.
+ //
+ // When omitted, system default TLS settings will be used
+ // for the OAuth2 client.
+ //
+ // +optional
+ TLS ExternalSourceTLS `json:"tls,omitzero"`
+}
+
+// OAuth2Scope is a string alias that represents an OAuth2 Scope as defined by https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.4
+// Must be at least 1 character in length, must not exceed 256 characters in length and must only contain printable ASCII characters, excluding spaces, double quotes and backslashes.
+//
+// +kubebuilder:validation:XValidation:rule="self.matches('^[!#-[\\\\]-~]+$')",message="scopes must only contain printable ASCII characters excluding spaces, double quotes and backslashes"
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=256
+type OAuth2Scope string
+
+// SourceURL configures the options used to build the URL that is queried for external claims.
+type SourceURL struct {
+ // hostname is a required hostname for which the external claims are located.
+ //
+ // It must be a valid DNS subdomain name as per RFC1123.
+ //
+ // This means that it must start and end with a lowercase alphanumeric character,
+ // must only consist of lowercase alphanumeric characters, '-', and '.'.
+ // hostname may optionally specify a port in the format ':{port}'.
+ // If a port is specified it must not exceed 65535.
+ //
+ // hostname must be at least 1 character in length.
+ // When specifying a port, hostname must not exceed 259 characters in length.
+ // When not specifying a port, hostname must not exceed 253 characters in length.
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=259
+ // +kubebuilder:validation:XValidation:rule="isURL('https://'+self)",message="hostname must be a valid hostname"
+ // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self.split(':')[0]).hasValue()",message="hostname before port must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'"
+ // +kubebuilder:validation:XValidation:rule="self.split(':').size() > 1 ? int(self.split(':')[1]) <= 65535 : true",message="port must not exceed 65535"
+ Hostname string `json:"hostname,omitempty"`
+
+ // pathExpression is a required CEL expression that returns a list
+ // of string values used to construct the URL path.
+ // Claims from the token used for the request to the kube-apiserver
+ // are made available via the `claims` variable.
+ // expression must be at least 1 character in length and must not exceed 1024 characters in length.
+ //
+ // Values in the returned list will be joined with the hostname using a forward slash
+ // (`/`) as a separator. Values in the returned list do not need to include the forward slash.
+ // If a forward slash is included in a returned value, it will be encoded as `%2F`.
+ //
+ // Example of a static path configuration:
+ //
+ // pathExpression: ['realms', 'k8s', 'protocol', 'openid-connect', 'userinfo']
+ //
+ // The above example would resolve to the path: '/realms/k8s/protocol/openid-connect/userinfo'
+ //
+ // Example of a dynamic path configuration:
+ //
+ // pathExpression: "['admin', 'realms', 'k8s', 'users'] + [claims.sub] + ['groups']"
+ //
+ // Assuming 'claims.sub' is set to '12345', the above example would resolve to the path: '/admin/realms/k8s/users/12345/groups'
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=1024
+ PathExpression string `json:"pathExpression,omitempty"`
+}
+
+// SourcedClaimMapping configures the mapping behavior for a single external claim
+// from the response the apiserver received from the external claim source.
+type SourcedClaimMapping struct {
+ // name is a required name of the claim that
+ // will be produced and made available during
+ // the claim-to-identity mapping process.
+ // name must consist of only lowercase alpha characters and underscores ('_').
+ // name must be at least 1 character and must not exceed 256 characters in length.
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=256
+ // +kubebuilder:validation:XValidation:rule="self.matches('^[a-z_]+$')",message="name must consist of only lowercase alpha characters and underscores"
+ Name string `json:"name,omitempty"`
+
+ // expression is a required CEL expression that
+ // will produce a value to be assigned to the claim.
+ // The full response body from the request to the
+ // external claim source is provided via the
+ // `response.body` variable.
+ //
+ // The contents of the `response.body` variable varies based on the response received
+ // from the external source. It is the responsibility of those configuring
+ // this expression to understand what is returned from the external source.
+ //
+ // expression must be at least 1 character and must not exceed 1024 characters in length.
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=1024
+ Expression string `json:"expression,omitempty"`
+}
+
+// ExternalSourcePredicate configures a singular condition
+// that must return true before the external source is queried
+// to retrieve external claims.
+type ExternalSourcePredicate struct {
+ // expression is a required CEL expression that
+ // is used to determine whether or not an external
+ // source should be used to fetch external claims.
+ //
+ // The expression must return a boolean value,
+ // where true means that the source should be consulted
+ // and false means that it should not.
+ //
+ // Claims from the token used for the request to the kube-apiserver
+ // are made available via the `claims` variable.
+ //
+ // The contents of the `claims` variable varies based on the claims that are
+ // present in the token being validated. It is the responsibility of those configuring this
+ // field to understand what claims the identity provider includes when issuing tokens.
+ //
+ // expression must be at least 1 character and must not exceed 1024 characters in length.
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=1024
+ Expression string `json:"expression,omitempty"`
+}
+
+// ExternalSourceCertificateAuthorityConfigMapReference is a reference to a ConfigMap in the openshift-config
+// namespace that should be used for configuring the certificate authority to be
+// used when sourcing claims from external sources.
+type ExternalSourceCertificateAuthorityConfigMapReference struct {
+ // name is the required name of the ConfigMap that exists in the openshift-config namespace.
+ // The key "ca-bundle.crt" must be present and must contain the CA certificate to be used
+ // to verify the external source's TLS certificate.
+ //
+ // It must be at least 1 character in length, must not exceed 253 characters in length,
+ // must start and end with a lowercase alphanumeric character, and must only contain
+ // lowercase alphanumeric characters, '-' or '.'.
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=253
+ // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="name must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'"
+ Name string `json:"name,omitempty"`
+}
+
+// ClientSecretSecretReference is a reference to a Secret in the openshift-config
+// namespace that should be used for configuring the client secret to be
+// used when sourcing claims from external sources with the client credential authentication flow.
+type ClientSecretSecretReference struct {
+ // name is the required name of the Secret that exists in the openshift-config namespace.
+ //
+ // It must be at least 1 character in length, must not exceed 253 characters in length,
+ // must start and end with a lowercase alphanumeric character, and must only contain
+ // lowercase alphanumeric characters, '-' or '.'.
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=253
+ // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="name must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'"
+ Name string `json:"name,omitempty"`
+}
diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go
index 832304038..e934e8355 100644
--- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go
+++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go
@@ -160,8 +160,9 @@ const (
// is actively rolling out new code, propagating config changes (e.g, a version change), or otherwise
// moving from one steady state to another. Operators should not report
// Progressing when they are reconciling (without action) a previously known
- // state. Operators should not report Progressing only because DaemonSets owned by them
- // are adjusting to a new node from cluster scaleup or a node rebooting from cluster upgrade.
+ // state. Operators should not report Progressing only because resources owned by them,
+ // such as DaemonSets and Deployments, are adjusting to a new node from cluster scaleup
+ // or a node rebooting from cluster upgrade.
// If the observed cluster state has changed and the component is
// reacting to it (updated proxy configuration for instance), Progressing should become true
// since it is moving from one steady state to another.
diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go
index f8d45114a..9cb85f4c0 100644
--- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go
+++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go
@@ -18,7 +18,8 @@ import (
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=clusterversions,scope=Cluster
-// +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'marketplace' in self.spec.capabilities.additionalEnabledCapabilities ? 'OperatorLifecycleManager' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'OperatorLifecycleManager' in self.status.capabilities.enabledCapabilities) : true",message="the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate="";CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'marketplace' in self.spec.capabilities.additionalEnabledCapabilities ? 'OperatorLifecycleManager' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'OperatorLifecycleManager' in self.status.capabilities.enabledCapabilities) : true",message="the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability"
+// +openshift:validation:FeatureGateAwareXValidation:requiredFeatureGate=CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && 'ClusterAPI' in self.spec.capabilities.additionalEnabledCapabilities ? 'CompatibilityRequirements' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'CompatibilityRequirements' in self.status.capabilities.enabledCapabilities) : true",message="the `ClusterAPI` capability requires the `CompatibilityRequirements` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `CompatibilityRequirements` capability"
// +kubebuilder:printcolumn:name=Version,JSONPath=.status.history[?(@.state=="Completed")].version,type=string
// +kubebuilder:printcolumn:name=Available,JSONPath=.status.conditions[?(@.type=="Available")].status,type=string
// +kubebuilder:printcolumn:name=Progressing,JSONPath=.status.conditions[?(@.type=="Progressing")].status,type=string
@@ -304,7 +305,10 @@ const (
)
// ClusterVersionCapability enumerates optional, core cluster components.
-// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1
+// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1
+// +openshift:validation:FeatureGateAwareEnum:featureGate=CRDCompatibilityRequirementOperator,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements
+// +openshift:validation:FeatureGateAwareEnum:featureGate=ClusterAPIMachineManagement,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements;ClusterAPI
+// +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements;ClusterAPI
type ClusterVersionCapability string
const (
@@ -425,6 +429,19 @@ const (
// Managers deployed on top of OpenShift. They help you to work with cloud
// provider API and embeds cloud-specific control logic.
ClusterVersionCapabilityCloudControllerManager ClusterVersionCapability = "CloudControllerManager"
+
+ // ClusterVersionCapabilityCompatibilityRequirements manages the Compatibility
+ // Requirements operator which enforces CRD compatibility constraints via
+ // validating webhooks.
+ ClusterVersionCapabilityCompatibilityRequirements ClusterVersionCapability = "CompatibilityRequirements"
+
+ // ClusterVersionCapabilityClusterAPI manages the Cluster API operator and
+ // controllers which provide forward-compatible machine management for
+ // OpenShift clusters.
+ //
+ // Note that Cluster API has a hard requirement on CompatibilityRequirements.
+ // CompatibilityRequirements cannot be disabled while Cluster API is enabled.
+ ClusterVersionCapabilityClusterAPI ClusterVersionCapability = "ClusterAPI"
)
// KnownClusterVersionCapabilities includes all known optional, core cluster components.
@@ -446,6 +463,8 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{
ClusterVersionCapabilityCloudCredential,
ClusterVersionCapabilityIngress,
ClusterVersionCapabilityCloudControllerManager,
+ ClusterVersionCapabilityCompatibilityRequirements,
+ ClusterVersionCapabilityClusterAPI,
}
// ClusterVersionCapabilitySet defines sets of cluster version capabilities.
@@ -644,6 +663,8 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers
ClusterVersionCapabilityCloudCredential,
ClusterVersionCapabilityIngress,
ClusterVersionCapabilityCloudControllerManager,
+ ClusterVersionCapabilityCompatibilityRequirements,
+ ClusterVersionCapabilityClusterAPI,
},
}
diff --git a/vendor/github.com/openshift/api/config/v1/types_crio_credential_provider_config.go b/vendor/github.com/openshift/api/config/v1/types_crio_credential_provider_config.go
new file mode 100644
index 000000000..3fe543aac
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/types_crio_credential_provider_config.go
@@ -0,0 +1,186 @@
+package v1
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is "cluster". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources.
+// For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in.
+// CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation.
+// Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.
+//
+// The resource is a singleton named "cluster".
+//
+// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=criocredentialproviderconfigs,scope=Cluster
+// +kubebuilder:subresource:status
+// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2725
+// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01
+// +openshift:enable:FeatureGate=CRIOCredentialProviderConfig
+// +openshift:compatibility-gen:level=1
+// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="criocredentialproviderconfig is a singleton, .metadata.name must be 'cluster'"
+type CRIOCredentialProviderConfig struct {
+ metav1.TypeMeta `json:",inline"`
+
+ // metadata is the standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ // +optional
+ metav1.ObjectMeta `json:"metadata,omitzero"`
+
+ // spec defines the desired configuration of the CRI-O Credential Provider.
+ // This field is required and must be provided when creating the resource.
+ // +required
+ Spec *CRIOCredentialProviderConfigSpec `json:"spec,omitempty,omitzero"`
+
+ // status represents the current state of the CRIOCredentialProviderConfig.
+ // When omitted or nil, it indicates that the status has not yet been set by the controller.
+ // The controller will populate this field with validation conditions and operational state.
+ // +optional
+ Status CRIOCredentialProviderConfigStatus `json:"status,omitzero,omitempty"`
+}
+
+// CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.
+// +kubebuilder:validation:MinProperties=0
+type CRIOCredentialProviderConfigSpec struct {
+ // matchImages is a list of string patterns used to determine whether
+ // the CRI-O credential provider should be invoked for a given image. This list is
+ // passed to the kubelet CredentialProviderConfig, and if any pattern matches
+ // the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling
+ // that image or its mirrors.
+ // Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider.
+ // Conflicts between the existing platform specific provider image match configuration and this list will be handled by
+ // the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those
+ // from the CRIOCredentialProviderConfig when both match the same image.
+ // To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with
+ // existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml).
+ // You can check the resource's Status conditions
+ // to see if any entries were ignored due to exact matches with known built-in provider patterns.
+ //
+ // This field is optional, the items of the list must contain between 1 and 50 entries.
+ // The list is treated as a set, so duplicate entries are not allowed.
+ //
+ // For more details, see:
+ // https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/
+ // https://github.com/cri-o/crio-credential-provider#architecture
+ //
+ // Each entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters.
+ // Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io',
+ // and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net').
+ // A global wildcard '*' (matching any domain) is not allowed.
+ // Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path.
+ // For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not.
+ // Each wildcard matches only a single domain label,
+ // so '*.io' does **not** match '*.k8s.io'.
+ //
+ // A match exists between an image and a matchImage when all of the below are true:
+ // Both contain the same number of domain parts and each part matches.
+ // The URL path of an matchImages must be a prefix of the target image URL path.
+ // If the matchImages contains a port, then the port must match in the image as well.
+ //
+ // Example values of matchImages:
+ // - 123456789.dkr.ecr.us-east-1.amazonaws.com
+ // - *.azurecr.io
+ // - gcr.io
+ // - *.*.registry.io
+ // - registry.io:8080/path
+ //
+ // +kubebuilder:validation:MaxItems=50
+ // +kubebuilder:validation:MinItems=1
+ // +listType=set
+ // +optional
+ MatchImages []MatchImage `json:"matchImages,omitempty"`
+}
+
+// MatchImage is a string pattern used to match container image registry addresses.
+// It must be a valid fully qualified domain name with optional wildcard, port, and path.
+// The maximum length is 512 characters.
+//
+// Wildcards ('*') are supported for full subdomain labels and top-level domains.
+// Each entry can optionally contain a port (e.g., :8080) and a path (e.g., /path).
+// Wildcards are not allowed in the port or path portions.
+//
+// Examples:
+// - "registry.io" - matches exactly registry.io
+// - "*.azurecr.io" - matches any single subdomain of azurecr.io
+// - "registry.io:8080/path" - matches with specific port and path prefix
+//
+// +kubebuilder:validation:MaxLength=512
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:XValidation:rule="self != '*'",message="global wildcard '*' is not allowed"
+// +kubebuilder:validation:XValidation:rule=`self.matches('^((\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?)(\\.(\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?))*)(:[0-9]+)?(/[-a-z0-9._/]*)?$')`,message="invalid matchImages value, must be a valid fully qualified domain name in lowercase with optional wildcard, port, and path"
+type MatchImage string
+
+// +k8s:deepcopy-gen=true
+// CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig
+// +kubebuilder:validation:MinProperties=1
+type CRIOCredentialProviderConfigStatus struct {
+ // conditions represent the latest available observations of the configuration state.
+ // When omitted, it indicates that no conditions have been reported yet.
+ // The maximum number of conditions is 16.
+ // Conditions are stored as a map keyed by condition type, ensuring uniqueness.
+ //
+ // Expected condition types include:
+ // "Validated": indicates whether the matchImages configuration is valid
+ // +optional
+ // +kubebuilder:validation:MaxItems=16
+ // +kubebuilder:validation:MinItems=1
+ // +listType=map
+ // +listMapKey=type
+ Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources
+//
+// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+// +openshift:compatibility-gen:level=1
+type CRIOCredentialProviderConfigList struct {
+ metav1.TypeMeta `json:",inline"`
+
+ // metadata is the standard list's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ metav1.ListMeta `json:"metadata"`
+
+ Items []CRIOCredentialProviderConfig `json:"items"`
+}
+
+const (
+ // ConditionTypeValidated is a condition type that indicates whether the CRIOCredentialProviderConfig
+ // matchImages configuration has been validated successfully.
+ // When True, all matchImage patterns are valid and have been applied.
+ // When False, the configuration contains errors (see Reason for details).
+ // Possible reasons for False status:
+ // - ValidationFailed: matchImages contains invalid patterns
+ // - ConfigurationPartiallyApplied: some matchImage entries were ignored due to conflicts
+ ConditionTypeValidated = "Validated"
+
+ // ReasonValidationFailed is a condition reason used with ConditionTypeValidated=False
+ // to indicate that the matchImages configuration contains one or more invalid registry patterns
+ // that do not conform to the required format (valid FQDN with optional wildcard, port, and path).
+ ReasonValidationFailed = "ValidationFailed"
+
+ // ReasonConfigurationPartiallyApplied is a condition reason used with ConditionTypeValidated=False
+ // to indicate that some matchImage entries were ignored due to conflicts or overlapping patterns.
+ // The condition message will contain details about which entries were ignored and why.
+ ReasonConfigurationPartiallyApplied = "ConfigurationPartiallyApplied"
+
+ // ConditionTypeMachineConfigRendered is a condition type that indicates whether
+ // the CRIOCredentialProviderConfig has been successfully rendered into a
+ // MachineConfig object.
+ // When True, the corresponding MachineConfig is present in the cluster.
+ // When False, rendering failed.
+ ConditionTypeMachineConfigRendered = "MachineConfigRendered"
+
+ // ReasonMachineConfigRenderingSucceeded is a condition reason used with ConditionTypeMachineConfigRendered=True
+ // to indicate that the MachineConfig was successfully created/updated in the API server.
+ ReasonMachineConfigRenderingSucceeded = "MachineConfigRenderingSucceeded"
+
+ // ReasonMachineConfigRenderingFailed is a condition reason used with ConditionTypeMachineConfigRendered=False
+ // to indicate that the MachineConfig creation/update failed.
+ // The condition message will contain details about the failure.
+ ReasonMachineConfigRenderingFailed = "MachineConfigRenderingFailed"
+)
diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go
index 82f46c8b6..96fa349a6 100644
--- a/vendor/github.com/openshift/api/config/v1/types_image.go
+++ b/vendor/github.com/openshift/api/config/v1/types_image.go
@@ -165,20 +165,50 @@ type RegistryLocation struct {
// +kubebuilder:validation:XValidation:rule="has(self.blockedRegistries) ? !has(self.allowedRegistries) : true",message="Only one of blockedRegistries or allowedRegistries may be set"
type RegistrySources struct {
// insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
+ // Each entry must be a valid registry scope in the format hostname[:port][/path],
+ // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com").
+ // The hostname must consist of valid DNS labels separated by dots, where each label
+ // contains only alphanumeric characters and hyphens and does not start or end with a hyphen.
+ // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."),
+ // and must be at most 256 characters in length. The list may contain at most 1024 entries.
// +optional
// +listType=atomic
+ // +kubebuilder:validation:MaxItems=1024
+ // +kubebuilder:validation:items:MinLength=1
+ // +kubebuilder:validation:items:MaxLength=256
+ // +kubebuilder:validation:items:XValidation:rule="self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')",message="each registry must be a valid hostname[:port][/path] or wildcard *.hostname format without tags or digests"
InsecureRegistries []string `json:"insecureRegistries,omitempty"`
// blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
+ // Each entry must be a valid registry scope in the format hostname[:port][/path],
+ // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com").
+ // The hostname must consist of valid DNS labels separated by dots, where each label
+ // contains only alphanumeric characters and hyphens and does not start or end with a hyphen.
+ // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."),
+ // and must be at most 256 characters in length. The list may contain at most 1024 entries.
//
// Only one of BlockedRegistries or AllowedRegistries may be set.
// +optional
// +listType=atomic
+ // +kubebuilder:validation:MaxItems=1024
+ // +kubebuilder:validation:items:MinLength=1
+ // +kubebuilder:validation:items:MaxLength=256
+ // +kubebuilder:validation:items:XValidation:rule="self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')",message="each registry must be a valid hostname[:port][/path] or wildcard *.hostname format without tags or digests"
BlockedRegistries []string `json:"blockedRegistries,omitempty"`
// allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
+ // Each entry must be a valid registry scope in the format hostname[:port][/path],
+ // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com").
+ // The hostname must consist of valid DNS labels separated by dots, where each label
+ // contains only alphanumeric characters and hyphens and does not start or end with a hyphen.
+ // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."),
+ // and must be at most 256 characters in length. The list may contain at most 1024 entries.
//
// Only one of BlockedRegistries or AllowedRegistries may be set.
// +optional
// +listType=atomic
+ // +kubebuilder:validation:MaxItems=1024
+ // +kubebuilder:validation:items:MinLength=1
+ // +kubebuilder:validation:items:MaxLength=256
+ // +kubebuilder:validation:items:XValidation:rule="self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')",message="each registry must be a valid hostname[:port][/path] or wildcard *.hostname format without tags or digests"
AllowedRegistries []string `json:"allowedRegistries,omitempty"`
// containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified
// domains in their pull specs. Registries will be searched in the order provided in the list.
diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
index c579be3a1..e8aaa810f 100644
--- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
+++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
@@ -19,6 +19,7 @@ import (
// +kubebuilder:resource:path=infrastructures,scope=Cluster
// +kubebuilder:subresource:status
// +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=MutableTopology,rule="!has(self.spec.controlPlaneTopology) || (has(oldSelf.spec.controlPlaneTopology) && self.spec.controlPlaneTopology == oldSelf.spec.controlPlaneTopology) || (has(self.status.controlPlaneTopology) && self.spec.controlPlaneTopology == self.status.controlPlaneTopology) || (has(self.status.controlPlaneTopology) && self.status.controlPlaneTopology == 'SingleReplica' && self.spec.controlPlaneTopology == 'HighlyAvailable')",message="spec.controlPlaneTopology must match status.controlPlaneTopology or be set to HighlyAvailable when status.controlPlaneTopology is SingleReplica"
type Infrastructure struct {
metav1.TypeMeta `json:",inline"`
@@ -55,6 +56,21 @@ type InfrastructureSpec struct {
// platformSpec holds desired information specific to the underlying
// infrastructure provider.
PlatformSpec PlatformSpec `json:"platformSpec,omitempty"`
+
+ // controlPlaneTopology expresses the desired topology configuration for control nodes.
+ //
+ // When status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable',
+ // a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable.
+ //
+ // When left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value,
+ // no changes are required and no transitions will be triggered.
+ //
+ // This value may be set to match status.controlPlaneTopology regardless of the current value.
+ //
+ // +openshift:enable:FeatureGate=MutableTopology
+ // +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica
+ // +optional
+ ControlPlaneTopology TopologyMode `json:"controlPlaneTopology,omitempty"`
}
// InfrastructureStatus describes the infrastructure the cluster is leveraging.
@@ -295,7 +311,8 @@ type ExternalPlatformSpec struct {
// PlatformSpec holds the desired state specific to the underlying infrastructure provider
// of the current cluster. Since these are used at spec-level for the underlying cluster, it
// is supposed that only one of the spec structs is set.
-// +kubebuilder:validation:XValidation:rule="!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters) < 2 : true",message="vcenters can have at most 1 item when configured post-install"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="!has(oldSelf.vsphere) && has(self.vsphere) ? (has(self.vsphere.vcenters) && size(self.vsphere.vcenters) < 2) : true",message="vcenters can have at most 1 item when configured post-install"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=VSphereMultiVCenterDay2,rule="oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue() : true",message="vcenters is required once set and cannot be removed"
type PlatformSpec struct {
// type is the underlying infrastructure provider for the cluster. This
// value controls whether infrastructure automation such as service load
@@ -1641,21 +1658,24 @@ type VSpherePlatformNodeNetworking struct {
// use these fields for configuration.
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)",message="apiServerInternalIPs list is required once set"
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ingressIPs) || has(self.ingressIPs)",message="ingressIPs list is required once set"
-// +kubebuilder:validation:XValidation:rule="!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters) < 2 : true",message="vcenters can have at most 1 item when configured post-install"
type VSpherePlatformSpec struct {
// vcenters holds the connection details for services to communicate with vCenter.
- // Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.
+ // Up to 3 vCenters are supported.
// Once the cluster has been installed, you are unable to change the current number of defined
- // vCenters except in the case where the cluster has been upgraded from a version of OpenShift
- // where the vsphere platform spec was not present. You may make modifications to the existing
+ // vCenters except when 1.) the cluster has been upgraded from a version of OpenShift
+ // where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and
+ // remove vCenters but may not remove all vCenters. You may make modifications to the existing
// vCenters that are defined in the vcenters list in order to match with any added or modified
// failure domains.
// ---
// + If VCenters is not defined use the existing cloud-config configmap defined
// + in openshift-config.
- // +kubebuilder:validation:MinItems=0
+ // +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=3
- // +kubebuilder:validation:XValidation:rule="size(self) != size(oldSelf) ? size(oldSelf) == 0 && size(self) < 2 : true",message="vcenters cannot be added or removed once set"
+ // +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="size(self) != size(oldSelf) ? size(oldSelf) == 0 && size(self) < 2 : true",message="vcenters cannot be added or removed once set"
+ // +openshift:validation:FeatureGateAwareXValidation:featureGate=VSphereMultiVCenterDay2,rule="size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y, y.server == x.server)) : true",message="Cannot add and remove vCenters at the same time"
+ // +openshift:validation:FeatureGateAwareXValidation:featureGate=VSphereMultiVCenterDay2,rule="size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y, y.server == x.server)) : true",message="Cannot add and remove vCenters at the same time"
+ // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, y.server == x.server))",message="vcenters must have unique server values"
// +listType=atomic
// +optional
VCenters []VSpherePlatformVCenterSpec `json:"vcenters,omitempty"`
diff --git a/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go b/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go
index 7ab8f782b..6b58d9da4 100644
--- a/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go
+++ b/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go
@@ -1,10 +1,10 @@
package v1
-// KMSConfig defines the configuration for the KMS instance
+// KMSPluginConfig defines the configuration for the KMS instance
// that will be used with KMS encryption
// +kubebuilder:validation:XValidation:rule="self.type == 'Vault' ? has(self.vault) : !has(self.vault)",message="vault config is required when kms provider type is Vault, and forbidden otherwise"
// +union
-type KMSConfig struct {
+type KMSPluginConfig struct {
// type defines the kind of platform for the KMS provider.
// Allowed values are Vault.
// When set to Vault, the plugin connects to a HashiCorp Vault server for key management.
@@ -20,7 +20,7 @@ type KMSConfig struct {
//
// +unionMember
// +optional
- Vault VaultKMSConfig `json:"vault,omitempty,omitzero"`
+ Vault VaultKMSPluginConfig `json:"vault,omitempty,omitzero"`
// --- TOMBSTONE ---
// aws was a field that allowed configuring AWS KMS.
@@ -114,16 +114,14 @@ const (
type VaultAppRoleAuthentication struct {
// secret references a secret in the openshift-config namespace containing
// the AppRole credentials used to authenticate with Vault.
- // The secret must contain two keys: "roleID" for the AppRole Role ID and "secretID" for the AppRole Secret ID.
- //
- // The namespace for the secret is openshift-config.
+ // The referenced Secret must contain two keys: "role-id" for the AppRole Role ID and "secret-id" for the AppRole Secret ID.
//
// +required
Secret VaultSecretReference `json:"secret,omitzero"`
}
-// VaultKMSConfig defines the KMS plugin configuration specific to Vault KMS
-type VaultKMSConfig struct {
+// VaultKMSPluginConfig defines the KMS plugin configuration specific to Vault KMS
+type VaultKMSPluginConfig struct {
// kmsPluginImage specifies the container image for the HashiCorp Vault KMS plugin.
//
// The image must be a fully qualified OCI image pull spec with a SHA256 digest.
@@ -194,33 +192,31 @@ type VaultKMSConfig struct {
Authentication VaultAuthentication `json:"authentication,omitzero"`
// transitMount specifies the mount path of the Vault Transit engine.
- // The value must be between 1 and 1024 characters when specified.
- //
- // When omitted, this means the user has no opinion and the platform is left
- // to choose a reasonable default. These defaults are subject to change over time.
- // The current default is "transit".
//
- // The mount path cannot start or end with a forward slash, cannot contain spaces,
- // and cannot contain consecutive forward slashes.
+ // The transit mount must be between 1 and 1024 characters, cannot start or
+ // end with a forward slash, cannot contain consecutive forward slashes, and
+ // must only contain RFC 3986 unreserved characters (alphanumeric, hyphen,
+ // period, underscore, tilde) and forward slashes as path separators.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=1024
// +kubebuilder:validation:XValidation:rule="!self.startsWith('/')",message="transitMount cannot start with a forward slash"
// +kubebuilder:validation:XValidation:rule="!self.endsWith('/')",message="transitMount cannot end with a forward slash"
- // +kubebuilder:validation:XValidation:rule="!self.contains(' ')",message="transitMount cannot contain spaces"
// +kubebuilder:validation:XValidation:rule="!self.contains('//')",message="transitMount cannot contain consecutive forward slashes"
- // +optional
+ // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._~/-]+$')",message="transitMount must only contain RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward slashes"
+ // +required
TransitMount string `json:"transitMount,omitempty"`
// transitKey specifies the name of the encryption key in Vault's Transit engine.
// This key is used to encrypt and decrypt data.
//
- // The key name must be between 1 and 512 characters and cannot contain spaces or forward slashes.
+ // The transit key must be between 1 and 512 characters, cannot contain forward slashes,
+ // and must only contain alphanumeric characters, hyphens, periods, and underscores.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=512
- // +kubebuilder:validation:XValidation:rule="!self.contains(' ')",message="transitKey cannot contain spaces"
// +kubebuilder:validation:XValidation:rule="!self.contains('/')",message="transitKey cannot contain forward slashes"
+ // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="transitKey must only contain alphanumeric characters, hyphens, periods, and underscores"
// +required
TransitKey string `json:"transitKey,omitempty"`
}
@@ -230,7 +226,7 @@ type VaultKMSConfig struct {
type VaultTLSConfig struct {
// caBundle references a ConfigMap in the openshift-config namespace containing
// the CA certificate bundle used to verify the TLS connection to the Vault server.
- // The ConfigMap must contain the CA bundle in the key "ca-bundle.crt".
+ // The referenced ConfigMap must contain the CA bundle in the key "ca-bundle.crt".
// When this field is not set, the system's trusted CA certificates are used.
//
// The namespace for the ConfigMap is openshift-config.
diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go
index fb8ed2fff..5e2eb9337 100644
--- a/vendor/github.com/openshift/api/config/v1/types_network.go
+++ b/vendor/github.com/openshift/api/config/v1/types_network.go
@@ -86,6 +86,13 @@ type NetworkSpec struct {
//
// +optional
NetworkDiagnostics NetworkDiagnostics `json:"networkDiagnostics"`
+
+ // networkObservability is an optional field that configures network observability installation
+ // during cluster deployment (day-0).
+ // When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken.
+ // +openshift:enable:FeatureGate=NetworkObservabilityInstall
+ // +optional
+ NetworkObservability NetworkObservabilitySpec `json:"networkObservability,omitempty,omitzero"`
}
// NetworkStatus is the current network configuration.
@@ -304,3 +311,26 @@ type NetworkDiagnosticsTargetPlacement struct {
// +listType=atomic
Tolerations []corev1.Toleration `json:"tolerations"`
}
+
+// NetworkObservabilityInstallationPolicy is an enumeration of the available network observability installation policies
+// Valid values are "InstallAndEnable", "NoAction".
+// +kubebuilder:validation:Enum=InstallAndEnable;NoAction
+type NetworkObservabilityInstallationPolicy string
+
+const (
+ // NetworkObservabilityInstallAndEnable means that network observability should be installed and enabled during cluster deployment
+ // Since this was explicitly set to install, if the user remove NetworkObservability, it will be installed again unless the value of InstallationPolicy is changed
+ NetworkObservabilityInstallAndEnable NetworkObservabilityInstallationPolicy = "InstallAndEnable"
+ // NetworkObservabilityNoAction means that nothing will be done regarding Network Observability
+ NetworkObservabilityNoAction NetworkObservabilityInstallationPolicy = "NoAction"
+)
+
+// NetworkObservabilitySpec defines the configuration for network observability installation
+type NetworkObservabilitySpec struct {
+ // installationPolicy controls whether network observability is installed during cluster deployment.
+ // Valid values are "InstallAndEnable" and "NoAction".
+ // When set to "InstallAndEnable", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again.
+ // When set to "NoAction", nothing will be done regarding Network observability.
+ // +required
+ InstallationPolicy NetworkObservabilityInstallationPolicy `json:"installationPolicy,omitempty"`
+}
diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go
index 48657b089..2e9be97ae 100644
--- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go
+++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go
@@ -7,10 +7,16 @@ type TLSSecurityProfile struct {
// type is one of Old, Intermediate, Modern or Custom. Custom provides the
// ability to specify individual TLS security profile parameters.
//
- // The profiles are based on version 5.7 of the Mozilla Server Side TLS
- // configuration guidelines. The cipher lists consist of the configuration's
- // "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- // See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ // The cipher and groups lists in these profiles are based on version 5.8 of the
+ // Mozilla Server Side TLS configuration guidelines.
+ // See: https://ssl-config.mozilla.org/guidelines/5.8.json
+ //
+ // The groups are listed in suggested preference order, with the most preferred group first.
+ // Note that not all platform components honor the ordering: Go-based components use Go's
+ // internal preference order and treat this list as a filter of allowed groups rather than
+ // an ordered preference.
+ // Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ // FIPS-approved and should be ignored by components running in FIPS mode.
//
// The profiles are intent based, so they may change over time as new ciphers are
// developed and existing ciphers are found to be insecure. Depending on
@@ -23,6 +29,10 @@ type TLSSecurityProfile struct {
// old is a TLS profile for use when services need to be accessed by very old
// clients or libraries and should be used only as a last resort.
//
+ // The supported groups list includes by default the following groups
+ // in suggested preference order (ordering may not be honored by all implementations):
+ // X25519MLKEM768, X25519, secp256r1, secp384r1.
+ //
// This profile is equivalent to a Custom profile specified as:
// minTLSVersion: VersionTLS10
// ciphers:
@@ -39,11 +49,14 @@ type TLSSecurityProfile struct {
// - ECDHE-RSA-AES128-SHA256
// - ECDHE-ECDSA-AES128-SHA
// - ECDHE-RSA-AES128-SHA
+ // - ECDHE-ECDSA-AES256-SHA384
+ // - ECDHE-RSA-AES256-SHA384
// - ECDHE-ECDSA-AES256-SHA
// - ECDHE-RSA-AES256-SHA
// - AES128-GCM-SHA256
// - AES256-GCM-SHA384
// - AES128-SHA256
+ // - AES256-SHA256
// - AES128-SHA
// - AES256-SHA
// - DES-CBC3-SHA
@@ -56,6 +69,10 @@ type TLSSecurityProfile struct {
// legacy clients and want to remain highly secure while being compatible with
// most clients currently in use.
//
+ // The supported groups list includes by default the following groups
+ // in suggested preference order (ordering may not be honored by all implementations):
+ // X25519MLKEM768, X25519, secp256r1, secp384r1.
+ //
// This profile is equivalent to a Custom profile specified as:
// minTLSVersion: VersionTLS12
// ciphers:
@@ -75,7 +92,9 @@ type TLSSecurityProfile struct {
// modern is a TLS security profile for use with clients that support TLS 1.3 and
// do not need backward compatibility for older clients.
- //
+ // The supported groups list includes by default the following groups
+ // in suggested preference order (ordering may not be honored by all implementations):
+ // X25519MLKEM768, X25519, secp256r1, secp384r1.
// This profile is equivalent to a Custom profile specified as:
// minTLSVersion: VersionTLS13
// ciphers:
@@ -88,8 +107,11 @@ type TLSSecurityProfile struct {
Modern *ModernTLSProfile `json:"modern,omitempty"`
// custom is a user-defined TLS security profile. Be extremely careful using a custom
- // profile as invalid configurations can be catastrophic. An example custom profile
- // looks like this:
+ // profile as invalid configurations can be catastrophic.
+ //
+ // The supported groups list for this profile is empty by default.
+ //
+ // An example custom profile looks like this:
//
// minTLSVersion: VersionTLS11
// ciphers:
@@ -142,6 +164,33 @@ const (
TLSProfileCustomType TLSProfileType = "Custom"
)
+// TLSGroup is a supported group identifier that can be used in TLSProfile.Groups.
+// There is a one-to-one mapping between these names and the group IDs defined
+// in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry:
+// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+// Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+// FIPS-approved and should be ignored by components running in FIPS mode.
+//
+// +kubebuilder:validation:Enum=X25519;secp256r1;secp384r1;secp521r1;X25519MLKEM768;SecP256r1MLKEM768;SecP384r1MLKEM1024
+type TLSGroup string
+
+const (
+ // TLSGroupX25519 represents X25519.
+ TLSGroupX25519 TLSGroup = "X25519"
+ // TLSGroupSecP256r1 represents P-256 (secp256r1).
+ TLSGroupSecP256r1 TLSGroup = "secp256r1"
+ // TLSGroupSecP384r1 represents P-384 (secp384r1).
+ TLSGroupSecP384r1 TLSGroup = "secp384r1"
+ // TLSGroupSecP521r1 represents P-521 (secp521r1).
+ TLSGroupSecP521r1 TLSGroup = "secp521r1"
+ // TLSGroupX25519MLKEM768 represents X25519MLKEM768.
+ TLSGroupX25519MLKEM768 TLSGroup = "X25519MLKEM768"
+ // TLSGroupSecP256r1MLKEM768 represents SecP256r1MLKEM768.
+ TLSGroupSecP256r1MLKEM768 TLSGroup = "SecP256r1MLKEM768"
+ // TLSGroupSecP384r1MLKEM1024 represents SecP384r1MLKEM1024.
+ TLSGroupSecP384r1MLKEM1024 TLSGroup = "SecP384r1MLKEM1024"
+)
+
// TLSProfileSpec is the desired behavior of a TLSSecurityProfile.
type TLSProfileSpec struct {
// ciphers is used to specify the cipher algorithms that are negotiated
@@ -155,6 +204,30 @@ type TLSProfileSpec struct {
// and are always enabled when TLS 1.3 is negotiated.
// +listType=atomic
Ciphers []string `json:"ciphers"`
+ // groups is an optional, ordered field used to specify the supported groups (formerly known as
+ // elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ // a suggested preference, with the most preferred group first. Note that not all platform
+ // components honor the ordering: Go-based components use Go's internal preference order and
+ // treat this list as a filter of allowed groups rather than an ordered preference.
+ // Operators may remove entries their operands do not support.
+ //
+ // When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ // subject to change over time and may be different per platform component depending on the underlying TLS
+ // libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ // and each group must be unique.
+ //
+ // For example, to use X25519 and secp256r1 (yaml):
+ //
+ // groups:
+ // - X25519
+ // - secp256r1
+ //
+ // +optional
+ // +listType=set
+ // +kubebuilder:validation:MaxItems=7
+ // +kubebuilder:validation:MinItems=1
+ // +openshift:enable:FeatureGate=TLSGroupPreferences
+ Groups []TLSGroup `json:"groups,omitempty"`
// minTLSVersion is used to specify the minimal version of the TLS protocol
// that is negotiated during the TLS handshake. For example, to use TLS
// versions 1.1, 1.2 and 1.3 (yaml):
@@ -187,16 +260,22 @@ const (
// TLSProfiles contains a map of TLSProfileType names to TLSProfileSpec.
//
-// These profiles are based on version 5.7 of the Mozilla Server Side TLS
-// configuration guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json
+// The cipher and groups lists in these profiles are based on version 5.8 of the
+// Mozilla Server Side TLS configuration guidelines.
+// See: https://ssl-config.mozilla.org/guidelines/5.8.json
//
// Each Ciphers slice is the configuration's "ciphersuites" followed by the
-// Go-specific "ciphers" from the guidelines JSON.
+// "ciphers" from the guidelines JSON.
+//
+// Groups are listed in suggested preference order, though Go-based components may use
+// their own internal ordering. TLSProfiles Old, Intermediate, Modern include by default
+// the following groups: X25519MLKEM768, X25519, secp256r1, secp384r1
//
// NOTE: The caller needs to make sure to check that these constants are valid
// for their binary. Not all entries map to values for all binaries. In the case
// of ties, the kube-apiserver wins. Do not fail, just be sure to include only
-// valid entries and everything will be ok.
+// valid entries and everything will be ok. In particular, X25519MLKEM768 is
+// not FIPS-approved and must be omitted by components running in FIPS mode.
var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{
TLSProfileOldType: {
Ciphers: []string{
@@ -213,15 +292,24 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{
"ECDHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA",
+ "ECDHE-ECDSA-AES256-SHA384",
+ "ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA256",
+ "AES256-SHA256",
"AES128-SHA",
"AES256-SHA",
"DES-CBC3-SHA",
},
+ Groups: []TLSGroup{
+ TLSGroupX25519MLKEM768,
+ TLSGroupX25519,
+ TLSGroupSecP256r1,
+ TLSGroupSecP384r1,
+ },
MinTLSVersion: VersionTLS10,
},
TLSProfileIntermediateType: {
@@ -236,6 +324,12 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
},
+ Groups: []TLSGroup{
+ TLSGroupX25519MLKEM768,
+ TLSGroupX25519,
+ TLSGroupSecP256r1,
+ TLSGroupSecP384r1,
+ },
MinTLSVersion: VersionTLS12,
},
TLSProfileModernType: {
@@ -244,6 +338,12 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
},
+ Groups: []TLSGroup{
+ TLSGroupX25519MLKEM768,
+ TLSGroupX25519,
+ TLSGroupSecP256r1,
+ TLSGroupSecP384r1,
+ },
MinTLSVersion: VersionTLS13,
},
}
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml
index 0deb9ba08..1702e755a 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml
@@ -95,6 +95,8 @@ spec:
- Ingress
- CloudControllerManager
- OperatorLifecycleManagerV1
+ - CompatibilityRequirements
+ - ClusterAPI
type: string
type: array
x-kubernetes-list-type: atomic
@@ -442,6 +444,8 @@ spec:
- Ingress
- CloudControllerManager
- OperatorLifecycleManagerV1
+ - CompatibilityRequirements
+ - ClusterAPI
type: string
type: array
x-kubernetes-list-type: atomic
@@ -469,6 +473,8 @@ spec:
- Ingress
- CloudControllerManager
- OperatorLifecycleManagerV1
+ - CompatibilityRequirements
+ - ClusterAPI
type: string
type: array
x-kubernetes-list-type: atomic
@@ -1133,6 +1139,15 @@ spec:
&& has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities)
&& ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities)
: true'
+ - message: the `ClusterAPI` capability requires the `CompatibilityRequirements`
+ capability, which is neither explicitly or implicitly enabled in this
+ cluster, please enable the `CompatibilityRequirements` capability
+ rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities)
+ && ''ClusterAPI'' in self.spec.capabilities.additionalEnabledCapabilities
+ ? ''CompatibilityRequirements'' in self.spec.capabilities.additionalEnabledCapabilities
+ || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities)
+ && ''CompatibilityRequirements'' in self.status.capabilities.enabledCapabilities)
+ : true'
served: true
storage: true
subresources:
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml
index 70a09d3ff..ac031e99a 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml
@@ -95,6 +95,8 @@ spec:
- Ingress
- CloudControllerManager
- OperatorLifecycleManagerV1
+ - CompatibilityRequirements
+ - ClusterAPI
type: string
type: array
x-kubernetes-list-type: atomic
@@ -442,6 +444,8 @@ spec:
- Ingress
- CloudControllerManager
- OperatorLifecycleManagerV1
+ - CompatibilityRequirements
+ - ClusterAPI
type: string
type: array
x-kubernetes-list-type: atomic
@@ -469,6 +473,8 @@ spec:
- Ingress
- CloudControllerManager
- OperatorLifecycleManagerV1
+ - CompatibilityRequirements
+ - ClusterAPI
type: string
type: array
x-kubernetes-list-type: atomic
@@ -1133,6 +1139,15 @@ spec:
&& has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities)
&& ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities)
: true'
+ - message: the `ClusterAPI` capability requires the `CompatibilityRequirements`
+ capability, which is neither explicitly or implicitly enabled in this
+ cluster, please enable the `CompatibilityRequirements` capability
+ rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities)
+ && ''ClusterAPI'' in self.spec.capabilities.additionalEnabledCapabilities
+ ? ''CompatibilityRequirements'' in self.spec.capabilities.additionalEnabledCapabilities
+ || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities)
+ && ''CompatibilityRequirements'' in self.status.capabilities.enabledCapabilities)
+ : true'
served: true
storage: true
subresources:
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml
index ea97687cf..27985043e 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml
@@ -95,6 +95,8 @@ spec:
- Ingress
- CloudControllerManager
- OperatorLifecycleManagerV1
+ - CompatibilityRequirements
+ - ClusterAPI
type: string
type: array
x-kubernetes-list-type: atomic
@@ -425,6 +427,8 @@ spec:
- Ingress
- CloudControllerManager
- OperatorLifecycleManagerV1
+ - CompatibilityRequirements
+ - ClusterAPI
type: string
type: array
x-kubernetes-list-type: atomic
@@ -452,6 +456,8 @@ spec:
- Ingress
- CloudControllerManager
- OperatorLifecycleManagerV1
+ - CompatibilityRequirements
+ - ClusterAPI
type: string
type: array
x-kubernetes-list-type: atomic
@@ -1116,6 +1122,15 @@ spec:
&& has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities)
&& ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities)
: true'
+ - message: the `ClusterAPI` capability requires the `CompatibilityRequirements`
+ capability, which is neither explicitly or implicitly enabled in this
+ cluster, please enable the `CompatibilityRequirements` capability
+ rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities)
+ && ''ClusterAPI'' in self.spec.capabilities.additionalEnabledCapabilities
+ ? ''CompatibilityRequirements'' in self.spec.capabilities.additionalEnabledCapabilities
+ || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities)
+ && ''CompatibilityRequirements'' in self.status.capabilities.enabledCapabilities)
+ : true'
served: true
storage: true
subresources:
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
index 003fef92b..b18ea7464 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
@@ -196,9 +196,7 @@ spec:
description: |-
secret references a secret in the openshift-config namespace containing
the AppRole credentials used to authenticate with Vault.
- The secret must contain two keys: "roleID" for the AppRole Role ID and "secretID" for the AppRole Secret ID.
-
- The namespace for the secret is openshift-config.
+ The referenced Secret must contain two keys: "role-id" for the AppRole Role ID and "secret-id" for the AppRole Secret ID.
properties:
name:
description: |-
@@ -278,7 +276,7 @@ spec:
description: |-
caBundle references a ConfigMap in the openshift-config namespace containing
the CA certificate bundle used to verify the TLS connection to the Vault server.
- The ConfigMap must contain the CA bundle in the key "ca-bundle.crt".
+ The referenced ConfigMap must contain the CA bundle in the key "ca-bundle.crt".
When this field is not set, the system's trusted CA certificates are used.
The namespace for the ConfigMap is openshift-config.
@@ -336,26 +334,25 @@ spec:
transitKey specifies the name of the encryption key in Vault's Transit engine.
This key is used to encrypt and decrypt data.
- The key name must be between 1 and 512 characters and cannot contain spaces or forward slashes.
+ The transit key must be between 1 and 512 characters, cannot contain forward slashes,
+ and must only contain alphanumeric characters, hyphens, periods, and underscores.
maxLength: 512
minLength: 1
type: string
x-kubernetes-validations:
- - message: transitKey cannot contain spaces
- rule: '!self.contains('' '')'
- message: transitKey cannot contain forward slashes
rule: '!self.contains(''/'')'
+ - message: transitKey must only contain alphanumeric characters,
+ hyphens, periods, and underscores
+ rule: self.matches('^[a-zA-Z0-9._-]+$')
transitMount:
description: |-
transitMount specifies the mount path of the Vault Transit engine.
- The value must be between 1 and 1024 characters when specified.
- When omitted, this means the user has no opinion and the platform is left
- to choose a reasonable default. These defaults are subject to change over time.
- The current default is "transit".
-
- The mount path cannot start or end with a forward slash, cannot contain spaces,
- and cannot contain consecutive forward slashes.
+ The transit mount must be between 1 and 1024 characters, cannot start or
+ end with a forward slash, cannot contain consecutive forward slashes, and
+ must only contain RFC 3986 unreserved characters (alphanumeric, hyphen,
+ period, underscore, tilde) and forward slashes as path separators.
maxLength: 1024
minLength: 1
type: string
@@ -364,11 +361,13 @@ spec:
rule: '!self.startsWith(''/'')'
- message: transitMount cannot end with a forward slash
rule: '!self.endsWith(''/'')'
- - message: transitMount cannot contain spaces
- rule: '!self.contains('' '')'
- message: transitMount cannot contain consecutive forward
slashes
rule: '!self.contains(''//'')'
+ - message: transitMount must only contain RFC 3986 unreserved
+ characters (alphanumeric, hyphen, period, underscore,
+ tilde) and forward slashes
+ rule: self.matches('^[a-zA-Z0-9._~/-]+$')
vaultAddress:
description: |-
vaultAddress specifies the address of the HashiCorp Vault instance.
@@ -420,6 +419,7 @@ spec:
- authentication
- kmsPluginImage
- transitKey
+ - transitMount
- vaultAddress
type: object
required:
@@ -452,6 +452,11 @@ spec:
- KMS
type: string
type: object
+ x-kubernetes-validations:
+ - message: kms config is required when encryption type is KMS, and
+ forbidden otherwise
+ rule: 'has(self.type) && self.type == ''KMS'' ? has(self.kms) :
+ !has(self.kms)'
servingCerts:
description: |-
servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates
@@ -541,8 +546,11 @@ spec:
custom:
description: |-
custom is a user-defined TLS security profile. Be extremely careful using a custom
- profile as invalid configurations can be catastrophic. An example custom profile
- looks like this:
+ profile as invalid configurations can be catastrophic.
+
+ The supported groups list for this profile is empty by default.
+
+ An example custom profile looks like this:
minTLSVersion: VersionTLS11
ciphers:
@@ -567,6 +575,46 @@ spec:
type: string
type: array
x-kubernetes-list-type: atomic
+ groups:
+ description: |-
+ groups is an optional, ordered field used to specify the supported groups (formerly known as
+ elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ a suggested preference, with the most preferred group first. Note that not all platform
+ components honor the ordering: Go-based components use Go's internal preference order and
+ treat this list as a filter of allowed groups rather than an ordered preference.
+ Operators may remove entries their operands do not support.
+
+ When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ subject to change over time and may be different per platform component depending on the underlying TLS
+ libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ and each group must be unique.
+
+ For example, to use X25519 and secp256r1 (yaml):
+
+ groups:
+ - X25519
+ - secp256r1
+ items:
+ description: |-
+ TLSGroup is a supported group identifier that can be used in TLSProfile.Groups.
+ There is a one-to-one mapping between these names and the group IDs defined
+ in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry:
+ https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
+ enum:
+ - X25519
+ - secp256r1
+ - secp384r1
+ - secp521r1
+ - X25519MLKEM768
+ - SecP256r1MLKEM768
+ - SecP384r1MLKEM1024
+ type: string
+ maxItems: 7
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
minTLSVersion:
description: |-
minTLSVersion is used to specify the minimal version of the TLS protocol
@@ -587,6 +635,10 @@ spec:
legacy clients and want to remain highly secure while being compatible with
most clients currently in use.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS12
ciphers:
@@ -605,7 +657,9 @@ spec:
description: |-
modern is a TLS security profile for use with clients that support TLS 1.3 and
do not need backward compatibility for older clients.
-
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS13
ciphers:
@@ -619,6 +673,10 @@ spec:
old is a TLS profile for use when services need to be accessed by very old
clients or libraries and should be used only as a last resort.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS10
ciphers:
@@ -635,11 +693,14 @@ spec:
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
+ - AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
@@ -650,10 +711,16 @@ spec:
type is one of Old, Intermediate, Modern or Custom. Custom provides the
ability to specify individual TLS security profile parameters.
- The profiles are based on version 5.7 of the Mozilla Server Side TLS
- configuration guidelines. The cipher lists consist of the configuration's
- "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ The cipher and groups lists in these profiles are based on version 5.8 of the
+ Mozilla Server Side TLS configuration guidelines.
+ See: https://ssl-config.mozilla.org/guidelines/5.8.json
+
+ The groups are listed in suggested preference order, with the most preferred group first.
+ Note that not all platform components honor the ordering: Go-based components use Go's
+ internal preference order and treat this list as a filter of allowed groups rather than
+ an ordered preference.
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
The profiles are intent based, so they may change over time as new ciphers are
developed and existing ciphers are found to be insecure. Depending on
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml
index 272d49db0..ef855e387 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml
@@ -233,8 +233,11 @@ spec:
custom:
description: |-
custom is a user-defined TLS security profile. Be extremely careful using a custom
- profile as invalid configurations can be catastrophic. An example custom profile
- looks like this:
+ profile as invalid configurations can be catastrophic.
+
+ The supported groups list for this profile is empty by default.
+
+ An example custom profile looks like this:
minTLSVersion: VersionTLS11
ciphers:
@@ -279,6 +282,10 @@ spec:
legacy clients and want to remain highly secure while being compatible with
most clients currently in use.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS12
ciphers:
@@ -297,7 +304,9 @@ spec:
description: |-
modern is a TLS security profile for use with clients that support TLS 1.3 and
do not need backward compatibility for older clients.
-
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS13
ciphers:
@@ -311,6 +320,10 @@ spec:
old is a TLS profile for use when services need to be accessed by very old
clients or libraries and should be used only as a last resort.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS10
ciphers:
@@ -327,11 +340,14 @@ spec:
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
+ - AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
@@ -342,10 +358,16 @@ spec:
type is one of Old, Intermediate, Modern or Custom. Custom provides the
ability to specify individual TLS security profile parameters.
- The profiles are based on version 5.7 of the Mozilla Server Side TLS
- configuration guidelines. The cipher lists consist of the configuration's
- "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ The cipher and groups lists in these profiles are based on version 5.8 of the
+ Mozilla Server Side TLS configuration guidelines.
+ See: https://ssl-config.mozilla.org/guidelines/5.8.json
+
+ The groups are listed in suggested preference order, with the most preferred group first.
+ Note that not all platform components honor the ordering: Go-based components use Go's
+ internal preference order and treat this list as a filter of allowed groups rather than
+ an ordered preference.
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
The profiles are intent based, so they may change over time as new ciphers are
developed and existing ciphers are found to be insecure. Depending on
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
index 8a70a13a3..b8700ff3f 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
@@ -196,9 +196,7 @@ spec:
description: |-
secret references a secret in the openshift-config namespace containing
the AppRole credentials used to authenticate with Vault.
- The secret must contain two keys: "roleID" for the AppRole Role ID and "secretID" for the AppRole Secret ID.
-
- The namespace for the secret is openshift-config.
+ The referenced Secret must contain two keys: "role-id" for the AppRole Role ID and "secret-id" for the AppRole Secret ID.
properties:
name:
description: |-
@@ -278,7 +276,7 @@ spec:
description: |-
caBundle references a ConfigMap in the openshift-config namespace containing
the CA certificate bundle used to verify the TLS connection to the Vault server.
- The ConfigMap must contain the CA bundle in the key "ca-bundle.crt".
+ The referenced ConfigMap must contain the CA bundle in the key "ca-bundle.crt".
When this field is not set, the system's trusted CA certificates are used.
The namespace for the ConfigMap is openshift-config.
@@ -336,26 +334,25 @@ spec:
transitKey specifies the name of the encryption key in Vault's Transit engine.
This key is used to encrypt and decrypt data.
- The key name must be between 1 and 512 characters and cannot contain spaces or forward slashes.
+ The transit key must be between 1 and 512 characters, cannot contain forward slashes,
+ and must only contain alphanumeric characters, hyphens, periods, and underscores.
maxLength: 512
minLength: 1
type: string
x-kubernetes-validations:
- - message: transitKey cannot contain spaces
- rule: '!self.contains('' '')'
- message: transitKey cannot contain forward slashes
rule: '!self.contains(''/'')'
+ - message: transitKey must only contain alphanumeric characters,
+ hyphens, periods, and underscores
+ rule: self.matches('^[a-zA-Z0-9._-]+$')
transitMount:
description: |-
transitMount specifies the mount path of the Vault Transit engine.
- The value must be between 1 and 1024 characters when specified.
- When omitted, this means the user has no opinion and the platform is left
- to choose a reasonable default. These defaults are subject to change over time.
- The current default is "transit".
-
- The mount path cannot start or end with a forward slash, cannot contain spaces,
- and cannot contain consecutive forward slashes.
+ The transit mount must be between 1 and 1024 characters, cannot start or
+ end with a forward slash, cannot contain consecutive forward slashes, and
+ must only contain RFC 3986 unreserved characters (alphanumeric, hyphen,
+ period, underscore, tilde) and forward slashes as path separators.
maxLength: 1024
minLength: 1
type: string
@@ -364,11 +361,13 @@ spec:
rule: '!self.startsWith(''/'')'
- message: transitMount cannot end with a forward slash
rule: '!self.endsWith(''/'')'
- - message: transitMount cannot contain spaces
- rule: '!self.contains('' '')'
- message: transitMount cannot contain consecutive forward
slashes
rule: '!self.contains(''//'')'
+ - message: transitMount must only contain RFC 3986 unreserved
+ characters (alphanumeric, hyphen, period, underscore,
+ tilde) and forward slashes
+ rule: self.matches('^[a-zA-Z0-9._~/-]+$')
vaultAddress:
description: |-
vaultAddress specifies the address of the HashiCorp Vault instance.
@@ -420,6 +419,7 @@ spec:
- authentication
- kmsPluginImage
- transitKey
+ - transitMount
- vaultAddress
type: object
required:
@@ -452,6 +452,11 @@ spec:
- KMS
type: string
type: object
+ x-kubernetes-validations:
+ - message: kms config is required when encryption type is KMS, and
+ forbidden otherwise
+ rule: 'has(self.type) && self.type == ''KMS'' ? has(self.kms) :
+ !has(self.kms)'
servingCerts:
description: |-
servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates
@@ -541,8 +546,11 @@ spec:
custom:
description: |-
custom is a user-defined TLS security profile. Be extremely careful using a custom
- profile as invalid configurations can be catastrophic. An example custom profile
- looks like this:
+ profile as invalid configurations can be catastrophic.
+
+ The supported groups list for this profile is empty by default.
+
+ An example custom profile looks like this:
minTLSVersion: VersionTLS11
ciphers:
@@ -567,6 +575,46 @@ spec:
type: string
type: array
x-kubernetes-list-type: atomic
+ groups:
+ description: |-
+ groups is an optional, ordered field used to specify the supported groups (formerly known as
+ elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ a suggested preference, with the most preferred group first. Note that not all platform
+ components honor the ordering: Go-based components use Go's internal preference order and
+ treat this list as a filter of allowed groups rather than an ordered preference.
+ Operators may remove entries their operands do not support.
+
+ When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ subject to change over time and may be different per platform component depending on the underlying TLS
+ libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ and each group must be unique.
+
+ For example, to use X25519 and secp256r1 (yaml):
+
+ groups:
+ - X25519
+ - secp256r1
+ items:
+ description: |-
+ TLSGroup is a supported group identifier that can be used in TLSProfile.Groups.
+ There is a one-to-one mapping between these names and the group IDs defined
+ in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry:
+ https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
+ enum:
+ - X25519
+ - secp256r1
+ - secp384r1
+ - secp521r1
+ - X25519MLKEM768
+ - SecP256r1MLKEM768
+ - SecP384r1MLKEM1024
+ type: string
+ maxItems: 7
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
minTLSVersion:
description: |-
minTLSVersion is used to specify the minimal version of the TLS protocol
@@ -587,6 +635,10 @@ spec:
legacy clients and want to remain highly secure while being compatible with
most clients currently in use.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS12
ciphers:
@@ -605,7 +657,9 @@ spec:
description: |-
modern is a TLS security profile for use with clients that support TLS 1.3 and
do not need backward compatibility for older clients.
-
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS13
ciphers:
@@ -619,6 +673,10 @@ spec:
old is a TLS profile for use when services need to be accessed by very old
clients or libraries and should be used only as a last resort.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS10
ciphers:
@@ -635,11 +693,14 @@ spec:
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
+ - AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
@@ -650,10 +711,16 @@ spec:
type is one of Old, Intermediate, Modern or Custom. Custom provides the
ability to specify individual TLS security profile parameters.
- The profiles are based on version 5.7 of the Mozilla Server Side TLS
- configuration guidelines. The cipher lists consist of the configuration's
- "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ The cipher and groups lists in these profiles are based on version 5.8 of the
+ Mozilla Server Side TLS configuration guidelines.
+ See: https://ssl-config.mozilla.org/guidelines/5.8.json
+
+ The groups are listed in suggested preference order, with the most preferred group first.
+ Note that not all platform components honor the ordering: Go-based components use Go's
+ internal preference order and treat this list as a filter of allowed groups rather than
+ an ordered preference.
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
The profiles are intent based, so they may change over time as new ciphers are
developed and existing ciphers are found to be insecure. Depending on
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml
index 3c81a12e8..99c093b21 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml
@@ -233,8 +233,11 @@ spec:
custom:
description: |-
custom is a user-defined TLS security profile. Be extremely careful using a custom
- profile as invalid configurations can be catastrophic. An example custom profile
- looks like this:
+ profile as invalid configurations can be catastrophic.
+
+ The supported groups list for this profile is empty by default.
+
+ An example custom profile looks like this:
minTLSVersion: VersionTLS11
ciphers:
@@ -279,6 +282,10 @@ spec:
legacy clients and want to remain highly secure while being compatible with
most clients currently in use.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS12
ciphers:
@@ -297,7 +304,9 @@ spec:
description: |-
modern is a TLS security profile for use with clients that support TLS 1.3 and
do not need backward compatibility for older clients.
-
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS13
ciphers:
@@ -311,6 +320,10 @@ spec:
old is a TLS profile for use when services need to be accessed by very old
clients or libraries and should be used only as a last resort.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS10
ciphers:
@@ -327,11 +340,14 @@ spec:
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
+ - AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
@@ -342,10 +358,16 @@ spec:
type is one of Old, Intermediate, Modern or Custom. Custom provides the
ability to specify individual TLS security profile parameters.
- The profiles are based on version 5.7 of the Mozilla Server Side TLS
- configuration guidelines. The cipher lists consist of the configuration's
- "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ The cipher and groups lists in these profiles are based on version 5.8 of the
+ Mozilla Server Side TLS configuration guidelines.
+ See: https://ssl-config.mozilla.org/guidelines/5.8.json
+
+ The groups are listed in suggested preference order, with the most preferred group first.
+ Note that not all platform components honor the ordering: Go-based components use Go's
+ internal preference order and treat this list as a filter of allowed groups rather than
+ an ordered preference.
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
The profiles are intent based, so they may change over time as new ciphers are
developed and existing ciphers are found to be insecure. Depending on
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
index 9cfd4f621..6728a62ef 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
@@ -196,9 +196,7 @@ spec:
description: |-
secret references a secret in the openshift-config namespace containing
the AppRole credentials used to authenticate with Vault.
- The secret must contain two keys: "roleID" for the AppRole Role ID and "secretID" for the AppRole Secret ID.
-
- The namespace for the secret is openshift-config.
+ The referenced Secret must contain two keys: "role-id" for the AppRole Role ID and "secret-id" for the AppRole Secret ID.
properties:
name:
description: |-
@@ -278,7 +276,7 @@ spec:
description: |-
caBundle references a ConfigMap in the openshift-config namespace containing
the CA certificate bundle used to verify the TLS connection to the Vault server.
- The ConfigMap must contain the CA bundle in the key "ca-bundle.crt".
+ The referenced ConfigMap must contain the CA bundle in the key "ca-bundle.crt".
When this field is not set, the system's trusted CA certificates are used.
The namespace for the ConfigMap is openshift-config.
@@ -336,26 +334,25 @@ spec:
transitKey specifies the name of the encryption key in Vault's Transit engine.
This key is used to encrypt and decrypt data.
- The key name must be between 1 and 512 characters and cannot contain spaces or forward slashes.
+ The transit key must be between 1 and 512 characters, cannot contain forward slashes,
+ and must only contain alphanumeric characters, hyphens, periods, and underscores.
maxLength: 512
minLength: 1
type: string
x-kubernetes-validations:
- - message: transitKey cannot contain spaces
- rule: '!self.contains('' '')'
- message: transitKey cannot contain forward slashes
rule: '!self.contains(''/'')'
+ - message: transitKey must only contain alphanumeric characters,
+ hyphens, periods, and underscores
+ rule: self.matches('^[a-zA-Z0-9._-]+$')
transitMount:
description: |-
transitMount specifies the mount path of the Vault Transit engine.
- The value must be between 1 and 1024 characters when specified.
- When omitted, this means the user has no opinion and the platform is left
- to choose a reasonable default. These defaults are subject to change over time.
- The current default is "transit".
-
- The mount path cannot start or end with a forward slash, cannot contain spaces,
- and cannot contain consecutive forward slashes.
+ The transit mount must be between 1 and 1024 characters, cannot start or
+ end with a forward slash, cannot contain consecutive forward slashes, and
+ must only contain RFC 3986 unreserved characters (alphanumeric, hyphen,
+ period, underscore, tilde) and forward slashes as path separators.
maxLength: 1024
minLength: 1
type: string
@@ -364,11 +361,13 @@ spec:
rule: '!self.startsWith(''/'')'
- message: transitMount cannot end with a forward slash
rule: '!self.endsWith(''/'')'
- - message: transitMount cannot contain spaces
- rule: '!self.contains('' '')'
- message: transitMount cannot contain consecutive forward
slashes
rule: '!self.contains(''//'')'
+ - message: transitMount must only contain RFC 3986 unreserved
+ characters (alphanumeric, hyphen, period, underscore,
+ tilde) and forward slashes
+ rule: self.matches('^[a-zA-Z0-9._~/-]+$')
vaultAddress:
description: |-
vaultAddress specifies the address of the HashiCorp Vault instance.
@@ -420,6 +419,7 @@ spec:
- authentication
- kmsPluginImage
- transitKey
+ - transitMount
- vaultAddress
type: object
required:
@@ -452,6 +452,11 @@ spec:
- KMS
type: string
type: object
+ x-kubernetes-validations:
+ - message: kms config is required when encryption type is KMS, and
+ forbidden otherwise
+ rule: 'has(self.type) && self.type == ''KMS'' ? has(self.kms) :
+ !has(self.kms)'
servingCerts:
description: |-
servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates
@@ -541,8 +546,11 @@ spec:
custom:
description: |-
custom is a user-defined TLS security profile. Be extremely careful using a custom
- profile as invalid configurations can be catastrophic. An example custom profile
- looks like this:
+ profile as invalid configurations can be catastrophic.
+
+ The supported groups list for this profile is empty by default.
+
+ An example custom profile looks like this:
minTLSVersion: VersionTLS11
ciphers:
@@ -567,6 +575,46 @@ spec:
type: string
type: array
x-kubernetes-list-type: atomic
+ groups:
+ description: |-
+ groups is an optional, ordered field used to specify the supported groups (formerly known as
+ elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ a suggested preference, with the most preferred group first. Note that not all platform
+ components honor the ordering: Go-based components use Go's internal preference order and
+ treat this list as a filter of allowed groups rather than an ordered preference.
+ Operators may remove entries their operands do not support.
+
+ When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ subject to change over time and may be different per platform component depending on the underlying TLS
+ libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ and each group must be unique.
+
+ For example, to use X25519 and secp256r1 (yaml):
+
+ groups:
+ - X25519
+ - secp256r1
+ items:
+ description: |-
+ TLSGroup is a supported group identifier that can be used in TLSProfile.Groups.
+ There is a one-to-one mapping between these names and the group IDs defined
+ in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry:
+ https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
+ enum:
+ - X25519
+ - secp256r1
+ - secp384r1
+ - secp521r1
+ - X25519MLKEM768
+ - SecP256r1MLKEM768
+ - SecP384r1MLKEM1024
+ type: string
+ maxItems: 7
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
minTLSVersion:
description: |-
minTLSVersion is used to specify the minimal version of the TLS protocol
@@ -587,6 +635,10 @@ spec:
legacy clients and want to remain highly secure while being compatible with
most clients currently in use.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS12
ciphers:
@@ -605,7 +657,9 @@ spec:
description: |-
modern is a TLS security profile for use with clients that support TLS 1.3 and
do not need backward compatibility for older clients.
-
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS13
ciphers:
@@ -619,6 +673,10 @@ spec:
old is a TLS profile for use when services need to be accessed by very old
clients or libraries and should be used only as a last resort.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS10
ciphers:
@@ -635,11 +693,14 @@ spec:
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
+ - AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
@@ -650,10 +711,16 @@ spec:
type is one of Old, Intermediate, Modern or Custom. Custom provides the
ability to specify individual TLS security profile parameters.
- The profiles are based on version 5.7 of the Mozilla Server Side TLS
- configuration guidelines. The cipher lists consist of the configuration's
- "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ The cipher and groups lists in these profiles are based on version 5.8 of the
+ Mozilla Server Side TLS configuration guidelines.
+ See: https://ssl-config.mozilla.org/guidelines/5.8.json
+
+ The groups are listed in suggested preference order, with the most preferred group first.
+ Note that not all platform components honor the ordering: Go-based components use Go's
+ internal preference order and treat this list as a filter of allowed groups rather than
+ an ordered preference.
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
The profiles are intent based, so they may change over time as new ciphers are
developed and existing ciphers are found to be insecure. Depending on
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml
index cd737e272..8c2695a58 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml
@@ -446,6 +446,434 @@ spec:
? has(self.requiredClaim) : !has(self.requiredClaim)'
type: array
x-kubernetes-list-type: atomic
+ externalClaimsSources:
+ description: |-
+ externalClaimsSources is an optional field that can be used to configure
+ sources, external to the token provided in a request, in which claims
+ should be fetched from and made available to the claim mapping process
+ that is used to build the identity of a token holder.
+
+ For example, fetching additional user metadata from an OIDC provider's UserInfo endpoint.
+
+ When not specified, only claims present in the token itself will be available
+ in the claim mapping process.
+
+ When specified, at least one external claim source must be specified and no more than 5
+ sources may be specified.
+ All external claim sources must have unique claim mappings.
+ When an external source responds and resolves additional claims successfully, they will
+ be made available as claims during the claim mapping process.
+ Externally sourced claims with the same name as a claim existing within the token will
+ overwrite the claim data from the token with the externally sourced information.
+ If an external source does not respond, responds with an error, or the additional
+ claim data cannot be resolved from the response successfully it will not be
+ included in the claim data passed to the claim mapping process.
+ items:
+ description: ExternalClaimsSource provides the configuration
+ for a single external claim source.
+ properties:
+ authentication:
+ description: |-
+ authentication is an optional field that configures how the apiserver authenticates with an external claims source.
+ When not specified, anonymous authentication is used which means no 'Authorization' header
+ is sent in the HTTP request to fetch the external claims.
+ properties:
+ clientCredential:
+ description: |-
+ clientCredential configures the client credentials
+ and token endpoint to use to get an access token.
+ clientCredential is required when type is 'ClientCredential', and forbidden otherwise.
+ properties:
+ clientID:
+ description: |-
+ clientID is a required client identifier to use during the OAuth2 client credentials flow.
+ clientID must be at least 1 character in length, must not exceed 256 characters in length,
+ and must only contain printable ASCII characters.
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: clientID must only contain printable
+ ASCII characters
+ rule: self.matches('^[[:print:]]+$')
+ clientSecret:
+ description: |-
+ clientSecret is a required reference to a Secret in the openshift-config namespace to be used
+ as the client secret during the OAuth2 client credentials flow.
+
+ The key 'client-secret' is used to locate the client secret data in the Secret.
+ properties:
+ name:
+ description: |-
+ name is the required name of the Secret that exists in the openshift-config namespace.
+
+ It must be at least 1 character in length, must not exceed 253 characters in length,
+ must start and end with a lowercase alphanumeric character, and must only contain
+ lowercase alphanumeric characters, '-' or '.'.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: name must start and end with a
+ lowercase alphanumeric character, and
+ must only contain lowercase alphanumeric
+ characters, '-' or '.'
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ required:
+ - name
+ type: object
+ scopes:
+ description: |-
+ scopes is an optional list of OAuth2 scopes to request when obtaining
+ an access token.
+
+ If not specified, the token endpoint's default scopes
+ will be used.
+
+ When specified, there must be at least 1 entry and must not exceed 16 entries.
+ Each entry must be at least 1 character in length and must not exceed 256 characters in length.
+ Each entry must only contain printable ASCII characters, excluding spaces, double quotes and backslashes.
+ Entries must be unique.
+ items:
+ description: |-
+ OAuth2Scope is a string alias that represents an OAuth2 Scope as defined by https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.4
+ Must be at least 1 character in length, must not exceed 256 characters in length and must only contain printable ASCII characters, excluding spaces, double quotes and backslashes.
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: scopes must only contain printable
+ ASCII characters excluding spaces, double
+ quotes and backslashes
+ rule: self.matches('^[!#-[\\]-~]+$')
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ tls:
+ description: |-
+ tls is an optional field that allows configuring the TLS
+ settings used to interact with the identity provider
+ as an OAuth2 client.
+
+ When omitted, system default TLS settings will be used
+ for the OAuth2 client.
+ properties:
+ certificateAuthority:
+ description: |-
+ certificateAuthority is a required reference to a ConfigMap in the openshift-config
+ namespace that contains the CA certificate to use to validate TLS connections with the external claims source.
+ The key "ca-bundle.crt" must be present in the referenced ConfigMap and must contain the CA certificate to be used
+ to verify the external source's TLS certificate.
+ properties:
+ name:
+ description: |-
+ name is the required name of the ConfigMap that exists in the openshift-config namespace.
+ The key "ca-bundle.crt" must be present and must contain the CA certificate to be used
+ to verify the external source's TLS certificate.
+
+ It must be at least 1 character in length, must not exceed 253 characters in length,
+ must start and end with a lowercase alphanumeric character, and must only contain
+ lowercase alphanumeric characters, '-' or '.'.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: name must start and end with
+ a lowercase alphanumeric character,
+ and must only contain lowercase alphanumeric
+ characters, '-' or '.'
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ required:
+ - name
+ type: object
+ required:
+ - certificateAuthority
+ type: object
+ tokenEndpoint:
+ description: |-
+ tokenEndpoint is a required URL to query for an access token using
+ the client credential OAuth2 flow.
+ tokenEndpoint must be at least 1 character in length and must not exceed 2048 characters in length.
+ tokenEndpoint must be a valid HTTPS URL.
+ tokenEndpoint must have a host and a path.
+ tokenEndpoint must not contain query parameters, fragments,
+ or user information (e.g., "user:password@host").
+ maxLength: 2048
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: tokenEndpoint must be a valid HTTPS
+ url
+ rule: isURL(self)
+ - message: tokenEndpoint must be a valid HTTPS
+ url
+ rule: isURL(self) && url(self).getScheme() ==
+ 'https'
+ - message: tokenEndpoint must have a hostname
+ rule: isURL(self) && url(self).getHost() !=
+ ''
+ - message: tokenEndpoint must have a path
+ rule: isURL(self) && url(self).getEscapedPath()
+ != ''
+ - message: tokenEndpoint must not have query parameters
+ rule: isURL(self) && url(self).getQuery() ==
+ {}
+ - message: tokenEndpoint must not have a fragment
+ rule: isURL(self) && self.find('#(.+)$') ==
+ ''
+ - message: tokenEndpoint must not have user info
+ rule: isURL(self) && !self.matches('^https://[^/]+@.+$')
+ required:
+ - clientID
+ - clientSecret
+ - tokenEndpoint
+ type: object
+ type:
+ description: |-
+ type is a required field that sets the type of
+ authentication method used by the authenticator
+ when fetching external claims.
+
+ Allowed values are 'RequestProvidedToken' and 'ClientCredential'.
+
+ When set to 'RequestProvidedToken', the authenticator will
+ use the token provided to the kube-apiserver as part of the
+ request to authenticate with the external claims source.
+
+ When set to 'ClientCredential', the authenticator will
+ use the configured client-id, client-secret, and token endpoint
+ to fetch an access token using the OAuth2 client credentials grant
+ flow. The fetched access token will then be used to authenticate
+ with the external claims source.
+ enum:
+ - RequestProvidedToken
+ - ClientCredential
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: clientCredential is required when type is ClientCredential,
+ and forbidden otherwise
+ rule: 'self.type == ''ClientCredential'' ? has(self.clientCredential)
+ : !has(self.clientCredential)'
+ mappings:
+ description: |-
+ mappings is a required list of the claim
+ and response handling expression pairs
+ that produces the claims from the external source.
+ mappings must have at least 1 entry and must not exceed 16 entries.
+ Entries must have a unique name across all external claim sources.
+ items:
+ description: |-
+ SourcedClaimMapping configures the mapping behavior for a single external claim
+ from the response the apiserver received from the external claim source.
+ properties:
+ expression:
+ description: |-
+ expression is a required CEL expression that
+ will produce a value to be assigned to the claim.
+ The full response body from the request to the
+ external claim source is provided via the
+ `response.body` variable.
+
+ The contents of the `response.body` variable varies based on the response received
+ from the external source. It is the responsibility of those configuring
+ this expression to understand what is returned from the external source.
+
+ expression must be at least 1 character and must not exceed 1024 characters in length.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ name:
+ description: |-
+ name is a required name of the claim that
+ will be produced and made available during
+ the claim-to-identity mapping process.
+ name must consist of only lowercase alpha characters and underscores ('_').
+ name must be at least 1 character and must not exceed 256 characters in length.
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: name must consist of only lowercase alpha
+ characters and underscores
+ rule: self.matches('^[a-z_]+$')
+ required:
+ - expression
+ - name
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ predicates:
+ description: |-
+ predicates is an optional list of constraints in
+ which claims should attempt to be fetched from this
+ external source.
+
+ When omitted, claims are always fetched
+ from this external source.
+
+ When specified, all predicates must evaluate to 'true'
+ before claims are attempted to be fetched from this external source.
+ predicates must have at least 1 entry and must not exceed 16 entries.
+ Entries must have unique expressions.
+ items:
+ description: |-
+ ExternalSourcePredicate configures a singular condition
+ that must return true before the external source is queried
+ to retrieve external claims.
+ properties:
+ expression:
+ description: |-
+ expression is a required CEL expression that
+ is used to determine whether or not an external
+ source should be used to fetch external claims.
+
+ The expression must return a boolean value,
+ where true means that the source should be consulted
+ and false means that it should not.
+
+ Claims from the token used for the request to the kube-apiserver
+ are made available via the `claims` variable.
+
+ The contents of the `claims` variable varies based on the claims that are
+ present in the token being validated. It is the responsibility of those configuring this
+ field to understand what claims the identity provider includes when issuing tokens.
+
+ expression must be at least 1 character and must not exceed 1024 characters in length.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - expression
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - expression
+ x-kubernetes-list-type: map
+ tls:
+ description: |-
+ tls is an optional field that configures the http client TLS
+ settings when fetching external claims from this source.
+
+ When omitted, system default TLS settings will be used
+ for fetching claims from the external source.
+ properties:
+ certificateAuthority:
+ description: |-
+ certificateAuthority is a required reference to a ConfigMap in the openshift-config
+ namespace that contains the CA certificate to use to validate TLS connections with the external claims source.
+ The key "ca-bundle.crt" must be present in the referenced ConfigMap and must contain the CA certificate to be used
+ to verify the external source's TLS certificate.
+ properties:
+ name:
+ description: |-
+ name is the required name of the ConfigMap that exists in the openshift-config namespace.
+ The key "ca-bundle.crt" must be present and must contain the CA certificate to be used
+ to verify the external source's TLS certificate.
+
+ It must be at least 1 character in length, must not exceed 253 characters in length,
+ must start and end with a lowercase alphanumeric character, and must only contain
+ lowercase alphanumeric characters, '-' or '.'.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: name must start and end with a lowercase
+ alphanumeric character, and must only contain
+ lowercase alphanumeric characters, '-' or
+ '.'
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ required:
+ - name
+ type: object
+ required:
+ - certificateAuthority
+ type: object
+ url:
+ description: |-
+ url is a required configuration of the URL
+ for which the external claims are located.
+ properties:
+ hostname:
+ description: |-
+ hostname is a required hostname for which the external claims are located.
+
+ It must be a valid DNS subdomain name as per RFC1123.
+
+ This means that it must start and end with a lowercase alphanumeric character,
+ must only consist of lowercase alphanumeric characters, '-', and '.'.
+ hostname may optionally specify a port in the format ':{port}'.
+ If a port is specified it must not exceed 65535.
+
+ hostname must be at least 1 character in length.
+ When specifying a port, hostname must not exceed 259 characters in length.
+ When not specifying a port, hostname must not exceed 253 characters in length.
+ maxLength: 259
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: hostname must be a valid hostname
+ rule: isURL('https://'+self)
+ - message: hostname before port must start and end
+ with a lowercase alphanumeric character, and must
+ only contain lowercase alphanumeric characters,
+ '-' or '.'
+ rule: '!format.dns1123Subdomain().validate(self.split('':'')[0]).hasValue()'
+ - message: port must not exceed 65535
+ rule: 'self.split('':'').size() > 1 ? int(self.split('':'')[1])
+ <= 65535 : true'
+ pathExpression:
+ description: |-
+ pathExpression is a required CEL expression that returns a list
+ of string values used to construct the URL path.
+ Claims from the token used for the request to the kube-apiserver
+ are made available via the `claims` variable.
+ expression must be at least 1 character in length and must not exceed 1024 characters in length.
+
+ Values in the returned list will be joined with the hostname using a forward slash
+ (`/`) as a separator. Values in the returned list do not need to include the forward slash.
+ If a forward slash is included in a returned value, it will be encoded as `%2F`.
+
+ Example of a static path configuration:
+
+ pathExpression: ['realms', 'k8s', 'protocol', 'openid-connect', 'userinfo']
+
+ The above example would resolve to the path: '/realms/k8s/protocol/openid-connect/userinfo'
+
+ Example of a dynamic path configuration:
+
+ pathExpression: "['admin', 'realms', 'k8s', 'users'] + [claims.sub] + ['groups']"
+
+ Assuming 'claims.sub' is set to '12345', the above example would resolve to the path: '/admin/realms/k8s/users/12345/groups'
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - hostname
+ - pathExpression
+ type: object
+ required:
+ - mappings
+ - url
+ type: object
+ maxItems: 5
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: mapping names must be unique across all external
+ claim sources.
+ rule: self.all(s, s.mappings.all(m, self.filter(s2, s2.mappings.exists(m2,
+ m2.name == m.name)).size() == 1))
issuer:
description: issuer is a required field that configures how
the platform interacts with the identity provider and how
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml
index bf116984f..09111b08c 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml
@@ -446,6 +446,434 @@ spec:
? has(self.requiredClaim) : !has(self.requiredClaim)'
type: array
x-kubernetes-list-type: atomic
+ externalClaimsSources:
+ description: |-
+ externalClaimsSources is an optional field that can be used to configure
+ sources, external to the token provided in a request, in which claims
+ should be fetched from and made available to the claim mapping process
+ that is used to build the identity of a token holder.
+
+ For example, fetching additional user metadata from an OIDC provider's UserInfo endpoint.
+
+ When not specified, only claims present in the token itself will be available
+ in the claim mapping process.
+
+ When specified, at least one external claim source must be specified and no more than 5
+ sources may be specified.
+ All external claim sources must have unique claim mappings.
+ When an external source responds and resolves additional claims successfully, they will
+ be made available as claims during the claim mapping process.
+ Externally sourced claims with the same name as a claim existing within the token will
+ overwrite the claim data from the token with the externally sourced information.
+ If an external source does not respond, responds with an error, or the additional
+ claim data cannot be resolved from the response successfully it will not be
+ included in the claim data passed to the claim mapping process.
+ items:
+ description: ExternalClaimsSource provides the configuration
+ for a single external claim source.
+ properties:
+ authentication:
+ description: |-
+ authentication is an optional field that configures how the apiserver authenticates with an external claims source.
+ When not specified, anonymous authentication is used which means no 'Authorization' header
+ is sent in the HTTP request to fetch the external claims.
+ properties:
+ clientCredential:
+ description: |-
+ clientCredential configures the client credentials
+ and token endpoint to use to get an access token.
+ clientCredential is required when type is 'ClientCredential', and forbidden otherwise.
+ properties:
+ clientID:
+ description: |-
+ clientID is a required client identifier to use during the OAuth2 client credentials flow.
+ clientID must be at least 1 character in length, must not exceed 256 characters in length,
+ and must only contain printable ASCII characters.
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: clientID must only contain printable
+ ASCII characters
+ rule: self.matches('^[[:print:]]+$')
+ clientSecret:
+ description: |-
+ clientSecret is a required reference to a Secret in the openshift-config namespace to be used
+ as the client secret during the OAuth2 client credentials flow.
+
+ The key 'client-secret' is used to locate the client secret data in the Secret.
+ properties:
+ name:
+ description: |-
+ name is the required name of the Secret that exists in the openshift-config namespace.
+
+ It must be at least 1 character in length, must not exceed 253 characters in length,
+ must start and end with a lowercase alphanumeric character, and must only contain
+ lowercase alphanumeric characters, '-' or '.'.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: name must start and end with a
+ lowercase alphanumeric character, and
+ must only contain lowercase alphanumeric
+ characters, '-' or '.'
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ required:
+ - name
+ type: object
+ scopes:
+ description: |-
+ scopes is an optional list of OAuth2 scopes to request when obtaining
+ an access token.
+
+ If not specified, the token endpoint's default scopes
+ will be used.
+
+ When specified, there must be at least 1 entry and must not exceed 16 entries.
+ Each entry must be at least 1 character in length and must not exceed 256 characters in length.
+ Each entry must only contain printable ASCII characters, excluding spaces, double quotes and backslashes.
+ Entries must be unique.
+ items:
+ description: |-
+ OAuth2Scope is a string alias that represents an OAuth2 Scope as defined by https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.4
+ Must be at least 1 character in length, must not exceed 256 characters in length and must only contain printable ASCII characters, excluding spaces, double quotes and backslashes.
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: scopes must only contain printable
+ ASCII characters excluding spaces, double
+ quotes and backslashes
+ rule: self.matches('^[!#-[\\]-~]+$')
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ tls:
+ description: |-
+ tls is an optional field that allows configuring the TLS
+ settings used to interact with the identity provider
+ as an OAuth2 client.
+
+ When omitted, system default TLS settings will be used
+ for the OAuth2 client.
+ properties:
+ certificateAuthority:
+ description: |-
+ certificateAuthority is a required reference to a ConfigMap in the openshift-config
+ namespace that contains the CA certificate to use to validate TLS connections with the external claims source.
+ The key "ca-bundle.crt" must be present in the referenced ConfigMap and must contain the CA certificate to be used
+ to verify the external source's TLS certificate.
+ properties:
+ name:
+ description: |-
+ name is the required name of the ConfigMap that exists in the openshift-config namespace.
+ The key "ca-bundle.crt" must be present and must contain the CA certificate to be used
+ to verify the external source's TLS certificate.
+
+ It must be at least 1 character in length, must not exceed 253 characters in length,
+ must start and end with a lowercase alphanumeric character, and must only contain
+ lowercase alphanumeric characters, '-' or '.'.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: name must start and end with
+ a lowercase alphanumeric character,
+ and must only contain lowercase alphanumeric
+ characters, '-' or '.'
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ required:
+ - name
+ type: object
+ required:
+ - certificateAuthority
+ type: object
+ tokenEndpoint:
+ description: |-
+ tokenEndpoint is a required URL to query for an access token using
+ the client credential OAuth2 flow.
+ tokenEndpoint must be at least 1 character in length and must not exceed 2048 characters in length.
+ tokenEndpoint must be a valid HTTPS URL.
+ tokenEndpoint must have a host and a path.
+ tokenEndpoint must not contain query parameters, fragments,
+ or user information (e.g., "user:password@host").
+ maxLength: 2048
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: tokenEndpoint must be a valid HTTPS
+ url
+ rule: isURL(self)
+ - message: tokenEndpoint must be a valid HTTPS
+ url
+ rule: isURL(self) && url(self).getScheme() ==
+ 'https'
+ - message: tokenEndpoint must have a hostname
+ rule: isURL(self) && url(self).getHost() !=
+ ''
+ - message: tokenEndpoint must have a path
+ rule: isURL(self) && url(self).getEscapedPath()
+ != ''
+ - message: tokenEndpoint must not have query parameters
+ rule: isURL(self) && url(self).getQuery() ==
+ {}
+ - message: tokenEndpoint must not have a fragment
+ rule: isURL(self) && self.find('#(.+)$') ==
+ ''
+ - message: tokenEndpoint must not have user info
+ rule: isURL(self) && !self.matches('^https://[^/]+@.+$')
+ required:
+ - clientID
+ - clientSecret
+ - tokenEndpoint
+ type: object
+ type:
+ description: |-
+ type is a required field that sets the type of
+ authentication method used by the authenticator
+ when fetching external claims.
+
+ Allowed values are 'RequestProvidedToken' and 'ClientCredential'.
+
+ When set to 'RequestProvidedToken', the authenticator will
+ use the token provided to the kube-apiserver as part of the
+ request to authenticate with the external claims source.
+
+ When set to 'ClientCredential', the authenticator will
+ use the configured client-id, client-secret, and token endpoint
+ to fetch an access token using the OAuth2 client credentials grant
+ flow. The fetched access token will then be used to authenticate
+ with the external claims source.
+ enum:
+ - RequestProvidedToken
+ - ClientCredential
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: clientCredential is required when type is ClientCredential,
+ and forbidden otherwise
+ rule: 'self.type == ''ClientCredential'' ? has(self.clientCredential)
+ : !has(self.clientCredential)'
+ mappings:
+ description: |-
+ mappings is a required list of the claim
+ and response handling expression pairs
+ that produces the claims from the external source.
+ mappings must have at least 1 entry and must not exceed 16 entries.
+ Entries must have a unique name across all external claim sources.
+ items:
+ description: |-
+ SourcedClaimMapping configures the mapping behavior for a single external claim
+ from the response the apiserver received from the external claim source.
+ properties:
+ expression:
+ description: |-
+ expression is a required CEL expression that
+ will produce a value to be assigned to the claim.
+ The full response body from the request to the
+ external claim source is provided via the
+ `response.body` variable.
+
+ The contents of the `response.body` variable varies based on the response received
+ from the external source. It is the responsibility of those configuring
+ this expression to understand what is returned from the external source.
+
+ expression must be at least 1 character and must not exceed 1024 characters in length.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ name:
+ description: |-
+ name is a required name of the claim that
+ will be produced and made available during
+ the claim-to-identity mapping process.
+ name must consist of only lowercase alpha characters and underscores ('_').
+ name must be at least 1 character and must not exceed 256 characters in length.
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: name must consist of only lowercase alpha
+ characters and underscores
+ rule: self.matches('^[a-z_]+$')
+ required:
+ - expression
+ - name
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ predicates:
+ description: |-
+ predicates is an optional list of constraints in
+ which claims should attempt to be fetched from this
+ external source.
+
+ When omitted, claims are always fetched
+ from this external source.
+
+ When specified, all predicates must evaluate to 'true'
+ before claims are attempted to be fetched from this external source.
+ predicates must have at least 1 entry and must not exceed 16 entries.
+ Entries must have unique expressions.
+ items:
+ description: |-
+ ExternalSourcePredicate configures a singular condition
+ that must return true before the external source is queried
+ to retrieve external claims.
+ properties:
+ expression:
+ description: |-
+ expression is a required CEL expression that
+ is used to determine whether or not an external
+ source should be used to fetch external claims.
+
+ The expression must return a boolean value,
+ where true means that the source should be consulted
+ and false means that it should not.
+
+ Claims from the token used for the request to the kube-apiserver
+ are made available via the `claims` variable.
+
+ The contents of the `claims` variable varies based on the claims that are
+ present in the token being validated. It is the responsibility of those configuring this
+ field to understand what claims the identity provider includes when issuing tokens.
+
+ expression must be at least 1 character and must not exceed 1024 characters in length.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - expression
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - expression
+ x-kubernetes-list-type: map
+ tls:
+ description: |-
+ tls is an optional field that configures the http client TLS
+ settings when fetching external claims from this source.
+
+ When omitted, system default TLS settings will be used
+ for fetching claims from the external source.
+ properties:
+ certificateAuthority:
+ description: |-
+ certificateAuthority is a required reference to a ConfigMap in the openshift-config
+ namespace that contains the CA certificate to use to validate TLS connections with the external claims source.
+ The key "ca-bundle.crt" must be present in the referenced ConfigMap and must contain the CA certificate to be used
+ to verify the external source's TLS certificate.
+ properties:
+ name:
+ description: |-
+ name is the required name of the ConfigMap that exists in the openshift-config namespace.
+ The key "ca-bundle.crt" must be present and must contain the CA certificate to be used
+ to verify the external source's TLS certificate.
+
+ It must be at least 1 character in length, must not exceed 253 characters in length,
+ must start and end with a lowercase alphanumeric character, and must only contain
+ lowercase alphanumeric characters, '-' or '.'.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: name must start and end with a lowercase
+ alphanumeric character, and must only contain
+ lowercase alphanumeric characters, '-' or
+ '.'
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ required:
+ - name
+ type: object
+ required:
+ - certificateAuthority
+ type: object
+ url:
+ description: |-
+ url is a required configuration of the URL
+ for which the external claims are located.
+ properties:
+ hostname:
+ description: |-
+ hostname is a required hostname for which the external claims are located.
+
+ It must be a valid DNS subdomain name as per RFC1123.
+
+ This means that it must start and end with a lowercase alphanumeric character,
+ must only consist of lowercase alphanumeric characters, '-', and '.'.
+ hostname may optionally specify a port in the format ':{port}'.
+ If a port is specified it must not exceed 65535.
+
+ hostname must be at least 1 character in length.
+ When specifying a port, hostname must not exceed 259 characters in length.
+ When not specifying a port, hostname must not exceed 253 characters in length.
+ maxLength: 259
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: hostname must be a valid hostname
+ rule: isURL('https://'+self)
+ - message: hostname before port must start and end
+ with a lowercase alphanumeric character, and must
+ only contain lowercase alphanumeric characters,
+ '-' or '.'
+ rule: '!format.dns1123Subdomain().validate(self.split('':'')[0]).hasValue()'
+ - message: port must not exceed 65535
+ rule: 'self.split('':'').size() > 1 ? int(self.split('':'')[1])
+ <= 65535 : true'
+ pathExpression:
+ description: |-
+ pathExpression is a required CEL expression that returns a list
+ of string values used to construct the URL path.
+ Claims from the token used for the request to the kube-apiserver
+ are made available via the `claims` variable.
+ expression must be at least 1 character in length and must not exceed 1024 characters in length.
+
+ Values in the returned list will be joined with the hostname using a forward slash
+ (`/`) as a separator. Values in the returned list do not need to include the forward slash.
+ If a forward slash is included in a returned value, it will be encoded as `%2F`.
+
+ Example of a static path configuration:
+
+ pathExpression: ['realms', 'k8s', 'protocol', 'openid-connect', 'userinfo']
+
+ The above example would resolve to the path: '/realms/k8s/protocol/openid-connect/userinfo'
+
+ Example of a dynamic path configuration:
+
+ pathExpression: "['admin', 'realms', 'k8s', 'users'] + [claims.sub] + ['groups']"
+
+ Assuming 'claims.sub' is set to '12345', the above example would resolve to the path: '/admin/realms/k8s/users/12345/groups'
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - hostname
+ - pathExpression
+ type: object
+ required:
+ - mappings
+ - url
+ type: object
+ maxItems: 5
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: mapping names must be unique across all external
+ claim sources.
+ rule: self.all(s, s.mappings.all(m, self.filter(s2, s2.mappings.exists(m2,
+ m2.name == m.name)).size() == 1))
issuer:
description: issuer is a required field that configures how
the platform interacts with the identity provider and how
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_criocredentialproviderconfigs.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_criocredentialproviderconfigs.crd.yaml
new file mode 100644
index 000000000..9aa182639
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_criocredentialproviderconfigs.crd.yaml
@@ -0,0 +1,409 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/2725
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade,DevPreviewNoUpgrade,TechPreviewNoUpgrade
+ name: criocredentialproviderconfigs.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: CRIOCredentialProviderConfig
+ listKind: CRIOCredentialProviderConfigList
+ plural: criocredentialproviderconfigs
+ singular: criocredentialproviderconfig
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is "cluster". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources.
+ For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in.
+ CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation.
+ Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.
+
+ The resource is a singleton named "cluster".
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ spec defines the desired configuration of the CRI-O Credential Provider.
+ This field is required and must be provided when creating the resource.
+ minProperties: 0
+ properties:
+ matchImages:
+ description: |-
+ matchImages is a list of string patterns used to determine whether
+ the CRI-O credential provider should be invoked for a given image. This list is
+ passed to the kubelet CredentialProviderConfig, and if any pattern matches
+ the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling
+ that image or its mirrors.
+ Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider.
+ Conflicts between the existing platform specific provider image match configuration and this list will be handled by
+ the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those
+ from the CRIOCredentialProviderConfig when both match the same image.
+ To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with
+ existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml).
+ You can check the resource's Status conditions
+ to see if any entries were ignored due to exact matches with known built-in provider patterns.
+
+ This field is optional, the items of the list must contain between 1 and 50 entries.
+ The list is treated as a set, so duplicate entries are not allowed.
+
+ For more details, see:
+ https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/
+ https://github.com/cri-o/crio-credential-provider#architecture
+
+ Each entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters.
+ Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io',
+ and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net').
+ A global wildcard '*' (matching any domain) is not allowed.
+ Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path.
+ For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not.
+ Each wildcard matches only a single domain label,
+ so '*.io' does **not** match '*.k8s.io'.
+
+ A match exists between an image and a matchImage when all of the below are true:
+ Both contain the same number of domain parts and each part matches.
+ The URL path of an matchImages must be a prefix of the target image URL path.
+ If the matchImages contains a port, then the port must match in the image as well.
+
+ Example values of matchImages:
+ - 123456789.dkr.ecr.us-east-1.amazonaws.com
+ - *.azurecr.io
+ - gcr.io
+ - *.*.registry.io
+ - registry.io:8080/path
+ items:
+ description: |-
+ MatchImage is a string pattern used to match container image registry addresses.
+ It must be a valid fully qualified domain name with optional wildcard, port, and path.
+ The maximum length is 512 characters.
+
+ Wildcards ('*') are supported for full subdomain labels and top-level domains.
+ Each entry can optionally contain a port (e.g., :8080) and a path (e.g., /path).
+ Wildcards are not allowed in the port or path portions.
+
+ Examples:
+ - "registry.io" - matches exactly registry.io
+ - "*.azurecr.io" - matches any single subdomain of azurecr.io
+ - "registry.io:8080/path" - matches with specific port and path prefix
+ maxLength: 512
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: global wildcard '*' is not allowed
+ rule: self != '*'
+ - message: invalid matchImages value, must be a valid fully qualified
+ domain name in lowercase with optional wildcard, port, and path
+ rule: self.matches('^((\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?)(\\.(\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?))*)(:[0-9]+)?(/[-a-z0-9._/]*)?$')
+ maxItems: 50
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ status:
+ description: |-
+ status represents the current state of the CRIOCredentialProviderConfig.
+ When omitted or nil, it indicates that the status has not yet been set by the controller.
+ The controller will populate this field with validation conditions and operational state.
+ minProperties: 1
+ properties:
+ conditions:
+ description: |-
+ conditions represent the latest available observations of the configuration state.
+ When omitted, it indicates that no conditions have been reported yet.
+ The maximum number of conditions is 16.
+ Conditions are stored as a map keyed by condition type, ensuring uniqueness.
+
+ Expected condition types include:
+ "Validated": indicates whether the matchImages configuration is valid
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - spec
+ type: object
+ x-kubernetes-validations:
+ - message: criocredentialproviderconfig is a singleton, .metadata.name must
+ be 'cluster'
+ rule: self.metadata.name == 'cluster'
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is "cluster". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources.
+ For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in.
+ CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation.
+ Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.
+
+ The resource is a singleton named "cluster".
+
+ Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ spec defines the desired configuration of the CRI-O Credential Provider.
+ This field is required and must be provided when creating the resource.
+ minProperties: 0
+ properties:
+ matchImages:
+ description: |-
+ matchImages is a list of string patterns used to determine whether
+ the CRI-O credential provider should be invoked for a given image. This list is
+ passed to the kubelet CredentialProviderConfig, and if any pattern matches
+ the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling
+ that image or its mirrors.
+ Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider.
+ Conflicts between the existing platform specific provider image match configuration and this list will be handled by
+ the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those
+ from the CRIOCredentialProviderConfig when both match the same image.
+ To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with
+ existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml).
+ You can check the resource's Status conditions
+ to see if any entries were ignored due to exact matches with known built-in provider patterns.
+
+ This field is optional, the items of the list must contain between 1 and 50 entries.
+ The list is treated as a set, so duplicate entries are not allowed.
+
+ For more details, see:
+ https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/
+ https://github.com/cri-o/crio-credential-provider#architecture
+
+ Each entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters.
+ Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io',
+ and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net').
+ A global wildcard '*' (matching any domain) is not allowed.
+ Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path.
+ For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not.
+ Each wildcard matches only a single domain label,
+ so '*.io' does **not** match '*.k8s.io'.
+
+ A match exists between an image and a matchImage when all of the below are true:
+ Both contain the same number of domain parts and each part matches.
+ The URL path of an matchImages must be a prefix of the target image URL path.
+ If the matchImages contains a port, then the port must match in the image as well.
+
+ Example values of matchImages:
+ - 123456789.dkr.ecr.us-east-1.amazonaws.com
+ - *.azurecr.io
+ - gcr.io
+ - *.*.registry.io
+ - registry.io:8080/path
+ items:
+ description: |-
+ MatchImage is a string pattern used to match container image registry addresses.
+ It must be a valid fully qualified domain name with optional wildcard, port, and path.
+ The maximum length is 512 characters.
+
+ Wildcards ('*') are supported for full subdomain labels and top-level domains.
+ Each entry can optionally contain a port (e.g., :8080) and a path (e.g., /path).
+ Wildcards are not allowed in the port or path portions.
+
+ Examples:
+ - "registry.io" - matches exactly registry.io
+ - "*.azurecr.io" - matches any single subdomain of azurecr.io
+ - "registry.io:8080/path" - matches with specific port and path prefix
+ maxLength: 512
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: global wildcard '*' is not allowed
+ rule: self != '*'
+ - message: invalid matchImages value, must be a valid fully qualified
+ domain name in lowercase with optional wildcard, port, and path
+ rule: self.matches('^((\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?)(\\.(\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?))*)(:[0-9]+)?(/[-a-z0-9._/]*)?$')
+ maxItems: 50
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ status:
+ description: |-
+ status represents the current state of the CRIOCredentialProviderConfig.
+ When omitted or nil, it indicates that the status has not yet been set by the controller.
+ The controller will populate this field with validation conditions and operational state.
+ minProperties: 1
+ properties:
+ conditions:
+ description: |-
+ conditions represent the latest available observations of the configuration state.
+ When omitted, it indicates that no conditions have been reported yet.
+ The maximum number of conditions is 16.
+ Conditions are stored as a map keyed by condition type, ensuring uniqueness.
+
+ Expected condition types include:
+ "Validated": indicates whether the matchImages configuration is valid
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - spec
+ type: object
+ x-kubernetes-validations:
+ - message: criocredentialproviderconfig is a singleton, .metadata.name must
+ be 'cluster'
+ rule: self.metadata.name == 'cluster'
+ served: true
+ storage: false
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml
index 52ea2a9a5..815a0de5b 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml
@@ -129,19 +129,45 @@ spec:
allowedRegistries:
description: |-
allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
+ Each entry must be a valid registry scope in the format hostname[:port][/path],
+ optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com").
+ The hostname must consist of valid DNS labels separated by dots, where each label
+ contains only alphanumeric characters and hyphens and does not start or end with a hyphen.
+ Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."),
+ and must be at most 256 characters in length. The list may contain at most 1024 entries.
Only one of BlockedRegistries or AllowedRegistries may be set.
items:
+ maxLength: 256
+ minLength: 1
type: string
+ x-kubernetes-validations:
+ - message: each registry must be a valid hostname[:port][/path]
+ or wildcard *.hostname format without tags or digests
+ rule: self.matches('^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')
+ maxItems: 1024
type: array
x-kubernetes-list-type: atomic
blockedRegistries:
description: |-
blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
+ Each entry must be a valid registry scope in the format hostname[:port][/path],
+ optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com").
+ The hostname must consist of valid DNS labels separated by dots, where each label
+ contains only alphanumeric characters and hyphens and does not start or end with a hyphen.
+ Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."),
+ and must be at most 256 characters in length. The list may contain at most 1024 entries.
Only one of BlockedRegistries or AllowedRegistries may be set.
items:
+ maxLength: 256
+ minLength: 1
type: string
+ x-kubernetes-validations:
+ - message: each registry must be a valid hostname[:port][/path]
+ or wildcard *.hostname format without tags or digests
+ rule: self.matches('^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')
+ maxItems: 1024
type: array
x-kubernetes-list-type: atomic
containerRuntimeSearchRegistries:
@@ -156,10 +182,23 @@ spec:
type: array
x-kubernetes-list-type: set
insecureRegistries:
- description: insecureRegistries are registries which do not have
- a valid TLS certificates or only support HTTP connections.
+ description: |-
+ insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
+ Each entry must be a valid registry scope in the format hostname[:port][/path],
+ optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com").
+ The hostname must consist of valid DNS labels separated by dots, where each label
+ contains only alphanumeric characters and hyphens and does not start or end with a hyphen.
+ Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."),
+ and must be at most 256 characters in length. The list may contain at most 1024 entries.
items:
+ maxLength: 256
+ minLength: 1
type: string
+ x-kubernetes-validations:
+ - message: each registry must be a valid hostname[:port][/path]
+ or wildcard *.hostname format without tags or digests
+ rule: self.matches('^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')
+ maxItems: 1024
type: array
x-kubernetes-list-type: atomic
type: object
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml
index 8d94616b3..0305366df 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml
@@ -965,10 +965,11 @@ spec:
vcenters:
description: |-
vcenters holds the connection details for services to communicate with vCenter.
- Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.
+ Up to 3 vCenters are supported.
Once the cluster has been installed, you are unable to change the current number of defined
- vCenters except in the case where the cluster has been upgraded from a version of OpenShift
- where the vsphere platform spec was not present. You may make modifications to the existing
+ vCenters except when 1.) the cluster has been upgraded from a version of OpenShift
+ where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and
+ remove vCenters but may not remove all vCenters. You may make modifications to the existing
vCenters that are defined in the vcenters list in order to match with any added or modified
failure domains.
items:
@@ -1013,27 +1014,23 @@ spec:
- server
type: object
maxItems: 3
- minItems: 0
+ minItems: 1
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
- - message: vcenters cannot be added or removed once set
- rule: 'size(self) != size(oldSelf) ? size(oldSelf) == 0
- && size(self) < 2 : true'
+ - message: vcenters must have unique server values
+ rule: self.all(x, self.exists_one(y, y.server == x.server))
type: object
x-kubernetes-validations:
- message: apiServerInternalIPs list is required once set
rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
- message: ingressIPs list is required once set
rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
- - message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters)
- < 2 : true'
type: object
x-kubernetes-validations:
- message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters)
- < 2 : true'
+ rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? (has(self.vsphere.vcenters)
+ && size(self.vsphere.vcenters) < 2) : true'
type: object
status:
description: status holds observed values from the cluster. They may not
@@ -1186,6 +1183,110 @@ spec:
description: aws contains settings specific to the Amazon Web
Services infrastructure provider.
properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
region:
description: region holds the default AWS region for new AWS
resources created by the cluster.
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Hypershift-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Hypershift-CustomNoUpgrade.crd.yaml
new file mode 100644
index 000000000..2829b41dc
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Hypershift-CustomNoUpgrade.crd.yaml
@@ -0,0 +1,2798 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
+ name: infrastructures.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Infrastructure
+ listKind: InfrastructureList
+ plural: infrastructures
+ singular: infrastructure
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ cloudConfig:
+ description: |-
+ cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file.
+ This configuration file is used to configure the Kubernetes cloud provider integration
+ when using the built-in cloud provider integration or the external cloud controller manager.
+ The namespace for this config map is openshift-config.
+
+ cloudConfig should only be consumed by the kube_cloud_config controller.
+ The controller is responsible for using the user configuration in the spec
+ for various platforms and combining that with the user provided ConfigMap in this field
+ to create a stitched kube cloud config.
+ The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace
+ with the kube cloud config is stored in `cloud.conf` key.
+ All the clients are expected to use the generated ConfigMap only.
+ properties:
+ key:
+ description: key allows pointing to a specific key/value inside
+ of the configmap. This is useful for logical file references.
+ type: string
+ name:
+ type: string
+ type: object
+ controlPlaneTopology:
+ description: |-
+ controlPlaneTopology expresses the desired topology configuration for control nodes.
+
+ When status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable',
+ a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable.
+
+ When left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value,
+ no changes are required and no transitions will be triggered.
+
+ This value may be set to match status.controlPlaneTopology regardless of the current value.
+ enum:
+ - HighlyAvailable
+ - SingleReplica
+ type: string
+ platformSpec:
+ description: |-
+ platformSpec holds desired information specific to the underlying
+ infrastructure provider.
+ properties:
+ alibabaCloud:
+ description: alibabaCloud contains settings specific to the Alibaba
+ Cloud infrastructure provider.
+ type: object
+ aws:
+ description: aws contains settings specific to the Amazon Web
+ Services infrastructure provider.
+ properties:
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints list contains custom endpoints which will override default
+ service endpoint of AWS Services.
+ There must be only one ServiceEndpoint for a service.
+ items:
+ description: |-
+ AWSServiceEndpoint store the configuration of a custom url to
+ override existing defaults of AWS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the AWS service.
+ The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html
+ This must be provided and cannot be empty.
+ pattern: ^[a-z0-9-]+$
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ pattern: ^https://
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ azure:
+ description: azure contains settings specific to the Azure infrastructure
+ provider.
+ type: object
+ baremetal:
+ description: baremetal contains settings specific to the BareMetal
+ platform.
+ properties:
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.apiServerInternalIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.ingressIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ machineNetworks:
+ description: |-
+ machineNetworks are IP networks used to connect all the OpenShift cluster
+ nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+ for example "10.0.0.0/8" or "fd00::/8".
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ type: object
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs list is required once set
+ rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
+ - message: ingressIPs list is required once set
+ rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
+ equinixMetal:
+ description: equinixMetal contains settings specific to the Equinix
+ Metal infrastructure provider.
+ type: object
+ external:
+ description: |-
+ ExternalPlatformType represents generic infrastructure provider.
+ Platform-specific components should be supplemented separately.
+ properties:
+ platformName:
+ default: Unknown
+ description: |-
+ platformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time.
+ This field is solely for informational and reporting purposes and is not expected to be used for decision-making.
+ type: string
+ x-kubernetes-validations:
+ - message: platform name cannot be changed once set
+ rule: oldSelf == 'Unknown' || self == oldSelf
+ type: object
+ gcp:
+ description: gcp contains settings specific to the Google Cloud
+ Platform infrastructure provider.
+ type: object
+ ibmcloud:
+ description: ibmcloud contains settings specific to the IBMCloud
+ infrastructure provider.
+ properties:
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of an IBM service. These endpoints are used by components
+ within the cluster when trying to reach the IBM Cloud Services that have been
+ overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each
+ endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus
+ are updated to reflect the same custom endpoints.
+ A maximum of 13 service endpoints overrides are supported.
+ items:
+ description: |-
+ IBMCloudServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of IBM Cloud Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the IBM Cloud service.
+ Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC.
+ For example, the IBM Cloud Private IAM service could be configured with the
+ service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com`
+ Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured
+ with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty. The path must follow the pattern
+ /v[0,9]+ or /api/v[0,9]+
+ maxLength: 300
+ type: string
+ x-kubernetes-validations:
+ - message: url must use https scheme
+ rule: url(self).getScheme() == "https"
+ - message: url path must match /v[0,9]+ or /api/v[0,9]+
+ rule: matches((url(self).getEscapedPath()), '^/(api/)?v[0-9]+/{0,1}$')
+ - message: url must be a valid absolute URL
+ rule: isURL(self)
+ required:
+ - name
+ - url
+ type: object
+ maxItems: 13
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ kubevirt:
+ description: kubevirt contains settings specific to the kubevirt
+ infrastructure provider.
+ type: object
+ nutanix:
+ description: nutanix contains settings specific to the Nutanix
+ infrastructure provider.
+ properties:
+ failureDomains:
+ description: |-
+ failureDomains configures failure domains information for the Nutanix platform.
+ When set, the failure domains defined here may be used to spread Machines across
+ prism element clusters to improve fault tolerance of the cluster.
+ items:
+ description: NutanixFailureDomain configures failure domain
+ information for the Nutanix platform.
+ properties:
+ cluster:
+ description: |-
+ cluster is to identify the cluster (the Prism Element under management of the Prism Central),
+ in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained
+ from the Prism Central console or using the prism_central API.
+ properties:
+ name:
+ description: name is the resource name in the PC.
+ It cannot be empty if the type is Name.
+ type: string
+ type:
+ description: type is the identifier type to use
+ for this resource.
+ enum:
+ - UUID
+ - Name
+ type: string
+ uuid:
+ description: uuid is the UUID of the resource in
+ the PC. It cannot be empty if the type is UUID.
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: uuid configuration is required when type
+ is UUID, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid)
+ : !has(self.uuid)'
+ - message: name configuration is required when type
+ is Name, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''Name'' ? has(self.name)
+ : !has(self.name)'
+ name:
+ description: |-
+ name defines the unique name of a failure domain.
+ Name is required and must be at most 64 characters in length.
+ It must consist of only lower case alphanumeric characters and hyphens (-).
+ It must start and end with an alphanumeric character.
+ This value is arbitrary and is used to identify the failure domain within the platform.
+ maxLength: 64
+ minLength: 1
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ subnets:
+ description: |-
+ subnets holds a list of identifiers (one or more) of the cluster's network subnets
+ If the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured.
+ for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be
+ obtained from the Prism Central console or using the prism_central API.
+ items:
+ description: NutanixResourceIdentifier holds the identity
+ of a Nutanix PC resource (cluster, image, subnet,
+ etc.)
+ properties:
+ name:
+ description: name is the resource name in the
+ PC. It cannot be empty if the type is Name.
+ type: string
+ type:
+ description: type is the identifier type to use
+ for this resource.
+ enum:
+ - UUID
+ - Name
+ type: string
+ uuid:
+ description: uuid is the UUID of the resource
+ in the PC. It cannot be empty if the type is
+ UUID.
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: uuid configuration is required when type
+ is UUID, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid)
+ : !has(self.uuid)'
+ - message: name configuration is required when type
+ is Name, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''Name'' ? has(self.name)
+ : !has(self.name)'
+ maxItems: 32
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: each subnet must be unique
+ rule: self.all(x, self.exists_one(y, x == y))
+ required:
+ - cluster
+ - name
+ - subnets
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ prismCentral:
+ description: |-
+ prismCentral holds the endpoint address and port to access the Nutanix Prism Central.
+ When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.
+ Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the
+ proxy spec.noProxy list.
+ properties:
+ address:
+ description: address is the endpoint address (DNS name
+ or IP address) of the Nutanix Prism Central or Element
+ (cluster)
+ maxLength: 256
+ type: string
+ port:
+ description: port is the port number to access the Nutanix
+ Prism Central or Element (cluster)
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ required:
+ - address
+ - port
+ type: object
+ prismElements:
+ description: |-
+ prismElements holds one or more endpoint address and port data to access the Nutanix
+ Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one
+ Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.)
+ used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.)
+ spread over multiple Prism Elements (clusters) of the Prism Central.
+ items:
+ description: NutanixPrismElementEndpoint holds the name
+ and endpoint data for a Prism Element (cluster)
+ properties:
+ endpoint:
+ description: |-
+ endpoint holds the endpoint address and port data of the Prism Element (cluster).
+ When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.
+ Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the
+ proxy spec.noProxy list.
+ properties:
+ address:
+ description: address is the endpoint address (DNS
+ name or IP address) of the Nutanix Prism Central
+ or Element (cluster)
+ maxLength: 256
+ type: string
+ port:
+ description: port is the port number to access the
+ Nutanix Prism Central or Element (cluster)
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ required:
+ - address
+ - port
+ type: object
+ name:
+ description: |-
+ name is the name of the Prism Element (cluster). This value will correspond with
+ the cluster field configured on other resources (eg Machines, PVCs, etc).
+ maxLength: 256
+ type: string
+ required:
+ - endpoint
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - prismCentral
+ - prismElements
+ type: object
+ openstack:
+ description: openstack contains settings specific to the OpenStack
+ infrastructure provider.
+ properties:
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.apiServerInternalIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.ingressIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ machineNetworks:
+ description: |-
+ machineNetworks are IP networks used to connect all the OpenShift cluster
+ nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+ for example "10.0.0.0/8" or "fd00::/8".
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ type: object
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs list is required once set
+ rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
+ - message: ingressIPs list is required once set
+ rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
+ ovirt:
+ description: ovirt contains settings specific to the oVirt infrastructure
+ provider.
+ type: object
+ powervs:
+ description: powervs contains settings specific to the IBM Power
+ Systems Virtual Servers infrastructure provider.
+ properties:
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of a Power VS service.
+ items:
+ description: |-
+ PowervsServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of PowerVS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the Power VS service.
+ Few of the services are
+ IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api
+ ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller
+ Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - Power
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ format: uri
+ pattern: ^https://
+ type: string
+ required:
+ - name
+ - url
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ description: |-
+ type is the underlying infrastructure provider for the cluster. This
+ value controls whether infrastructure automation such as service load
+ balancers, dynamic volume provisioning, machine creation and deletion, and
+ other integrations are enabled. If None, no infrastructure automation is
+ enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
+ "OpenStack", "VSphere", "oVirt", "IBMCloud", "KubeVirt", "EquinixMetal",
+ "PowerVS", "AlibabaCloud", "Nutanix", "External", and "None". Individual
+ components may not support all platforms, and must handle unrecognized
+ platforms as None if they do not support that platform.
+ enum:
+ - ""
+ - AWS
+ - Azure
+ - BareMetal
+ - GCP
+ - Libvirt
+ - OpenStack
+ - None
+ - VSphere
+ - oVirt
+ - IBMCloud
+ - KubeVirt
+ - EquinixMetal
+ - PowerVS
+ - AlibabaCloud
+ - Nutanix
+ - External
+ type: string
+ vsphere:
+ description: vsphere contains settings specific to the VSphere
+ infrastructure provider.
+ properties:
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.apiServerInternalIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ failureDomains:
+ description: |-
+ failureDomains contains the definition of region, zone and the vCenter topology.
+ If this is omitted failure domains (regions and zones) will not be used.
+ items:
+ description: VSpherePlatformFailureDomainSpec holds the
+ region and zone failure domain and the vCenter topology
+ of that failure domain.
+ properties:
+ name:
+ description: |-
+ name defines the arbitrary but unique name
+ of a failure domain.
+ maxLength: 256
+ minLength: 1
+ type: string
+ region:
+ description: |-
+ region defines the name of a region tag that will
+ be attached to a vCenter datacenter. The tag
+ category in vCenter must be named openshift-region.
+ maxLength: 80
+ minLength: 1
+ type: string
+ regionAffinity:
+ description: |-
+ regionAffinity holds the type of region, Datacenter or ComputeCluster.
+ When set to Datacenter, this means the region is a vCenter Datacenter as defined in topology.
+ When set to ComputeCluster, this means the region is a vCenter Cluster as defined in topology.
+ properties:
+ type:
+ description: |-
+ type determines the vSphere object type for a region within this failure domain.
+ Available types are Datacenter and ComputeCluster.
+ When set to Datacenter, this means the vCenter Datacenter defined is the region.
+ When set to ComputeCluster, this means the vCenter cluster defined is the region.
+ enum:
+ - ComputeCluster
+ - Datacenter
+ type: string
+ required:
+ - type
+ type: object
+ server:
+ anyOf:
+ - format: ipv4
+ - format: ipv6
+ - format: hostname
+ description: server is the fully-qualified domain name
+ or the IP address of the vCenter server.
+ maxLength: 255
+ minLength: 1
+ type: string
+ topology:
+ description: topology describes a given failure domain
+ using vSphere constructs
+ properties:
+ computeCluster:
+ description: |-
+ computeCluster the absolute path of the vCenter cluster
+ in which virtual machine will be located.
+ The absolute path is of the form //host/.
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/host/.*?
+ type: string
+ datacenter:
+ description: |-
+ datacenter is the name of vCenter datacenter in which virtual machines will be located.
+ The maximum length of the datacenter name is 80 characters.
+ maxLength: 80
+ type: string
+ datastore:
+ description: |-
+ datastore is the absolute path of the datastore in which the
+ virtual machine is located.
+ The absolute path is of the form //datastore/
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/datastore/.*?
+ type: string
+ folder:
+ description: |-
+ folder is the absolute path of the folder where
+ virtual machines are located. The absolute path
+ is of the form //vm/.
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/vm/.*?
+ type: string
+ networks:
+ description: |-
+ networks is the list of port group network names within this failure domain.
+ If feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined.
+ 10 is the maximum number of virtual network devices which may be attached to a VM as defined by:
+ https://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0
+ The available networks (port groups) can be listed using
+ `govc ls 'network/*'`
+ Networks should be in the form of an absolute path:
+ //network/.
+ items:
+ type: string
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ resourcePool:
+ description: |-
+ resourcePool is the absolute path of the resource pool where virtual machines will be
+ created. The absolute path is of the form //host//Resources/.
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/host/.*?/Resources.*
+ type: string
+ template:
+ description: |-
+ template is the full inventory path of the virtual machine or template
+ that will be cloned when creating new machines in this failure domain.
+ The maximum length of the path is 2048 characters.
+
+ When omitted, the template will be calculated by the control plane
+ machineset operator based on the region and zone defined in
+ VSpherePlatformFailureDomainSpec.
+ For example, for zone=zonea, region=region1, and infrastructure name=test,
+ the template path would be calculated as //vm/test-rhcos-region1-zonea.
+ maxLength: 2048
+ minLength: 1
+ pattern: ^/.*?/vm/.*?
+ type: string
+ required:
+ - computeCluster
+ - datacenter
+ - datastore
+ - networks
+ type: object
+ zone:
+ description: |-
+ zone defines the name of a zone tag that will
+ be attached to a vCenter cluster. The tag
+ category in vCenter must be named openshift-zone.
+ maxLength: 80
+ minLength: 1
+ type: string
+ zoneAffinity:
+ description: |-
+ zoneAffinity holds the type of the zone and the hostGroup which
+ vmGroup and the hostGroup names in vCenter corresponds to
+ a vm-host group of type Virtual Machine and Host respectively. Is also
+ contains the vmHostRule which is an affinity vm-host rule in vCenter.
+ properties:
+ hostGroup:
+ description: |-
+ hostGroup holds the vmGroup and the hostGroup names in vCenter
+ corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also
+ contains the vmHostRule which is an affinity vm-host rule in vCenter.
+ properties:
+ hostGroup:
+ description: |-
+ hostGroup is the name of the vm-host group of type host within vCenter for this failure domain.
+ hostGroup is limited to 80 characters.
+ This field is required when the VSphereFailureDomain ZoneType is HostGroup
+ maxLength: 80
+ minLength: 1
+ type: string
+ vmGroup:
+ description: |-
+ vmGroup is the name of the vm-host group of type virtual machine within vCenter for this failure domain.
+ vmGroup is limited to 80 characters.
+ This field is required when the VSphereFailureDomain ZoneType is HostGroup
+ maxLength: 80
+ minLength: 1
+ type: string
+ vmHostRule:
+ description: |-
+ vmHostRule is the name of the affinity vm-host rule within vCenter for this failure domain.
+ vmHostRule is limited to 80 characters.
+ This field is required when the VSphereFailureDomain ZoneType is HostGroup
+ maxLength: 80
+ minLength: 1
+ type: string
+ required:
+ - hostGroup
+ - vmGroup
+ - vmHostRule
+ type: object
+ type:
+ description: |-
+ type determines the vSphere object type for a zone within this failure domain.
+ Available types are ComputeCluster and HostGroup.
+ When set to ComputeCluster, this means the vCenter cluster defined is the zone.
+ When set to HostGroup, hostGroup must be configured with hostGroup, vmGroup and vmHostRule and
+ this means the zone is defined by the grouping of those fields.
+ enum:
+ - HostGroup
+ - ComputeCluster
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: hostGroup is required when type is HostGroup,
+ and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''HostGroup''
+ ? has(self.hostGroup) : !has(self.hostGroup)'
+ required:
+ - name
+ - region
+ - server
+ - topology
+ - zone
+ type: object
+ x-kubernetes-validations:
+ - message: when zoneAffinity type is HostGroup, regionAffinity
+ type must be ComputeCluster
+ rule: 'has(self.zoneAffinity) && self.zoneAffinity.type
+ == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type
+ == ''ComputeCluster'' : true'
+ - message: when zoneAffinity type is ComputeCluster, regionAffinity
+ type must be Datacenter
+ rule: 'has(self.zoneAffinity) && self.zoneAffinity.type
+ == ''ComputeCluster'' ? has(self.regionAffinity) &&
+ self.regionAffinity.type == ''Datacenter'' : true'
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.ingressIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ machineNetworks:
+ description: |-
+ machineNetworks are IP networks used to connect all the OpenShift cluster
+ nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+ for example "10.0.0.0/8" or "fd00::/8".
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeNetworking:
+ description: |-
+ nodeNetworking contains the definition of internal and external network constraints for
+ assigning the node's networking.
+ If this field is omitted, networking defaults to the legacy
+ address selection behavior which is to only support a single address and
+ return the first one found.
+ properties:
+ external:
+ description: external represents the network configuration
+ of the node that is externally routable.
+ properties:
+ excludeNetworkSubnetCidr:
+ description: |-
+ excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting
+ the IP address from the VirtualMachine's VM for use in the status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ network:
+ description: |-
+ network VirtualMachine's VM Network names that will be used to when searching
+ for status.addresses fields. Note that if internal.networkSubnetCIDR and
+ external.networkSubnetCIDR are not set, then the vNIC associated to this network must
+ only have a single IP address assigned to it.
+ The available networks (port groups) can be listed using
+ `govc ls 'network/*'`
+ type: string
+ networkSubnetCidr:
+ description: |-
+ networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs
+ that will be used in respective status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ internal:
+ description: internal represents the network configuration
+ of the node that is routable only within the cluster.
+ properties:
+ excludeNetworkSubnetCidr:
+ description: |-
+ excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting
+ the IP address from the VirtualMachine's VM for use in the status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ network:
+ description: |-
+ network VirtualMachine's VM Network names that will be used to when searching
+ for status.addresses fields. Note that if internal.networkSubnetCIDR and
+ external.networkSubnetCIDR are not set, then the vNIC associated to this network must
+ only have a single IP address assigned to it.
+ The available networks (port groups) can be listed using
+ `govc ls 'network/*'`
+ type: string
+ networkSubnetCidr:
+ description: |-
+ networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs
+ that will be used in respective status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: object
+ vcenters:
+ description: |-
+ vcenters holds the connection details for services to communicate with vCenter.
+ Up to 3 vCenters are supported.
+ Once the cluster has been installed, you are unable to change the current number of defined
+ vCenters except when 1.) the cluster has been upgraded from a version of OpenShift
+ where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and
+ remove vCenters but may not remove all vCenters. You may make modifications to the existing
+ vCenters that are defined in the vcenters list in order to match with any added or modified
+ failure domains.
+ items:
+ description: |-
+ VSpherePlatformVCenterSpec stores the vCenter connection fields.
+ This is used by the vSphere CCM.
+ properties:
+ datacenters:
+ description: |-
+ The vCenter Datacenters in which the RHCOS
+ vm guests are located. This field will
+ be used by the Cloud Controller Manager.
+ Each datacenter listed here should be used within
+ a topology.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ port:
+ description: |-
+ port is the TCP port that will be used to communicate to
+ the vCenter endpoint.
+ When omitted, this means the user has no opinion and
+ it is up to the platform to choose a sensible default,
+ which is subject to change over time.
+ format: int32
+ maximum: 32767
+ minimum: 1
+ type: integer
+ server:
+ anyOf:
+ - format: ipv4
+ - format: ipv6
+ - format: hostname
+ description: server is the fully-qualified domain name
+ or the IP address of the vCenter server.
+ maxLength: 255
+ type: string
+ required:
+ - datacenters
+ - server
+ type: object
+ maxItems: 3
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y,
+ y.server == x.server)) : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y,
+ y.server == x.server)) : true'
+ - message: vcenters must have unique server values
+ rule: self.all(x, self.exists_one(y, y.server == x.server))
+ type: object
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs list is required once set
+ rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
+ - message: ingressIPs list is required once set
+ rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
+ type: object
+ x-kubernetes-validations:
+ - message: vcenters is required once set and cannot be removed
+ rule: 'oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue()
+ : true'
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ apiServerInternalURI:
+ description: |-
+ apiServerInternalURL is a valid URI with scheme 'https',
+ address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components
+ like kubelets, to contact the Kubernetes API server using the
+ infrastructure provider rather than Kubernetes networking.
+ type: string
+ apiServerURL:
+ description: |-
+ apiServerURL is a valid URI with scheme 'https', address and
+ optionally a port (defaulting to 443). apiServerURL can be used by components like the web console
+ to tell users where to find the Kubernetes API.
+ type: string
+ controlPlaneTopology:
+ default: HighlyAvailable
+ description: |-
+ controlPlaneTopology expresses the expectations for operands that normally run on control nodes.
+ The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster.
+ The 'SingleReplica' mode will be used in single-node deployments
+ and the operators should not configure the operand for highly-available operation
+ The 'External' mode indicates that the control plane is hosted externally to the cluster and that
+ its components are not visible within the cluster.
+ The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes
+ that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.
+ enum:
+ - HighlyAvailable
+ - HighlyAvailableArbiter
+ - SingleReplica
+ - DualReplica
+ - External
+ type: string
+ cpuPartitioning:
+ default: None
+ description: |-
+ cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster.
+ CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets.
+ Valid values are "None" and "AllNodes". When omitted, the default value is "None".
+ The default value of "None" indicates that no nodes will be setup with CPU partitioning.
+ The "AllNodes" value indicates that all nodes have been setup with CPU partitioning,
+ and can then be further configured via the PerformanceProfile API.
+ enum:
+ - None
+ - AllNodes
+ type: string
+ etcdDiscoveryDomain:
+ description: |-
+ etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering
+ etcd servers and clients.
+ For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery
+ deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.
+ type: string
+ infrastructureName:
+ description: |-
+ infrastructureName uniquely identifies a cluster with a human friendly name.
+ Once set it should not be changed. Must be of max length 27 and must have only
+ alphanumeric or hyphen characters.
+ type: string
+ infrastructureTopology:
+ default: HighlyAvailable
+ description: |-
+ infrastructureTopology expresses the expectations for infrastructure services that do not run on control
+ plane nodes, usually indicated by a node selector for a `role` value
+ other than `master`.
+ The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster.
+ The 'SingleReplica' mode will be used in single-node deployments
+ and the operators should not configure the operand for highly-available operation
+ NOTE: External topology mode is not applicable for this field.
+ enum:
+ - HighlyAvailable
+ - SingleReplica
+ type: string
+ platform:
+ description: |-
+ platform is the underlying infrastructure provider for the cluster.
+
+ Deprecated: Use platformStatus.type instead.
+ enum:
+ - ""
+ - AWS
+ - Azure
+ - BareMetal
+ - GCP
+ - Libvirt
+ - OpenStack
+ - None
+ - VSphere
+ - oVirt
+ - IBMCloud
+ - KubeVirt
+ - EquinixMetal
+ - PowerVS
+ - AlibabaCloud
+ - Nutanix
+ - External
+ type: string
+ platformStatus:
+ description: |-
+ platformStatus holds status information specific to the underlying
+ infrastructure provider.
+ properties:
+ alibabaCloud:
+ description: alibabaCloud contains settings specific to the Alibaba
+ Cloud infrastructure provider.
+ properties:
+ region:
+ description: region specifies the region for Alibaba Cloud
+ resources created for the cluster.
+ pattern: ^[0-9A-Za-z-]+$
+ type: string
+ resourceGroupID:
+ description: resourceGroupID is the ID of the resource group
+ for the cluster.
+ pattern: ^(rg-[0-9A-Za-z]+)?$
+ type: string
+ resourceTags:
+ description: resourceTags is a list of additional tags to
+ apply to Alibaba Cloud resources created for the cluster.
+ items:
+ description: AlibabaCloudResourceTag is the set of tags
+ to add to apply to resources.
+ properties:
+ key:
+ description: key is the key of the tag.
+ maxLength: 128
+ minLength: 1
+ type: string
+ value:
+ description: value is the value of the tag.
+ maxLength: 128
+ minLength: 1
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 20
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ required:
+ - region
+ type: object
+ aws:
+ description: aws contains settings specific to the Amazon Web
+ Services infrastructure provider.
+ properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
+ ipFamily:
+ default: IPv4
+ description: |-
+ ipFamily specifies the IP protocol family that should be used for AWS
+ network resources. This controls whether AWS resources are created with
+ IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary
+ protocol family.
+ enum:
+ - IPv4
+ - DualStackIPv6Primary
+ - DualStackIPv4Primary
+ type: string
+ x-kubernetes-validations:
+ - message: ipFamily is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ region:
+ description: region holds the default AWS region for new AWS
+ resources created by the cluster.
+ type: string
+ resourceTags:
+ description: |-
+ resourceTags is a list of additional tags to apply to AWS resources created for the cluster.
+ See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources.
+ AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags
+ available for the user.
+ items:
+ description: AWSResourceTag is a tag to apply to AWS resources
+ created for the cluster.
+ properties:
+ key:
+ description: |-
+ key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.
+ Key should consist of between 1 and 128 characters, and may
+ contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.
+ maxLength: 128
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: invalid AWS resource tag key. The string
+ can contain only the set of alphanumeric characters,
+ space (' '), '_', '.', '/', '=', '+', '-', ':',
+ '@'
+ rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
+ value:
+ description: |-
+ value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.
+ Value should consist of between 1 and 256 characters, and may
+ contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.
+ Some AWS service do not support empty values. Since tags are added to resources in many services, the
+ length of the tag value must meet the requirements of all services.
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: invalid AWS resource tag value. The string
+ can contain only the set of alphanumeric characters,
+ space (' '), '_', '.', '/', '=', '+', '-', ':',
+ '@'
+ rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 25
+ type: array
+ x-kubernetes-list-type: atomic
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints list contains custom endpoints which will override default
+ service endpoint of AWS Services.
+ There must be only one ServiceEndpoint for a service.
+ items:
+ description: |-
+ AWSServiceEndpoint store the configuration of a custom url to
+ override existing defaults of AWS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the AWS service.
+ The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html
+ This must be provided and cannot be empty.
+ pattern: ^[a-z0-9-]+$
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ pattern: ^https://
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ azure:
+ description: azure contains settings specific to the Azure infrastructure
+ provider.
+ properties:
+ armEndpoint:
+ description: armEndpoint specifies a URL to use for resource
+ management in non-soverign clouds such as Azure Stack.
+ type: string
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
+ cloudName:
+ description: |-
+ cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK
+ with the appropriate Azure API endpoints.
+ If empty, the value is equal to `AzurePublicCloud`.
+ enum:
+ - ""
+ - AzurePublicCloud
+ - AzureUSGovernmentCloud
+ - AzureChinaCloud
+ - AzureGermanCloud
+ - AzureStackCloud
+ type: string
+ ipFamily:
+ default: IPv4
+ description: |-
+ ipFamily specifies the IP protocol family that should be used for Azure
+ network resources. This controls whether Azure resources are created with
+ IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary
+ protocol family.
+ enum:
+ - IPv4
+ - DualStackIPv6Primary
+ - DualStackIPv4Primary
+ type: string
+ x-kubernetes-validations:
+ - message: ipFamily is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ networkResourceGroupName:
+ description: |-
+ networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster.
+ If empty, the value is same as ResourceGroupName.
+ type: string
+ resourceGroupName:
+ description: resourceGroupName is the Resource Group for new
+ Azure resources created for the cluster.
+ type: string
+ resourceTags:
+ description: |-
+ resourceTags is a list of additional tags to apply to Azure resources created for the cluster.
+ See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources.
+ Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags
+ may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.
+ items:
+ description: AzureResourceTag is a tag to apply to Azure
+ resources created for the cluster.
+ properties:
+ key:
+ description: |-
+ key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key
+ must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric
+ characters and the following special characters `_ . -`.
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$
+ type: string
+ value:
+ description: |-
+ value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value
+ must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[0-9A-Za-z_.=+-@]+$
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 10
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: resourceTags are immutable and may only be configured
+ during installation
+ rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
+ type: object
+ x-kubernetes-validations:
+ - message: resourceTags may only be configured during installation
+ rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags)
+ || has(oldSelf.resourceTags) && has(self.resourceTags)'
+ baremetal:
+ description: baremetal contains settings specific to the BareMetal
+ platform.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on BareMetal platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ machineNetworks:
+ description: machineNetworks are IP networks used to connect
+ all the OpenShift cluster nodes.
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeDNSIP:
+ description: |-
+ nodeDNSIP is the IP address for the internal DNS used by the
+ nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+ provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+ BareMetal deployments. In order to minimize necessary changes to the
+ datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+ to the nodes in the cluster.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ equinixMetal:
+ description: equinixMetal contains settings specific to the Equinix
+ Metal infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+ type: string
+ type: object
+ external:
+ description: external contains settings specific to the generic
+ External infrastructure provider.
+ properties:
+ cloudControllerManager:
+ description: |-
+ cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI).
+ When omitted, new nodes will be not tainted
+ and no extra initialization from the cloud controller manager is expected.
+ properties:
+ state:
+ description: |-
+ state determines whether or not an external Cloud Controller Manager is expected to
+ be installed within the cluster.
+ https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager
+
+ Valid values are "External", "None" and omitted.
+ When set to "External", new nodes will be tainted as uninitialized when created,
+ preventing them from running workloads until they are initialized by the cloud controller manager.
+ When omitted or set to "None", new nodes will be not tainted
+ and no extra initialization from the cloud controller manager is expected.
+ enum:
+ - ""
+ - External
+ - None
+ type: string
+ x-kubernetes-validations:
+ - message: state is immutable once set
+ rule: self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: state may not be added or removed once set
+ rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state)
+ && self.state != "External")
+ type: object
+ x-kubernetes-validations:
+ - message: cloudControllerManager may not be added or removed
+ once set
+ rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager)
+ gcp:
+ description: gcp contains settings specific to the Google Cloud
+ Platform infrastructure provider.
+ properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
+ projectID:
+ description: resourceGroupName is the Project ID for new GCP
+ resources created for the cluster.
+ type: string
+ region:
+ description: region holds the region for new GCP resources
+ created for the cluster.
+ type: string
+ resourceLabels:
+ description: |-
+ resourceLabels is a list of additional labels to apply to GCP resources created for the cluster.
+ See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources.
+ GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use,
+ allowing 32 labels for user configuration.
+ items:
+ description: GCPResourceLabel is a label to apply to GCP
+ resources created for the cluster.
+ properties:
+ key:
+ description: |-
+ key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty.
+ Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters,
+ and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io`
+ and `openshift-io`.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z][0-9a-z_-]{0,62}$
+ type: string
+ x-kubernetes-validations:
+ - message: label keys must not start with either `openshift-io`
+ or `kubernetes-io`
+ rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')'
+ value:
+ description: |-
+ value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty.
+ Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[0-9a-z_-]{1,63}$
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: resourceLabels are immutable and may only be configured
+ during installation
+ rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
+ resourceTags:
+ description: |-
+ resourceTags is a list of additional tags to apply to GCP resources created for the cluster.
+ See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on
+ tagging GCP resources. GCP supports a maximum of 50 tags per resource.
+ items:
+ description: GCPResourceTag is a tag to apply to GCP resources
+ created for the cluster.
+ properties:
+ key:
+ description: |-
+ key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty.
+ Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase
+ alphanumeric characters, and the following special characters `._-`.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$
+ type: string
+ parentID:
+ description: |-
+ parentID is the ID of the hierarchical resource where the tags are defined,
+ e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages:
+ https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id,
+ https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects.
+ An OrganizationID must consist of decimal numbers, and cannot have leading zeroes.
+ A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers,
+ and hyphens, and must start with a letter, and cannot end with a hyphen.
+ maxLength: 32
+ minLength: 1
+ pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)
+ type: string
+ value:
+ description: |-
+ value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty.
+ Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase
+ alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$
+ type: string
+ required:
+ - key
+ - parentID
+ - value
+ type: object
+ maxItems: 50
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: resourceTags are immutable and may only be configured
+ during installation
+ rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
+ type: object
+ x-kubernetes-validations:
+ - message: resourceLabels may only be configured during installation
+ rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels)
+ || has(oldSelf.resourceLabels) && has(self.resourceLabels)'
+ - message: resourceTags may only be configured during installation
+ rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags)
+ || has(oldSelf.resourceTags) && has(self.resourceTags)'
+ ibmcloud:
+ description: ibmcloud contains settings specific to the IBMCloud
+ infrastructure provider.
+ properties:
+ cisInstanceCRN:
+ description: |-
+ cisInstanceCRN is the CRN of the Cloud Internet Services instance managing
+ the DNS zone for the cluster's base domain
+ type: string
+ dnsInstanceCRN:
+ description: |-
+ dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone
+ for the cluster's base domain
+ type: string
+ location:
+ description: location is where the cluster has been deployed
+ type: string
+ providerType:
+ description: providerType indicates the type of cluster that
+ was created
+ type: string
+ resourceGroupName:
+ description: resourceGroupName is the Resource Group for new
+ IBMCloud resources created for the cluster.
+ type: string
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of an IBM service. These endpoints are used by components
+ within the cluster when trying to reach the IBM Cloud Services that have been
+ overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each
+ endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus
+ are updated to reflect the same custom endpoints.
+ items:
+ description: |-
+ IBMCloudServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of IBM Cloud Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the IBM Cloud service.
+ Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC.
+ For example, the IBM Cloud Private IAM service could be configured with the
+ service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com`
+ Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured
+ with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty. The path must follow the pattern
+ /v[0,9]+ or /api/v[0,9]+
+ maxLength: 300
+ type: string
+ x-kubernetes-validations:
+ - message: url must be a valid absolute URL
+ rule: isURL(self)
+ required:
+ - name
+ - url
+ type: object
+ maxItems: 13
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ kubevirt:
+ description: kubevirt contains settings specific to the kubevirt
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+ type: string
+ type: object
+ nutanix:
+ description: nutanix contains settings specific to the Nutanix
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on Nutanix platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ openstack:
+ description: openstack contains settings specific to the OpenStack
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ cloudName:
+ description: |-
+ cloudName is the name of the desired OpenStack cloud in the
+ client configuration file (`clouds.yaml`).
+ type: string
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on OpenStack platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ machineNetworks:
+ description: machineNetworks are IP networks used to connect
+ all the OpenShift cluster nodes.
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeDNSIP:
+ description: |-
+ nodeDNSIP is the IP address for the internal DNS used by the
+ nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+ provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+ OpenStack deployments. In order to minimize necessary changes to the
+ datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+ to the nodes in the cluster.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ ovirt:
+ description: ovirt contains settings specific to the oVirt infrastructure
+ provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on Ovirt platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ nodeDNSIP:
+ description: 'deprecated: as of 4.6, this field is no longer
+ set or honored. It will be removed in a future release.'
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ powervs:
+ description: powervs contains settings specific to the Power Systems
+ Virtual Servers infrastructure provider.
+ properties:
+ cisInstanceCRN:
+ description: |-
+ cisInstanceCRN is the CRN of the Cloud Internet Services instance managing
+ the DNS zone for the cluster's base domain
+ type: string
+ dnsInstanceCRN:
+ description: |-
+ dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone
+ for the cluster's base domain
+ type: string
+ region:
+ description: region holds the default Power VS region for
+ new Power VS resources created by the cluster.
+ type: string
+ resourceGroup:
+ description: |-
+ resourceGroup is the resource group name for new IBMCloud resources created for a cluster.
+ The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry.
+ More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs.
+ When omitted, the image registry operator won't be able to configure storage,
+ which results in the image registry cluster operator not being in an available state.
+ maxLength: 40
+ pattern: ^[a-zA-Z0-9-_ ]+$
+ type: string
+ x-kubernetes-validations:
+ - message: resourceGroup is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of a Power VS service.
+ items:
+ description: |-
+ PowervsServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of PowerVS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the Power VS service.
+ Few of the services are
+ IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api
+ ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller
+ Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - Power
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ format: uri
+ pattern: ^https://
+ type: string
+ required:
+ - name
+ - url
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ zone:
+ description: |-
+ zone holds the default zone for the new Power VS resources created by the cluster.
+ Note: Currently only single-zone OCP clusters are supported
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: cannot unset resourceGroup once set
+ rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)'
+ type:
+ description: |-
+ type is the underlying infrastructure provider for the cluster. This
+ value controls whether infrastructure automation such as service load
+ balancers, dynamic volume provisioning, machine creation and deletion, and
+ other integrations are enabled. If None, no infrastructure automation is
+ enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
+ "OpenStack", "VSphere", "oVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None".
+ Individual components may not support all platforms, and must handle
+ unrecognized platforms as None if they do not support that platform.
+
+ This value will be synced with to the `status.platform` and `status.platformStatus.type`.
+ Currently this value cannot be changed once set.
+ enum:
+ - ""
+ - AWS
+ - Azure
+ - BareMetal
+ - GCP
+ - Libvirt
+ - OpenStack
+ - None
+ - VSphere
+ - oVirt
+ - IBMCloud
+ - KubeVirt
+ - EquinixMetal
+ - PowerVS
+ - AlibabaCloud
+ - Nutanix
+ - External
+ type: string
+ vsphere:
+ description: vsphere contains settings specific to the VSphere
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on VSphere platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ machineNetworks:
+ description: machineNetworks are IP networks used to connect
+ all the OpenShift cluster nodes.
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeDNSIP:
+ description: |-
+ nodeDNSIP is the IP address for the internal DNS used by the
+ nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+ provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+ vSphere deployments. In order to minimize necessary changes to the
+ datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+ to the nodes in the cluster.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ x-kubernetes-validations:
+ - message: spec.controlPlaneTopology must match status.controlPlaneTopology
+ or be set to HighlyAvailable when status.controlPlaneTopology is SingleReplica
+ rule: '!has(self.spec.controlPlaneTopology) || (has(oldSelf.spec.controlPlaneTopology)
+ && self.spec.controlPlaneTopology == oldSelf.spec.controlPlaneTopology)
+ || (has(self.status.controlPlaneTopology) && self.spec.controlPlaneTopology
+ == self.status.controlPlaneTopology) || (has(self.status.controlPlaneTopology)
+ && self.status.controlPlaneTopology == ''SingleReplica'' && self.spec.controlPlaneTopology
+ == ''HighlyAvailable'')'
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Hypershift-DevPreviewNoUpgrade.crd.yaml
similarity index 99%
rename from vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml
rename to vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Hypershift-DevPreviewNoUpgrade.crd.yaml
index 7d1ecbc19..a3064161f 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Hypershift-DevPreviewNoUpgrade.crd.yaml
@@ -5,7 +5,6 @@ metadata:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
- include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
release.openshift.io/feature-set: DevPreviewNoUpgrade
name: infrastructures.config.openshift.io
@@ -1031,10 +1030,11 @@ spec:
vcenters:
description: |-
vcenters holds the connection details for services to communicate with vCenter.
- Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.
+ Up to 3 vCenters are supported.
Once the cluster has been installed, you are unable to change the current number of defined
- vCenters except in the case where the cluster has been upgraded from a version of OpenShift
- where the vsphere platform spec was not present. You may make modifications to the existing
+ vCenters except when 1.) the cluster has been upgraded from a version of OpenShift
+ where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and
+ remove vCenters but may not remove all vCenters. You may make modifications to the existing
vCenters that are defined in the vcenters list in order to match with any added or modified
failure domains.
items:
@@ -1079,27 +1079,29 @@ spec:
- server
type: object
maxItems: 3
- minItems: 0
+ minItems: 1
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
- - message: vcenters cannot be added or removed once set
- rule: 'size(self) != size(oldSelf) ? size(oldSelf) == 0
- && size(self) < 2 : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y,
+ y.server == x.server)) : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y,
+ y.server == x.server)) : true'
+ - message: vcenters must have unique server values
+ rule: self.all(x, self.exists_one(y, y.server == x.server))
type: object
x-kubernetes-validations:
- message: apiServerInternalIPs list is required once set
rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
- message: ingressIPs list is required once set
rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
- - message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters)
- < 2 : true'
type: object
x-kubernetes-validations:
- - message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters)
- < 2 : true'
+ - message: vcenters is required once set and cannot be removed
+ rule: 'oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue()
+ : true'
type: object
status:
description: status holds observed values from the cluster. They may not
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Hypershift-TechPreviewNoUpgrade.crd.yaml
similarity index 99%
rename from vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
rename to vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Hypershift-TechPreviewNoUpgrade.crd.yaml
index 02f367409..cafc698a8 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Hypershift-TechPreviewNoUpgrade.crd.yaml
@@ -5,7 +5,6 @@ metadata:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
- include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
release.openshift.io/feature-set: TechPreviewNoUpgrade
name: infrastructures.config.openshift.io
@@ -1031,10 +1030,11 @@ spec:
vcenters:
description: |-
vcenters holds the connection details for services to communicate with vCenter.
- Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.
+ Up to 3 vCenters are supported.
Once the cluster has been installed, you are unable to change the current number of defined
- vCenters except in the case where the cluster has been upgraded from a version of OpenShift
- where the vsphere platform spec was not present. You may make modifications to the existing
+ vCenters except when 1.) the cluster has been upgraded from a version of OpenShift
+ where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and
+ remove vCenters but may not remove all vCenters. You may make modifications to the existing
vCenters that are defined in the vcenters list in order to match with any added or modified
failure domains.
items:
@@ -1079,27 +1079,29 @@ spec:
- server
type: object
maxItems: 3
- minItems: 0
+ minItems: 1
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
- - message: vcenters cannot be added or removed once set
- rule: 'size(self) != size(oldSelf) ? size(oldSelf) == 0
- && size(self) < 2 : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y,
+ y.server == x.server)) : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y,
+ y.server == x.server)) : true'
+ - message: vcenters must have unique server values
+ rule: self.all(x, self.exists_one(y, y.server == x.server))
type: object
x-kubernetes-validations:
- message: apiServerInternalIPs list is required once set
rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
- message: ingressIPs list is required once set
rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
- - message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters)
- < 2 : true'
type: object
x-kubernetes-validations:
- - message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters)
- < 2 : true'
+ - message: vcenters is required once set and cannot be removed
+ rule: 'oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue()
+ : true'
type: object
status:
description: status holds observed values from the cluster. They may not
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml
index b107d7e44..6cdb3f76a 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml
@@ -965,10 +965,11 @@ spec:
vcenters:
description: |-
vcenters holds the connection details for services to communicate with vCenter.
- Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.
+ Up to 3 vCenters are supported.
Once the cluster has been installed, you are unable to change the current number of defined
- vCenters except in the case where the cluster has been upgraded from a version of OpenShift
- where the vsphere platform spec was not present. You may make modifications to the existing
+ vCenters except when 1.) the cluster has been upgraded from a version of OpenShift
+ where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and
+ remove vCenters but may not remove all vCenters. You may make modifications to the existing
vCenters that are defined in the vcenters list in order to match with any added or modified
failure domains.
items:
@@ -1013,27 +1014,23 @@ spec:
- server
type: object
maxItems: 3
- minItems: 0
+ minItems: 1
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
- - message: vcenters cannot be added or removed once set
- rule: 'size(self) != size(oldSelf) ? size(oldSelf) == 0
- && size(self) < 2 : true'
+ - message: vcenters must have unique server values
+ rule: self.all(x, self.exists_one(y, y.server == x.server))
type: object
x-kubernetes-validations:
- message: apiServerInternalIPs list is required once set
rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
- message: ingressIPs list is required once set
rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
- - message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters)
- < 2 : true'
type: object
x-kubernetes-validations:
- message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters)
- < 2 : true'
+ rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? (has(self.vsphere.vcenters)
+ && size(self.vsphere.vcenters) < 2) : true'
type: object
status:
description: status holds observed values from the cluster. They may not
@@ -1186,6 +1183,110 @@ spec:
description: aws contains settings specific to the Amazon Web
Services infrastructure provider.
properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
region:
description: region holds the default AWS region for new AWS
resources created by the cluster.
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-SelfManagedHA-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-SelfManagedHA-CustomNoUpgrade.crd.yaml
new file mode 100644
index 000000000..310ba4ad3
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-SelfManagedHA-CustomNoUpgrade.crd.yaml
@@ -0,0 +1,2798 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
+ name: infrastructures.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Infrastructure
+ listKind: InfrastructureList
+ plural: infrastructures
+ singular: infrastructure
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ cloudConfig:
+ description: |-
+ cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file.
+ This configuration file is used to configure the Kubernetes cloud provider integration
+ when using the built-in cloud provider integration or the external cloud controller manager.
+ The namespace for this config map is openshift-config.
+
+ cloudConfig should only be consumed by the kube_cloud_config controller.
+ The controller is responsible for using the user configuration in the spec
+ for various platforms and combining that with the user provided ConfigMap in this field
+ to create a stitched kube cloud config.
+ The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace
+ with the kube cloud config is stored in `cloud.conf` key.
+ All the clients are expected to use the generated ConfigMap only.
+ properties:
+ key:
+ description: key allows pointing to a specific key/value inside
+ of the configmap. This is useful for logical file references.
+ type: string
+ name:
+ type: string
+ type: object
+ controlPlaneTopology:
+ description: |-
+ controlPlaneTopology expresses the desired topology configuration for control nodes.
+
+ When status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable',
+ a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable.
+
+ When left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value,
+ no changes are required and no transitions will be triggered.
+
+ This value may be set to match status.controlPlaneTopology regardless of the current value.
+ enum:
+ - HighlyAvailable
+ - SingleReplica
+ type: string
+ platformSpec:
+ description: |-
+ platformSpec holds desired information specific to the underlying
+ infrastructure provider.
+ properties:
+ alibabaCloud:
+ description: alibabaCloud contains settings specific to the Alibaba
+ Cloud infrastructure provider.
+ type: object
+ aws:
+ description: aws contains settings specific to the Amazon Web
+ Services infrastructure provider.
+ properties:
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints list contains custom endpoints which will override default
+ service endpoint of AWS Services.
+ There must be only one ServiceEndpoint for a service.
+ items:
+ description: |-
+ AWSServiceEndpoint store the configuration of a custom url to
+ override existing defaults of AWS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the AWS service.
+ The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html
+ This must be provided and cannot be empty.
+ pattern: ^[a-z0-9-]+$
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ pattern: ^https://
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ azure:
+ description: azure contains settings specific to the Azure infrastructure
+ provider.
+ type: object
+ baremetal:
+ description: baremetal contains settings specific to the BareMetal
+ platform.
+ properties:
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.apiServerInternalIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.ingressIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ machineNetworks:
+ description: |-
+ machineNetworks are IP networks used to connect all the OpenShift cluster
+ nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+ for example "10.0.0.0/8" or "fd00::/8".
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ type: object
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs list is required once set
+ rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
+ - message: ingressIPs list is required once set
+ rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
+ equinixMetal:
+ description: equinixMetal contains settings specific to the Equinix
+ Metal infrastructure provider.
+ type: object
+ external:
+ description: |-
+ ExternalPlatformType represents generic infrastructure provider.
+ Platform-specific components should be supplemented separately.
+ properties:
+ platformName:
+ default: Unknown
+ description: |-
+ platformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time.
+ This field is solely for informational and reporting purposes and is not expected to be used for decision-making.
+ type: string
+ x-kubernetes-validations:
+ - message: platform name cannot be changed once set
+ rule: oldSelf == 'Unknown' || self == oldSelf
+ type: object
+ gcp:
+ description: gcp contains settings specific to the Google Cloud
+ Platform infrastructure provider.
+ type: object
+ ibmcloud:
+ description: ibmcloud contains settings specific to the IBMCloud
+ infrastructure provider.
+ properties:
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of an IBM service. These endpoints are used by components
+ within the cluster when trying to reach the IBM Cloud Services that have been
+ overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each
+ endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus
+ are updated to reflect the same custom endpoints.
+ A maximum of 13 service endpoints overrides are supported.
+ items:
+ description: |-
+ IBMCloudServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of IBM Cloud Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the IBM Cloud service.
+ Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC.
+ For example, the IBM Cloud Private IAM service could be configured with the
+ service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com`
+ Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured
+ with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty. The path must follow the pattern
+ /v[0,9]+ or /api/v[0,9]+
+ maxLength: 300
+ type: string
+ x-kubernetes-validations:
+ - message: url must use https scheme
+ rule: url(self).getScheme() == "https"
+ - message: url path must match /v[0,9]+ or /api/v[0,9]+
+ rule: matches((url(self).getEscapedPath()), '^/(api/)?v[0-9]+/{0,1}$')
+ - message: url must be a valid absolute URL
+ rule: isURL(self)
+ required:
+ - name
+ - url
+ type: object
+ maxItems: 13
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ kubevirt:
+ description: kubevirt contains settings specific to the kubevirt
+ infrastructure provider.
+ type: object
+ nutanix:
+ description: nutanix contains settings specific to the Nutanix
+ infrastructure provider.
+ properties:
+ failureDomains:
+ description: |-
+ failureDomains configures failure domains information for the Nutanix platform.
+ When set, the failure domains defined here may be used to spread Machines across
+ prism element clusters to improve fault tolerance of the cluster.
+ items:
+ description: NutanixFailureDomain configures failure domain
+ information for the Nutanix platform.
+ properties:
+ cluster:
+ description: |-
+ cluster is to identify the cluster (the Prism Element under management of the Prism Central),
+ in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained
+ from the Prism Central console or using the prism_central API.
+ properties:
+ name:
+ description: name is the resource name in the PC.
+ It cannot be empty if the type is Name.
+ type: string
+ type:
+ description: type is the identifier type to use
+ for this resource.
+ enum:
+ - UUID
+ - Name
+ type: string
+ uuid:
+ description: uuid is the UUID of the resource in
+ the PC. It cannot be empty if the type is UUID.
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: uuid configuration is required when type
+ is UUID, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid)
+ : !has(self.uuid)'
+ - message: name configuration is required when type
+ is Name, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''Name'' ? has(self.name)
+ : !has(self.name)'
+ name:
+ description: |-
+ name defines the unique name of a failure domain.
+ Name is required and must be at most 64 characters in length.
+ It must consist of only lower case alphanumeric characters and hyphens (-).
+ It must start and end with an alphanumeric character.
+ This value is arbitrary and is used to identify the failure domain within the platform.
+ maxLength: 64
+ minLength: 1
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ subnets:
+ description: |-
+ subnets holds a list of identifiers (one or more) of the cluster's network subnets
+ If the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured.
+ for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be
+ obtained from the Prism Central console or using the prism_central API.
+ items:
+ description: NutanixResourceIdentifier holds the identity
+ of a Nutanix PC resource (cluster, image, subnet,
+ etc.)
+ properties:
+ name:
+ description: name is the resource name in the
+ PC. It cannot be empty if the type is Name.
+ type: string
+ type:
+ description: type is the identifier type to use
+ for this resource.
+ enum:
+ - UUID
+ - Name
+ type: string
+ uuid:
+ description: uuid is the UUID of the resource
+ in the PC. It cannot be empty if the type is
+ UUID.
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: uuid configuration is required when type
+ is UUID, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid)
+ : !has(self.uuid)'
+ - message: name configuration is required when type
+ is Name, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''Name'' ? has(self.name)
+ : !has(self.name)'
+ maxItems: 32
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: each subnet must be unique
+ rule: self.all(x, self.exists_one(y, x == y))
+ required:
+ - cluster
+ - name
+ - subnets
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ prismCentral:
+ description: |-
+ prismCentral holds the endpoint address and port to access the Nutanix Prism Central.
+ When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.
+ Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the
+ proxy spec.noProxy list.
+ properties:
+ address:
+ description: address is the endpoint address (DNS name
+ or IP address) of the Nutanix Prism Central or Element
+ (cluster)
+ maxLength: 256
+ type: string
+ port:
+ description: port is the port number to access the Nutanix
+ Prism Central or Element (cluster)
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ required:
+ - address
+ - port
+ type: object
+ prismElements:
+ description: |-
+ prismElements holds one or more endpoint address and port data to access the Nutanix
+ Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one
+ Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.)
+ used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.)
+ spread over multiple Prism Elements (clusters) of the Prism Central.
+ items:
+ description: NutanixPrismElementEndpoint holds the name
+ and endpoint data for a Prism Element (cluster)
+ properties:
+ endpoint:
+ description: |-
+ endpoint holds the endpoint address and port data of the Prism Element (cluster).
+ When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.
+ Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the
+ proxy spec.noProxy list.
+ properties:
+ address:
+ description: address is the endpoint address (DNS
+ name or IP address) of the Nutanix Prism Central
+ or Element (cluster)
+ maxLength: 256
+ type: string
+ port:
+ description: port is the port number to access the
+ Nutanix Prism Central or Element (cluster)
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ required:
+ - address
+ - port
+ type: object
+ name:
+ description: |-
+ name is the name of the Prism Element (cluster). This value will correspond with
+ the cluster field configured on other resources (eg Machines, PVCs, etc).
+ maxLength: 256
+ type: string
+ required:
+ - endpoint
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - prismCentral
+ - prismElements
+ type: object
+ openstack:
+ description: openstack contains settings specific to the OpenStack
+ infrastructure provider.
+ properties:
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.apiServerInternalIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.ingressIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ machineNetworks:
+ description: |-
+ machineNetworks are IP networks used to connect all the OpenShift cluster
+ nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+ for example "10.0.0.0/8" or "fd00::/8".
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ type: object
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs list is required once set
+ rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
+ - message: ingressIPs list is required once set
+ rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
+ ovirt:
+ description: ovirt contains settings specific to the oVirt infrastructure
+ provider.
+ type: object
+ powervs:
+ description: powervs contains settings specific to the IBM Power
+ Systems Virtual Servers infrastructure provider.
+ properties:
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of a Power VS service.
+ items:
+ description: |-
+ PowervsServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of PowerVS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the Power VS service.
+ Few of the services are
+ IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api
+ ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller
+ Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - Power
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ format: uri
+ pattern: ^https://
+ type: string
+ required:
+ - name
+ - url
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ description: |-
+ type is the underlying infrastructure provider for the cluster. This
+ value controls whether infrastructure automation such as service load
+ balancers, dynamic volume provisioning, machine creation and deletion, and
+ other integrations are enabled. If None, no infrastructure automation is
+ enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
+ "OpenStack", "VSphere", "oVirt", "IBMCloud", "KubeVirt", "EquinixMetal",
+ "PowerVS", "AlibabaCloud", "Nutanix", "External", and "None". Individual
+ components may not support all platforms, and must handle unrecognized
+ platforms as None if they do not support that platform.
+ enum:
+ - ""
+ - AWS
+ - Azure
+ - BareMetal
+ - GCP
+ - Libvirt
+ - OpenStack
+ - None
+ - VSphere
+ - oVirt
+ - IBMCloud
+ - KubeVirt
+ - EquinixMetal
+ - PowerVS
+ - AlibabaCloud
+ - Nutanix
+ - External
+ type: string
+ vsphere:
+ description: vsphere contains settings specific to the VSphere
+ infrastructure provider.
+ properties:
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.apiServerInternalIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ failureDomains:
+ description: |-
+ failureDomains contains the definition of region, zone and the vCenter topology.
+ If this is omitted failure domains (regions and zones) will not be used.
+ items:
+ description: VSpherePlatformFailureDomainSpec holds the
+ region and zone failure domain and the vCenter topology
+ of that failure domain.
+ properties:
+ name:
+ description: |-
+ name defines the arbitrary but unique name
+ of a failure domain.
+ maxLength: 256
+ minLength: 1
+ type: string
+ region:
+ description: |-
+ region defines the name of a region tag that will
+ be attached to a vCenter datacenter. The tag
+ category in vCenter must be named openshift-region.
+ maxLength: 80
+ minLength: 1
+ type: string
+ regionAffinity:
+ description: |-
+ regionAffinity holds the type of region, Datacenter or ComputeCluster.
+ When set to Datacenter, this means the region is a vCenter Datacenter as defined in topology.
+ When set to ComputeCluster, this means the region is a vCenter Cluster as defined in topology.
+ properties:
+ type:
+ description: |-
+ type determines the vSphere object type for a region within this failure domain.
+ Available types are Datacenter and ComputeCluster.
+ When set to Datacenter, this means the vCenter Datacenter defined is the region.
+ When set to ComputeCluster, this means the vCenter cluster defined is the region.
+ enum:
+ - ComputeCluster
+ - Datacenter
+ type: string
+ required:
+ - type
+ type: object
+ server:
+ anyOf:
+ - format: ipv4
+ - format: ipv6
+ - format: hostname
+ description: server is the fully-qualified domain name
+ or the IP address of the vCenter server.
+ maxLength: 255
+ minLength: 1
+ type: string
+ topology:
+ description: topology describes a given failure domain
+ using vSphere constructs
+ properties:
+ computeCluster:
+ description: |-
+ computeCluster the absolute path of the vCenter cluster
+ in which virtual machine will be located.
+ The absolute path is of the form //host/.
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/host/.*?
+ type: string
+ datacenter:
+ description: |-
+ datacenter is the name of vCenter datacenter in which virtual machines will be located.
+ The maximum length of the datacenter name is 80 characters.
+ maxLength: 80
+ type: string
+ datastore:
+ description: |-
+ datastore is the absolute path of the datastore in which the
+ virtual machine is located.
+ The absolute path is of the form //datastore/
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/datastore/.*?
+ type: string
+ folder:
+ description: |-
+ folder is the absolute path of the folder where
+ virtual machines are located. The absolute path
+ is of the form //vm/.
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/vm/.*?
+ type: string
+ networks:
+ description: |-
+ networks is the list of port group network names within this failure domain.
+ If feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined.
+ 10 is the maximum number of virtual network devices which may be attached to a VM as defined by:
+ https://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0
+ The available networks (port groups) can be listed using
+ `govc ls 'network/*'`
+ Networks should be in the form of an absolute path:
+ //network/.
+ items:
+ type: string
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ resourcePool:
+ description: |-
+ resourcePool is the absolute path of the resource pool where virtual machines will be
+ created. The absolute path is of the form //host//Resources/.
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/host/.*?/Resources.*
+ type: string
+ template:
+ description: |-
+ template is the full inventory path of the virtual machine or template
+ that will be cloned when creating new machines in this failure domain.
+ The maximum length of the path is 2048 characters.
+
+ When omitted, the template will be calculated by the control plane
+ machineset operator based on the region and zone defined in
+ VSpherePlatformFailureDomainSpec.
+ For example, for zone=zonea, region=region1, and infrastructure name=test,
+ the template path would be calculated as //vm/test-rhcos-region1-zonea.
+ maxLength: 2048
+ minLength: 1
+ pattern: ^/.*?/vm/.*?
+ type: string
+ required:
+ - computeCluster
+ - datacenter
+ - datastore
+ - networks
+ type: object
+ zone:
+ description: |-
+ zone defines the name of a zone tag that will
+ be attached to a vCenter cluster. The tag
+ category in vCenter must be named openshift-zone.
+ maxLength: 80
+ minLength: 1
+ type: string
+ zoneAffinity:
+ description: |-
+ zoneAffinity holds the type of the zone and the hostGroup which
+ vmGroup and the hostGroup names in vCenter corresponds to
+ a vm-host group of type Virtual Machine and Host respectively. Is also
+ contains the vmHostRule which is an affinity vm-host rule in vCenter.
+ properties:
+ hostGroup:
+ description: |-
+ hostGroup holds the vmGroup and the hostGroup names in vCenter
+ corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also
+ contains the vmHostRule which is an affinity vm-host rule in vCenter.
+ properties:
+ hostGroup:
+ description: |-
+ hostGroup is the name of the vm-host group of type host within vCenter for this failure domain.
+ hostGroup is limited to 80 characters.
+ This field is required when the VSphereFailureDomain ZoneType is HostGroup
+ maxLength: 80
+ minLength: 1
+ type: string
+ vmGroup:
+ description: |-
+ vmGroup is the name of the vm-host group of type virtual machine within vCenter for this failure domain.
+ vmGroup is limited to 80 characters.
+ This field is required when the VSphereFailureDomain ZoneType is HostGroup
+ maxLength: 80
+ minLength: 1
+ type: string
+ vmHostRule:
+ description: |-
+ vmHostRule is the name of the affinity vm-host rule within vCenter for this failure domain.
+ vmHostRule is limited to 80 characters.
+ This field is required when the VSphereFailureDomain ZoneType is HostGroup
+ maxLength: 80
+ minLength: 1
+ type: string
+ required:
+ - hostGroup
+ - vmGroup
+ - vmHostRule
+ type: object
+ type:
+ description: |-
+ type determines the vSphere object type for a zone within this failure domain.
+ Available types are ComputeCluster and HostGroup.
+ When set to ComputeCluster, this means the vCenter cluster defined is the zone.
+ When set to HostGroup, hostGroup must be configured with hostGroup, vmGroup and vmHostRule and
+ this means the zone is defined by the grouping of those fields.
+ enum:
+ - HostGroup
+ - ComputeCluster
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: hostGroup is required when type is HostGroup,
+ and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''HostGroup''
+ ? has(self.hostGroup) : !has(self.hostGroup)'
+ required:
+ - name
+ - region
+ - server
+ - topology
+ - zone
+ type: object
+ x-kubernetes-validations:
+ - message: when zoneAffinity type is HostGroup, regionAffinity
+ type must be ComputeCluster
+ rule: 'has(self.zoneAffinity) && self.zoneAffinity.type
+ == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type
+ == ''ComputeCluster'' : true'
+ - message: when zoneAffinity type is ComputeCluster, regionAffinity
+ type must be Datacenter
+ rule: 'has(self.zoneAffinity) && self.zoneAffinity.type
+ == ''ComputeCluster'' ? has(self.regionAffinity) &&
+ self.regionAffinity.type == ''Datacenter'' : true'
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.ingressIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ machineNetworks:
+ description: |-
+ machineNetworks are IP networks used to connect all the OpenShift cluster
+ nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+ for example "10.0.0.0/8" or "fd00::/8".
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeNetworking:
+ description: |-
+ nodeNetworking contains the definition of internal and external network constraints for
+ assigning the node's networking.
+ If this field is omitted, networking defaults to the legacy
+ address selection behavior which is to only support a single address and
+ return the first one found.
+ properties:
+ external:
+ description: external represents the network configuration
+ of the node that is externally routable.
+ properties:
+ excludeNetworkSubnetCidr:
+ description: |-
+ excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting
+ the IP address from the VirtualMachine's VM for use in the status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ network:
+ description: |-
+ network VirtualMachine's VM Network names that will be used to when searching
+ for status.addresses fields. Note that if internal.networkSubnetCIDR and
+ external.networkSubnetCIDR are not set, then the vNIC associated to this network must
+ only have a single IP address assigned to it.
+ The available networks (port groups) can be listed using
+ `govc ls 'network/*'`
+ type: string
+ networkSubnetCidr:
+ description: |-
+ networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs
+ that will be used in respective status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ internal:
+ description: internal represents the network configuration
+ of the node that is routable only within the cluster.
+ properties:
+ excludeNetworkSubnetCidr:
+ description: |-
+ excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting
+ the IP address from the VirtualMachine's VM for use in the status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ network:
+ description: |-
+ network VirtualMachine's VM Network names that will be used to when searching
+ for status.addresses fields. Note that if internal.networkSubnetCIDR and
+ external.networkSubnetCIDR are not set, then the vNIC associated to this network must
+ only have a single IP address assigned to it.
+ The available networks (port groups) can be listed using
+ `govc ls 'network/*'`
+ type: string
+ networkSubnetCidr:
+ description: |-
+ networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs
+ that will be used in respective status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: object
+ vcenters:
+ description: |-
+ vcenters holds the connection details for services to communicate with vCenter.
+ Up to 3 vCenters are supported.
+ Once the cluster has been installed, you are unable to change the current number of defined
+ vCenters except when 1.) the cluster has been upgraded from a version of OpenShift
+ where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and
+ remove vCenters but may not remove all vCenters. You may make modifications to the existing
+ vCenters that are defined in the vcenters list in order to match with any added or modified
+ failure domains.
+ items:
+ description: |-
+ VSpherePlatformVCenterSpec stores the vCenter connection fields.
+ This is used by the vSphere CCM.
+ properties:
+ datacenters:
+ description: |-
+ The vCenter Datacenters in which the RHCOS
+ vm guests are located. This field will
+ be used by the Cloud Controller Manager.
+ Each datacenter listed here should be used within
+ a topology.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ port:
+ description: |-
+ port is the TCP port that will be used to communicate to
+ the vCenter endpoint.
+ When omitted, this means the user has no opinion and
+ it is up to the platform to choose a sensible default,
+ which is subject to change over time.
+ format: int32
+ maximum: 32767
+ minimum: 1
+ type: integer
+ server:
+ anyOf:
+ - format: ipv4
+ - format: ipv6
+ - format: hostname
+ description: server is the fully-qualified domain name
+ or the IP address of the vCenter server.
+ maxLength: 255
+ type: string
+ required:
+ - datacenters
+ - server
+ type: object
+ maxItems: 3
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y,
+ y.server == x.server)) : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y,
+ y.server == x.server)) : true'
+ - message: vcenters must have unique server values
+ rule: self.all(x, self.exists_one(y, y.server == x.server))
+ type: object
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs list is required once set
+ rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
+ - message: ingressIPs list is required once set
+ rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
+ type: object
+ x-kubernetes-validations:
+ - message: vcenters is required once set and cannot be removed
+ rule: 'oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue()
+ : true'
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ apiServerInternalURI:
+ description: |-
+ apiServerInternalURL is a valid URI with scheme 'https',
+ address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components
+ like kubelets, to contact the Kubernetes API server using the
+ infrastructure provider rather than Kubernetes networking.
+ type: string
+ apiServerURL:
+ description: |-
+ apiServerURL is a valid URI with scheme 'https', address and
+ optionally a port (defaulting to 443). apiServerURL can be used by components like the web console
+ to tell users where to find the Kubernetes API.
+ type: string
+ controlPlaneTopology:
+ default: HighlyAvailable
+ description: |-
+ controlPlaneTopology expresses the expectations for operands that normally run on control nodes.
+ The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster.
+ The 'SingleReplica' mode will be used in single-node deployments
+ and the operators should not configure the operand for highly-available operation
+ The 'External' mode indicates that the control plane is hosted externally to the cluster and that
+ its components are not visible within the cluster.
+ The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes
+ that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.
+ enum:
+ - HighlyAvailable
+ - HighlyAvailableArbiter
+ - SingleReplica
+ - DualReplica
+ - External
+ type: string
+ cpuPartitioning:
+ default: None
+ description: |-
+ cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster.
+ CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets.
+ Valid values are "None" and "AllNodes". When omitted, the default value is "None".
+ The default value of "None" indicates that no nodes will be setup with CPU partitioning.
+ The "AllNodes" value indicates that all nodes have been setup with CPU partitioning,
+ and can then be further configured via the PerformanceProfile API.
+ enum:
+ - None
+ - AllNodes
+ type: string
+ etcdDiscoveryDomain:
+ description: |-
+ etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering
+ etcd servers and clients.
+ For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery
+ deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.
+ type: string
+ infrastructureName:
+ description: |-
+ infrastructureName uniquely identifies a cluster with a human friendly name.
+ Once set it should not be changed. Must be of max length 27 and must have only
+ alphanumeric or hyphen characters.
+ type: string
+ infrastructureTopology:
+ default: HighlyAvailable
+ description: |-
+ infrastructureTopology expresses the expectations for infrastructure services that do not run on control
+ plane nodes, usually indicated by a node selector for a `role` value
+ other than `master`.
+ The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster.
+ The 'SingleReplica' mode will be used in single-node deployments
+ and the operators should not configure the operand for highly-available operation
+ NOTE: External topology mode is not applicable for this field.
+ enum:
+ - HighlyAvailable
+ - SingleReplica
+ type: string
+ platform:
+ description: |-
+ platform is the underlying infrastructure provider for the cluster.
+
+ Deprecated: Use platformStatus.type instead.
+ enum:
+ - ""
+ - AWS
+ - Azure
+ - BareMetal
+ - GCP
+ - Libvirt
+ - OpenStack
+ - None
+ - VSphere
+ - oVirt
+ - IBMCloud
+ - KubeVirt
+ - EquinixMetal
+ - PowerVS
+ - AlibabaCloud
+ - Nutanix
+ - External
+ type: string
+ platformStatus:
+ description: |-
+ platformStatus holds status information specific to the underlying
+ infrastructure provider.
+ properties:
+ alibabaCloud:
+ description: alibabaCloud contains settings specific to the Alibaba
+ Cloud infrastructure provider.
+ properties:
+ region:
+ description: region specifies the region for Alibaba Cloud
+ resources created for the cluster.
+ pattern: ^[0-9A-Za-z-]+$
+ type: string
+ resourceGroupID:
+ description: resourceGroupID is the ID of the resource group
+ for the cluster.
+ pattern: ^(rg-[0-9A-Za-z]+)?$
+ type: string
+ resourceTags:
+ description: resourceTags is a list of additional tags to
+ apply to Alibaba Cloud resources created for the cluster.
+ items:
+ description: AlibabaCloudResourceTag is the set of tags
+ to add to apply to resources.
+ properties:
+ key:
+ description: key is the key of the tag.
+ maxLength: 128
+ minLength: 1
+ type: string
+ value:
+ description: value is the value of the tag.
+ maxLength: 128
+ minLength: 1
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 20
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ required:
+ - region
+ type: object
+ aws:
+ description: aws contains settings specific to the Amazon Web
+ Services infrastructure provider.
+ properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
+ ipFamily:
+ default: IPv4
+ description: |-
+ ipFamily specifies the IP protocol family that should be used for AWS
+ network resources. This controls whether AWS resources are created with
+ IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary
+ protocol family.
+ enum:
+ - IPv4
+ - DualStackIPv6Primary
+ - DualStackIPv4Primary
+ type: string
+ x-kubernetes-validations:
+ - message: ipFamily is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ region:
+ description: region holds the default AWS region for new AWS
+ resources created by the cluster.
+ type: string
+ resourceTags:
+ description: |-
+ resourceTags is a list of additional tags to apply to AWS resources created for the cluster.
+ See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources.
+ AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags
+ available for the user.
+ items:
+ description: AWSResourceTag is a tag to apply to AWS resources
+ created for the cluster.
+ properties:
+ key:
+ description: |-
+ key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.
+ Key should consist of between 1 and 128 characters, and may
+ contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.
+ maxLength: 128
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: invalid AWS resource tag key. The string
+ can contain only the set of alphanumeric characters,
+ space (' '), '_', '.', '/', '=', '+', '-', ':',
+ '@'
+ rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
+ value:
+ description: |-
+ value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.
+ Value should consist of between 1 and 256 characters, and may
+ contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.
+ Some AWS service do not support empty values. Since tags are added to resources in many services, the
+ length of the tag value must meet the requirements of all services.
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: invalid AWS resource tag value. The string
+ can contain only the set of alphanumeric characters,
+ space (' '), '_', '.', '/', '=', '+', '-', ':',
+ '@'
+ rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 25
+ type: array
+ x-kubernetes-list-type: atomic
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints list contains custom endpoints which will override default
+ service endpoint of AWS Services.
+ There must be only one ServiceEndpoint for a service.
+ items:
+ description: |-
+ AWSServiceEndpoint store the configuration of a custom url to
+ override existing defaults of AWS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the AWS service.
+ The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html
+ This must be provided and cannot be empty.
+ pattern: ^[a-z0-9-]+$
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ pattern: ^https://
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ azure:
+ description: azure contains settings specific to the Azure infrastructure
+ provider.
+ properties:
+ armEndpoint:
+ description: armEndpoint specifies a URL to use for resource
+ management in non-soverign clouds such as Azure Stack.
+ type: string
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
+ cloudName:
+ description: |-
+ cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK
+ with the appropriate Azure API endpoints.
+ If empty, the value is equal to `AzurePublicCloud`.
+ enum:
+ - ""
+ - AzurePublicCloud
+ - AzureUSGovernmentCloud
+ - AzureChinaCloud
+ - AzureGermanCloud
+ - AzureStackCloud
+ type: string
+ ipFamily:
+ default: IPv4
+ description: |-
+ ipFamily specifies the IP protocol family that should be used for Azure
+ network resources. This controls whether Azure resources are created with
+ IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary
+ protocol family.
+ enum:
+ - IPv4
+ - DualStackIPv6Primary
+ - DualStackIPv4Primary
+ type: string
+ x-kubernetes-validations:
+ - message: ipFamily is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ networkResourceGroupName:
+ description: |-
+ networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster.
+ If empty, the value is same as ResourceGroupName.
+ type: string
+ resourceGroupName:
+ description: resourceGroupName is the Resource Group for new
+ Azure resources created for the cluster.
+ type: string
+ resourceTags:
+ description: |-
+ resourceTags is a list of additional tags to apply to Azure resources created for the cluster.
+ See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources.
+ Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags
+ may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.
+ items:
+ description: AzureResourceTag is a tag to apply to Azure
+ resources created for the cluster.
+ properties:
+ key:
+ description: |-
+ key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key
+ must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric
+ characters and the following special characters `_ . -`.
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$
+ type: string
+ value:
+ description: |-
+ value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value
+ must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[0-9A-Za-z_.=+-@]+$
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 10
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: resourceTags are immutable and may only be configured
+ during installation
+ rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
+ type: object
+ x-kubernetes-validations:
+ - message: resourceTags may only be configured during installation
+ rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags)
+ || has(oldSelf.resourceTags) && has(self.resourceTags)'
+ baremetal:
+ description: baremetal contains settings specific to the BareMetal
+ platform.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on BareMetal platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ machineNetworks:
+ description: machineNetworks are IP networks used to connect
+ all the OpenShift cluster nodes.
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeDNSIP:
+ description: |-
+ nodeDNSIP is the IP address for the internal DNS used by the
+ nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+ provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+ BareMetal deployments. In order to minimize necessary changes to the
+ datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+ to the nodes in the cluster.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ equinixMetal:
+ description: equinixMetal contains settings specific to the Equinix
+ Metal infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+ type: string
+ type: object
+ external:
+ description: external contains settings specific to the generic
+ External infrastructure provider.
+ properties:
+ cloudControllerManager:
+ description: |-
+ cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI).
+ When omitted, new nodes will be not tainted
+ and no extra initialization from the cloud controller manager is expected.
+ properties:
+ state:
+ description: |-
+ state determines whether or not an external Cloud Controller Manager is expected to
+ be installed within the cluster.
+ https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager
+
+ Valid values are "External", "None" and omitted.
+ When set to "External", new nodes will be tainted as uninitialized when created,
+ preventing them from running workloads until they are initialized by the cloud controller manager.
+ When omitted or set to "None", new nodes will be not tainted
+ and no extra initialization from the cloud controller manager is expected.
+ enum:
+ - ""
+ - External
+ - None
+ type: string
+ x-kubernetes-validations:
+ - message: state is immutable once set
+ rule: self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: state may not be added or removed once set
+ rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state)
+ && self.state != "External")
+ type: object
+ x-kubernetes-validations:
+ - message: cloudControllerManager may not be added or removed
+ once set
+ rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager)
+ gcp:
+ description: gcp contains settings specific to the Google Cloud
+ Platform infrastructure provider.
+ properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
+ projectID:
+ description: resourceGroupName is the Project ID for new GCP
+ resources created for the cluster.
+ type: string
+ region:
+ description: region holds the region for new GCP resources
+ created for the cluster.
+ type: string
+ resourceLabels:
+ description: |-
+ resourceLabels is a list of additional labels to apply to GCP resources created for the cluster.
+ See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources.
+ GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use,
+ allowing 32 labels for user configuration.
+ items:
+ description: GCPResourceLabel is a label to apply to GCP
+ resources created for the cluster.
+ properties:
+ key:
+ description: |-
+ key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty.
+ Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters,
+ and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io`
+ and `openshift-io`.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z][0-9a-z_-]{0,62}$
+ type: string
+ x-kubernetes-validations:
+ - message: label keys must not start with either `openshift-io`
+ or `kubernetes-io`
+ rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')'
+ value:
+ description: |-
+ value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty.
+ Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[0-9a-z_-]{1,63}$
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: resourceLabels are immutable and may only be configured
+ during installation
+ rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
+ resourceTags:
+ description: |-
+ resourceTags is a list of additional tags to apply to GCP resources created for the cluster.
+ See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on
+ tagging GCP resources. GCP supports a maximum of 50 tags per resource.
+ items:
+ description: GCPResourceTag is a tag to apply to GCP resources
+ created for the cluster.
+ properties:
+ key:
+ description: |-
+ key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty.
+ Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase
+ alphanumeric characters, and the following special characters `._-`.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$
+ type: string
+ parentID:
+ description: |-
+ parentID is the ID of the hierarchical resource where the tags are defined,
+ e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages:
+ https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id,
+ https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects.
+ An OrganizationID must consist of decimal numbers, and cannot have leading zeroes.
+ A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers,
+ and hyphens, and must start with a letter, and cannot end with a hyphen.
+ maxLength: 32
+ minLength: 1
+ pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)
+ type: string
+ value:
+ description: |-
+ value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty.
+ Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase
+ alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$
+ type: string
+ required:
+ - key
+ - parentID
+ - value
+ type: object
+ maxItems: 50
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: resourceTags are immutable and may only be configured
+ during installation
+ rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
+ type: object
+ x-kubernetes-validations:
+ - message: resourceLabels may only be configured during installation
+ rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels)
+ || has(oldSelf.resourceLabels) && has(self.resourceLabels)'
+ - message: resourceTags may only be configured during installation
+ rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags)
+ || has(oldSelf.resourceTags) && has(self.resourceTags)'
+ ibmcloud:
+ description: ibmcloud contains settings specific to the IBMCloud
+ infrastructure provider.
+ properties:
+ cisInstanceCRN:
+ description: |-
+ cisInstanceCRN is the CRN of the Cloud Internet Services instance managing
+ the DNS zone for the cluster's base domain
+ type: string
+ dnsInstanceCRN:
+ description: |-
+ dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone
+ for the cluster's base domain
+ type: string
+ location:
+ description: location is where the cluster has been deployed
+ type: string
+ providerType:
+ description: providerType indicates the type of cluster that
+ was created
+ type: string
+ resourceGroupName:
+ description: resourceGroupName is the Resource Group for new
+ IBMCloud resources created for the cluster.
+ type: string
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of an IBM service. These endpoints are used by components
+ within the cluster when trying to reach the IBM Cloud Services that have been
+ overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each
+ endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus
+ are updated to reflect the same custom endpoints.
+ items:
+ description: |-
+ IBMCloudServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of IBM Cloud Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the IBM Cloud service.
+ Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC.
+ For example, the IBM Cloud Private IAM service could be configured with the
+ service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com`
+ Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured
+ with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty. The path must follow the pattern
+ /v[0,9]+ or /api/v[0,9]+
+ maxLength: 300
+ type: string
+ x-kubernetes-validations:
+ - message: url must be a valid absolute URL
+ rule: isURL(self)
+ required:
+ - name
+ - url
+ type: object
+ maxItems: 13
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ kubevirt:
+ description: kubevirt contains settings specific to the kubevirt
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+ type: string
+ type: object
+ nutanix:
+ description: nutanix contains settings specific to the Nutanix
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on Nutanix platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ openstack:
+ description: openstack contains settings specific to the OpenStack
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ cloudName:
+ description: |-
+ cloudName is the name of the desired OpenStack cloud in the
+ client configuration file (`clouds.yaml`).
+ type: string
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on OpenStack platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ machineNetworks:
+ description: machineNetworks are IP networks used to connect
+ all the OpenShift cluster nodes.
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeDNSIP:
+ description: |-
+ nodeDNSIP is the IP address for the internal DNS used by the
+ nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+ provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+ OpenStack deployments. In order to minimize necessary changes to the
+ datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+ to the nodes in the cluster.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ ovirt:
+ description: ovirt contains settings specific to the oVirt infrastructure
+ provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on Ovirt platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ nodeDNSIP:
+ description: 'deprecated: as of 4.6, this field is no longer
+ set or honored. It will be removed in a future release.'
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ powervs:
+ description: powervs contains settings specific to the Power Systems
+ Virtual Servers infrastructure provider.
+ properties:
+ cisInstanceCRN:
+ description: |-
+ cisInstanceCRN is the CRN of the Cloud Internet Services instance managing
+ the DNS zone for the cluster's base domain
+ type: string
+ dnsInstanceCRN:
+ description: |-
+ dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone
+ for the cluster's base domain
+ type: string
+ region:
+ description: region holds the default Power VS region for
+ new Power VS resources created by the cluster.
+ type: string
+ resourceGroup:
+ description: |-
+ resourceGroup is the resource group name for new IBMCloud resources created for a cluster.
+ The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry.
+ More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs.
+ When omitted, the image registry operator won't be able to configure storage,
+ which results in the image registry cluster operator not being in an available state.
+ maxLength: 40
+ pattern: ^[a-zA-Z0-9-_ ]+$
+ type: string
+ x-kubernetes-validations:
+ - message: resourceGroup is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of a Power VS service.
+ items:
+ description: |-
+ PowervsServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of PowerVS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the Power VS service.
+ Few of the services are
+ IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api
+ ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller
+ Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - Power
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ format: uri
+ pattern: ^https://
+ type: string
+ required:
+ - name
+ - url
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ zone:
+ description: |-
+ zone holds the default zone for the new Power VS resources created by the cluster.
+ Note: Currently only single-zone OCP clusters are supported
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: cannot unset resourceGroup once set
+ rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)'
+ type:
+ description: |-
+ type is the underlying infrastructure provider for the cluster. This
+ value controls whether infrastructure automation such as service load
+ balancers, dynamic volume provisioning, machine creation and deletion, and
+ other integrations are enabled. If None, no infrastructure automation is
+ enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
+ "OpenStack", "VSphere", "oVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None".
+ Individual components may not support all platforms, and must handle
+ unrecognized platforms as None if they do not support that platform.
+
+ This value will be synced with to the `status.platform` and `status.platformStatus.type`.
+ Currently this value cannot be changed once set.
+ enum:
+ - ""
+ - AWS
+ - Azure
+ - BareMetal
+ - GCP
+ - Libvirt
+ - OpenStack
+ - None
+ - VSphere
+ - oVirt
+ - IBMCloud
+ - KubeVirt
+ - EquinixMetal
+ - PowerVS
+ - AlibabaCloud
+ - Nutanix
+ - External
+ type: string
+ vsphere:
+ description: vsphere contains settings specific to the VSphere
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on VSphere platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ machineNetworks:
+ description: machineNetworks are IP networks used to connect
+ all the OpenShift cluster nodes.
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeDNSIP:
+ description: |-
+ nodeDNSIP is the IP address for the internal DNS used by the
+ nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+ provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+ vSphere deployments. In order to minimize necessary changes to the
+ datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+ to the nodes in the cluster.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ x-kubernetes-validations:
+ - message: spec.controlPlaneTopology must match status.controlPlaneTopology
+ or be set to HighlyAvailable when status.controlPlaneTopology is SingleReplica
+ rule: '!has(self.spec.controlPlaneTopology) || (has(oldSelf.spec.controlPlaneTopology)
+ && self.spec.controlPlaneTopology == oldSelf.spec.controlPlaneTopology)
+ || (has(self.status.controlPlaneTopology) && self.spec.controlPlaneTopology
+ == self.status.controlPlaneTopology) || (has(self.status.controlPlaneTopology)
+ && self.status.controlPlaneTopology == ''SingleReplica'' && self.spec.controlPlaneTopology
+ == ''HighlyAvailable'')'
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 000000000..f3b307973
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,2798 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ name: infrastructures.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Infrastructure
+ listKind: InfrastructureList
+ plural: infrastructures
+ singular: infrastructure
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ cloudConfig:
+ description: |-
+ cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file.
+ This configuration file is used to configure the Kubernetes cloud provider integration
+ when using the built-in cloud provider integration or the external cloud controller manager.
+ The namespace for this config map is openshift-config.
+
+ cloudConfig should only be consumed by the kube_cloud_config controller.
+ The controller is responsible for using the user configuration in the spec
+ for various platforms and combining that with the user provided ConfigMap in this field
+ to create a stitched kube cloud config.
+ The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace
+ with the kube cloud config is stored in `cloud.conf` key.
+ All the clients are expected to use the generated ConfigMap only.
+ properties:
+ key:
+ description: key allows pointing to a specific key/value inside
+ of the configmap. This is useful for logical file references.
+ type: string
+ name:
+ type: string
+ type: object
+ controlPlaneTopology:
+ description: |-
+ controlPlaneTopology expresses the desired topology configuration for control nodes.
+
+ When status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable',
+ a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable.
+
+ When left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value,
+ no changes are required and no transitions will be triggered.
+
+ This value may be set to match status.controlPlaneTopology regardless of the current value.
+ enum:
+ - HighlyAvailable
+ - SingleReplica
+ type: string
+ platformSpec:
+ description: |-
+ platformSpec holds desired information specific to the underlying
+ infrastructure provider.
+ properties:
+ alibabaCloud:
+ description: alibabaCloud contains settings specific to the Alibaba
+ Cloud infrastructure provider.
+ type: object
+ aws:
+ description: aws contains settings specific to the Amazon Web
+ Services infrastructure provider.
+ properties:
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints list contains custom endpoints which will override default
+ service endpoint of AWS Services.
+ There must be only one ServiceEndpoint for a service.
+ items:
+ description: |-
+ AWSServiceEndpoint store the configuration of a custom url to
+ override existing defaults of AWS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the AWS service.
+ The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html
+ This must be provided and cannot be empty.
+ pattern: ^[a-z0-9-]+$
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ pattern: ^https://
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ azure:
+ description: azure contains settings specific to the Azure infrastructure
+ provider.
+ type: object
+ baremetal:
+ description: baremetal contains settings specific to the BareMetal
+ platform.
+ properties:
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.apiServerInternalIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.ingressIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ machineNetworks:
+ description: |-
+ machineNetworks are IP networks used to connect all the OpenShift cluster
+ nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+ for example "10.0.0.0/8" or "fd00::/8".
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ type: object
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs list is required once set
+ rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
+ - message: ingressIPs list is required once set
+ rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
+ equinixMetal:
+ description: equinixMetal contains settings specific to the Equinix
+ Metal infrastructure provider.
+ type: object
+ external:
+ description: |-
+ ExternalPlatformType represents generic infrastructure provider.
+ Platform-specific components should be supplemented separately.
+ properties:
+ platformName:
+ default: Unknown
+ description: |-
+ platformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time.
+ This field is solely for informational and reporting purposes and is not expected to be used for decision-making.
+ type: string
+ x-kubernetes-validations:
+ - message: platform name cannot be changed once set
+ rule: oldSelf == 'Unknown' || self == oldSelf
+ type: object
+ gcp:
+ description: gcp contains settings specific to the Google Cloud
+ Platform infrastructure provider.
+ type: object
+ ibmcloud:
+ description: ibmcloud contains settings specific to the IBMCloud
+ infrastructure provider.
+ properties:
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of an IBM service. These endpoints are used by components
+ within the cluster when trying to reach the IBM Cloud Services that have been
+ overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each
+ endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus
+ are updated to reflect the same custom endpoints.
+ A maximum of 13 service endpoints overrides are supported.
+ items:
+ description: |-
+ IBMCloudServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of IBM Cloud Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the IBM Cloud service.
+ Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC.
+ For example, the IBM Cloud Private IAM service could be configured with the
+ service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com`
+ Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured
+ with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty. The path must follow the pattern
+ /v[0,9]+ or /api/v[0,9]+
+ maxLength: 300
+ type: string
+ x-kubernetes-validations:
+ - message: url must use https scheme
+ rule: url(self).getScheme() == "https"
+ - message: url path must match /v[0,9]+ or /api/v[0,9]+
+ rule: matches((url(self).getEscapedPath()), '^/(api/)?v[0-9]+/{0,1}$')
+ - message: url must be a valid absolute URL
+ rule: isURL(self)
+ required:
+ - name
+ - url
+ type: object
+ maxItems: 13
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ kubevirt:
+ description: kubevirt contains settings specific to the kubevirt
+ infrastructure provider.
+ type: object
+ nutanix:
+ description: nutanix contains settings specific to the Nutanix
+ infrastructure provider.
+ properties:
+ failureDomains:
+ description: |-
+ failureDomains configures failure domains information for the Nutanix platform.
+ When set, the failure domains defined here may be used to spread Machines across
+ prism element clusters to improve fault tolerance of the cluster.
+ items:
+ description: NutanixFailureDomain configures failure domain
+ information for the Nutanix platform.
+ properties:
+ cluster:
+ description: |-
+ cluster is to identify the cluster (the Prism Element under management of the Prism Central),
+ in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained
+ from the Prism Central console or using the prism_central API.
+ properties:
+ name:
+ description: name is the resource name in the PC.
+ It cannot be empty if the type is Name.
+ type: string
+ type:
+ description: type is the identifier type to use
+ for this resource.
+ enum:
+ - UUID
+ - Name
+ type: string
+ uuid:
+ description: uuid is the UUID of the resource in
+ the PC. It cannot be empty if the type is UUID.
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: uuid configuration is required when type
+ is UUID, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid)
+ : !has(self.uuid)'
+ - message: name configuration is required when type
+ is Name, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''Name'' ? has(self.name)
+ : !has(self.name)'
+ name:
+ description: |-
+ name defines the unique name of a failure domain.
+ Name is required and must be at most 64 characters in length.
+ It must consist of only lower case alphanumeric characters and hyphens (-).
+ It must start and end with an alphanumeric character.
+ This value is arbitrary and is used to identify the failure domain within the platform.
+ maxLength: 64
+ minLength: 1
+ pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
+ type: string
+ subnets:
+ description: |-
+ subnets holds a list of identifiers (one or more) of the cluster's network subnets
+ If the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured.
+ for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be
+ obtained from the Prism Central console or using the prism_central API.
+ items:
+ description: NutanixResourceIdentifier holds the identity
+ of a Nutanix PC resource (cluster, image, subnet,
+ etc.)
+ properties:
+ name:
+ description: name is the resource name in the
+ PC. It cannot be empty if the type is Name.
+ type: string
+ type:
+ description: type is the identifier type to use
+ for this resource.
+ enum:
+ - UUID
+ - Name
+ type: string
+ uuid:
+ description: uuid is the UUID of the resource
+ in the PC. It cannot be empty if the type is
+ UUID.
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: uuid configuration is required when type
+ is UUID, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid)
+ : !has(self.uuid)'
+ - message: name configuration is required when type
+ is Name, and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''Name'' ? has(self.name)
+ : !has(self.name)'
+ maxItems: 32
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: each subnet must be unique
+ rule: self.all(x, self.exists_one(y, x == y))
+ required:
+ - cluster
+ - name
+ - subnets
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ prismCentral:
+ description: |-
+ prismCentral holds the endpoint address and port to access the Nutanix Prism Central.
+ When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.
+ Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the
+ proxy spec.noProxy list.
+ properties:
+ address:
+ description: address is the endpoint address (DNS name
+ or IP address) of the Nutanix Prism Central or Element
+ (cluster)
+ maxLength: 256
+ type: string
+ port:
+ description: port is the port number to access the Nutanix
+ Prism Central or Element (cluster)
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ required:
+ - address
+ - port
+ type: object
+ prismElements:
+ description: |-
+ prismElements holds one or more endpoint address and port data to access the Nutanix
+ Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one
+ Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.)
+ used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.)
+ spread over multiple Prism Elements (clusters) of the Prism Central.
+ items:
+ description: NutanixPrismElementEndpoint holds the name
+ and endpoint data for a Prism Element (cluster)
+ properties:
+ endpoint:
+ description: |-
+ endpoint holds the endpoint address and port data of the Prism Element (cluster).
+ When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.
+ Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the
+ proxy spec.noProxy list.
+ properties:
+ address:
+ description: address is the endpoint address (DNS
+ name or IP address) of the Nutanix Prism Central
+ or Element (cluster)
+ maxLength: 256
+ type: string
+ port:
+ description: port is the port number to access the
+ Nutanix Prism Central or Element (cluster)
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ required:
+ - address
+ - port
+ type: object
+ name:
+ description: |-
+ name is the name of the Prism Element (cluster). This value will correspond with
+ the cluster field configured on other resources (eg Machines, PVCs, etc).
+ maxLength: 256
+ type: string
+ required:
+ - endpoint
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - prismCentral
+ - prismElements
+ type: object
+ openstack:
+ description: openstack contains settings specific to the OpenStack
+ infrastructure provider.
+ properties:
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.apiServerInternalIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.ingressIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ machineNetworks:
+ description: |-
+ machineNetworks are IP networks used to connect all the OpenShift cluster
+ nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+ for example "10.0.0.0/8" or "fd00::/8".
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ type: object
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs list is required once set
+ rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
+ - message: ingressIPs list is required once set
+ rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
+ ovirt:
+ description: ovirt contains settings specific to the oVirt infrastructure
+ provider.
+ type: object
+ powervs:
+ description: powervs contains settings specific to the IBM Power
+ Systems Virtual Servers infrastructure provider.
+ properties:
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of a Power VS service.
+ items:
+ description: |-
+ PowervsServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of PowerVS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the Power VS service.
+ Few of the services are
+ IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api
+ ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller
+ Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - Power
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ format: uri
+ pattern: ^https://
+ type: string
+ required:
+ - name
+ - url
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ description: |-
+ type is the underlying infrastructure provider for the cluster. This
+ value controls whether infrastructure automation such as service load
+ balancers, dynamic volume provisioning, machine creation and deletion, and
+ other integrations are enabled. If None, no infrastructure automation is
+ enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
+ "OpenStack", "VSphere", "oVirt", "IBMCloud", "KubeVirt", "EquinixMetal",
+ "PowerVS", "AlibabaCloud", "Nutanix", "External", and "None". Individual
+ components may not support all platforms, and must handle unrecognized
+ platforms as None if they do not support that platform.
+ enum:
+ - ""
+ - AWS
+ - Azure
+ - BareMetal
+ - GCP
+ - Libvirt
+ - OpenStack
+ - None
+ - VSphere
+ - oVirt
+ - IBMCloud
+ - KubeVirt
+ - EquinixMetal
+ - PowerVS
+ - AlibabaCloud
+ - Nutanix
+ - External
+ type: string
+ vsphere:
+ description: vsphere contains settings specific to the VSphere
+ infrastructure provider.
+ properties:
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.apiServerInternalIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ failureDomains:
+ description: |-
+ failureDomains contains the definition of region, zone and the vCenter topology.
+ If this is omitted failure domains (regions and zones) will not be used.
+ items:
+ description: VSpherePlatformFailureDomainSpec holds the
+ region and zone failure domain and the vCenter topology
+ of that failure domain.
+ properties:
+ name:
+ description: |-
+ name defines the arbitrary but unique name
+ of a failure domain.
+ maxLength: 256
+ minLength: 1
+ type: string
+ region:
+ description: |-
+ region defines the name of a region tag that will
+ be attached to a vCenter datacenter. The tag
+ category in vCenter must be named openshift-region.
+ maxLength: 80
+ minLength: 1
+ type: string
+ regionAffinity:
+ description: |-
+ regionAffinity holds the type of region, Datacenter or ComputeCluster.
+ When set to Datacenter, this means the region is a vCenter Datacenter as defined in topology.
+ When set to ComputeCluster, this means the region is a vCenter Cluster as defined in topology.
+ properties:
+ type:
+ description: |-
+ type determines the vSphere object type for a region within this failure domain.
+ Available types are Datacenter and ComputeCluster.
+ When set to Datacenter, this means the vCenter Datacenter defined is the region.
+ When set to ComputeCluster, this means the vCenter cluster defined is the region.
+ enum:
+ - ComputeCluster
+ - Datacenter
+ type: string
+ required:
+ - type
+ type: object
+ server:
+ anyOf:
+ - format: ipv4
+ - format: ipv6
+ - format: hostname
+ description: server is the fully-qualified domain name
+ or the IP address of the vCenter server.
+ maxLength: 255
+ minLength: 1
+ type: string
+ topology:
+ description: topology describes a given failure domain
+ using vSphere constructs
+ properties:
+ computeCluster:
+ description: |-
+ computeCluster the absolute path of the vCenter cluster
+ in which virtual machine will be located.
+ The absolute path is of the form //host/.
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/host/.*?
+ type: string
+ datacenter:
+ description: |-
+ datacenter is the name of vCenter datacenter in which virtual machines will be located.
+ The maximum length of the datacenter name is 80 characters.
+ maxLength: 80
+ type: string
+ datastore:
+ description: |-
+ datastore is the absolute path of the datastore in which the
+ virtual machine is located.
+ The absolute path is of the form //datastore/
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/datastore/.*?
+ type: string
+ folder:
+ description: |-
+ folder is the absolute path of the folder where
+ virtual machines are located. The absolute path
+ is of the form //vm/.
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/vm/.*?
+ type: string
+ networks:
+ description: |-
+ networks is the list of port group network names within this failure domain.
+ If feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined.
+ 10 is the maximum number of virtual network devices which may be attached to a VM as defined by:
+ https://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0
+ The available networks (port groups) can be listed using
+ `govc ls 'network/*'`
+ Networks should be in the form of an absolute path:
+ //network/.
+ items:
+ type: string
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ resourcePool:
+ description: |-
+ resourcePool is the absolute path of the resource pool where virtual machines will be
+ created. The absolute path is of the form //host//Resources/.
+ The maximum length of the path is 2048 characters.
+ maxLength: 2048
+ pattern: ^/.*?/host/.*?/Resources.*
+ type: string
+ template:
+ description: |-
+ template is the full inventory path of the virtual machine or template
+ that will be cloned when creating new machines in this failure domain.
+ The maximum length of the path is 2048 characters.
+
+ When omitted, the template will be calculated by the control plane
+ machineset operator based on the region and zone defined in
+ VSpherePlatformFailureDomainSpec.
+ For example, for zone=zonea, region=region1, and infrastructure name=test,
+ the template path would be calculated as //vm/test-rhcos-region1-zonea.
+ maxLength: 2048
+ minLength: 1
+ pattern: ^/.*?/vm/.*?
+ type: string
+ required:
+ - computeCluster
+ - datacenter
+ - datastore
+ - networks
+ type: object
+ zone:
+ description: |-
+ zone defines the name of a zone tag that will
+ be attached to a vCenter cluster. The tag
+ category in vCenter must be named openshift-zone.
+ maxLength: 80
+ minLength: 1
+ type: string
+ zoneAffinity:
+ description: |-
+ zoneAffinity holds the type of the zone and the hostGroup which
+ vmGroup and the hostGroup names in vCenter corresponds to
+ a vm-host group of type Virtual Machine and Host respectively. Is also
+ contains the vmHostRule which is an affinity vm-host rule in vCenter.
+ properties:
+ hostGroup:
+ description: |-
+ hostGroup holds the vmGroup and the hostGroup names in vCenter
+ corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also
+ contains the vmHostRule which is an affinity vm-host rule in vCenter.
+ properties:
+ hostGroup:
+ description: |-
+ hostGroup is the name of the vm-host group of type host within vCenter for this failure domain.
+ hostGroup is limited to 80 characters.
+ This field is required when the VSphereFailureDomain ZoneType is HostGroup
+ maxLength: 80
+ minLength: 1
+ type: string
+ vmGroup:
+ description: |-
+ vmGroup is the name of the vm-host group of type virtual machine within vCenter for this failure domain.
+ vmGroup is limited to 80 characters.
+ This field is required when the VSphereFailureDomain ZoneType is HostGroup
+ maxLength: 80
+ minLength: 1
+ type: string
+ vmHostRule:
+ description: |-
+ vmHostRule is the name of the affinity vm-host rule within vCenter for this failure domain.
+ vmHostRule is limited to 80 characters.
+ This field is required when the VSphereFailureDomain ZoneType is HostGroup
+ maxLength: 80
+ minLength: 1
+ type: string
+ required:
+ - hostGroup
+ - vmGroup
+ - vmHostRule
+ type: object
+ type:
+ description: |-
+ type determines the vSphere object type for a zone within this failure domain.
+ Available types are ComputeCluster and HostGroup.
+ When set to ComputeCluster, this means the vCenter cluster defined is the zone.
+ When set to HostGroup, hostGroup must be configured with hostGroup, vmGroup and vmHostRule and
+ this means the zone is defined by the grouping of those fields.
+ enum:
+ - HostGroup
+ - ComputeCluster
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: hostGroup is required when type is HostGroup,
+ and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''HostGroup''
+ ? has(self.hostGroup) : !has(self.hostGroup)'
+ required:
+ - name
+ - region
+ - server
+ - topology
+ - zone
+ type: object
+ x-kubernetes-validations:
+ - message: when zoneAffinity type is HostGroup, regionAffinity
+ type must be ComputeCluster
+ rule: 'has(self.zoneAffinity) && self.zoneAffinity.type
+ == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type
+ == ''ComputeCluster'' : true'
+ - message: when zoneAffinity type is ComputeCluster, regionAffinity
+ type must be Datacenter
+ rule: 'has(self.zoneAffinity) && self.zoneAffinity.type
+ == ''ComputeCluster'' ? has(self.regionAffinity) &&
+ self.regionAffinity.type == ''Datacenter'' : true'
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names.
+ In dual stack clusters this list contains two IP addresses, one from IPv4
+ family and one from IPv6.
+ In single stack clusters a single IP address is expected.
+ When omitted, values from the status.ingressIPs will be used.
+ Once set, the list cannot be completely removed (but its second entry can).
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1])
+ ? ip(self[0]).family() != ip(self[1]).family() : true'
+ machineNetworks:
+ description: |-
+ machineNetworks are IP networks used to connect all the OpenShift cluster
+ nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+ for example "10.0.0.0/8" or "fd00::/8".
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeNetworking:
+ description: |-
+ nodeNetworking contains the definition of internal and external network constraints for
+ assigning the node's networking.
+ If this field is omitted, networking defaults to the legacy
+ address selection behavior which is to only support a single address and
+ return the first one found.
+ properties:
+ external:
+ description: external represents the network configuration
+ of the node that is externally routable.
+ properties:
+ excludeNetworkSubnetCidr:
+ description: |-
+ excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting
+ the IP address from the VirtualMachine's VM for use in the status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ network:
+ description: |-
+ network VirtualMachine's VM Network names that will be used to when searching
+ for status.addresses fields. Note that if internal.networkSubnetCIDR and
+ external.networkSubnetCIDR are not set, then the vNIC associated to this network must
+ only have a single IP address assigned to it.
+ The available networks (port groups) can be listed using
+ `govc ls 'network/*'`
+ type: string
+ networkSubnetCidr:
+ description: |-
+ networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs
+ that will be used in respective status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ internal:
+ description: internal represents the network configuration
+ of the node that is routable only within the cluster.
+ properties:
+ excludeNetworkSubnetCidr:
+ description: |-
+ excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting
+ the IP address from the VirtualMachine's VM for use in the status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ network:
+ description: |-
+ network VirtualMachine's VM Network names that will be used to when searching
+ for status.addresses fields. Note that if internal.networkSubnetCIDR and
+ external.networkSubnetCIDR are not set, then the vNIC associated to this network must
+ only have a single IP address assigned to it.
+ The available networks (port groups) can be listed using
+ `govc ls 'network/*'`
+ type: string
+ networkSubnetCidr:
+ description: |-
+ networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs
+ that will be used in respective status.addresses fields.
+ items:
+ format: cidr
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: object
+ vcenters:
+ description: |-
+ vcenters holds the connection details for services to communicate with vCenter.
+ Up to 3 vCenters are supported.
+ Once the cluster has been installed, you are unable to change the current number of defined
+ vCenters except when 1.) the cluster has been upgraded from a version of OpenShift
+ where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and
+ remove vCenters but may not remove all vCenters. You may make modifications to the existing
+ vCenters that are defined in the vcenters list in order to match with any added or modified
+ failure domains.
+ items:
+ description: |-
+ VSpherePlatformVCenterSpec stores the vCenter connection fields.
+ This is used by the vSphere CCM.
+ properties:
+ datacenters:
+ description: |-
+ The vCenter Datacenters in which the RHCOS
+ vm guests are located. This field will
+ be used by the Cloud Controller Manager.
+ Each datacenter listed here should be used within
+ a topology.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ port:
+ description: |-
+ port is the TCP port that will be used to communicate to
+ the vCenter endpoint.
+ When omitted, this means the user has no opinion and
+ it is up to the platform to choose a sensible default,
+ which is subject to change over time.
+ format: int32
+ maximum: 32767
+ minimum: 1
+ type: integer
+ server:
+ anyOf:
+ - format: ipv4
+ - format: ipv6
+ - format: hostname
+ description: server is the fully-qualified domain name
+ or the IP address of the vCenter server.
+ maxLength: 255
+ type: string
+ required:
+ - datacenters
+ - server
+ type: object
+ maxItems: 3
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y,
+ y.server == x.server)) : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y,
+ y.server == x.server)) : true'
+ - message: vcenters must have unique server values
+ rule: self.all(x, self.exists_one(y, y.server == x.server))
+ type: object
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs list is required once set
+ rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
+ - message: ingressIPs list is required once set
+ rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
+ type: object
+ x-kubernetes-validations:
+ - message: vcenters is required once set and cannot be removed
+ rule: 'oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue()
+ : true'
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ apiServerInternalURI:
+ description: |-
+ apiServerInternalURL is a valid URI with scheme 'https',
+ address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components
+ like kubelets, to contact the Kubernetes API server using the
+ infrastructure provider rather than Kubernetes networking.
+ type: string
+ apiServerURL:
+ description: |-
+ apiServerURL is a valid URI with scheme 'https', address and
+ optionally a port (defaulting to 443). apiServerURL can be used by components like the web console
+ to tell users where to find the Kubernetes API.
+ type: string
+ controlPlaneTopology:
+ default: HighlyAvailable
+ description: |-
+ controlPlaneTopology expresses the expectations for operands that normally run on control nodes.
+ The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster.
+ The 'SingleReplica' mode will be used in single-node deployments
+ and the operators should not configure the operand for highly-available operation
+ The 'External' mode indicates that the control plane is hosted externally to the cluster and that
+ its components are not visible within the cluster.
+ The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes
+ that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.
+ enum:
+ - HighlyAvailable
+ - HighlyAvailableArbiter
+ - SingleReplica
+ - DualReplica
+ - External
+ type: string
+ cpuPartitioning:
+ default: None
+ description: |-
+ cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster.
+ CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets.
+ Valid values are "None" and "AllNodes". When omitted, the default value is "None".
+ The default value of "None" indicates that no nodes will be setup with CPU partitioning.
+ The "AllNodes" value indicates that all nodes have been setup with CPU partitioning,
+ and can then be further configured via the PerformanceProfile API.
+ enum:
+ - None
+ - AllNodes
+ type: string
+ etcdDiscoveryDomain:
+ description: |-
+ etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering
+ etcd servers and clients.
+ For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery
+ deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.
+ type: string
+ infrastructureName:
+ description: |-
+ infrastructureName uniquely identifies a cluster with a human friendly name.
+ Once set it should not be changed. Must be of max length 27 and must have only
+ alphanumeric or hyphen characters.
+ type: string
+ infrastructureTopology:
+ default: HighlyAvailable
+ description: |-
+ infrastructureTopology expresses the expectations for infrastructure services that do not run on control
+ plane nodes, usually indicated by a node selector for a `role` value
+ other than `master`.
+ The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster.
+ The 'SingleReplica' mode will be used in single-node deployments
+ and the operators should not configure the operand for highly-available operation
+ NOTE: External topology mode is not applicable for this field.
+ enum:
+ - HighlyAvailable
+ - SingleReplica
+ type: string
+ platform:
+ description: |-
+ platform is the underlying infrastructure provider for the cluster.
+
+ Deprecated: Use platformStatus.type instead.
+ enum:
+ - ""
+ - AWS
+ - Azure
+ - BareMetal
+ - GCP
+ - Libvirt
+ - OpenStack
+ - None
+ - VSphere
+ - oVirt
+ - IBMCloud
+ - KubeVirt
+ - EquinixMetal
+ - PowerVS
+ - AlibabaCloud
+ - Nutanix
+ - External
+ type: string
+ platformStatus:
+ description: |-
+ platformStatus holds status information specific to the underlying
+ infrastructure provider.
+ properties:
+ alibabaCloud:
+ description: alibabaCloud contains settings specific to the Alibaba
+ Cloud infrastructure provider.
+ properties:
+ region:
+ description: region specifies the region for Alibaba Cloud
+ resources created for the cluster.
+ pattern: ^[0-9A-Za-z-]+$
+ type: string
+ resourceGroupID:
+ description: resourceGroupID is the ID of the resource group
+ for the cluster.
+ pattern: ^(rg-[0-9A-Za-z]+)?$
+ type: string
+ resourceTags:
+ description: resourceTags is a list of additional tags to
+ apply to Alibaba Cloud resources created for the cluster.
+ items:
+ description: AlibabaCloudResourceTag is the set of tags
+ to add to apply to resources.
+ properties:
+ key:
+ description: key is the key of the tag.
+ maxLength: 128
+ minLength: 1
+ type: string
+ value:
+ description: value is the value of the tag.
+ maxLength: 128
+ minLength: 1
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 20
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ required:
+ - region
+ type: object
+ aws:
+ description: aws contains settings specific to the Amazon Web
+ Services infrastructure provider.
+ properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
+ ipFamily:
+ default: IPv4
+ description: |-
+ ipFamily specifies the IP protocol family that should be used for AWS
+ network resources. This controls whether AWS resources are created with
+ IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary
+ protocol family.
+ enum:
+ - IPv4
+ - DualStackIPv6Primary
+ - DualStackIPv4Primary
+ type: string
+ x-kubernetes-validations:
+ - message: ipFamily is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ region:
+ description: region holds the default AWS region for new AWS
+ resources created by the cluster.
+ type: string
+ resourceTags:
+ description: |-
+ resourceTags is a list of additional tags to apply to AWS resources created for the cluster.
+ See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources.
+ AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags
+ available for the user.
+ items:
+ description: AWSResourceTag is a tag to apply to AWS resources
+ created for the cluster.
+ properties:
+ key:
+ description: |-
+ key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.
+ Key should consist of between 1 and 128 characters, and may
+ contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.
+ maxLength: 128
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: invalid AWS resource tag key. The string
+ can contain only the set of alphanumeric characters,
+ space (' '), '_', '.', '/', '=', '+', '-', ':',
+ '@'
+ rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
+ value:
+ description: |-
+ value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.
+ Value should consist of between 1 and 256 characters, and may
+ contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.
+ Some AWS service do not support empty values. Since tags are added to resources in many services, the
+ length of the tag value must meet the requirements of all services.
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: invalid AWS resource tag value. The string
+ can contain only the set of alphanumeric characters,
+ space (' '), '_', '.', '/', '=', '+', '-', ':',
+ '@'
+ rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 25
+ type: array
+ x-kubernetes-list-type: atomic
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints list contains custom endpoints which will override default
+ service endpoint of AWS Services.
+ There must be only one ServiceEndpoint for a service.
+ items:
+ description: |-
+ AWSServiceEndpoint store the configuration of a custom url to
+ override existing defaults of AWS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the AWS service.
+ The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html
+ This must be provided and cannot be empty.
+ pattern: ^[a-z0-9-]+$
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ pattern: ^https://
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ azure:
+ description: azure contains settings specific to the Azure infrastructure
+ provider.
+ properties:
+ armEndpoint:
+ description: armEndpoint specifies a URL to use for resource
+ management in non-soverign clouds such as Azure Stack.
+ type: string
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
+ cloudName:
+ description: |-
+ cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK
+ with the appropriate Azure API endpoints.
+ If empty, the value is equal to `AzurePublicCloud`.
+ enum:
+ - ""
+ - AzurePublicCloud
+ - AzureUSGovernmentCloud
+ - AzureChinaCloud
+ - AzureGermanCloud
+ - AzureStackCloud
+ type: string
+ ipFamily:
+ default: IPv4
+ description: |-
+ ipFamily specifies the IP protocol family that should be used for Azure
+ network resources. This controls whether Azure resources are created with
+ IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary
+ protocol family.
+ enum:
+ - IPv4
+ - DualStackIPv6Primary
+ - DualStackIPv4Primary
+ type: string
+ x-kubernetes-validations:
+ - message: ipFamily is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ networkResourceGroupName:
+ description: |-
+ networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster.
+ If empty, the value is same as ResourceGroupName.
+ type: string
+ resourceGroupName:
+ description: resourceGroupName is the Resource Group for new
+ Azure resources created for the cluster.
+ type: string
+ resourceTags:
+ description: |-
+ resourceTags is a list of additional tags to apply to Azure resources created for the cluster.
+ See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources.
+ Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags
+ may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.
+ items:
+ description: AzureResourceTag is a tag to apply to Azure
+ resources created for the cluster.
+ properties:
+ key:
+ description: |-
+ key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key
+ must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric
+ characters and the following special characters `_ . -`.
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$
+ type: string
+ value:
+ description: |-
+ value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value
+ must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[0-9A-Za-z_.=+-@]+$
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 10
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: resourceTags are immutable and may only be configured
+ during installation
+ rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
+ type: object
+ x-kubernetes-validations:
+ - message: resourceTags may only be configured during installation
+ rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags)
+ || has(oldSelf.resourceTags) && has(self.resourceTags)'
+ baremetal:
+ description: baremetal contains settings specific to the BareMetal
+ platform.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on BareMetal platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ machineNetworks:
+ description: machineNetworks are IP networks used to connect
+ all the OpenShift cluster nodes.
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeDNSIP:
+ description: |-
+ nodeDNSIP is the IP address for the internal DNS used by the
+ nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+ provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+ BareMetal deployments. In order to minimize necessary changes to the
+ datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+ to the nodes in the cluster.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ equinixMetal:
+ description: equinixMetal contains settings specific to the Equinix
+ Metal infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+ type: string
+ type: object
+ external:
+ description: external contains settings specific to the generic
+ External infrastructure provider.
+ properties:
+ cloudControllerManager:
+ description: |-
+ cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI).
+ When omitted, new nodes will be not tainted
+ and no extra initialization from the cloud controller manager is expected.
+ properties:
+ state:
+ description: |-
+ state determines whether or not an external Cloud Controller Manager is expected to
+ be installed within the cluster.
+ https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager
+
+ Valid values are "External", "None" and omitted.
+ When set to "External", new nodes will be tainted as uninitialized when created,
+ preventing them from running workloads until they are initialized by the cloud controller manager.
+ When omitted or set to "None", new nodes will be not tainted
+ and no extra initialization from the cloud controller manager is expected.
+ enum:
+ - ""
+ - External
+ - None
+ type: string
+ x-kubernetes-validations:
+ - message: state is immutable once set
+ rule: self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: state may not be added or removed once set
+ rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state)
+ && self.state != "External")
+ type: object
+ x-kubernetes-validations:
+ - message: cloudControllerManager may not be added or removed
+ once set
+ rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager)
+ gcp:
+ description: gcp contains settings specific to the Google Cloud
+ Platform infrastructure provider.
+ properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
+ projectID:
+ description: resourceGroupName is the Project ID for new GCP
+ resources created for the cluster.
+ type: string
+ region:
+ description: region holds the region for new GCP resources
+ created for the cluster.
+ type: string
+ resourceLabels:
+ description: |-
+ resourceLabels is a list of additional labels to apply to GCP resources created for the cluster.
+ See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources.
+ GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use,
+ allowing 32 labels for user configuration.
+ items:
+ description: GCPResourceLabel is a label to apply to GCP
+ resources created for the cluster.
+ properties:
+ key:
+ description: |-
+ key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty.
+ Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters,
+ and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io`
+ and `openshift-io`.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z][0-9a-z_-]{0,62}$
+ type: string
+ x-kubernetes-validations:
+ - message: label keys must not start with either `openshift-io`
+ or `kubernetes-io`
+ rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')'
+ value:
+ description: |-
+ value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty.
+ Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[0-9a-z_-]{1,63}$
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: resourceLabels are immutable and may only be configured
+ during installation
+ rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
+ resourceTags:
+ description: |-
+ resourceTags is a list of additional tags to apply to GCP resources created for the cluster.
+ See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on
+ tagging GCP resources. GCP supports a maximum of 50 tags per resource.
+ items:
+ description: GCPResourceTag is a tag to apply to GCP resources
+ created for the cluster.
+ properties:
+ key:
+ description: |-
+ key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty.
+ Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase
+ alphanumeric characters, and the following special characters `._-`.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$
+ type: string
+ parentID:
+ description: |-
+ parentID is the ID of the hierarchical resource where the tags are defined,
+ e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages:
+ https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id,
+ https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects.
+ An OrganizationID must consist of decimal numbers, and cannot have leading zeroes.
+ A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers,
+ and hyphens, and must start with a letter, and cannot end with a hyphen.
+ maxLength: 32
+ minLength: 1
+ pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)
+ type: string
+ value:
+ description: |-
+ value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty.
+ Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase
+ alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$
+ type: string
+ required:
+ - key
+ - parentID
+ - value
+ type: object
+ maxItems: 50
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: resourceTags are immutable and may only be configured
+ during installation
+ rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
+ type: object
+ x-kubernetes-validations:
+ - message: resourceLabels may only be configured during installation
+ rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels)
+ || has(oldSelf.resourceLabels) && has(self.resourceLabels)'
+ - message: resourceTags may only be configured during installation
+ rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags)
+ || has(oldSelf.resourceTags) && has(self.resourceTags)'
+ ibmcloud:
+ description: ibmcloud contains settings specific to the IBMCloud
+ infrastructure provider.
+ properties:
+ cisInstanceCRN:
+ description: |-
+ cisInstanceCRN is the CRN of the Cloud Internet Services instance managing
+ the DNS zone for the cluster's base domain
+ type: string
+ dnsInstanceCRN:
+ description: |-
+ dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone
+ for the cluster's base domain
+ type: string
+ location:
+ description: location is where the cluster has been deployed
+ type: string
+ providerType:
+ description: providerType indicates the type of cluster that
+ was created
+ type: string
+ resourceGroupName:
+ description: resourceGroupName is the Resource Group for new
+ IBMCloud resources created for the cluster.
+ type: string
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of an IBM service. These endpoints are used by components
+ within the cluster when trying to reach the IBM Cloud Services that have been
+ overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each
+ endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus
+ are updated to reflect the same custom endpoints.
+ items:
+ description: |-
+ IBMCloudServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of IBM Cloud Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the IBM Cloud service.
+ Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC.
+ For example, the IBM Cloud Private IAM service could be configured with the
+ service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com`
+ Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured
+ with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty. The path must follow the pattern
+ /v[0,9]+ or /api/v[0,9]+
+ maxLength: 300
+ type: string
+ x-kubernetes-validations:
+ - message: url must be a valid absolute URL
+ rule: isURL(self)
+ required:
+ - name
+ - url
+ type: object
+ maxItems: 13
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ kubevirt:
+ description: kubevirt contains settings specific to the kubevirt
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+ type: string
+ type: object
+ nutanix:
+ description: nutanix contains settings specific to the Nutanix
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on Nutanix platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ openstack:
+ description: openstack contains settings specific to the OpenStack
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ cloudName:
+ description: |-
+ cloudName is the name of the desired OpenStack cloud in the
+ client configuration file (`clouds.yaml`).
+ type: string
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on OpenStack platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ machineNetworks:
+ description: machineNetworks are IP networks used to connect
+ all the OpenShift cluster nodes.
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeDNSIP:
+ description: |-
+ nodeDNSIP is the IP address for the internal DNS used by the
+ nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+ provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+ OpenStack deployments. In order to minimize necessary changes to the
+ datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+ to the nodes in the cluster.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ ovirt:
+ description: ovirt contains settings specific to the oVirt infrastructure
+ provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: set
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on Ovirt platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ nodeDNSIP:
+ description: 'deprecated: as of 4.6, this field is no longer
+ set or honored. It will be removed in a future release.'
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ powervs:
+ description: powervs contains settings specific to the Power Systems
+ Virtual Servers infrastructure provider.
+ properties:
+ cisInstanceCRN:
+ description: |-
+ cisInstanceCRN is the CRN of the Cloud Internet Services instance managing
+ the DNS zone for the cluster's base domain
+ type: string
+ dnsInstanceCRN:
+ description: |-
+ dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone
+ for the cluster's base domain
+ type: string
+ region:
+ description: region holds the default Power VS region for
+ new Power VS resources created by the cluster.
+ type: string
+ resourceGroup:
+ description: |-
+ resourceGroup is the resource group name for new IBMCloud resources created for a cluster.
+ The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry.
+ More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs.
+ When omitted, the image registry operator won't be able to configure storage,
+ which results in the image registry cluster operator not being in an available state.
+ maxLength: 40
+ pattern: ^[a-zA-Z0-9-_ ]+$
+ type: string
+ x-kubernetes-validations:
+ - message: resourceGroup is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ serviceEndpoints:
+ description: |-
+ serviceEndpoints is a list of custom endpoints which will override the default
+ service endpoints of a Power VS service.
+ items:
+ description: |-
+ PowervsServiceEndpoint stores the configuration of a custom url to
+ override existing defaults of PowerVS Services.
+ properties:
+ name:
+ description: |-
+ name is the name of the Power VS service.
+ Few of the services are
+ IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api
+ ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller
+ Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
+ enum:
+ - CIS
+ - COS
+ - COSConfig
+ - DNSServices
+ - GlobalCatalog
+ - GlobalSearch
+ - GlobalTagging
+ - HyperProtect
+ - IAM
+ - KeyProtect
+ - Power
+ - ResourceController
+ - ResourceManager
+ - VPC
+ type: string
+ url:
+ description: |-
+ url is fully qualified URI with scheme https, that overrides the default generated
+ endpoint for a client.
+ This must be provided and cannot be empty.
+ format: uri
+ pattern: ^https://
+ type: string
+ required:
+ - name
+ - url
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ zone:
+ description: |-
+ zone holds the default zone for the new Power VS resources created by the cluster.
+ Note: Currently only single-zone OCP clusters are supported
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: cannot unset resourceGroup once set
+ rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)'
+ type:
+ description: |-
+ type is the underlying infrastructure provider for the cluster. This
+ value controls whether infrastructure automation such as service load
+ balancers, dynamic volume provisioning, machine creation and deletion, and
+ other integrations are enabled. If None, no infrastructure automation is
+ enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
+ "OpenStack", "VSphere", "oVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None".
+ Individual components may not support all platforms, and must handle
+ unrecognized platforms as None if they do not support that platform.
+
+ This value will be synced with to the `status.platform` and `status.platformStatus.type`.
+ Currently this value cannot be changed once set.
+ enum:
+ - ""
+ - AWS
+ - Azure
+ - BareMetal
+ - GCP
+ - Libvirt
+ - OpenStack
+ - None
+ - VSphere
+ - oVirt
+ - IBMCloud
+ - KubeVirt
+ - EquinixMetal
+ - PowerVS
+ - AlibabaCloud
+ - Nutanix
+ - External
+ type: string
+ vsphere:
+ description: vsphere contains settings specific to the VSphere
+ infrastructure provider.
+ properties:
+ apiServerInternalIP:
+ description: |-
+ apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+ by components inside the cluster, like kubelets using the infrastructure rather
+ than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+ points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+ Deprecated: Use APIServerInternalIPs instead.
+ type: string
+ apiServerInternalIPs:
+ description: |-
+ apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+ server that can be used by components inside the cluster, like kubelets
+ using the infrastructure rather than Kubernetes networking. These are the
+ IPs for a self-hosted load balancer in front of the API servers. In dual
+ stack clusters this list contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: apiServerInternalIPs must contain at most one IPv4
+ address and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ dnsRecordsType:
+ description: |-
+ dnsRecordsType determines whether records for api, api-int, and ingress
+ are provided by the internal DNS service or externally.
+ Allowed values are `Internal`, `External`, and omitted.
+ When set to `Internal`, records are provided by the internal infrastructure and
+ no additional user configuration is required for the cluster to function.
+ When set to `External`, records are not provided by the internal infrastructure
+ and must be configured by the user on a DNS server outside the cluster.
+ Cluster nodes must use this external server for their upstream DNS requests.
+ This value may only be set when loadBalancer.type is set to UserManaged.
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `Internal`.
+ enum:
+ - Internal
+ - External
+ type: string
+ ingressIP:
+ description: |-
+ ingressIP is an external IP which routes to the default ingress controller.
+ The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+ Deprecated: Use IngressIPs instead.
+ type: string
+ ingressIPs:
+ description: |-
+ ingressIPs are the external IPs which route to the default ingress
+ controller. The IPs are suitable targets of a wildcard DNS record used to
+ resolve default route host names. In dual stack clusters this list
+ contains two IPs otherwise only one.
+ format: ip
+ items:
+ type: string
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: ingressIPs must contain at most one IPv4 address
+ and at most one IPv6 address
+ rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
+ && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
+ : true)'
+ loadBalancer:
+ default:
+ type: OpenShiftManagedDefault
+ description: loadBalancer defines how the load balancer used
+ by the cluster is configured.
+ properties:
+ type:
+ default: OpenShiftManagedDefault
+ description: |-
+ type defines the type of load balancer used by the cluster on VSphere platform
+ which can be a user-managed or openshift-managed load balancer
+ that is to be used for the OpenShift API and Ingress endpoints.
+ When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+ defined in the machine config operator will be deployed.
+ When set to UserManaged these static pods will not be deployed and it is expected that
+ the load balancer is configured out of band by the deployer.
+ When omitted, this means no opinion and the platform is left to choose a reasonable default.
+ The default value is OpenShiftManagedDefault.
+ enum:
+ - OpenShiftManagedDefault
+ - UserManaged
+ type: string
+ x-kubernetes-validations:
+ - message: type is immutable once set
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ machineNetworks:
+ description: machineNetworks are IP networks used to connect
+ all the OpenShift cluster nodes.
+ items:
+ description: CIDR is an IP address range in CIDR notation
+ (for example, "10.0.0.0/8" or "fd00::/8").
+ maxLength: 43
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid CIDR network address
+ rule: isCIDR(self)
+ maxItems: 32
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - rule: self.all(x, self.exists_one(y, x == y))
+ nodeDNSIP:
+ description: |-
+ nodeDNSIP is the IP address for the internal DNS used by the
+ nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+ provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+ vSphere deployments. In order to minimize necessary changes to the
+ datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+ to the nodes in the cluster.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: dnsRecordsType may only be set to External when loadBalancer.type
+ is UserManaged
+ rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
+ || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ x-kubernetes-validations:
+ - message: spec.controlPlaneTopology must match status.controlPlaneTopology
+ or be set to HighlyAvailable when status.controlPlaneTopology is SingleReplica
+ rule: '!has(self.spec.controlPlaneTopology) || (has(oldSelf.spec.controlPlaneTopology)
+ && self.spec.controlPlaneTopology == oldSelf.spec.controlPlaneTopology)
+ || (has(self.status.controlPlaneTopology) && self.spec.controlPlaneTopology
+ == self.status.controlPlaneTopology) || (has(self.status.controlPlaneTopology)
+ && self.status.controlPlaneTopology == ''SingleReplica'' && self.spec.controlPlaneTopology
+ == ''HighlyAvailable'')'
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-SelfManagedHA-TechPreviewNoUpgrade.crd.yaml
similarity index 99%
rename from vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml
rename to vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-SelfManagedHA-TechPreviewNoUpgrade.crd.yaml
index 69e9d1108..998b9be39 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-SelfManagedHA-TechPreviewNoUpgrade.crd.yaml
@@ -4,10 +4,9 @@ metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
api.openshift.io/merged-by-featuregates: "true"
- include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
- release.openshift.io/feature-set: CustomNoUpgrade
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
name: infrastructures.config.openshift.io
spec:
group: config.openshift.io
@@ -1031,10 +1030,11 @@ spec:
vcenters:
description: |-
vcenters holds the connection details for services to communicate with vCenter.
- Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.
+ Up to 3 vCenters are supported.
Once the cluster has been installed, you are unable to change the current number of defined
- vCenters except in the case where the cluster has been upgraded from a version of OpenShift
- where the vsphere platform spec was not present. You may make modifications to the existing
+ vCenters except when 1.) the cluster has been upgraded from a version of OpenShift
+ where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and
+ remove vCenters but may not remove all vCenters. You may make modifications to the existing
vCenters that are defined in the vcenters list in order to match with any added or modified
failure domains.
items:
@@ -1079,27 +1079,29 @@ spec:
- server
type: object
maxItems: 3
- minItems: 0
+ minItems: 1
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
- - message: vcenters cannot be added or removed once set
- rule: 'size(self) != size(oldSelf) ? size(oldSelf) == 0
- && size(self) < 2 : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y,
+ y.server == x.server)) : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y,
+ y.server == x.server)) : true'
+ - message: vcenters must have unique server values
+ rule: self.all(x, self.exists_one(y, y.server == x.server))
type: object
x-kubernetes-validations:
- message: apiServerInternalIPs list is required once set
rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)'
- message: ingressIPs list is required once set
rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
- - message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters)
- < 2 : true'
type: object
x-kubernetes-validations:
- - message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters)
- < 2 : true'
+ - message: vcenters is required once set and cannot be removed
+ rule: 'oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue()
+ : true'
type: object
status:
description: status holds observed values from the cluster. They may not
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-CustomNoUpgrade.crd.yaml
new file mode 100644
index 000000000..be28f85b6
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-CustomNoUpgrade.crd.yaml
@@ -0,0 +1,467 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
+ name: networks.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Network
+ listKind: NetworkList
+ plural: networks
+ singular: network
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc.
+ Please view network.spec for an explanation on what applies when configuring this resource.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ spec holds user settable values for configuration.
+ As a general rule, this SHOULD NOT be read directly. Instead, you should
+ consume the NetworkStatus, as it indicates the currently deployed configuration.
+ Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
+ properties:
+ clusterNetwork:
+ description: |-
+ IP address pool to use for pod IPs.
+ This field is immutable after installation.
+ items:
+ description: |-
+ ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+ are allocated.
+ properties:
+ cidr:
+ description: The complete block for pod IPs.
+ type: string
+ hostPrefix:
+ description: |-
+ The size (prefix) of block to allocate to each node. If this
+ field is not used by the plugin, it can be left unset.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIP:
+ description: |-
+ externalIP defines configuration for controllers that
+ affect Service.ExternalIP. If nil, then ExternalIP is
+ not allowed to be set.
+ properties:
+ autoAssignCIDRs:
+ description: |-
+ autoAssignCIDRs is a list of CIDRs from which to automatically assign
+ Service.ExternalIP. These are assigned when the service is of type
+ LoadBalancer. In general, this is only useful for bare-metal clusters.
+ In Openshift 3.x, this was misleadingly called "IngressIPs".
+ Automatically assigned External IPs are not affected by any
+ ExternalIPPolicy rules.
+ Currently, only one entry may be provided.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ policy:
+ description: |-
+ policy is a set of restrictions applied to the ExternalIP field.
+ If nil or empty, then ExternalIP is not allowed to be set.
+ properties:
+ allowedCIDRs:
+ description: allowedCIDRs is the list of allowed CIDRs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ rejectedCIDRs:
+ description: |-
+ rejectedCIDRs is the list of disallowed CIDRs. These take precedence
+ over allowedCIDRs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ networkDiagnostics:
+ description: |-
+ networkDiagnostics defines network diagnostics configuration.
+
+ Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io.
+ If networkDiagnostics is not specified or is empty,
+ and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true,
+ the network diagnostics feature will be disabled.
+ properties:
+ mode:
+ description: |-
+ mode controls the network diagnostics mode
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is All.
+ enum:
+ - ""
+ - All
+ - Disabled
+ type: string
+ sourcePlacement:
+ description: |-
+ sourcePlacement controls the scheduling of network diagnostics source deployment
+
+ See NetworkDiagnosticsSourcePlacement for more details about default values.
+ properties:
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `kubernetes.io/os: linux`.
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is an empty list.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ targetPlacement:
+ description: |-
+ targetPlacement controls the scheduling of network diagnostics target daemonset
+
+ See NetworkDiagnosticsTargetPlacement for more details about default values.
+ properties:
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `kubernetes.io/os: linux`.
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `- operator: "Exists"` which means that all taints are tolerated.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ networkObservability:
+ description: |-
+ networkObservability is an optional field that configures network observability installation
+ during cluster deployment (day-0).
+ When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken.
+ properties:
+ installationPolicy:
+ description: |-
+ installationPolicy controls whether network observability is installed during cluster deployment.
+ Valid values are "InstallAndEnable" and "NoAction".
+ When set to "InstallAndEnable", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again.
+ When set to "NoAction", nothing will be done regarding Network observability.
+ enum:
+ - InstallAndEnable
+ - NoAction
+ type: string
+ required:
+ - installationPolicy
+ type: object
+ networkType:
+ description: |-
+ networkType is the plugin that is to be deployed (e.g. OVNKubernetes).
+ This should match a value that the cluster-network-operator understands,
+ or else no networking will be installed.
+ Currently supported values are:
+ - OVNKubernetes
+ This field is immutable after installation.
+ type: string
+ serviceNetwork:
+ description: |-
+ IP address pool for services.
+ Currently, we only support a single entry here.
+ This field is immutable after installation.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ serviceNodePortRange:
+ description: |-
+ The port range allowed for Services of type NodePort.
+ If not specified, the default of 30000-32767 will be used.
+ Such Services without a NodePort specified will have one
+ automatically allocated from this range.
+ This parameter can be updated after the cluster is
+ installed.
+ pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement
+ when networkDiagnostics.mode is Disabled
+ rule: '!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode)
+ || self.networkDiagnostics.mode!=''Disabled'' || !has(self.networkDiagnostics.sourcePlacement)
+ && !has(self.networkDiagnostics.targetPlacement)'
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ clusterNetwork:
+ description: IP address pool to use for pod IPs.
+ items:
+ description: |-
+ ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+ are allocated.
+ properties:
+ cidr:
+ description: The complete block for pod IPs.
+ type: string
+ hostPrefix:
+ description: |-
+ The size (prefix) of block to allocate to each node. If this
+ field is not used by the plugin, it can be left unset.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ clusterNetworkMTU:
+ description: clusterNetworkMTU is the MTU for inter-pod networking.
+ type: integer
+ conditions:
+ description: |-
+ conditions represents the observations of a network.config current state.
+ Known .status.conditions.type are: "NetworkDiagnosticsAvailable"
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ migration:
+ description: migration contains the cluster network migration configuration.
+ properties:
+ mtu:
+ description: mtu is the MTU configuration that is being deployed.
+ properties:
+ machine:
+ description: machine contains MTU migration configuration
+ for the machine's uplink.
+ properties:
+ from:
+ description: from is the MTU to migrate from.
+ format: int32
+ minimum: 0
+ type: integer
+ to:
+ description: to is the MTU to migrate to.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ network:
+ description: network contains MTU migration configuration
+ for the default network.
+ properties:
+ from:
+ description: from is the MTU to migrate from.
+ format: int32
+ minimum: 0
+ type: integer
+ to:
+ description: to is the MTU to migrate to.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: object
+ networkType:
+ description: |-
+ networkType is the target plugin that is being deployed.
+ DEPRECATED: network type migration is no longer supported,
+ so this should always be unset.
+ type: string
+ type: object
+ networkType:
+ description: networkType is the plugin that is deployed (e.g. OVNKubernetes).
+ type: string
+ serviceNetwork:
+ description: |-
+ IP address pool for services.
+ Currently, we only support a single entry here.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-Default.crd.yaml
new file mode 100644
index 000000000..df36e5ec7
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-Default.crd.yaml
@@ -0,0 +1,448 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: Default
+ name: networks.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Network
+ listKind: NetworkList
+ plural: networks
+ singular: network
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc.
+ Please view network.spec for an explanation on what applies when configuring this resource.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ spec holds user settable values for configuration.
+ As a general rule, this SHOULD NOT be read directly. Instead, you should
+ consume the NetworkStatus, as it indicates the currently deployed configuration.
+ Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
+ properties:
+ clusterNetwork:
+ description: |-
+ IP address pool to use for pod IPs.
+ This field is immutable after installation.
+ items:
+ description: |-
+ ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+ are allocated.
+ properties:
+ cidr:
+ description: The complete block for pod IPs.
+ type: string
+ hostPrefix:
+ description: |-
+ The size (prefix) of block to allocate to each node. If this
+ field is not used by the plugin, it can be left unset.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIP:
+ description: |-
+ externalIP defines configuration for controllers that
+ affect Service.ExternalIP. If nil, then ExternalIP is
+ not allowed to be set.
+ properties:
+ autoAssignCIDRs:
+ description: |-
+ autoAssignCIDRs is a list of CIDRs from which to automatically assign
+ Service.ExternalIP. These are assigned when the service is of type
+ LoadBalancer. In general, this is only useful for bare-metal clusters.
+ In Openshift 3.x, this was misleadingly called "IngressIPs".
+ Automatically assigned External IPs are not affected by any
+ ExternalIPPolicy rules.
+ Currently, only one entry may be provided.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ policy:
+ description: |-
+ policy is a set of restrictions applied to the ExternalIP field.
+ If nil or empty, then ExternalIP is not allowed to be set.
+ properties:
+ allowedCIDRs:
+ description: allowedCIDRs is the list of allowed CIDRs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ rejectedCIDRs:
+ description: |-
+ rejectedCIDRs is the list of disallowed CIDRs. These take precedence
+ over allowedCIDRs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ networkDiagnostics:
+ description: |-
+ networkDiagnostics defines network diagnostics configuration.
+
+ Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io.
+ If networkDiagnostics is not specified or is empty,
+ and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true,
+ the network diagnostics feature will be disabled.
+ properties:
+ mode:
+ description: |-
+ mode controls the network diagnostics mode
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is All.
+ enum:
+ - ""
+ - All
+ - Disabled
+ type: string
+ sourcePlacement:
+ description: |-
+ sourcePlacement controls the scheduling of network diagnostics source deployment
+
+ See NetworkDiagnosticsSourcePlacement for more details about default values.
+ properties:
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `kubernetes.io/os: linux`.
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is an empty list.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ targetPlacement:
+ description: |-
+ targetPlacement controls the scheduling of network diagnostics target daemonset
+
+ See NetworkDiagnosticsTargetPlacement for more details about default values.
+ properties:
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `kubernetes.io/os: linux`.
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `- operator: "Exists"` which means that all taints are tolerated.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ networkType:
+ description: |-
+ networkType is the plugin that is to be deployed (e.g. OVNKubernetes).
+ This should match a value that the cluster-network-operator understands,
+ or else no networking will be installed.
+ Currently supported values are:
+ - OVNKubernetes
+ This field is immutable after installation.
+ type: string
+ serviceNetwork:
+ description: |-
+ IP address pool for services.
+ Currently, we only support a single entry here.
+ This field is immutable after installation.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ serviceNodePortRange:
+ description: |-
+ The port range allowed for Services of type NodePort.
+ If not specified, the default of 30000-32767 will be used.
+ Such Services without a NodePort specified will have one
+ automatically allocated from this range.
+ This parameter can be updated after the cluster is
+ installed.
+ pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement
+ when networkDiagnostics.mode is Disabled
+ rule: '!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode)
+ || self.networkDiagnostics.mode!=''Disabled'' || !has(self.networkDiagnostics.sourcePlacement)
+ && !has(self.networkDiagnostics.targetPlacement)'
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ clusterNetwork:
+ description: IP address pool to use for pod IPs.
+ items:
+ description: |-
+ ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+ are allocated.
+ properties:
+ cidr:
+ description: The complete block for pod IPs.
+ type: string
+ hostPrefix:
+ description: |-
+ The size (prefix) of block to allocate to each node. If this
+ field is not used by the plugin, it can be left unset.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ clusterNetworkMTU:
+ description: clusterNetworkMTU is the MTU for inter-pod networking.
+ type: integer
+ conditions:
+ description: |-
+ conditions represents the observations of a network.config current state.
+ Known .status.conditions.type are: "NetworkDiagnosticsAvailable"
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ migration:
+ description: migration contains the cluster network migration configuration.
+ properties:
+ mtu:
+ description: mtu is the MTU configuration that is being deployed.
+ properties:
+ machine:
+ description: machine contains MTU migration configuration
+ for the machine's uplink.
+ properties:
+ from:
+ description: from is the MTU to migrate from.
+ format: int32
+ minimum: 0
+ type: integer
+ to:
+ description: to is the MTU to migrate to.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ network:
+ description: network contains MTU migration configuration
+ for the default network.
+ properties:
+ from:
+ description: from is the MTU to migrate from.
+ format: int32
+ minimum: 0
+ type: integer
+ to:
+ description: to is the MTU to migrate to.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: object
+ networkType:
+ description: |-
+ networkType is the target plugin that is being deployed.
+ DEPRECATED: network type migration is no longer supported,
+ so this should always be unset.
+ type: string
+ type: object
+ networkType:
+ description: networkType is the plugin that is deployed (e.g. OVNKubernetes).
+ type: string
+ serviceNetwork:
+ description: |-
+ IP address pool for services.
+ Currently, we only support a single entry here.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 000000000..0d2254bcf
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,467 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ name: networks.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Network
+ listKind: NetworkList
+ plural: networks
+ singular: network
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc.
+ Please view network.spec for an explanation on what applies when configuring this resource.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ spec holds user settable values for configuration.
+ As a general rule, this SHOULD NOT be read directly. Instead, you should
+ consume the NetworkStatus, as it indicates the currently deployed configuration.
+ Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
+ properties:
+ clusterNetwork:
+ description: |-
+ IP address pool to use for pod IPs.
+ This field is immutable after installation.
+ items:
+ description: |-
+ ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+ are allocated.
+ properties:
+ cidr:
+ description: The complete block for pod IPs.
+ type: string
+ hostPrefix:
+ description: |-
+ The size (prefix) of block to allocate to each node. If this
+ field is not used by the plugin, it can be left unset.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIP:
+ description: |-
+ externalIP defines configuration for controllers that
+ affect Service.ExternalIP. If nil, then ExternalIP is
+ not allowed to be set.
+ properties:
+ autoAssignCIDRs:
+ description: |-
+ autoAssignCIDRs is a list of CIDRs from which to automatically assign
+ Service.ExternalIP. These are assigned when the service is of type
+ LoadBalancer. In general, this is only useful for bare-metal clusters.
+ In Openshift 3.x, this was misleadingly called "IngressIPs".
+ Automatically assigned External IPs are not affected by any
+ ExternalIPPolicy rules.
+ Currently, only one entry may be provided.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ policy:
+ description: |-
+ policy is a set of restrictions applied to the ExternalIP field.
+ If nil or empty, then ExternalIP is not allowed to be set.
+ properties:
+ allowedCIDRs:
+ description: allowedCIDRs is the list of allowed CIDRs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ rejectedCIDRs:
+ description: |-
+ rejectedCIDRs is the list of disallowed CIDRs. These take precedence
+ over allowedCIDRs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ networkDiagnostics:
+ description: |-
+ networkDiagnostics defines network diagnostics configuration.
+
+ Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io.
+ If networkDiagnostics is not specified or is empty,
+ and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true,
+ the network diagnostics feature will be disabled.
+ properties:
+ mode:
+ description: |-
+ mode controls the network diagnostics mode
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is All.
+ enum:
+ - ""
+ - All
+ - Disabled
+ type: string
+ sourcePlacement:
+ description: |-
+ sourcePlacement controls the scheduling of network diagnostics source deployment
+
+ See NetworkDiagnosticsSourcePlacement for more details about default values.
+ properties:
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `kubernetes.io/os: linux`.
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is an empty list.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ targetPlacement:
+ description: |-
+ targetPlacement controls the scheduling of network diagnostics target daemonset
+
+ See NetworkDiagnosticsTargetPlacement for more details about default values.
+ properties:
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `kubernetes.io/os: linux`.
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `- operator: "Exists"` which means that all taints are tolerated.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ networkObservability:
+ description: |-
+ networkObservability is an optional field that configures network observability installation
+ during cluster deployment (day-0).
+ When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken.
+ properties:
+ installationPolicy:
+ description: |-
+ installationPolicy controls whether network observability is installed during cluster deployment.
+ Valid values are "InstallAndEnable" and "NoAction".
+ When set to "InstallAndEnable", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again.
+ When set to "NoAction", nothing will be done regarding Network observability.
+ enum:
+ - InstallAndEnable
+ - NoAction
+ type: string
+ required:
+ - installationPolicy
+ type: object
+ networkType:
+ description: |-
+ networkType is the plugin that is to be deployed (e.g. OVNKubernetes).
+ This should match a value that the cluster-network-operator understands,
+ or else no networking will be installed.
+ Currently supported values are:
+ - OVNKubernetes
+ This field is immutable after installation.
+ type: string
+ serviceNetwork:
+ description: |-
+ IP address pool for services.
+ Currently, we only support a single entry here.
+ This field is immutable after installation.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ serviceNodePortRange:
+ description: |-
+ The port range allowed for Services of type NodePort.
+ If not specified, the default of 30000-32767 will be used.
+ Such Services without a NodePort specified will have one
+ automatically allocated from this range.
+ This parameter can be updated after the cluster is
+ installed.
+ pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement
+ when networkDiagnostics.mode is Disabled
+ rule: '!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode)
+ || self.networkDiagnostics.mode!=''Disabled'' || !has(self.networkDiagnostics.sourcePlacement)
+ && !has(self.networkDiagnostics.targetPlacement)'
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ clusterNetwork:
+ description: IP address pool to use for pod IPs.
+ items:
+ description: |-
+ ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+ are allocated.
+ properties:
+ cidr:
+ description: The complete block for pod IPs.
+ type: string
+ hostPrefix:
+ description: |-
+ The size (prefix) of block to allocate to each node. If this
+ field is not used by the plugin, it can be left unset.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ clusterNetworkMTU:
+ description: clusterNetworkMTU is the MTU for inter-pod networking.
+ type: integer
+ conditions:
+ description: |-
+ conditions represents the observations of a network.config current state.
+ Known .status.conditions.type are: "NetworkDiagnosticsAvailable"
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ migration:
+ description: migration contains the cluster network migration configuration.
+ properties:
+ mtu:
+ description: mtu is the MTU configuration that is being deployed.
+ properties:
+ machine:
+ description: machine contains MTU migration configuration
+ for the machine's uplink.
+ properties:
+ from:
+ description: from is the MTU to migrate from.
+ format: int32
+ minimum: 0
+ type: integer
+ to:
+ description: to is the MTU to migrate to.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ network:
+ description: network contains MTU migration configuration
+ for the default network.
+ properties:
+ from:
+ description: from is the MTU to migrate from.
+ format: int32
+ minimum: 0
+ type: integer
+ to:
+ description: to is the MTU to migrate to.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: object
+ networkType:
+ description: |-
+ networkType is the target plugin that is being deployed.
+ DEPRECATED: network type migration is no longer supported,
+ so this should always be unset.
+ type: string
+ type: object
+ networkType:
+ description: networkType is the plugin that is deployed (e.g. OVNKubernetes).
+ type: string
+ serviceNetwork:
+ description: |-
+ IP address pool for services.
+ Currently, we only support a single entry here.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-OKD.crd.yaml
similarity index 99%
rename from vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks.crd.yaml
rename to vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-OKD.crd.yaml
index 91d996992..c5fb7d9e8 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-OKD.crd.yaml
@@ -7,6 +7,7 @@ metadata:
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: OKD
name: networks.config.openshift.io
spec:
group: config.openshift.io
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-TechPreviewNoUpgrade.crd.yaml
new file mode 100644
index 000000000..b7f19df1f
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-TechPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,467 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
+ name: networks.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Network
+ listKind: NetworkList
+ plural: networks
+ singular: network
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc.
+ Please view network.spec for an explanation on what applies when configuring this resource.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ spec holds user settable values for configuration.
+ As a general rule, this SHOULD NOT be read directly. Instead, you should
+ consume the NetworkStatus, as it indicates the currently deployed configuration.
+ Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
+ properties:
+ clusterNetwork:
+ description: |-
+ IP address pool to use for pod IPs.
+ This field is immutable after installation.
+ items:
+ description: |-
+ ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+ are allocated.
+ properties:
+ cidr:
+ description: The complete block for pod IPs.
+ type: string
+ hostPrefix:
+ description: |-
+ The size (prefix) of block to allocate to each node. If this
+ field is not used by the plugin, it can be left unset.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIP:
+ description: |-
+ externalIP defines configuration for controllers that
+ affect Service.ExternalIP. If nil, then ExternalIP is
+ not allowed to be set.
+ properties:
+ autoAssignCIDRs:
+ description: |-
+ autoAssignCIDRs is a list of CIDRs from which to automatically assign
+ Service.ExternalIP. These are assigned when the service is of type
+ LoadBalancer. In general, this is only useful for bare-metal clusters.
+ In Openshift 3.x, this was misleadingly called "IngressIPs".
+ Automatically assigned External IPs are not affected by any
+ ExternalIPPolicy rules.
+ Currently, only one entry may be provided.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ policy:
+ description: |-
+ policy is a set of restrictions applied to the ExternalIP field.
+ If nil or empty, then ExternalIP is not allowed to be set.
+ properties:
+ allowedCIDRs:
+ description: allowedCIDRs is the list of allowed CIDRs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ rejectedCIDRs:
+ description: |-
+ rejectedCIDRs is the list of disallowed CIDRs. These take precedence
+ over allowedCIDRs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ networkDiagnostics:
+ description: |-
+ networkDiagnostics defines network diagnostics configuration.
+
+ Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io.
+ If networkDiagnostics is not specified or is empty,
+ and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true,
+ the network diagnostics feature will be disabled.
+ properties:
+ mode:
+ description: |-
+ mode controls the network diagnostics mode
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is All.
+ enum:
+ - ""
+ - All
+ - Disabled
+ type: string
+ sourcePlacement:
+ description: |-
+ sourcePlacement controls the scheduling of network diagnostics source deployment
+
+ See NetworkDiagnosticsSourcePlacement for more details about default values.
+ properties:
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `kubernetes.io/os: linux`.
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is an empty list.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ targetPlacement:
+ description: |-
+ targetPlacement controls the scheduling of network diagnostics target daemonset
+
+ See NetworkDiagnosticsTargetPlacement for more details about default values.
+ properties:
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `kubernetes.io/os: linux`.
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to network diagnostics components
+
+ When omitted, this means the user has no opinion and the platform is left
+ to choose reasonable defaults. These defaults are subject to change over time.
+ The current default is `- operator: "Exists"` which means that all taints are tolerated.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ networkObservability:
+ description: |-
+ networkObservability is an optional field that configures network observability installation
+ during cluster deployment (day-0).
+ When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken.
+ properties:
+ installationPolicy:
+ description: |-
+ installationPolicy controls whether network observability is installed during cluster deployment.
+ Valid values are "InstallAndEnable" and "NoAction".
+ When set to "InstallAndEnable", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again.
+ When set to "NoAction", nothing will be done regarding Network observability.
+ enum:
+ - InstallAndEnable
+ - NoAction
+ type: string
+ required:
+ - installationPolicy
+ type: object
+ networkType:
+ description: |-
+ networkType is the plugin that is to be deployed (e.g. OVNKubernetes).
+ This should match a value that the cluster-network-operator understands,
+ or else no networking will be installed.
+ Currently supported values are:
+ - OVNKubernetes
+ This field is immutable after installation.
+ type: string
+ serviceNetwork:
+ description: |-
+ IP address pool for services.
+ Currently, we only support a single entry here.
+ This field is immutable after installation.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ serviceNodePortRange:
+ description: |-
+ The port range allowed for Services of type NodePort.
+ If not specified, the default of 30000-32767 will be used.
+ Such Services without a NodePort specified will have one
+ automatically allocated from this range.
+ This parameter can be updated after the cluster is
+ installed.
+ pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement
+ when networkDiagnostics.mode is Disabled
+ rule: '!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode)
+ || self.networkDiagnostics.mode!=''Disabled'' || !has(self.networkDiagnostics.sourcePlacement)
+ && !has(self.networkDiagnostics.targetPlacement)'
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ clusterNetwork:
+ description: IP address pool to use for pod IPs.
+ items:
+ description: |-
+ ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+ are allocated.
+ properties:
+ cidr:
+ description: The complete block for pod IPs.
+ type: string
+ hostPrefix:
+ description: |-
+ The size (prefix) of block to allocate to each node. If this
+ field is not used by the plugin, it can be left unset.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ clusterNetworkMTU:
+ description: clusterNetworkMTU is the MTU for inter-pod networking.
+ type: integer
+ conditions:
+ description: |-
+ conditions represents the observations of a network.config current state.
+ Known .status.conditions.type are: "NetworkDiagnosticsAvailable"
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ migration:
+ description: migration contains the cluster network migration configuration.
+ properties:
+ mtu:
+ description: mtu is the MTU configuration that is being deployed.
+ properties:
+ machine:
+ description: machine contains MTU migration configuration
+ for the machine's uplink.
+ properties:
+ from:
+ description: from is the MTU to migrate from.
+ format: int32
+ minimum: 0
+ type: integer
+ to:
+ description: to is the MTU to migrate to.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ network:
+ description: network contains MTU migration configuration
+ for the default network.
+ properties:
+ from:
+ description: from is the MTU to migrate from.
+ format: int32
+ minimum: 0
+ type: integer
+ to:
+ description: to is the MTU to migrate to.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ type: object
+ networkType:
+ description: |-
+ networkType is the target plugin that is being deployed.
+ DEPRECATED: network type migration is no longer supported,
+ so this should always be unset.
+ type: string
+ type: object
+ networkType:
+ description: networkType is the plugin that is deployed (e.g. OVNKubernetes).
+ type: string
+ serviceNetwork:
+ description: |-
+ IP address pool for services.
+ Currently, we only support a single entry here.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
index 84aae76e2..3c75062bb 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
@@ -42,11 +42,7 @@ func (in *APIServer) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *APIServerEncryption) DeepCopyInto(out *APIServerEncryption) {
*out = *in
- if in.KMS != nil {
- in, out := &in.KMS, &out.KMS
- *out = new(KMSConfig)
- **out = **in
- }
+ out.KMS = in.KMS
return
}
@@ -148,7 +144,7 @@ func (in *APIServerSpec) DeepCopyInto(out *APIServerSpec) {
*out = make([]string, len(*in))
copy(*out, *in)
}
- in.Encryption.DeepCopyInto(&out.Encryption)
+ out.Encryption = in.Encryption
if in.TLSSecurityProfile != nil {
in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile
*out = new(TLSSecurityProfile)
@@ -908,6 +904,115 @@ func (in *BuildSpec) DeepCopy() *BuildSpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CRIOCredentialProviderConfig) DeepCopyInto(out *CRIOCredentialProviderConfig) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ if in.Spec != nil {
+ in, out := &in.Spec, &out.Spec
+ *out = new(CRIOCredentialProviderConfigSpec)
+ (*in).DeepCopyInto(*out)
+ }
+ in.Status.DeepCopyInto(&out.Status)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfig.
+func (in *CRIOCredentialProviderConfig) DeepCopy() *CRIOCredentialProviderConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(CRIOCredentialProviderConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CRIOCredentialProviderConfig) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CRIOCredentialProviderConfigList) DeepCopyInto(out *CRIOCredentialProviderConfigList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]CRIOCredentialProviderConfig, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigList.
+func (in *CRIOCredentialProviderConfigList) DeepCopy() *CRIOCredentialProviderConfigList {
+ if in == nil {
+ return nil
+ }
+ out := new(CRIOCredentialProviderConfigList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CRIOCredentialProviderConfigList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CRIOCredentialProviderConfigSpec) DeepCopyInto(out *CRIOCredentialProviderConfigSpec) {
+ *out = *in
+ if in.MatchImages != nil {
+ in, out := &in.MatchImages, &out.MatchImages
+ *out = make([]MatchImage, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigSpec.
+func (in *CRIOCredentialProviderConfigSpec) DeepCopy() *CRIOCredentialProviderConfigSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(CRIOCredentialProviderConfigSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CRIOCredentialProviderConfigStatus) DeepCopyInto(out *CRIOCredentialProviderConfigStatus) {
+ *out = *in
+ if in.Conditions != nil {
+ in, out := &in.Conditions, &out.Conditions
+ *out = make([]metav1.Condition, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigStatus.
+func (in *CRIOCredentialProviderConfigStatus) DeepCopy() *CRIOCredentialProviderConfigStatus {
+ if in == nil {
+ return nil
+ }
+ out := new(CRIOCredentialProviderConfigStatus)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertInfo) DeepCopyInto(out *CertInfo) {
*out = *in
@@ -940,6 +1045,45 @@ func (in *ClientConnectionOverrides) DeepCopy() *ClientConnectionOverrides {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClientCredentialConfig) DeepCopyInto(out *ClientCredentialConfig) {
+ *out = *in
+ out.ClientSecret = in.ClientSecret
+ if in.Scopes != nil {
+ in, out := &in.Scopes, &out.Scopes
+ *out = make([]OAuth2Scope, len(*in))
+ copy(*out, *in)
+ }
+ out.TLS = in.TLS
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientCredentialConfig.
+func (in *ClientCredentialConfig) DeepCopy() *ClientCredentialConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(ClientCredentialConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClientSecretSecretReference) DeepCopyInto(out *ClientSecretSecretReference) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientSecretSecretReference.
+func (in *ClientSecretSecretReference) DeepCopy() *ClientSecretSecretReference {
+ if in == nil {
+ return nil
+ }
+ out := new(ClientSecretSecretReference)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CloudControllerManagerStatus) DeepCopyInto(out *CloudControllerManagerStatus) {
*out = *in
@@ -2087,6 +2231,35 @@ func (in *EtcdStorageConfig) DeepCopy() *EtcdStorageConfig {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalClaimsSource) DeepCopyInto(out *ExternalClaimsSource) {
+ *out = *in
+ in.Authentication.DeepCopyInto(&out.Authentication)
+ out.TLS = in.TLS
+ out.URL = in.URL
+ if in.Mappings != nil {
+ in, out := &in.Mappings, &out.Mappings
+ *out = make([]SourcedClaimMapping, len(*in))
+ copy(*out, *in)
+ }
+ if in.Predicates != nil {
+ in, out := &in.Predicates, &out.Predicates
+ *out = make([]ExternalSourcePredicate, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalClaimsSource.
+func (in *ExternalClaimsSource) DeepCopy() *ExternalClaimsSource {
+ if in == nil {
+ return nil
+ }
+ out := new(ExternalClaimsSource)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ExternalIPConfig) DeepCopyInto(out *ExternalIPConfig) {
*out = *in
@@ -2172,6 +2345,72 @@ func (in *ExternalPlatformStatus) DeepCopy() *ExternalPlatformStatus {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalSourceAuthentication) DeepCopyInto(out *ExternalSourceAuthentication) {
+ *out = *in
+ in.ClientCredential.DeepCopyInto(&out.ClientCredential)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourceAuthentication.
+func (in *ExternalSourceAuthentication) DeepCopy() *ExternalSourceAuthentication {
+ if in == nil {
+ return nil
+ }
+ out := new(ExternalSourceAuthentication)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalSourceCertificateAuthorityConfigMapReference) DeepCopyInto(out *ExternalSourceCertificateAuthorityConfigMapReference) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourceCertificateAuthorityConfigMapReference.
+func (in *ExternalSourceCertificateAuthorityConfigMapReference) DeepCopy() *ExternalSourceCertificateAuthorityConfigMapReference {
+ if in == nil {
+ return nil
+ }
+ out := new(ExternalSourceCertificateAuthorityConfigMapReference)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalSourcePredicate) DeepCopyInto(out *ExternalSourcePredicate) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourcePredicate.
+func (in *ExternalSourcePredicate) DeepCopy() *ExternalSourcePredicate {
+ if in == nil {
+ return nil
+ }
+ out := new(ExternalSourcePredicate)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalSourceTLS) DeepCopyInto(out *ExternalSourceTLS) {
+ *out = *in
+ out.CertificateAuthority = in.CertificateAuthority
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourceTLS.
+func (in *ExternalSourceTLS) DeepCopy() *ExternalSourceTLS {
+ if in == nil {
+ return nil
+ }
+ out := new(ExternalSourceTLS)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ExtraMapping) DeepCopyInto(out *ExtraMapping) {
*out = *in
@@ -3815,18 +4054,18 @@ func (in *IntermediateTLSProfile) DeepCopy() *IntermediateTLSProfile {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *KMSConfig) DeepCopyInto(out *KMSConfig) {
+func (in *KMSPluginConfig) DeepCopyInto(out *KMSPluginConfig) {
*out = *in
out.Vault = in.Vault
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSConfig.
-func (in *KMSConfig) DeepCopy() *KMSConfig {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSPluginConfig.
+func (in *KMSPluginConfig) DeepCopy() *KMSPluginConfig {
if in == nil {
return nil
}
- out := new(KMSConfig)
+ out := new(KMSPluginConfig)
in.DeepCopyInto(out)
return out
}
@@ -4264,6 +4503,22 @@ func (in *NetworkMigration) DeepCopy() *NetworkMigration {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NetworkObservabilitySpec) DeepCopyInto(out *NetworkObservabilitySpec) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkObservabilitySpec.
+func (in *NetworkObservabilitySpec) DeepCopy() *NetworkObservabilitySpec {
+ if in == nil {
+ return nil
+ }
+ out := new(NetworkObservabilitySpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) {
*out = *in
@@ -4283,6 +4538,7 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) {
(*in).DeepCopyInto(*out)
}
in.NetworkDiagnostics.DeepCopyInto(&out.NetworkDiagnostics)
+ out.NetworkObservability = in.NetworkObservability
return
}
@@ -4828,6 +5084,13 @@ func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) {
*out = make([]TokenUserValidationRule, len(*in))
copy(*out, *in)
}
+ if in.ExternalClaimsSources != nil {
+ in, out := &in.ExternalClaimsSources, &out.ExternalClaimsSources
+ *out = make([]ExternalClaimsSource, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
return
}
@@ -6168,6 +6431,38 @@ func (in *SignatureStore) DeepCopy() *SignatureStore {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SourceURL) DeepCopyInto(out *SourceURL) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceURL.
+func (in *SourceURL) DeepCopy() *SourceURL {
+ if in == nil {
+ return nil
+ }
+ out := new(SourceURL)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SourcedClaimMapping) DeepCopyInto(out *SourcedClaimMapping) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourcedClaimMapping.
+func (in *SourcedClaimMapping) DeepCopy() *SourcedClaimMapping {
+ if in == nil {
+ return nil
+ }
+ out := new(SourcedClaimMapping)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Storage) DeepCopyInto(out *Storage) {
*out = *in
@@ -6226,6 +6521,11 @@ func (in *TLSProfileSpec) DeepCopyInto(out *TLSProfileSpec) {
*out = make([]string, len(*in))
copy(*out, *in)
}
+ if in.Groups != nil {
+ in, out := &in.Groups, &out.Groups
+ *out = make([]TLSGroup, len(*in))
+ copy(*out, *in)
+ }
return
}
@@ -6933,19 +7233,19 @@ func (in *VaultConfigMapReference) DeepCopy() *VaultConfigMapReference {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *VaultKMSConfig) DeepCopyInto(out *VaultKMSConfig) {
+func (in *VaultKMSPluginConfig) DeepCopyInto(out *VaultKMSPluginConfig) {
*out = *in
out.TLS = in.TLS
out.Authentication = in.Authentication
return
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKMSConfig.
-func (in *VaultKMSConfig) DeepCopy() *VaultKMSConfig {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKMSPluginConfig.
+func (in *VaultKMSPluginConfig) DeepCopy() *VaultKMSPluginConfig {
if in == nil {
return nil
}
- out := new(VaultKMSConfig)
+ out := new(VaultKMSPluginConfig)
in.DeepCopyInto(out)
return out
}
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml
index 75233bff7..5426057a8 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml
@@ -8,6 +8,7 @@ apiservers.config.openshift.io:
FeatureGates:
- KMSEncryption
- TLSAdherence
+ - TLSGroupPreferences
FilenameOperatorName: config-operator
FilenameOperatorOrdering: "01"
FilenameRunLevel: "0000_10"
@@ -31,6 +32,7 @@ authentications.config.openshift.io:
Category: ""
FeatureGates:
- ExternalOIDC
+ - ExternalOIDCExternalClaimsSourcing
- ExternalOIDCWithUIDAndExtraClaimMappings
- ExternalOIDCWithUpstreamParity
FilenameOperatorName: config-operator
@@ -68,6 +70,29 @@ builds.config.openshift.io:
TopLevelFeatureGates: []
Version: v1
+criocredentialproviderconfigs.config.openshift.io:
+ Annotations: {}
+ ApprovedPRNumber: https://github.com/openshift/api/pull/2725
+ CRDName: criocredentialproviderconfigs.config.openshift.io
+ Capability: ""
+ Category: ""
+ FeatureGates:
+ - CRIOCredentialProviderConfig
+ FilenameOperatorName: config-operator
+ FilenameOperatorOrdering: "01"
+ FilenameRunLevel: "0000_10"
+ GroupName: config.openshift.io
+ HasStatus: true
+ KindName: CRIOCredentialProviderConfig
+ Labels: {}
+ PluralName: criocredentialproviderconfigs
+ PrinterColumns: []
+ Scope: Cluster
+ ShortNames: null
+ TopLevelFeatureGates:
+ - CRIOCredentialProviderConfig
+ Version: v1
+
clusterimagepolicies.config.openshift.io:
Annotations: {}
ApprovedPRNumber: https://github.com/openshift/api/pull/2310
@@ -143,6 +168,9 @@ clusterversions.config.openshift.io:
Capability: ""
Category: ""
FeatureGates:
+ - CRDCompatibilityRequirementOperator
+ - CRDCompatibilityRequirementOperator+ClusterAPIMachineManagement
+ - ClusterAPIMachineManagement
- ClusterUpdateAcceptRisks
- ClusterUpdatePreflight
- ImageStreamImportMode
@@ -372,10 +400,12 @@ infrastructures.config.openshift.io:
- AzureDualStackInstall
- DualReplica
- DyanmicServiceEndpointIBMCloud
+ - MutableTopology
- NutanixMultiSubnets
- OnPremDNSRecords
- VSphereHostVMGroupZonal
- VSphereMultiNetworks
+ - VSphereMultiVCenterDay2
FilenameOperatorName: config-operator
FilenameOperatorOrdering: "01"
FilenameRunLevel: "0000_10"
@@ -442,7 +472,8 @@ networks.config.openshift.io:
CRDName: networks.config.openshift.io
Capability: ""
Category: ""
- FeatureGates: []
+ FeatureGates:
+ - NetworkObservabilityInstall
FilenameOperatorName: config-operator
FilenameOperatorOrdering: "01"
FilenameRunLevel: "0000_10"
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..043c03ef5
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go
@@ -0,0 +1,1566 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIServer) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.APIServer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIServerEncryption) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.APIServerEncryption"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIServerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.APIServerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIServerNamedServingCert) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.APIServerNamedServingCert"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIServerServingCerts) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.APIServerServingCerts"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIServerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.APIServerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIServerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.APIServerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSDNSSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AWSDNSSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSIngressSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AWSIngressSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AWSPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AWSPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSResourceTag) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AWSResourceTag"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSServiceEndpoint) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AWSServiceEndpoint"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AcceptRisk) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AcceptRisk"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AdmissionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AdmissionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AdmissionPluginConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AdmissionPluginConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlibabaCloudPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlibabaCloudPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlibabaCloudResourceTag) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AlibabaCloudResourceTag"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Audit) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Audit"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AuditConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AuditConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AuditCustomRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AuditCustomRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Authentication) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Authentication"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AuthenticationList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AuthenticationList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AuthenticationSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AuthenticationSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AuthenticationStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AuthenticationStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzurePlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AzurePlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzurePlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AzurePlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureResourceTag) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.AzureResourceTag"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BareMetalPlatformLoadBalancer) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BareMetalPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.BareMetalPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BareMetalPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.BareMetalPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BasicAuthIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.BasicAuthIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Build) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Build"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildDefaults) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.BuildDefaults"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.BuildList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildOverrides) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.BuildOverrides"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.BuildSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CRIOCredentialProviderConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CRIOCredentialProviderConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CRIOCredentialProviderConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CRIOCredentialProviderConfigStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CertInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.CertInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClientConnectionOverrides) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClientConnectionOverrides"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClientCredentialConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClientCredentialConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClientSecretSecretReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClientSecretSecretReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudControllerManagerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.CloudControllerManagerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudLoadBalancerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.CloudLoadBalancerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudLoadBalancerIPs) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.CloudLoadBalancerIPs"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterImagePolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterImagePolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterImagePolicyList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterImagePolicyList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterImagePolicySpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterImagePolicySpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterImagePolicyStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterImagePolicyStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterNetworkEntry) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterNetworkEntry"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterOperator) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterOperator"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterOperatorList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterOperatorList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterOperatorSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterOperatorSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterOperatorStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterOperatorStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterOperatorStatusCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterOperatorStatusCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterVersion) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterVersion"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterVersionCapabilitiesSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterVersionCapabilitiesStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterVersionList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterVersionList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterVersionSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterVersionSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterVersionStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ClusterVersionStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ComponentOverride) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ComponentOverride"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ComponentRouteSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ComponentRouteSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ComponentRouteStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ComponentRouteStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConditionalUpdate) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ConditionalUpdate"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConditionalUpdateRisk) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ConditionalUpdateRisk"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigMapFileReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ConfigMapFileReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigMapNameReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ConfigMapNameReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Console) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Console"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleAuthentication) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ConsoleAuthentication"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ConsoleList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ConsoleSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ConsoleStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Custom) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Custom"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CustomFeatureGates) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.CustomFeatureGates"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CustomTLSProfile) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.CustomTLSProfile"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNS) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.DNS"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.DNSList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.DNSPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.DNSSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.DNSStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSZone) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.DNSZone"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DelegatedAuthentication) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.DelegatedAuthentication"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DelegatedAuthorization) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.DelegatedAuthorization"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeprecatedWebhookTokenAuthenticator) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EquinixMetalPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.EquinixMetalPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EquinixMetalPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.EquinixMetalPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdConnectionInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.EtcdConnectionInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdStorageConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.EtcdStorageConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExternalClaimsSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ExternalClaimsSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExternalIPConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ExternalIPConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExternalIPPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ExternalIPPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExternalPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ExternalPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExternalPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ExternalPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExternalSourceAuthentication) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ExternalSourceAuthentication"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExternalSourceCertificateAuthorityConfigMapReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ExternalSourceCertificateAuthorityConfigMapReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExternalSourcePredicate) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ExternalSourcePredicate"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExternalSourceTLS) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ExternalSourceTLS"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExtraMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ExtraMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FeatureGate) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.FeatureGate"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FeatureGateAttributes) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.FeatureGateAttributes"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FeatureGateDetails) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.FeatureGateDetails"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FeatureGateList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.FeatureGateList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FeatureGateSelection) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.FeatureGateSelection"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FeatureGateSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.FeatureGateSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FeatureGateStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.FeatureGateStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FeatureGateTests) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.FeatureGateTests"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GCPPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GCPPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPResourceLabel) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GCPResourceLabel"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPResourceTag) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GCPResourceTag"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GatherConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GatherConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GathererConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GathererConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Gatherers) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Gatherers"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GenericAPIServerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GenericAPIServerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GenericControllerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GenericControllerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitHubIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GitHubIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitLabIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GitLabIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GoogleIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.GoogleIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HTPasswdIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.HTPasswdIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HTTPServingInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.HTTPServingInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HubSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.HubSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HubSourceStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.HubSourceStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IBMCloudPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.IBMCloudPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IBMCloudPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.IBMCloudPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IBMCloudServiceEndpoint) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.IBMCloudServiceEndpoint"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.IdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IdentityProviderConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.IdentityProviderConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Image) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Image"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageContentPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageContentPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageContentPolicyList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageContentPolicyList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageContentPolicySpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageContentPolicySpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageDigestMirrorSet) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageDigestMirrorSet"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageDigestMirrorSetList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageDigestMirrorSetList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageDigestMirrorSetSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageDigestMirrorSetStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageDigestMirrors) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageDigestMirrors"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageLabel) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageLabel"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImagePolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePolicyFulcioCAWithRekorRootOfTrust) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePolicyList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImagePolicyList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePolicyPKIRootOfTrust) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePolicyPublicKeyRootOfTrust) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePolicySpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImagePolicySpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePolicyStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImagePolicyStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageSigstoreVerificationPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageTagMirrorSet) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageTagMirrorSet"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageTagMirrorSetList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageTagMirrorSetList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageTagMirrorSetSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageTagMirrorSetSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageTagMirrorSetStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageTagMirrorSetStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageTagMirrors) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ImageTagMirrors"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Infrastructure) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Infrastructure"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InfrastructureList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.InfrastructureList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InfrastructureSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.InfrastructureSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InfrastructureStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.InfrastructureStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Ingress) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Ingress"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.IngressList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.IngressPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.IngressSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.IngressStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGather) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.InsightsDataGather"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGatherList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.InsightsDataGatherList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGatherSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.InsightsDataGatherSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IntermediateTLSProfile) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.IntermediateTLSProfile"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KMSPluginConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.KMSPluginConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KeystoneIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.KeystoneIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeClientConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.KubeClientConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubevirtPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.KubevirtPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubevirtPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.KubevirtPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LDAPAttributeMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.LDAPAttributeMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LDAPIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.LDAPIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LeaderElection) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.LeaderElection"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LoadBalancer) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.LoadBalancer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MTUMigration) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.MTUMigration"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MTUMigrationValues) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.MTUMigrationValues"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MaxAgePolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.MaxAgePolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ModernTLSProfile) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ModernTLSProfile"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NamedCertificate) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NamedCertificate"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Network) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Network"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkDiagnostics) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NetworkDiagnostics"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkDiagnosticsSourcePlacement) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkDiagnosticsTargetPlacement) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NetworkList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkMigration) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NetworkMigration"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkObservabilitySpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NetworkObservabilitySpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NetworkSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NetworkStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Node) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Node"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NodeList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NodeSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NodeStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixFailureDomain) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NutanixFailureDomain"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixPlatformLoadBalancer) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NutanixPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NutanixPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixPrismElementEndpoint) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NutanixPrismElementEndpoint"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixPrismEndpoint) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NutanixPrismEndpoint"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixResourceIdentifier) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.NutanixResourceIdentifier"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuth) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OAuth"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OAuthList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthRemoteConnectionInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OAuthRemoteConnectionInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OAuthSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OAuthStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthTemplates) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OAuthTemplates"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OIDCClientConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OIDCClientConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OIDCClientReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OIDCClientReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OIDCClientStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OIDCClientStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OIDCProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OIDCProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ObjectReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ObjectReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OldTLSProfile) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OldTLSProfile"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenIDClaims) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OpenIDClaims"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenIDIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OpenIDIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenStackPlatformLoadBalancer) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenStackPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OpenStackPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenStackPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OpenStackPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperandVersion) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OperandVersion"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperatorHub) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OperatorHub"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperatorHubList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OperatorHubList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperatorHubSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OperatorHubSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperatorHubStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OperatorHubStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OvirtPlatformLoadBalancer) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OvirtPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OvirtPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OvirtPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.OvirtPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PKICertificateSubject) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PKICertificateSubject"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PersistentVolumeClaimReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PersistentVolumeClaimReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PersistentVolumeConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PersistentVolumeConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PolicyFulcioSubject) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PolicyFulcioSubject"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PolicyIdentity) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PolicyIdentity"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PolicyMatchExactRepository) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PolicyMatchExactRepository"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PolicyMatchRemapIdentity) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PolicyMatchRemapIdentity"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PolicyRootOfTrust) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PolicyRootOfTrust"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PowerVSPlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PowerVSPlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PowerVSPlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PowerVSPlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PowerVSServiceEndpoint) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PowerVSServiceEndpoint"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PrefixedClaimMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PrefixedClaimMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProfileCustomizations) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ProfileCustomizations"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Project) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Project"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ProjectList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ProjectSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ProjectStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PromQLClusterCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.PromQLClusterCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Proxy) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Proxy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProxyList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ProxyList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProxySpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ProxySpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProxyStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ProxyStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RegistryLocation) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.RegistryLocation"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RegistrySources) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.RegistrySources"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Release) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Release"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RemoteConnectionInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.RemoteConnectionInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RepositoryDigestMirrors) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.RepositoryDigestMirrors"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RequestHeaderIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.RequestHeaderIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RequiredHSTSPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.RequiredHSTSPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Scheduler) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Scheduler"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SchedulerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.SchedulerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SchedulerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.SchedulerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SchedulerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.SchedulerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecretNameReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.SecretNameReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServingInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.ServingInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SignatureStore) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.SignatureStore"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SourceURL) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.SourceURL"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SourcedClaimMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.SourcedClaimMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Storage) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Storage"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StringSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.StringSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StringSourceSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.StringSourceSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TLSProfileSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TLSProfileSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TLSSecurityProfile) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TLSSecurityProfile"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TemplateReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TemplateReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TestDetails) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TestDetails"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TestReporting) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TestReporting"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TestReportingSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TestReportingSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TestReportingStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TestReportingStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenClaimMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TokenClaimMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenClaimMappings) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TokenClaimMappings"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenClaimOrExpressionMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenClaimValidationCELRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TokenClaimValidationCELRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenClaimValidationRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TokenClaimValidationRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TokenConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenIssuer) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TokenIssuer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenRequiredClaim) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TokenRequiredClaim"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenUserValidationRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.TokenUserValidationRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Update) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.Update"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UpdateHistory) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.UpdateHistory"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UsernameClaimMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.UsernameClaimMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UsernamePrefix) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.UsernamePrefix"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSphereFailureDomainHostGroup) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSphereFailureDomainRegionAffinity) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSphereFailureDomainZoneAffinity) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSpherePlatformFailureDomainSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSpherePlatformLoadBalancer) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSpherePlatformNodeNetworking) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSpherePlatformNodeNetworkingSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSpherePlatformSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSpherePlatformSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSpherePlatformStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSpherePlatformStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSpherePlatformTopology) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSpherePlatformTopology"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSpherePlatformVCenterSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VaultAppRoleAuthentication) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VaultAppRoleAuthentication"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VaultAuthentication) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VaultAuthentication"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VaultConfigMapReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VaultConfigMapReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VaultKMSPluginConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VaultKMSPluginConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VaultSecretReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VaultSecretReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VaultTLSConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.VaultTLSConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in WebhookTokenAuthenticator) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1.WebhookTokenAuthenticator"
+}
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
index f386a8112..b321d3d7e 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
@@ -388,6 +388,28 @@ func (AuthenticationStatus) SwaggerDoc() map[string]string {
return map_AuthenticationStatus
}
+var map_ClientCredentialConfig = map[string]string{
+ "": "ClientCredentialConfig configures the client credentials and token endpoint to use to get an access token via the OAuth2 client credentials grant flow.",
+ "clientID": "clientID is a required client identifier to use during the OAuth2 client credentials flow. clientID must be at least 1 character in length, must not exceed 256 characters in length, and must only contain printable ASCII characters.",
+ "clientSecret": "clientSecret is a required reference to a Secret in the openshift-config namespace to be used as the client secret during the OAuth2 client credentials flow.\n\nThe key 'client-secret' is used to locate the client secret data in the Secret.",
+ "tokenEndpoint": "tokenEndpoint is a required URL to query for an access token using the client credential OAuth2 flow. tokenEndpoint must be at least 1 character in length and must not exceed 2048 characters in length. tokenEndpoint must be a valid HTTPS URL. tokenEndpoint must have a host and a path. tokenEndpoint must not contain query parameters, fragments, or user information (e.g., \"user:password@host\").",
+ "scopes": "scopes is an optional list of OAuth2 scopes to request when obtaining an access token.\n\nIf not specified, the token endpoint's default scopes will be used.\n\nWhen specified, there must be at least 1 entry and must not exceed 16 entries. Each entry must be at least 1 character in length and must not exceed 256 characters in length. Each entry must only contain printable ASCII characters, excluding spaces, double quotes and backslashes. Entries must be unique.",
+ "tls": "tls is an optional field that allows configuring the TLS settings used to interact with the identity provider as an OAuth2 client.\n\nWhen omitted, system default TLS settings will be used for the OAuth2 client.",
+}
+
+func (ClientCredentialConfig) SwaggerDoc() map[string]string {
+ return map_ClientCredentialConfig
+}
+
+var map_ClientSecretSecretReference = map[string]string{
+ "": "ClientSecretSecretReference is a reference to a Secret in the openshift-config namespace that should be used for configuring the client secret to be used when sourcing claims from external sources with the client credential authentication flow.",
+ "name": "name is the required name of the Secret that exists in the openshift-config namespace.\n\nIt must be at least 1 character in length, must not exceed 253 characters in length, must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'.",
+}
+
+func (ClientSecretSecretReference) SwaggerDoc() map[string]string {
+ return map_ClientSecretSecretReference
+}
+
var map_DeprecatedWebhookTokenAuthenticator = map[string]string{
"": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.",
"kubeConfig": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.",
@@ -397,6 +419,56 @@ func (DeprecatedWebhookTokenAuthenticator) SwaggerDoc() map[string]string {
return map_DeprecatedWebhookTokenAuthenticator
}
+var map_ExternalClaimsSource = map[string]string{
+ "": "ExternalClaimsSource provides the configuration for a single external claim source.",
+ "authentication": "authentication is an optional field that configures how the apiserver authenticates with an external claims source. When not specified, anonymous authentication is used which means no 'Authorization' header is sent in the HTTP request to fetch the external claims.",
+ "tls": "tls is an optional field that configures the http client TLS settings when fetching external claims from this source.\n\nWhen omitted, system default TLS settings will be used for fetching claims from the external source.",
+ "url": "url is a required configuration of the URL for which the external claims are located.",
+ "mappings": "mappings is a required list of the claim and response handling expression pairs that produces the claims from the external source. mappings must have at least 1 entry and must not exceed 16 entries. Entries must have a unique name across all external claim sources.",
+ "predicates": "predicates is an optional list of constraints in which claims should attempt to be fetched from this external source.\n\nWhen omitted, claims are always fetched from this external source.\n\nWhen specified, all predicates must evaluate to 'true' before claims are attempted to be fetched from this external source. predicates must have at least 1 entry and must not exceed 16 entries. Entries must have unique expressions.",
+}
+
+func (ExternalClaimsSource) SwaggerDoc() map[string]string {
+ return map_ExternalClaimsSource
+}
+
+var map_ExternalSourceAuthentication = map[string]string{
+ "": "ExternalSourceAuthentication configures how the apiserver should attempt to authenticate with an external claims source.",
+ "type": "type is a required field that sets the type of authentication method used by the authenticator when fetching external claims.\n\nAllowed values are 'RequestProvidedToken' and 'ClientCredential'.\n\nWhen set to 'RequestProvidedToken', the authenticator will use the token provided to the kube-apiserver as part of the request to authenticate with the external claims source.\n\nWhen set to 'ClientCredential', the authenticator will use the configured client-id, client-secret, and token endpoint to fetch an access token using the OAuth2 client credentials grant flow. The fetched access token will then be used to authenticate with the external claims source.",
+ "clientCredential": "clientCredential configures the client credentials and token endpoint to use to get an access token. clientCredential is required when type is 'ClientCredential', and forbidden otherwise.",
+}
+
+func (ExternalSourceAuthentication) SwaggerDoc() map[string]string {
+ return map_ExternalSourceAuthentication
+}
+
+var map_ExternalSourceCertificateAuthorityConfigMapReference = map[string]string{
+ "": "ExternalSourceCertificateAuthorityConfigMapReference is a reference to a ConfigMap in the openshift-config namespace that should be used for configuring the certificate authority to be used when sourcing claims from external sources.",
+ "name": "name is the required name of the ConfigMap that exists in the openshift-config namespace. The key \"ca-bundle.crt\" must be present and must contain the CA certificate to be used to verify the external source's TLS certificate.\n\nIt must be at least 1 character in length, must not exceed 253 characters in length, must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'.",
+}
+
+func (ExternalSourceCertificateAuthorityConfigMapReference) SwaggerDoc() map[string]string {
+ return map_ExternalSourceCertificateAuthorityConfigMapReference
+}
+
+var map_ExternalSourcePredicate = map[string]string{
+ "": "ExternalSourcePredicate configures a singular condition that must return true before the external source is queried to retrieve external claims.",
+ "expression": "expression is a required CEL expression that is used to determine whether or not an external source should be used to fetch external claims.\n\nThe expression must return a boolean value, where true means that the source should be consulted and false means that it should not.\n\nClaims from the token used for the request to the kube-apiserver are made available via the `claims` variable.\n\nThe contents of the `claims` variable varies based on the claims that are present in the token being validated. It is the responsibility of those configuring this field to understand what claims the identity provider includes when issuing tokens.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length.",
+}
+
+func (ExternalSourcePredicate) SwaggerDoc() map[string]string {
+ return map_ExternalSourcePredicate
+}
+
+var map_ExternalSourceTLS = map[string]string{
+ "": "ExternalSourceTLS configures the TLS options that the apiserver uses as a client when making a request to the external claim source.",
+ "certificateAuthority": "certificateAuthority is a required reference to a ConfigMap in the openshift-config namespace that contains the CA certificate to use to validate TLS connections with the external claims source. The key \"ca-bundle.crt\" must be present in the referenced ConfigMap and must contain the CA certificate to be used to verify the external source's TLS certificate.",
+}
+
+func (ExternalSourceTLS) SwaggerDoc() map[string]string {
+ return map_ExternalSourceTLS
+}
+
var map_ExtraMapping = map[string]string{
"": "ExtraMapping allows specifying a key and CEL expression to evaluate the keys' value. It is used to create additional mappings and attributes added to a cluster identity from a provided authentication token.",
"key": "key is a required field that specifies the string to use as the extra attribute key.\n\nkey must be a domain-prefix path (e.g 'example.org/foo'). key must not exceed 510 characters in length. key must contain the '/' character, separating the domain and path characters. key must not be empty.\n\nThe domain portion of the key (string of characters prior to the '/') must be a valid RFC1123 subdomain. It must not exceed 253 characters in length. It must start and end with an alphanumeric character. It must only contain lower case alphanumeric characters and '-' or '.'. It must not use the reserved domains, or be subdomains of, \"kubernetes.io\", \"k8s.io\", and \"openshift.io\".\n\nThe path portion of the key (string of characters after the '/') must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. It must not exceed 256 characters in length.",
@@ -445,12 +517,13 @@ func (OIDCClientStatus) SwaggerDoc() map[string]string {
}
var map_OIDCProvider = map[string]string{
- "name": "name is a required field that configures the unique human-readable identifier associated with the identity provider. It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").",
- "issuer": "issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server.",
- "oidcClients": "oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.",
- "claimMappings": "claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity.",
- "claimValidationRules": "claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider.\n\nValidation rules are joined via an AND operation.",
- "userValidationRules": "userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. If any rule in the chain of rules evaluates to 'false', authentication will fail. When specified, at least one rule must be specified and no more than 64 rules may be specified.",
+ "name": "name is a required field that configures the unique human-readable identifier associated with the identity provider. It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").",
+ "issuer": "issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server.",
+ "oidcClients": "oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.",
+ "claimMappings": "claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity.",
+ "claimValidationRules": "claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider.\n\nValidation rules are joined via an AND operation.",
+ "userValidationRules": "userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. If any rule in the chain of rules evaluates to 'false', authentication will fail. When specified, at least one rule must be specified and no more than 64 rules may be specified.",
+ "externalClaimsSources": "externalClaimsSources is an optional field that can be used to configure sources, external to the token provided in a request, in which claims should be fetched from and made available to the claim mapping process that is used to build the identity of a token holder.\n\nFor example, fetching additional user metadata from an OIDC provider's UserInfo endpoint.\n\nWhen not specified, only claims present in the token itself will be available in the claim mapping process.\n\nWhen specified, at least one external claim source must be specified and no more than 5 sources may be specified. All external claim sources must have unique claim mappings. When an external source responds and resolves additional claims successfully, they will be made available as claims during the claim mapping process. Externally sourced claims with the same name as a claim existing within the token will overwrite the claim data from the token with the externally sourced information. If an external source does not respond, responds with an error, or the additional claim data cannot be resolved from the response successfully it will not be included in the claim data passed to the claim mapping process.",
}
func (OIDCProvider) SwaggerDoc() map[string]string {
@@ -466,6 +539,26 @@ func (PrefixedClaimMapping) SwaggerDoc() map[string]string {
return map_PrefixedClaimMapping
}
+var map_SourceURL = map[string]string{
+ "": "SourceURL configures the options used to build the URL that is queried for external claims.",
+ "hostname": "hostname is a required hostname for which the external claims are located.\n\nIt must be a valid DNS subdomain name as per RFC1123.\n\nThis means that it must start and end with a lowercase alphanumeric character, must only consist of lowercase alphanumeric characters, '-', and '.'. hostname may optionally specify a port in the format ':{port}'. If a port is specified it must not exceed 65535.\n\nhostname must be at least 1 character in length. When specifying a port, hostname must not exceed 259 characters in length. When not specifying a port, hostname must not exceed 253 characters in length.",
+ "pathExpression": "pathExpression is a required CEL expression that returns a list of string values used to construct the URL path. Claims from the token used for the request to the kube-apiserver are made available via the `claims` variable. expression must be at least 1 character in length and must not exceed 1024 characters in length.\n\nValues in the returned list will be joined with the hostname using a forward slash (`/`) as a separator. Values in the returned list do not need to include the forward slash. If a forward slash is included in a returned value, it will be encoded as `%2F`.\n\nExample of a static path configuration:\n\n pathExpression: ['realms', 'k8s', 'protocol', 'openid-connect', 'userinfo']\n\nThe above example would resolve to the path: '/realms/k8s/protocol/openid-connect/userinfo'\n\nExample of a dynamic path configuration:\n\n pathExpression: \"['admin', 'realms', 'k8s', 'users'] + [claims.sub] + ['groups']\"\n\nAssuming 'claims.sub' is set to '12345', the above example would resolve to the path: '/admin/realms/k8s/users/12345/groups'",
+}
+
+func (SourceURL) SwaggerDoc() map[string]string {
+ return map_SourceURL
+}
+
+var map_SourcedClaimMapping = map[string]string{
+ "": "SourcedClaimMapping configures the mapping behavior for a single external claim from the response the apiserver received from the external claim source.",
+ "name": "name is a required name of the claim that will be produced and made available during the claim-to-identity mapping process. name must consist of only lowercase alpha characters and underscores ('_'). name must be at least 1 character and must not exceed 256 characters in length.",
+ "expression": "expression is a required CEL expression that will produce a value to be assigned to the claim. The full response body from the request to the external claim source is provided via the `response.body` variable.\n\nThe contents of the `response.body` variable varies based on the response received from the external source. It is the responsibility of those configuring this expression to understand what is returned from the external source.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length.",
+}
+
+func (SourcedClaimMapping) SwaggerDoc() map[string]string {
+ return map_SourcedClaimMapping
+}
+
var map_TokenClaimMapping = map[string]string{
"": "TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities.",
"claim": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.",
@@ -986,6 +1079,44 @@ func (ConsoleStatus) SwaggerDoc() map[string]string {
return map_ConsoleStatus
}
+var map_CRIOCredentialProviderConfig = map[string]string{
+ "": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
+ "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
+ "spec": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.",
+ "status": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.",
+}
+
+func (CRIOCredentialProviderConfig) SwaggerDoc() map[string]string {
+ return map_CRIOCredentialProviderConfig
+}
+
+var map_CRIOCredentialProviderConfigList = map[string]string{
+ "": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
+ "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
+}
+
+func (CRIOCredentialProviderConfigList) SwaggerDoc() map[string]string {
+ return map_CRIOCredentialProviderConfigList
+}
+
+var map_CRIOCredentialProviderConfigSpec = map[string]string{
+ "": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.",
+ "matchImages": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path",
+}
+
+func (CRIOCredentialProviderConfigSpec) SwaggerDoc() map[string]string {
+ return map_CRIOCredentialProviderConfigSpec
+}
+
+var map_CRIOCredentialProviderConfigStatus = map[string]string{
+ "": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig",
+ "conditions": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid",
+}
+
+func (CRIOCredentialProviderConfigStatus) SwaggerDoc() map[string]string {
+ return map_CRIOCredentialProviderConfigStatus
+}
+
var map_AWSDNSSpec = map[string]string{
"": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.",
"privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.",
@@ -1165,9 +1296,9 @@ func (RegistryLocation) SwaggerDoc() map[string]string {
var map_RegistrySources = map[string]string{
"": "RegistrySources holds cluster-wide information about how to handle the registries config.",
- "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.",
- "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.",
- "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.",
+ "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.",
+ "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.",
+ "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.",
"containerRuntimeSearchRegistries": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.",
}
@@ -1737,9 +1868,10 @@ func (InfrastructureList) SwaggerDoc() map[string]string {
}
var map_InfrastructureSpec = map[string]string{
- "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.",
- "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.",
- "platformSpec": "platformSpec holds desired information specific to the underlying infrastructure provider.",
+ "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.",
+ "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.",
+ "platformSpec": "platformSpec holds desired information specific to the underlying infrastructure provider.",
+ "controlPlaneTopology": "controlPlaneTopology expresses the desired topology configuration for control nodes.\n\nWhen status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable', a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable.\n\nWhen left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value, no changes are required and no transitions will be triggered.\n\nThis value may be set to match status.controlPlaneTopology regardless of the current value.",
}
func (InfrastructureSpec) SwaggerDoc() map[string]string {
@@ -2082,7 +2214,7 @@ func (VSpherePlatformNodeNetworkingSpec) SwaggerDoc() map[string]string {
var map_VSpherePlatformSpec = map[string]string{
"": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.",
- "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except in the case where the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.",
+ "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Up to 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except when 1.) the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and remove vCenters but may not remove all vCenters. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.",
"failureDomains": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.",
"nodeNetworking": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.",
"apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).",
@@ -2329,19 +2461,19 @@ func (Storage) SwaggerDoc() map[string]string {
return map_Storage
}
-var map_KMSConfig = map[string]string{
- "": "KMSConfig defines the configuration for the KMS instance that will be used with KMS encryption",
+var map_KMSPluginConfig = map[string]string{
+ "": "KMSPluginConfig defines the configuration for the KMS instance that will be used with KMS encryption",
"type": "type defines the kind of platform for the KMS provider. Allowed values are Vault. When set to Vault, the plugin connects to a HashiCorp Vault server for key management.",
"vault": "vault defines the configuration for the Vault KMS plugin. The plugin connects to a Vault Enterprise server that is managed by the user outside the purview of the control plane. This field must be set when type is Vault, and must be unset otherwise.",
}
-func (KMSConfig) SwaggerDoc() map[string]string {
- return map_KMSConfig
+func (KMSPluginConfig) SwaggerDoc() map[string]string {
+ return map_KMSPluginConfig
}
var map_VaultAppRoleAuthentication = map[string]string{
"": "VaultAppRoleAuthentication defines the configuration for AppRole authentication with Vault.",
- "secret": "secret references a secret in the openshift-config namespace containing the AppRole credentials used to authenticate with Vault. The secret must contain two keys: \"roleID\" for the AppRole Role ID and \"secretID\" for the AppRole Secret ID.\n\nThe namespace for the secret is openshift-config.",
+ "secret": "secret references a secret in the openshift-config namespace containing the AppRole credentials used to authenticate with Vault. The referenced Secret must contain two keys: \"role-id\" for the AppRole Role ID and \"secret-id\" for the AppRole Secret ID.",
}
func (VaultAppRoleAuthentication) SwaggerDoc() map[string]string {
@@ -2367,19 +2499,19 @@ func (VaultConfigMapReference) SwaggerDoc() map[string]string {
return map_VaultConfigMapReference
}
-var map_VaultKMSConfig = map[string]string{
- "": "VaultKMSConfig defines the KMS plugin configuration specific to Vault KMS",
+var map_VaultKMSPluginConfig = map[string]string{
+ "": "VaultKMSPluginConfig defines the KMS plugin configuration specific to Vault KMS",
"kmsPluginImage": "kmsPluginImage specifies the container image for the HashiCorp Vault KMS plugin.\n\nThe image must be a fully qualified OCI image pull spec with a SHA256 digest. The format is: host[:port][/namespace]/name@sha256: where the digest must be 64 characters long and consist only of lowercase hexadecimal characters, a-f and 0-9. The total length must be between 75 and 447 characters.\n\nShort names (e.g., \"vault-plugin\" or \"hashicorp/vault-plugin\") are not allowed. The registry hostname must be included and must contain at least one dot. Image tags (e.g., \":latest\", \":v1.0.0\") are not allowed.\n\nConsult the OpenShift documentation for compatible plugin versions with your cluster version, then obtain the image digest for that version from HashiCorp's container registry.\n\nFor disconnected environments, mirror the plugin image to an accessible registry and reference the mirrored location with its digest.",
"vaultAddress": "vaultAddress specifies the address of the HashiCorp Vault instance. The value must be a valid HTTPS URL containing only scheme, host, and optional port. Paths, user info, query parameters, and fragments are not allowed.\n\nFormat: https://hostname[:port] Example: https://vault.example.com:8200\n\nThe value must be between 1 and 512 characters.",
"vaultNamespace": "vaultNamespace specifies the Vault namespace where the Transit secrets engine is mounted. This is only applicable for Vault Enterprise installations. When this field is not set, no namespace is used.\n\nThe value must be between 1 and 4096 characters. The namespace cannot end with a forward slash, cannot contain spaces, and cannot be one of the reserved strings: root, sys, audit, auth, cubbyhole, or identity.",
"tls": "tls contains the TLS configuration for connecting to the Vault server. When this field is not set, system default TLS settings are used.",
"authentication": "authentication defines the authentication method used to authenticate with Vault.",
- "transitMount": "transitMount specifies the mount path of the Vault Transit engine. The value must be between 1 and 1024 characters when specified.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. These defaults are subject to change over time. The current default is \"transit\".\n\nThe mount path cannot start or end with a forward slash, cannot contain spaces, and cannot contain consecutive forward slashes.",
- "transitKey": "transitKey specifies the name of the encryption key in Vault's Transit engine. This key is used to encrypt and decrypt data.\n\nThe key name must be between 1 and 512 characters and cannot contain spaces or forward slashes.",
+ "transitMount": "transitMount specifies the mount path of the Vault Transit engine.\n\nThe transit mount must be between 1 and 1024 characters, cannot start or end with a forward slash, cannot contain consecutive forward slashes, and must only contain RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward slashes as path separators.",
+ "transitKey": "transitKey specifies the name of the encryption key in Vault's Transit engine. This key is used to encrypt and decrypt data.\n\nThe transit key must be between 1 and 512 characters, cannot contain forward slashes, and must only contain alphanumeric characters, hyphens, periods, and underscores.",
}
-func (VaultKMSConfig) SwaggerDoc() map[string]string {
- return map_VaultKMSConfig
+func (VaultKMSPluginConfig) SwaggerDoc() map[string]string {
+ return map_VaultKMSPluginConfig
}
var map_VaultSecretReference = map[string]string{
@@ -2393,7 +2525,7 @@ func (VaultSecretReference) SwaggerDoc() map[string]string {
var map_VaultTLSConfig = map[string]string{
"": "VaultTLSConfig contains TLS configuration for connecting to Vault.",
- "caBundle": "caBundle references a ConfigMap in the openshift-config namespace containing the CA certificate bundle used to verify the TLS connection to the Vault server. The ConfigMap must contain the CA bundle in the key \"ca-bundle.crt\". When this field is not set, the system's trusted CA certificates are used.\n\nThe namespace for the ConfigMap is openshift-config.\n\nExample ConfigMap:\n apiVersion: v1\n kind: ConfigMap\n metadata:\n name: vault-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |",
+ "caBundle": "caBundle references a ConfigMap in the openshift-config namespace containing the CA certificate bundle used to verify the TLS connection to the Vault server. The referenced ConfigMap must contain the CA bundle in the key \"ca-bundle.crt\". When this field is not set, the system's trusted CA certificates are used.\n\nThe namespace for the ConfigMap is openshift-config.\n\nExample ConfigMap:\n apiVersion: v1\n kind: ConfigMap\n metadata:\n name: vault-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |",
"serverName": "serverName specifies the Server Name Indication (SNI) to use when connecting to Vault via TLS. This is useful when the Vault server's hostname doesn't match its TLS certificate. When this field is not set, the hostname from vaultAddress is used for SNI.\n\nThe value must be a valid DNS hostname: it must contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character.",
}
@@ -2511,6 +2643,15 @@ func (NetworkMigration) SwaggerDoc() map[string]string {
return map_NetworkMigration
}
+var map_NetworkObservabilitySpec = map[string]string{
+ "": "NetworkObservabilitySpec defines the configuration for network observability installation",
+ "installationPolicy": "installationPolicy controls whether network observability is installed during cluster deployment. Valid values are \"InstallAndEnable\" and \"NoAction\". When set to \"InstallAndEnable\", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again. When set to \"NoAction\", nothing will be done regarding Network observability.",
+}
+
+func (NetworkObservabilitySpec) SwaggerDoc() map[string]string {
+ return map_NetworkObservabilitySpec
+}
+
var map_NetworkSpec = map[string]string{
"": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.",
"clusterNetwork": "IP address pool to use for pod IPs. This field is immutable after installation.",
@@ -2519,6 +2660,7 @@ var map_NetworkSpec = map[string]string{
"externalIP": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.",
"serviceNodePortRange": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.",
"networkDiagnostics": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.",
+ "networkObservability": "networkObservability is an optional field that configures network observability installation during cluster deployment (day-0). When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken.",
}
func (NetworkSpec) SwaggerDoc() map[string]string {
@@ -3061,6 +3203,7 @@ func (OldTLSProfile) SwaggerDoc() map[string]string {
var map_TLSProfileSpec = map[string]string{
"": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.",
"ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.",
+ "groups": "groups is an optional, ordered field used to specify the supported groups (formerly known as elliptic curves) that are used during the TLS handshake. The order of the groups represents a suggested preference, with the most preferred group first. Note that not all platform components honor the ordering: Go-based components use Go's internal preference order and treat this list as a filter of allowed groups rather than an ordered preference. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one and at most 7 groups, and each group must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n groups:\n - X25519\n - secp256r1",
"minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11",
}
@@ -3070,11 +3213,11 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string {
var map_TLSSecurityProfile = map[string]string{
"": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.",
- "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.",
- "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA",
- "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305",
- "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256",
- "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256",
+ "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe cipher and groups lists in these profiles are based on version 5.8 of the Mozilla Server Side TLS configuration guidelines. See: https://ssl-config.mozilla.org/guidelines/5.8.json\n\nThe groups are listed in suggested preference order, with the most preferred group first. Note that not all platform components honor the ordering: Go-based components use Go's internal preference order and treat this list as a filter of allowed groups rather than an ordered preference. Note that X25519MLKEM768 is a post-quantum hybrid group that is not FIPS-approved and should be ignored by components running in FIPS mode.\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.",
+ "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA",
+ "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305",
+ "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256",
+ "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe supported groups list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256",
}
func (TLSSecurityProfile) SwaggerDoc() map[string]string {
diff --git a/vendor/github.com/openshift/api/config/v1alpha1/doc.go b/vendor/github.com/openshift/api/config/v1alpha1/doc.go
index 20d448573..65333883b 100644
--- a/vendor/github.com/openshift/api/config/v1alpha1/doc.go
+++ b/vendor/github.com/openshift/api/config/v1alpha1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.config.v1alpha1
// +kubebuilder:validation:Optional
// +groupName=config.openshift.io
diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go
index 083c2d6b5..ca2f0216a 100644
--- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go
+++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go
@@ -158,6 +158,12 @@ type ClusterMonitoringSpec struct {
// When set, at least one field must be specified within monitoringPluginConfig.
// +optional
MonitoringPluginConfig MonitoringPluginConfig `json:"monitoringPluginConfig,omitempty,omitzero"`
+ // kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics
+ // agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about
+ // the state of Kubernetes objects such as Deployments, Nodes, and Pods.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
+ // +optional
+ KubeStateMetricsConfig KubeStateMetricsConfig `json:"kubeStateMetricsConfig,omitempty,omitzero"`
}
// OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent
@@ -240,17 +246,6 @@ type OpenShiftStateMetricsConfig struct {
// At least one field must be specified.
// +kubebuilder:validation:MinProperties=1
type NodeExporterConfig struct {
- // nodeSelector defines the nodes on which the Pods are scheduled.
- // nodeSelector is optional.
- //
- // When omitted, this means the user has no opinion and the platform is left
- // to choose reasonable defaults. These defaults are subject to change over time.
- // The current default value is `kubernetes.io/os: linux`.
- // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.
- // +optional
- // +kubebuilder:validation:MinProperties=1
- // +kubebuilder:validation:MaxProperties=10
- NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// resources defines the compute resource requests and limits for the node-exporter container.
// This includes CPU, memory and HugePages constraints to help control scheduling and resource usage.
// When not specified, defaults are used by the platform. Requests cannot exceed limits.
@@ -276,20 +271,27 @@ type NodeExporterConfig struct {
// +kubebuilder:validation:MaxItems=5
// +kubebuilder:validation:MinItems=1
Resources []ContainerResource `json:"resources,omitempty"`
- // tolerations defines tolerations for the pods.
- // tolerations is optional.
+
+ // --- TOMBSTONE ---
+ // nodeSelector was a field that defined the nodes on which the Pods are scheduled.
+ // It was removed because node-exporter runs as a DaemonSet on all nodes,
+ // and the CMO does not support this field.
+ // The field name "nodeSelector" and json tag are reserved to prevent reuse
+ // with a different backing type.
//
- // When omitted, this means the user has no opinion and the platform is left
- // to choose reasonable defaults. These defaults are subject to change over time.
- // The current default is to tolerate all taints (operator: Exists without any key),
- // which is typical for DaemonSets that must run on every node.
- // Maximum length for this list is 10.
- // Minimum length for this list is 1.
- // +kubebuilder:validation:MaxItems=10
- // +kubebuilder:validation:MinItems=1
- // +listType=atomic
// +optional
- Tolerations []v1.Toleration `json:"tolerations,omitempty"`
+ // NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+
+ // --- TOMBSTONE ---
+ // tolerations was a field that defined tolerations for the pods.
+ // It was removed because node-exporter runs as a DaemonSet on all nodes,
+ // and the CMO does not support this field.
+ // The field name "tolerations" and json tag are reserved to prevent reuse
+ // with a different backing type.
+ //
+ // +optional
+ // Tolerations []v1.Toleration `json:"tolerations,omitempty"`
+
// collectors configures which node-exporter metric collectors are enabled.
// collectors is optional.
// Each collector can be individually enabled or disabled. Some collectors may have
@@ -456,6 +458,14 @@ type NodeExporterCollectorConfig struct {
// Enable when you need metrics for specific units; scope units carefully.
// +optional
Systemd NodeExporterCollectorSystemdConfig `json:"systemd,omitempty,omitzero"`
+ // softirqs configures the softirqs collector, which exposes detailed softirq statistics
+ // from /proc/softirqs.
+ // softirqs is optional.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ // which is subject to change over time. The current default is disabled.
+ // Enable when you need visibility into kernel softirq processing across CPUs.
+ // +optional
+ Softirqs NodeExporterCollectorSoftirqsConfig `json:"softirqs,omitempty,omitzero"`
}
// NodeExporterCollectorCpufreqConfig provides configuration for the cpufreq collector
@@ -665,6 +675,20 @@ type NodeExporterCollectorSystemdCollectConfig struct {
// +kubebuilder:validation:MaxLength=1024
type NodeExporterSystemdUnit string
+// NodeExporterCollectorSoftirqsConfig provides configuration for the softirqs collector
+// of the node-exporter agent. The softirqs collector exposes detailed softirq statistics
+// from /proc/softirqs.
+// It is disabled by default.
+type NodeExporterCollectorSoftirqsConfig struct {
+ // collectionPolicy declares whether the softirqs collector collects metrics.
+ // This field is required.
+ // Valid values are "Collect" and "DoNotCollect".
+ // When set to "Collect", the softirqs collector is active and softirq statistics are collected.
+ // When set to "DoNotCollect", the softirqs collector is inactive.
+ // +required
+ CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"`
+}
+
// MonitoringPluginConfig provides configuration options for the monitoring plugin
// that runs as a dynamic plugin of the OpenShift web console.
// The monitoring plugin provides the monitoring UI in the OpenShift web console
@@ -778,12 +802,43 @@ type AlertmanagerConfig struct {
CustomConfig AlertmanagerCustomConfig `json:"customConfig,omitempty,omitzero"`
}
+// UserAlertmanagerConfigSelection controls whether the platform Alertmanager selects
+// AlertmanagerConfig resources from user-defined namespaces.
+// +enum
+type UserAlertmanagerConfigSelection string
+
+const (
+ // UserAlertmanagerConfigSelectionSelectable enables user-defined namespaces to be selected
+ // for AlertmanagerConfig lookups on the platform Alertmanager.
+ UserAlertmanagerConfigSelectionSelectable UserAlertmanagerConfigSelection = "Selectable"
+ // UserAlertmanagerConfigSelectionNone disables user-defined namespaces from being selected
+ // for AlertmanagerConfig lookups on the platform Alertmanager.
+ UserAlertmanagerConfigSelectionNone UserAlertmanagerConfigSelection = "None"
+)
+
// AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment.
// alertmanagerCustomConfig provides configuration options for the default Alertmanager instance
// that runs in the `openshift-monitoring` namespace. Use this configuration to control
-// whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.
+// whether user-defined namespaces are selected for AlertmanagerConfig lookups, how it logs,
+// and how its pods are scheduled.
// +kubebuilder:validation:MinProperties=1
type AlertmanagerCustomConfig struct {
+ // userAlertmanagerConfigSelection is an optional field that controls whether user-defined
+ // namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager
+ // instance in the `openshift-monitoring` namespace.
+ // Valid values are Selectable and None.
+ // When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources
+ // in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in
+ // the cluster-monitoring-config ConfigMap.
+ // When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups
+ // on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false`
+ // in the cluster-monitoring-config ConfigMap.
+ // This setting only applies when the user-workload monitoring Alertmanager is not enabled.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
+ // The current default value is `None`.
+ // +optional
+ // +kubebuilder:validation:Enum=Selectable;None
+ UserAlertmanagerConfigSelection UserAlertmanagerConfigSelection `json:"userAlertmanagerConfigSelection,omitempty"`
// logLevel defines the verbosity of logs emitted by Alertmanager.
// This field allows users to control the amount and severity of logs generated, which can be useful
// for debugging issues or reducing noise in production environments.
@@ -1322,7 +1377,7 @@ type PrometheusConfig struct {
// +kubebuilder:validation:MinItems=1
Resources []ContainerResource `json:"resources,omitempty"`
// retention configures how long Prometheus retains metrics data and how much storage it can use.
- // When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).
+ // When omitted, the platform chooses reasonable defaults (currently 15d retention, no size limit).
// +optional
Retention Retention `json:"retention,omitempty,omitzero"`
// tolerations defines tolerations for the pods.
@@ -2217,26 +2272,63 @@ type SecretKeySelector struct {
// Retention configures how long Prometheus retains metrics data and how much storage it can use.
// +kubebuilder:validation:MinProperties=1
type Retention struct {
+ // TOMBSTONE: This field has been tombstoned in favor of the `duration` field. This tombstone will be dropped when promoting this API to v1.
+ // ---
// durationInDays specifies how many days Prometheus will retain metrics data.
// Prometheus automatically deletes data older than this duration.
// When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
// The default value is 15.
// Minimum value is 1 day.
// Maximum value is 365 days (1 year).
- // +kubebuilder:validation:Minimum=1
- // +kubebuilder:validation:Maximum=365
- // +optional
- DurationInDays int32 `json:"durationInDays,omitempty"`
+ // Former marker: kubebuilder:validation:Minimum=1
+ // Former marker: kubebuilder:validation:Maximum=365
+ // Former marker: optional
+ // DurationInDays int32 `json:"durationInDays,omitempty"`
+
+ // TOMBSTONE: This field has been tombstoned in favor of the `size` field. This tombstone will be dropped when promoting this API to v1.
+ // ---
// sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus
// can use for data blocks and the write-ahead log (WAL).
// When the limit is reached, Prometheus will delete oldest data first.
// When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity.
// Minimum value is 1 GiB.
// Maximum value is 16384 GiB (16 TiB).
- // +kubebuilder:validation:Minimum=1
- // +kubebuilder:validation:Maximum=16384
+ // Former marker: kubebuilder:validation:Minimum=1
+ // Former marker: kubebuilder:validation:Maximum=16384
+ // Former marker: optional
+ // SizeInGiB int32 `json:"sizeInGiB,omitempty"`
+
+ // duration is an optional field that specifies how long Prometheus retains metrics data.
+ // Valid values are Prometheus-style duration strings with unit suffixes y, w, d, h, m, s, or ms
+ // (for example, "15d", "24h", or "5d1h30m"). Each unit value must be a positive integer.
+ // Composite durations must follow the fixed unit order y, w, d, h, m, s, ms.
+ // Must be at least 1 character and at most 64 characters.
+ // When set to "0", time-based retention is disabled. This is the only supported form for disabling
+ // time-based retention; other zero-duration representations such as "0d", "0h", or "0y" are rejected.
+ // Prometheus automatically deletes data older than this duration.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
+ // The current default value is `15d`.
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=64
+ // +kubebuilder:validation:XValidation:rule=`self == "0" || self.matches('^([1-9][0-9]*y)?([1-9][0-9]*w)?([1-9][0-9]*d)?([1-9][0-9]*h)?([1-9][0-9]*m)?([1-9][0-9]*s)?([1-9][0-9]*ms)?$')`,message=`must be "0" to disable time-based retention, or a duration string with only positive unit values`
+ // +optional
+ Duration string `json:"duration,omitempty"`
+
+ // size is an optional field that specifies the maximum storage size that Prometheus
+ // can use for data blocks and the write-ahead log (WAL).
+ // Valid values are byte-size strings with an optional decimal prefix and a unit suffix B, KB, MB, GB,
+ // TB, EB, PB, or their binary equivalents KiB, MiB, GiB, TiB, EiB, PiB (for example, "500MiB", "10GiB").
+ // The numeric value must be greater than zero.
+ // Must be at least 1 character and at most 32 characters.
+ // When set to "0", no size limit is enforced. This is the only supported form for disabling size-based
+ // retention; other zero-size representations such as "0B" or "0MiB" are rejected.
+ // When the limit is reached, Prometheus deletes oldest data first.
+ // When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity.
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=32
+ // +kubebuilder:validation:XValidation:rule=`self == "0" || self.matches('^([1-9][0-9]*([.][0-9]+)?|[0-9]*[.][1-9][0-9]*)((K|M|G|T|E|P)i?)?B$')`,message=`must be "0" to disable size-based retention, or a positive byte-size string`
// +optional
- SizeInGiB int32 `json:"sizeInGiB,omitempty"`
+ Size string `json:"size,omitempty"`
}
// RelabelAction defines the action to perform in a relabeling rule.
@@ -2359,6 +2451,34 @@ type TelemeterClientConfig struct {
// At least one field must be specified; an empty thanosQuerierConfig object is not allowed.
// +kubebuilder:validation:MinProperties=1
type ThanosQuerierConfig struct {
+ // logLevel defines the verbosity of logs emitted by Thanos Querier.
+ // logLevel is optional.
+ // Allowed values are Error, Warn, Info, and Debug.
+ // When set to Error, only errors will be logged.
+ // When set to Warn, both warnings and errors will be logged.
+ // When set to Info, general information, warnings, and errors will all be logged.
+ // When set to Debug, detailed debugging information will be logged.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time.
+ // The current default value is `Info`.
+ // +optional
+ LogLevel LogLevel `json:"logLevel,omitempty"`
+ // requestLogging configures request logging for Thanos Querier.
+ // requestLogging is optional.
+ // When provided, the policy field within is required.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time.
+ // The current default behavior is to not log any requests.
+ // +optional
+ RequestLogging ThanosQuerierRequestLoggingConfig `json:"requestLogging,omitempty,omitzero"`
+ // crossOriginRequestPolicy configures the CORS (Cross-Origin Resource Sharing) policy
+ // for Thanos Querier's HTTP endpoints.
+ // crossOriginRequestPolicy is optional.
+ // Valid values are "AllowAll" and "DenyAll".
+ // When set to "AllowAll", CORS headers are added to responses, allowing cross-origin requests from any domain.
+ // When set to "DenyAll", no CORS headers are added and cross-origin requests are rejected by the browser.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time.
+ // The current default value is "DenyAll".
+ // +optional
+ CrossOriginRequestPolicy CrossOriginRequestPolicy `json:"crossOriginRequestPolicy,omitempty"`
// nodeSelector defines the nodes on which the Pods are scheduled.
// nodeSelector is optional.
//
@@ -2427,6 +2547,42 @@ type ThanosQuerierConfig struct {
TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
}
+// ThanosQuerierRequestLoggingConfig configures request logging for Thanos Querier.
+type ThanosQuerierRequestLoggingConfig struct {
+ // policy determines which HTTP and gRPC requests are logged by Thanos Querier.
+ // Valid values are "AllRequests" and "NoRequests".
+ // When set to "AllRequests", every request received by Thanos Querier is logged with method, path, and response status.
+ // The log level for request logs is derived from the logLevel field.
+ // When set to "NoRequests", request logging is turned off.
+ // +required
+ Policy RequestLoggingPolicy `json:"policy,omitempty"`
+}
+
+// RequestLoggingPolicy controls which HTTP and gRPC requests are logged.
+// Valid values are "AllRequests" and "NoRequests".
+// +kubebuilder:validation:Enum=AllRequests;NoRequests
+type RequestLoggingPolicy string
+
+const (
+ // RequestLoggingPolicyAllRequests enables logging of all incoming requests.
+ RequestLoggingPolicyAllRequests RequestLoggingPolicy = "AllRequests"
+ // RequestLoggingPolicyNoRequests disables request logging.
+ RequestLoggingPolicyNoRequests RequestLoggingPolicy = "NoRequests"
+)
+
+// CrossOriginRequestPolicy controls the CORS (Cross-Origin Resource Sharing) policy
+// for Thanos Querier's HTTP endpoints.
+// Valid values are "AllowAll" and "DenyAll".
+// +kubebuilder:validation:Enum=AllowAll;DenyAll
+type CrossOriginRequestPolicy string
+
+const (
+ // CrossOriginRequestPolicyAllowAll sets CORS headers allowing requests from any origin.
+ CrossOriginRequestPolicyAllowAll CrossOriginRequestPolicy = "AllowAll"
+ // CrossOriginRequestPolicyDenyAll does not set CORS headers, rejecting cross-origin requests.
+ CrossOriginRequestPolicyDenyAll CrossOriginRequestPolicy = "DenyAll"
+)
+
// AuditProfile defines the audit log level for the Metrics Server.
// +kubebuilder:validation:Enum=None;Metadata;Request;RequestResponse
type AuditProfile string
@@ -2492,3 +2648,154 @@ type Audit struct {
// +required
Profile AuditProfile `json:"profile,omitempty"`
}
+
+// KubeStateMetricsConfig provides configuration options for the kube-state-metrics agent
+// that runs in the `openshift-monitoring` namespace. kube-state-metrics generates metrics
+// about the state of Kubernetes objects such as Deployments, Nodes, and Pods.
+// +kubebuilder:validation:MinProperties=1
+type KubeStateMetricsConfig struct {
+ // nodeSelector defines the nodes on which the Pods are scheduled.
+ // nodeSelector is optional.
+ //
+ // When omitted, this means the user has no opinion and the platform is left
+ // to choose reasonable defaults. These defaults are subject to change over time.
+ // The current default value is `kubernetes.io/os: linux`.
+ // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.
+ // +optional
+ // +kubebuilder:validation:MinProperties=1
+ // +kubebuilder:validation:MaxProperties=10
+ NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+ // resources defines the compute resource requests and limits for the kube-state-metrics container.
+ // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage.
+ // When not specified, defaults are used by the platform. Requests cannot exceed limits.
+ // This field is optional.
+ // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ // This is a simplified API that maps to Kubernetes ResourceRequirements.
+ // The current default values are:
+ // resources:
+ // - name: cpu
+ // request: 4m
+ // limit: null
+ // - name: memory
+ // request: 40Mi
+ // limit: null
+ // Maximum length for this list is 5.
+ // Minimum length for this list is 1.
+ // Each resource name must be unique within this list.
+ // +optional
+ // +listType=map
+ // +listMapKey=name
+ // +kubebuilder:validation:MaxItems=5
+ // +kubebuilder:validation:MinItems=1
+ Resources []ContainerResource `json:"resources,omitempty"`
+ // tolerations defines tolerations for the pods.
+ // tolerations is optional.
+ //
+ // When omitted, no tolerations are applied. This default is subject to change over time.
+ // When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries.
+ // Each toleration's operator, when specified, must be either "Exists" or "Equal".
+ // Each toleration's effect, when specified, must be one of "NoSchedule", "PreferNoSchedule", or "NoExecute".
+ // An empty or unset effect means match all effects.
+ // +kubebuilder:validation:MaxItems=10
+ // +kubebuilder:validation:MinItems=1
+ // +listType=atomic
+ // +kubebuilder:validation:XValidation:rule="self.all(t, !has(t.operator) || t.operator == 'Exists' || t.operator == 'Equal')",message="operator must be either Exists or Equal"
+ // +kubebuilder:validation:XValidation:rule="self.all(t, !has(t.effect) || t.effect == 'NoSchedule' || t.effect == 'PreferNoSchedule' || t.effect == 'NoExecute' || t.effect == '')",message="effect must be NoSchedule, PreferNoSchedule, NoExecute, or empty"
+ // +optional
+ Tolerations []v1.Toleration `json:"tolerations,omitempty"`
+ // topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed
+ // across topology domains such as zones, nodes, or other user-defined labels.
+ // topologySpreadConstraints is optional.
+ // This helps improve high availability and resource efficiency by avoiding placing
+ // too many replicas in the same failure domain.
+ //
+ // This field maps directly to the `topologySpreadConstraints` field in the Pod spec.
+ // When omitted, no topology spread constraints are applied. This default is subject to change over time.
+ // When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries.
+ // Entries must have unique topologyKey and whenUnsatisfiable pairs.
+ // Each entry's whenUnsatisfiable must be either "DoNotSchedule" or "ScheduleAnyway".
+ // Each entry's maxSkew must be at least 1.
+ // When minDomains is specified, it must be at least 1 and whenUnsatisfiable must be "DoNotSchedule".
+ // +kubebuilder:validation:MaxItems=10
+ // +kubebuilder:validation:MinItems=1
+ // +listType=map
+ // +listMapKey=topologyKey
+ // +listMapKey=whenUnsatisfiable
+ // +kubebuilder:validation:XValidation:rule="self.all(c, c.whenUnsatisfiable == 'DoNotSchedule' || c.whenUnsatisfiable == 'ScheduleAnyway')",message="whenUnsatisfiable must be either DoNotSchedule or ScheduleAnyway"
+ // +kubebuilder:validation:XValidation:rule="self.all(c, c.maxSkew >= 1)",message="maxSkew must be at least 1"
+ // +kubebuilder:validation:XValidation:rule="self.all(c, !has(c.minDomains) || c.minDomains >= 1)",message="minDomains must be at least 1"
+ // +kubebuilder:validation:XValidation:rule="self.all(c, !has(c.minDomains) || c.whenUnsatisfiable == 'DoNotSchedule')",message="minDomains can only be used when whenUnsatisfiable is DoNotSchedule"
+ // +optional
+ TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
+ // additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics
+ // in kube-state-metrics.
+ // Currently, only "Job" and "CronJob" resources are supported due to cardinality concerns.
+ // Each entry specifies a resource name and a list of Kubernetes label names to expose.
+ // Use "*" in the labels list to expose all labels for a given resource.
+ // additionalResourceLabels is optional.
+ // When omitted, no additional Kubernetes object labels are exposed as metrics
+ // by kube-state-metrics beyond its built-in metric labels (e.g. namespace, job_name).
+ // Use this field to opt in to exposing specific Kubernetes labels as metric labels
+ // for the supported resource types.
+ // Minimum length for this list is 1.
+ // Maximum length for this list is 2.
+ // Each resource name must be unique within this list.
+ // +optional
+ // +kubebuilder:validation:MaxItems=2
+ // +kubebuilder:validation:MinItems=1
+ // +listType=map
+ // +listMapKey=resource
+ AdditionalResourceLabels []KubeStateMetricsResourceLabels `json:"additionalResourceLabels,omitempty"`
+}
+
+// KubeStateMetricsResourceName is the name of a Kubernetes resource whose labels can be exposed
+// as metrics by kube-state-metrics. Currently, only "Job" and "CronJob" are supported
+// due to cardinality concerns.
+// Valid values are "Job" and "CronJob".
+// +kubebuilder:validation:Enum=Job;CronJob
+type KubeStateMetricsResourceName string
+
+const (
+ // KubeStateMetricsResourceJob indicates the Kubernetes Job resource.
+ KubeStateMetricsResourceJob KubeStateMetricsResourceName = "Job"
+ // KubeStateMetricsResourceCronJob indicates the Kubernetes CronJob resource.
+ KubeStateMetricsResourceCronJob KubeStateMetricsResourceName = "CronJob"
+)
+
+// KubeStateMetricsLabelName is the name of a Kubernetes label to expose as a metric
+// via kube-state-metrics. Use "*" to expose all labels for a resource.
+// Must be either the wildcard "*" or a valid Kubernetes label key.
+// A valid label key has an optional DNS subdomain prefix followed by a "/" and a name segment,
+// or just a name segment without a prefix. The name segment must be 63 characters or fewer,
+// beginning and ending with an alphanumeric character, with dashes, underscores, dots, and
+// alphanumerics in between.
+// Must be at least 1 character and at most 253 characters in length.
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:XValidation:rule="self == '*' || !format.qualifiedName().validate(self).hasValue()",message="must be a valid Kubernetes label key or the wildcard '*'"
+type KubeStateMetricsLabelName string
+
+// KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics
+// for a given resource type in kube-state-metrics.
+type KubeStateMetricsResourceLabels struct {
+ // resource is the Kubernetes resource name whose labels should be exposed as metrics.
+ // Currently, only "Job" and "CronJob" are supported due to cardinality concerns.
+ // Valid values are "Job" and "CronJob".
+ // This field is required.
+ // +required
+ Resource KubeStateMetricsResourceName `json:"resource,omitempty"`
+ // labels is the list of Kubernetes label names to expose as metrics for this resource.
+ // Use "*" to expose all labels for the specified resource.
+ // When "*" is specified, it must be the only entry in the list; mixing "*" with
+ // specific label names is not allowed.
+ // This field is required.
+ // Each label name must be unique within this list.
+ // Minimum length for this list is 1.
+ // Maximum length for this list is 50.
+ // +required
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=50
+ // +listType=set
+ // +kubebuilder:validation:XValidation:rule="!self.exists(l, l == '*') || self.size() == 1",message="when '*' is specified, no other labels may be listed"
+ Labels []KubeStateMetricsLabelName `json:"labels,omitempty"`
+}
diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go
index f0f0a86de..7313338a3 100644
--- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go
@@ -451,6 +451,7 @@ func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) {
in.ThanosQuerierConfig.DeepCopyInto(&out.ThanosQuerierConfig)
in.NodeExporterConfig.DeepCopyInto(&out.NodeExporterConfig)
in.MonitoringPluginConfig.DeepCopyInto(&out.MonitoringPluginConfig)
+ in.KubeStateMetricsConfig.DeepCopyInto(&out.KubeStateMetricsConfig)
return
}
@@ -751,6 +752,78 @@ func (in *KeyConfig) DeepCopy() *KeyConfig {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KubeStateMetricsConfig) DeepCopyInto(out *KubeStateMetricsConfig) {
+ *out = *in
+ if in.NodeSelector != nil {
+ in, out := &in.NodeSelector, &out.NodeSelector
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Resources != nil {
+ in, out := &in.Resources, &out.Resources
+ *out = make([]ContainerResource, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Tolerations != nil {
+ in, out := &in.Tolerations, &out.Tolerations
+ *out = make([]v1.Toleration, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.TopologySpreadConstraints != nil {
+ in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints
+ *out = make([]v1.TopologySpreadConstraint, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.AdditionalResourceLabels != nil {
+ in, out := &in.AdditionalResourceLabels, &out.AdditionalResourceLabels
+ *out = make([]KubeStateMetricsResourceLabels, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeStateMetricsConfig.
+func (in *KubeStateMetricsConfig) DeepCopy() *KubeStateMetricsConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(KubeStateMetricsConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KubeStateMetricsResourceLabels) DeepCopyInto(out *KubeStateMetricsResourceLabels) {
+ *out = *in
+ if in.Labels != nil {
+ in, out := &in.Labels, &out.Labels
+ *out = make([]KubeStateMetricsLabelName, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeStateMetricsResourceLabels.
+func (in *KubeStateMetricsResourceLabels) DeepCopy() *KubeStateMetricsResourceLabels {
+ if in == nil {
+ return nil
+ }
+ out := new(KubeStateMetricsResourceLabels)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Label) DeepCopyInto(out *Label) {
*out = *in
@@ -950,6 +1023,7 @@ func (in *NodeExporterCollectorConfig) DeepCopyInto(out *NodeExporterCollectorCo
out.Ksmd = in.Ksmd
out.Processes = in.Processes
in.Systemd.DeepCopyInto(&out.Systemd)
+ out.Softirqs = in.Softirqs
return
}
@@ -1092,6 +1166,22 @@ func (in *NodeExporterCollectorProcessesConfig) DeepCopy() *NodeExporterCollecto
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NodeExporterCollectorSoftirqsConfig) DeepCopyInto(out *NodeExporterCollectorSoftirqsConfig) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorSoftirqsConfig.
+func (in *NodeExporterCollectorSoftirqsConfig) DeepCopy() *NodeExporterCollectorSoftirqsConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(NodeExporterCollectorSoftirqsConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NodeExporterCollectorSystemdCollectConfig) DeepCopyInto(out *NodeExporterCollectorSystemdCollectConfig) {
*out = *in
@@ -1149,13 +1239,6 @@ func (in *NodeExporterCollectorTcpStatConfig) DeepCopy() *NodeExporterCollectorT
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NodeExporterConfig) DeepCopyInto(out *NodeExporterConfig) {
*out = *in
- if in.NodeSelector != nil {
- in, out := &in.NodeSelector, &out.NodeSelector
- *out = make(map[string]string, len(*in))
- for key, val := range *in {
- (*out)[key] = val
- }
- }
if in.Resources != nil {
in, out := &in.Resources, &out.Resources
*out = make([]ContainerResource, len(*in))
@@ -1163,13 +1246,6 @@ func (in *NodeExporterConfig) DeepCopyInto(out *NodeExporterConfig) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
- if in.Tolerations != nil {
- in, out := &in.Tolerations, &out.Tolerations
- *out = make([]v1.Toleration, len(*in))
- for i := range *in {
- (*in)[i].DeepCopyInto(&(*out)[i])
- }
- }
in.Collectors.DeepCopyInto(&out.Collectors)
if in.IgnoredNetworkDevices != nil {
in, out := &in.IgnoredNetworkDevices, &out.IgnoredNetworkDevices
@@ -1951,6 +2027,7 @@ func (in *TelemeterClientConfig) DeepCopy() *TelemeterClientConfig {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ThanosQuerierConfig) DeepCopyInto(out *ThanosQuerierConfig) {
*out = *in
+ out.RequestLogging = in.RequestLogging
if in.NodeSelector != nil {
in, out := &in.NodeSelector, &out.NodeSelector
*out = make(map[string]string, len(*in))
@@ -1992,6 +2069,22 @@ func (in *ThanosQuerierConfig) DeepCopy() *ThanosQuerierConfig {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ThanosQuerierRequestLoggingConfig) DeepCopyInto(out *ThanosQuerierRequestLoggingConfig) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ThanosQuerierRequestLoggingConfig.
+func (in *ThanosQuerierRequestLoggingConfig) DeepCopy() *ThanosQuerierRequestLoggingConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(ThanosQuerierRequestLoggingConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *UppercaseActionConfig) DeepCopyInto(out *UppercaseActionConfig) {
*out = *in
diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.model_name.go
new file mode 100644
index 000000000..36a7803bf
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.model_name.go
@@ -0,0 +1,461 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1alpha1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AdditionalAlertmanagerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlertmanagerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.AlertmanagerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlertmanagerCustomConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Audit) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.Audit"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AuthorizationConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.AuthorizationConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Backup) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.Backup"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BackupList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.BackupList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BackupSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.BackupSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BackupStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.BackupStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BasicAuth) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.BasicAuth"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CRIOCredentialProviderConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CRIOCredentialProviderConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CRIOCredentialProviderConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CRIOCredentialProviderConfigStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CertificateConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.CertificateConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterMonitoring) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.ClusterMonitoring"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterMonitoringList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.ClusterMonitoringList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterMonitoringSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterMonitoringStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ContainerResource) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.ContainerResource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CustomPKIPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.CustomPKIPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DefaultCertificateConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DropEqualActionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.DropEqualActionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ECDSAKeyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdBackupSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.EtcdBackupSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GatherConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.GatherConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HashModActionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.HashModActionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGather) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.InsightsDataGather"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGatherList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.InsightsDataGatherList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGatherSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGatherStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KeepEqualActionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KeyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.KeyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeStateMetricsConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.KubeStateMetricsConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeStateMetricsResourceLabels) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.KubeStateMetricsResourceLabels"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Label) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.Label"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LabelMapActionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.LabelMapActionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LowercaseActionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.LowercaseActionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MetadataConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.MetadataConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MetadataConfigCustom) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.MetadataConfigCustom"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MetricsServerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.MetricsServerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MonitoringPluginConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.MonitoringPluginConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorBuddyInfoConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorBuddyInfoConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorCpufreqConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorCpufreqConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorEthtoolConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorEthtoolConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorKSMDConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorKSMDConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorMountStatsConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorMountStatsConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorNetClassCollectConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorNetClassCollectConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorNetClassConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorNetClassConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorNetDevConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorNetDevConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorProcessesConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorProcessesConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorSoftirqsConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSoftirqsConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorSystemdCollectConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSystemdCollectConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorSystemdConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSystemdConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterCollectorTcpStatConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorTcpStatConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeExporterConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.NodeExporterConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuth2) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.OAuth2"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuth2EndpointParam) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftStateMetricsConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PKI) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PKI"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PKICertificateManagement) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PKICertificateManagement"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PKIList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PKIList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PKIProfile) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PKIProfile"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PKISpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PKISpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PersistentVolumeClaimReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PersistentVolumeConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PrometheusConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PrometheusConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PrometheusOperatorAdmissionWebhookConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PrometheusOperatorConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PrometheusRemoteWriteHeader) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in QueueConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.QueueConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RSAKeyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.RSAKeyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RelabelActionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.RelabelActionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RelabelConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.RelabelConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RemoteWriteAuthorization) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RemoteWriteSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.RemoteWriteSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ReplaceActionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.ReplaceActionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Retention) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.Retention"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RetentionNumberConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.RetentionNumberConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RetentionPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.RetentionPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RetentionSizeConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.RetentionSizeConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecretKeySelector) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.SecretKeySelector"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Sigv4) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.Sigv4"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Storage) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.Storage"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TLSConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.TLSConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TelemeterClientConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.TelemeterClientConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ThanosQuerierConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.ThanosQuerierConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ThanosQuerierRequestLoggingConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.ThanosQuerierRequestLoggingConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UppercaseActionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.UppercaseActionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserDefinedMonitoring) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring"
+}
diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go
index 45e803f58..2194d79de 100644
--- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go
@@ -106,14 +106,15 @@ func (AlertmanagerConfig) SwaggerDoc() map[string]string {
}
var map_AlertmanagerCustomConfig = map[string]string{
- "": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.",
- "logLevel": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.",
- "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.",
- "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.",
- "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.",
- "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.",
- "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.",
- "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.",
+ "": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether user-defined namespaces are selected for AlertmanagerConfig lookups, how it logs, and how its pods are scheduled.",
+ "userAlertmanagerConfigSelection": "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `None`.",
+ "logLevel": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.",
+ "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.",
+ "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.",
+ "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.",
+ "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.",
+ "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.",
+ "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.",
}
func (AlertmanagerCustomConfig) SwaggerDoc() map[string]string {
@@ -183,6 +184,7 @@ var map_ClusterMonitoringSpec = map[string]string{
"thanosQuerierConfig": "thanosQuerierConfig is an optional field that can be used to configure the Thanos Querier component that runs in the openshift-monitoring namespace. The Thanos Querier provides a global query view by aggregating and deduplicating metrics from multiple Prometheus instances. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default deploys the Thanos Querier on linux nodes with 5m CPU and 12Mi memory requests, and no custom tolerations or topology spread constraints. When set, at least one field must be specified within thanosQuerierConfig.",
"nodeExporterConfig": "nodeExporterConfig is an optional field that can be used to configure the node-exporter agent that runs as a DaemonSet in the openshift-monitoring namespace. The node-exporter agent collects hardware and OS-level metrics from every node in the cluster. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.",
"monitoringPluginConfig": "monitoringPluginConfig is an optional field that can be used to configure the monitoring plugin that runs as a dynamic plugin of the OpenShift web console. The monitoring plugin provides the monitoring UI in the OpenShift web console for visualizing metrics, alerts, and dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default deploys the monitoring-plugin as a single-replica Deployment on linux nodes with 10m CPU and 50Mi memory requests, and no custom tolerations or topology spread constraints. When set, at least one field must be specified within monitoringPluginConfig.",
+ "kubeStateMetricsConfig": "kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about the state of Kubernetes objects such as Deployments, Nodes, and Pods. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.",
}
func (ClusterMonitoringSpec) SwaggerDoc() map[string]string {
@@ -236,6 +238,29 @@ func (KeepEqualActionConfig) SwaggerDoc() map[string]string {
return map_KeepEqualActionConfig
}
+var map_KubeStateMetricsConfig = map[string]string{
+ "": "KubeStateMetricsConfig provides configuration options for the kube-state-metrics agent that runs in the `openshift-monitoring` namespace. kube-state-metrics generates metrics about the state of Kubernetes objects such as Deployments, Nodes, and Pods.",
+ "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.",
+ "resources": "resources defines the compute resource requests and limits for the kube-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.",
+ "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, no tolerations are applied. This default is subject to change over time. When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries. Each toleration's operator, when specified, must be either \"Exists\" or \"Equal\". Each toleration's effect, when specified, must be one of \"NoSchedule\", \"PreferNoSchedule\", or \"NoExecute\". An empty or unset effect means match all effects.",
+ "topologySpreadConstraints": "topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nThis field maps directly to the `topologySpreadConstraints` field in the Pod spec. When omitted, no topology spread constraints are applied. This default is subject to change over time. When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. Entries must have unique topologyKey and whenUnsatisfiable pairs. Each entry's whenUnsatisfiable must be either \"DoNotSchedule\" or \"ScheduleAnyway\". Each entry's maxSkew must be at least 1. When minDomains is specified, it must be at least 1 and whenUnsatisfiable must be \"DoNotSchedule\".",
+ "additionalResourceLabels": "additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics in kube-state-metrics. Currently, only \"Job\" and \"CronJob\" resources are supported due to cardinality concerns. Each entry specifies a resource name and a list of Kubernetes label names to expose. Use \"*\" in the labels list to expose all labels for a given resource. additionalResourceLabels is optional. When omitted, no additional Kubernetes object labels are exposed as metrics by kube-state-metrics beyond its built-in metric labels (e.g. namespace, job_name). Use this field to opt in to exposing specific Kubernetes labels as metric labels for the supported resource types. Minimum length for this list is 1. Maximum length for this list is 2. Each resource name must be unique within this list.",
+}
+
+func (KubeStateMetricsConfig) SwaggerDoc() map[string]string {
+ return map_KubeStateMetricsConfig
+}
+
+var map_KubeStateMetricsResourceLabels = map[string]string{
+ "": "KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics for a given resource type in kube-state-metrics.",
+ "resource": "resource is the Kubernetes resource name whose labels should be exposed as metrics. Currently, only \"Job\" and \"CronJob\" are supported due to cardinality concerns. Valid values are \"Job\" and \"CronJob\". This field is required.",
+ "labels": "labels is the list of Kubernetes label names to expose as metrics for this resource. Use \"*\" to expose all labels for the specified resource. When \"*\" is specified, it must be the only entry in the list; mixing \"*\" with specific label names is not allowed. This field is required. Each label name must be unique within this list. Minimum length for this list is 1. Maximum length for this list is 50.",
+}
+
+func (KubeStateMetricsResourceLabels) SwaggerDoc() map[string]string {
+ return map_KubeStateMetricsResourceLabels
+}
+
var map_Label = map[string]string{
"": "Label represents a key/value pair for external labels.",
"key": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.",
@@ -330,6 +355,7 @@ var map_NodeExporterCollectorConfig = map[string]string{
"ksmd": "ksmd configures the ksmd collector, which collects statistics from the kernel same-page merger daemon. ksmd is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enable on nodes where KSM is in use and you want visibility into merging activity.",
"processes": "processes configures the processes collector, which collects statistics from processes and threads running in the system. processes is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enable for process/thread-level insight; can be expensive on busy nodes.",
"systemd": "systemd configures the systemd collector, which collects statistics on the systemd daemon and its managed services. systemd is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enabling this collector with a long list of selected units may produce metrics with high cardinality. If you enable this collector, closely monitor the prometheus-k8s deployment for excessive memory usage. Enable when you need metrics for specific units; scope units carefully.",
+ "softirqs": "softirqs configures the softirqs collector, which exposes detailed softirq statistics from /proc/softirqs. softirqs is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enable when you need visibility into kernel softirq processing across CPUs.",
}
func (NodeExporterCollectorConfig) SwaggerDoc() map[string]string {
@@ -409,6 +435,15 @@ func (NodeExporterCollectorProcessesConfig) SwaggerDoc() map[string]string {
return map_NodeExporterCollectorProcessesConfig
}
+var map_NodeExporterCollectorSoftirqsConfig = map[string]string{
+ "": "NodeExporterCollectorSoftirqsConfig provides configuration for the softirqs collector of the node-exporter agent. The softirqs collector exposes detailed softirq statistics from /proc/softirqs. It is disabled by default.",
+ "collectionPolicy": "collectionPolicy declares whether the softirqs collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the softirqs collector is active and softirq statistics are collected. When set to \"DoNotCollect\", the softirqs collector is inactive.",
+}
+
+func (NodeExporterCollectorSoftirqsConfig) SwaggerDoc() map[string]string {
+ return map_NodeExporterCollectorSoftirqsConfig
+}
+
var map_NodeExporterCollectorSystemdCollectConfig = map[string]string{
"": "NodeExporterCollectorSystemdCollectConfig holds configuration options for the systemd collector when it is actively collecting metrics. At least one field must be specified.",
"units": "units is a list of regular expression patterns that match systemd units to be included by the systemd collector. units is optional. By default, the list is empty, so the collector exposes no metrics for systemd units. Each entry is a regular expression pattern and must be at least 1 character and at most 1024 characters. Maximum length for this list is 50. Minimum length for this list is 1. Entries in this list must be unique.",
@@ -439,9 +474,7 @@ func (NodeExporterCollectorTcpStatConfig) SwaggerDoc() map[string]string {
var map_NodeExporterConfig = map[string]string{
"": "NodeExporterConfig provides configuration options for the node-exporter agent that runs as a DaemonSet in the `openshift-monitoring` namespace. The node-exporter agent collects hardware and OS-level metrics from every node in the cluster, including CPU, memory, disk, and network statistics. At least one field must be specified.",
- "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.",
"resources": "resources defines the compute resource requests and limits for the node-exporter container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 8m\n limit: null\n - name: memory\n request: 32Mi\n limit: null",
- "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is to tolerate all taints (operator: Exists without any key), which is typical for DaemonSets that must run on every node. Maximum length for this list is 10. Minimum length for this list is 1.",
"collectors": "collectors configures which node-exporter metric collectors are enabled. collectors is optional. Each collector can be individually enabled or disabled. Some collectors may have additional configuration options.\n\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.",
"maxProcs": "maxProcs sets the target number of CPUs on which the node-exporter process will run. maxProcs is optional. Use this setting to override the default value, which is set either to 4 or to the number of CPUs on the host, whichever is smaller. The default value is computed at runtime and set via the GOMAXPROCS environment variable before node-exporter is launched. If a kernel deadlock occurs or if performance degrades when reading from sysfs concurrently, you can change this value to 1, which limits node-exporter to running on one CPU. For nodes with a high CPU count, setting the limit to a low number saves resources by preventing Go routines from being scheduled to run on all CPUs. However, I/O performance degrades if the maxProcs value is set too low and there are many metrics to collect. The minimum value is 1 and the maximum value is 1024. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is min(4, number of host CPUs).",
"ignoredNetworkDevices": "ignoredNetworkDevices is a list of regular expression patterns that match network devices to be excluded from the relevant collector configuration such as netdev, netclass, and ethtool. ignoredNetworkDevices is optional.\n\nWhen omitted, the Cluster Monitoring Operator uses a predefined list of devices to be excluded to minimize the impact on memory usage. When set as an empty list, no devices are excluded. If you modify this setting, monitor the prometheus-k8s deployment closely for excessive memory usage. Maximum length for this list is 50. Each entry must be at least 1 character and at most 1024 characters long.",
@@ -496,7 +529,7 @@ var map_PrometheusConfig = map[string]string{
"queryLogFile": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.",
"remoteWrite": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).",
"resources": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.",
- "retention": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).",
+ "retention": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15d retention, no size limit).",
"tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1",
"topologySpreadConstraints": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.",
"collectionProfile": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.",
@@ -629,9 +662,9 @@ func (ReplaceActionConfig) SwaggerDoc() map[string]string {
}
var map_Retention = map[string]string{
- "": "Retention configures how long Prometheus retains metrics data and how much storage it can use.",
- "durationInDays": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).",
- "sizeInGiB": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).",
+ "": "Retention configures how long Prometheus retains metrics data and how much storage it can use.",
+ "duration": "duration is an optional field that specifies how long Prometheus retains metrics data. Valid values are Prometheus-style duration strings with unit suffixes y, w, d, h, m, s, or ms (for example, \"15d\", \"24h\", or \"5d1h30m\"). Each unit value must be a positive integer. Composite durations must follow the fixed unit order y, w, d, h, m, s, ms. Must be at least 1 character and at most 64 characters. When set to \"0\", time-based retention is disabled. This is the only supported form for disabling time-based retention; other zero-duration representations such as \"0d\", \"0h\", or \"0y\" are rejected. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `15d`.",
+ "size": "size is an optional field that specifies the maximum storage size that Prometheus can use for data blocks and the write-ahead log (WAL). Valid values are byte-size strings with an optional decimal prefix and a unit suffix B, KB, MB, GB, TB, EB, PB, or their binary equivalents KiB, MiB, GiB, TiB, EiB, PiB (for example, \"500MiB\", \"10GiB\"). The numeric value must be greater than zero. Must be at least 1 character and at most 32 characters. When set to \"0\", no size limit is enforced. This is the only supported form for disabling size-based retention; other zero-size representations such as \"0B\" or \"0MiB\" are rejected. When the limit is reached, Prometheus deletes oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity.",
}
func (Retention) SwaggerDoc() map[string]string {
@@ -688,6 +721,9 @@ func (TelemeterClientConfig) SwaggerDoc() map[string]string {
var map_ThanosQuerierConfig = map[string]string{
"": "ThanosQuerierConfig provides configuration options for the Thanos Querier component that runs in the `openshift-monitoring` namespace. At least one field must be specified; an empty thanosQuerierConfig object is not allowed.",
+ "logLevel": "logLevel defines the verbosity of logs emitted by Thanos Querier. logLevel is optional. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.",
+ "requestLogging": "requestLogging configures request logging for Thanos Querier. requestLogging is optional. When provided, the policy field within is required. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default behavior is to not log any requests.",
+ "crossOriginRequestPolicy": "crossOriginRequestPolicy configures the CORS (Cross-Origin Resource Sharing) policy for Thanos Querier's HTTP endpoints. crossOriginRequestPolicy is optional. Valid values are \"AllowAll\" and \"DenyAll\". When set to \"AllowAll\", CORS headers are added to responses, allowing cross-origin requests from any domain. When set to \"DenyAll\", no CORS headers are added and cross-origin requests are rejected by the browser. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is \"DenyAll\".",
"nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.",
"resources": "resources defines the compute resource requests and limits for the Thanos Querier container. resources is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Requests cannot exceed limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n - name: memory\n request: 12Mi\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.",
"tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.",
@@ -698,6 +734,15 @@ func (ThanosQuerierConfig) SwaggerDoc() map[string]string {
return map_ThanosQuerierConfig
}
+var map_ThanosQuerierRequestLoggingConfig = map[string]string{
+ "": "ThanosQuerierRequestLoggingConfig configures request logging for Thanos Querier.",
+ "policy": "policy determines which HTTP and gRPC requests are logged by Thanos Querier. Valid values are \"AllRequests\" and \"NoRequests\". When set to \"AllRequests\", every request received by Thanos Querier is logged with method, path, and response status. The log level for request logs is derived from the logLevel field. When set to \"NoRequests\", request logging is turned off.",
+}
+
+func (ThanosQuerierRequestLoggingConfig) SwaggerDoc() map[string]string {
+ return map_ThanosQuerierRequestLoggingConfig
+}
+
var map_UppercaseActionConfig = map[string]string{
"": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.",
"targetLabel": "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.",
diff --git a/vendor/github.com/openshift/api/config/v1alpha2/doc.go b/vendor/github.com/openshift/api/config/v1alpha2/doc.go
index 15ac6b497..5777844e2 100644
--- a/vendor/github.com/openshift/api/config/v1alpha2/doc.go
+++ b/vendor/github.com/openshift/api/config/v1alpha2/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.config.v1alpha2
// +groupName=config.openshift.io
// Package v1alpha2 is the v1alpha2 version of the API.
diff --git a/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.model_name.go b/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.model_name.go
new file mode 100644
index 000000000..d05e8558c
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.model_name.go
@@ -0,0 +1,61 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1alpha2
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Custom) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.Custom"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GatherConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.GatherConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GathererConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.GathererConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Gatherers) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.Gatherers"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGather) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.InsightsDataGather"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGatherList) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.InsightsDataGatherList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGatherSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsDataGatherStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PersistentVolumeClaimReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PersistentVolumeConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Storage) OpenAPIModelName() string {
+ return "com.github.openshift.api.config.v1alpha2.Storage"
+}
diff --git a/vendor/github.com/openshift/api/console/v1/doc.go b/vendor/github.com/openshift/api/console/v1/doc.go
index c08b5b519..f6c62bd19 100644
--- a/vendor/github.com/openshift/api/console/v1/doc.go
+++ b/vendor/github.com/openshift/api/console/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.console.v1
// +groupName=console.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/console/v1/types_console_plugin.go b/vendor/github.com/openshift/api/console/v1/types_console_plugin.go
index 0160a4a24..c63db50d5 100644
--- a/vendor/github.com/openshift/api/console/v1/types_console_plugin.go
+++ b/vendor/github.com/openshift/api/console/v1/types_console_plugin.go
@@ -90,7 +90,6 @@ type ConsolePluginSpec struct {
// OpenShift web console server CSP response header:
// Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'
//
- // +openshift:enable:FeatureGate=ConsolePluginContentSecurityPolicy
// +kubebuilder:validation:MaxItems=5
// +kubebuilder:validation:XValidation:rule="self.map(x, x.values.map(y, y.size()).sum()).sum() < 8192",message="the total combined size of values of all directives must not exceed 8192 (8kb)"
// +listType=map
diff --git a/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml
index caa676e69..26524d0a1 100644
--- a/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml
+++ b/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml
@@ -137,8 +137,7 @@ consoleplugins.console.openshift.io:
CRDName: consoleplugins.console.openshift.io
Capability: Console
Category: ""
- FeatureGates:
- - ConsolePluginContentSecurityPolicy
+ FeatureGates: []
FilenameOperatorName: ""
FilenameOperatorOrdering: "90"
FilenameRunLevel: ""
diff --git a/vendor/github.com/openshift/api/console/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/console/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..d5c9c2bc5
--- /dev/null
+++ b/vendor/github.com/openshift/api/console/v1/zz_generated.model_name.go
@@ -0,0 +1,226 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ApplicationMenuSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ApplicationMenuSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CLIDownloadLink) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.CLIDownloadLink"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleCLIDownload) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleCLIDownload"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleCLIDownloadList) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleCLIDownloadList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleCLIDownloadSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleCLIDownloadSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleExternalLogLink) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleExternalLogLink"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleExternalLogLinkList) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleExternalLogLinkList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleExternalLogLinkSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleExternalLogLinkSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleLink) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleLink"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleLinkList) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleLinkList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleLinkSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleLinkSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleNotification) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleNotification"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleNotificationList) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleNotificationList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleNotificationSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleNotificationSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsolePlugin) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsolePlugin"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsolePluginBackend) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsolePluginBackend"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsolePluginCSP) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsolePluginCSP"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsolePluginI18n) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsolePluginI18n"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsolePluginList) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsolePluginList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsolePluginProxy) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsolePluginProxy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsolePluginProxyEndpoint) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsolePluginProxyEndpoint"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsolePluginProxyServiceConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsolePluginProxyServiceConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsolePluginService) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsolePluginService"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsolePluginSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsolePluginSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleQuickStart) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleQuickStart"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleQuickStartList) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleQuickStartList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleQuickStartSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleQuickStartSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleQuickStartTask) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleQuickStartTask"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleQuickStartTaskReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleQuickStartTaskReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleQuickStartTaskSummary) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleQuickStartTaskSummary"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSample) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleSample"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSampleContainerImportSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSampleContainerImportSourceService) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSourceService"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSampleGitImportSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleSampleGitImportSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSampleGitImportSourceRepository) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceRepository"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSampleGitImportSourceService) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceService"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSampleList) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleSampleList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSampleSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleSampleSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSampleSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleSampleSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleYAMLSample) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleYAMLSample"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleYAMLSampleList) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleYAMLSampleList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleYAMLSampleSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.ConsoleYAMLSampleSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Link) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.Link"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NamespaceDashboardSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.console.v1.NamespaceDashboardSpec"
+}
diff --git a/vendor/github.com/openshift/api/etcd/v1/doc.go b/vendor/github.com/openshift/api/etcd/v1/doc.go
index fe483fffd..d1c4632de 100644
--- a/vendor/github.com/openshift/api/etcd/v1/doc.go
+++ b/vendor/github.com/openshift/api/etcd/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.etcd.v1
// +openshift:featuregated-schema-gen=true
// +groupName=etcd.openshift.io
package v1
diff --git a/vendor/github.com/openshift/api/etcd/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/etcd/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..9e13a7167
--- /dev/null
+++ b/vendor/github.com/openshift/api/etcd/v1/zz_generated.model_name.go
@@ -0,0 +1,41 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerCluster) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1.PacemakerCluster"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerClusterFencingAgentStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1.PacemakerClusterFencingAgentStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerClusterList) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1.PacemakerClusterList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerClusterNodeStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1.PacemakerClusterNodeStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerClusterResourceStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1.PacemakerClusterResourceStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerClusterStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1.PacemakerClusterStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerNodeAddress) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1.PacemakerNodeAddress"
+}
diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/doc.go b/vendor/github.com/openshift/api/etcd/v1alpha1/doc.go
index aea92fb38..c93f9a586 100644
--- a/vendor/github.com/openshift/api/etcd/v1alpha1/doc.go
+++ b/vendor/github.com/openshift/api/etcd/v1alpha1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.etcd.v1alpha1
// +openshift:featuregated-schema-gen=true
// +groupName=etcd.openshift.io
package v1alpha1
diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.model_name.go
new file mode 100644
index 000000000..11fac8dad
--- /dev/null
+++ b/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.model_name.go
@@ -0,0 +1,41 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1alpha1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerCluster) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1alpha1.PacemakerCluster"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerClusterFencingAgentStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerClusterList) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerClusterNodeStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerClusterResourceStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerClusterStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PacemakerNodeAddress) OpenAPIModelName() string {
+ return "com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress"
+}
diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md
index 24149f56e..dcf231b6e 100644
--- a/vendor/github.com/openshift/api/features.md
+++ b/vendor/github.com/openshift/api/features.md
@@ -3,16 +3,20 @@
| ClientsAllowCBOR| | | | | | | | |
| ClusterAPIInstall| | | | | | | | |
| EventedPLEG| | | | | | | | |
+| MachineAPIMigrationAzure| | | | | | | | |
+| MachineAPIMigrationBareMetal| | | | | | | | |
+| MachineAPIMigrationGCP| | | | | | | | |
+| MachineAPIMigrationPowerVS| | | | | | | | |
| MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | | |
| MultiArchInstallAzure| | | | | | | | |
| ShortCertRotation| | | | | | | | |
+| MutableTopology| | | | Enabled | | | | |
| ClusterAPIComputeInstall| | | Enabled | Enabled | | | | |
| ClusterAPIControlPlaneInstall| | | Enabled | Enabled | | | | |
| ClusterUpdatePreflight| | | Enabled | Enabled | | | | |
| ConfidentialCluster| | | Enabled | Enabled | | | | |
| Example2| | | Enabled | Enabled | | | | |
| ExternalOIDCExternalClaimsSourcing| | | Enabled | Enabled | | | | |
-| ExternalSnapshotMetadata| | | Enabled | Enabled | | | | |
| MachineAPIMigrationVSphere| | | Enabled | Enabled | | | | |
| NetworkConnect| | | Enabled | Enabled | | | | |
| NewOLMBoxCutterRuntime| | | | Enabled | | | | Enabled |
@@ -21,10 +25,9 @@
| NewOLMOwnSingleNamespace| | | | Enabled | | | | Enabled |
| NewOLMPreflightPermissionChecks| | | | Enabled | | | | Enabled |
| NoRegistryClusterInstall| | | | Enabled | | | | Enabled |
+| OLMLifecycleAndCompatibility| | | | Enabled | | | | Enabled |
| ProvisioningRequestAvailable| | | Enabled | Enabled | | | | |
-| VSphereMultiVCenterDay2| | | Enabled | Enabled | | | | |
| AWSClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled |
-| AWSClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSEuropeanSovereignCloudInstall| | | Enabled | Enabled | | | Enabled | Enabled |
@@ -52,12 +55,11 @@
| ClusterVersionOperatorConfiguration| | | Enabled | Enabled | | | Enabled | Enabled |
| ConfigurablePKI| | | Enabled | Enabled | | | Enabled | Enabled |
| DNSNameResolver| | | Enabled | Enabled | | | Enabled | Enabled |
-| DRAPartitionableDevices| | | Enabled | Enabled | | | Enabled | Enabled |
| DyanmicServiceEndpointIBMCloud| | | Enabled | Enabled | | | Enabled | Enabled |
-| EVPN| | | Enabled | Enabled | | | Enabled | Enabled |
| EtcdBackendQuota| | | Enabled | Enabled | | | Enabled | Enabled |
| Example| | | Enabled | Enabled | | | Enabled | Enabled |
| ExternalOIDCWithUpstreamParity| | | Enabled | Enabled | | | Enabled | Enabled |
+| ExternalSnapshotMetadata| | | Enabled | Enabled | | | Enabled | Enabled |
| GCPCustomAPIEndpoints| | | Enabled | Enabled | | | Enabled | Enabled |
| GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | | | Enabled | Enabled |
| GCPDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled |
@@ -73,27 +75,30 @@
| MinimumKubeletVersion| | | Enabled | Enabled | | | Enabled | Enabled |
| MixedCPUsAllocation| | | Enabled | Enabled | | | Enabled | Enabled |
| MultiDiskSetup| | | Enabled | Enabled | | | Enabled | Enabled |
-| MutatingAdmissionPolicy| | | Enabled | Enabled | | | Enabled | Enabled |
+| NetworkObservabilityInstall| | | Enabled | Enabled | | | Enabled | Enabled |
| NewOLM| | Enabled | | Enabled | | Enabled | | Enabled |
| NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled | | Enabled |
| NoOverlayMode| | | Enabled | Enabled | | | Enabled | Enabled |
| NutanixMultiSubnets| | | Enabled | Enabled | | | Enabled | Enabled |
-| OSStreams| | | Enabled | Enabled | | | Enabled | Enabled |
| OVNObservability| | | Enabled | Enabled | | | Enabled | Enabled |
| OnPremDNSRecords| | | Enabled | Enabled | | | Enabled | Enabled |
| SELinuxMount| | | Enabled | Enabled | | | Enabled | Enabled |
+| SELinuxMountGAReadiness| | | Enabled | Enabled | | | Enabled | Enabled |
| SignatureStores| | | Enabled | Enabled | | | Enabled | Enabled |
| TLSAdherence| | | Enabled | Enabled | | | Enabled | Enabled |
+| TLSGroupPreferences| | | Enabled | Enabled | | | Enabled | Enabled |
| VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | | | Enabled | Enabled |
-| VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled |
+| VSphereMultiVCenterDay2| | | Enabled | Enabled | | | Enabled | Enabled |
| VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled |
-| AWSServiceLBNetworkSecurityGroup| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled |
+| OSStreams| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled |
+| AWSClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| AWSServiceLBNetworkSecurityGroup| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| AzureClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| BootImageSkewEnforcement| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| DualReplica| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| EVPN| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| EventTTL| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| ExternalOIDC| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| ExternalOIDCWithUIDAndExtraClaimMappings| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
@@ -105,6 +110,7 @@
| ManagedBootImagesCPMS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| MutableCSINodeAllocatableCount| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| MutatingAdmissionPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
@@ -113,5 +119,6 @@
| StoragePerformantSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| UpgradeStatus| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| VSphereHostVMGroupZonal| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| VSphereMixedNodeEnv| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go
index 6fdc23319..4a5484803 100644
--- a/vendor/github.com/openshift/api/features/features.go
+++ b/vendor/github.com/openshift/api/features/features.go
@@ -75,14 +75,6 @@ func AllFeatureSets() map[uint64]map[ClusterProfileName]map[configv1.FeatureSet]
var (
allFeatureGates = map[configv1.FeatureGateName][]featureGateStatus{}
- FeatureGateConsolePluginCSP = newFeatureGate("ConsolePluginContentSecurityPolicy").
- reportProblemsToJiraComponent("Management Console").
- contactPerson("jhadvig").
- productScope(ocpSpecific).
- enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
- enhancementPR("https://github.com/openshift/enhancements/pull/1706").
- mustRegister()
-
FeatureGateServiceAccountTokenNodeBinding = newFeatureGate("ServiceAccountTokenNodeBinding").
reportProblemsToJiraComponent("apiserver-auth").
contactPerson("ibihim").
@@ -96,7 +88,7 @@ var (
contactPerson("benluddy").
productScope(kubernetes).
enhancementPR("https://github.com/kubernetes/enhancements/issues/3962").
- enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
+ enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
mustRegister()
FeatureGateOpenShiftPodSecurityAdmission = newFeatureGate("OpenShiftPodSecurityAdmission").
@@ -215,7 +207,7 @@ var (
contactPerson("jcaamano").
productScope(ocpSpecific).
enhancementPR("https://github.com/openshift/enhancements/pull/1862").
- enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
+ enable(inDefault(), inOKD(), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
mustRegister()
FeatureGateOVNObservability = newFeatureGate("OVNObservability").
@@ -362,10 +354,10 @@ var (
FeatureGateExternalSnapshotMetadata = newFeatureGate("ExternalSnapshotMetadata").
reportProblemsToJiraComponent("Storage / Kubernetes External Components").
- contactPerson("jdobson").
+ contactPerson("rbednar").
productScope(kubernetes).
enhancementPR("https://github.com/kubernetes/enhancements/issues/3314").
- enable(inDevPreviewNoUpgrade()).
+ enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
mustRegister()
FeatureGateExternalOIDC = newFeatureGate("ExternalOIDC").
@@ -472,6 +464,14 @@ var (
enable(inClusterProfile(SelfManaged), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
mustRegister()
+ FeatureGateOLMLifecycleAndCompatibility = newFeatureGate("OLMLifecycleAndCompatibility").
+ reportProblemsToJiraComponent("olm").
+ contactPerson("joelanford").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/1991").
+ enable(inClusterProfile(SelfManaged), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
+ mustRegister()
+
FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather").
reportProblemsToJiraComponent("insights").
contactPerson("tremes").
@@ -535,6 +535,34 @@ var (
enable(inDevPreviewNoUpgrade()).
mustRegister()
+ FeatureGateMachineAPIMigrationAzure = newFeatureGate("MachineAPIMigrationAzure").
+ reportProblemsToJiraComponent("Cloud Compute / Cluster API Providers").
+ contactPerson("ddonati").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/1465").
+ mustRegister()
+
+ FeatureGateMachineAPIMigrationBareMetal = newFeatureGate("MachineAPIMigrationBareMetal").
+ reportProblemsToJiraComponent("Cloud Compute / BareMetal Provider").
+ contactPerson("ddonati").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/1465").
+ mustRegister()
+
+ FeatureGateMachineAPIMigrationGCP = newFeatureGate("MachineAPIMigrationGCP").
+ reportProblemsToJiraComponent("Cloud Compute / Cluster API Providers").
+ contactPerson("ddonati").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/1465").
+ mustRegister()
+
+ FeatureGateMachineAPIMigrationPowerVS = newFeatureGate("MachineAPIMigrationPowerVS").
+ reportProblemsToJiraComponent("Cloud Compute / IBM Provider").
+ contactPerson("ddonati").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/1465").
+ mustRegister()
+
FeatureGateClusterAPIMachineManagement = newFeatureGate("ClusterAPIMachineManagement").
reportProblemsToJiraComponent("Cloud Compute / Cluster API Providers").
contactPerson("ddonati").
@@ -622,7 +650,6 @@ var (
enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
mustRegister()
-
FeatureGateVSphereMultiNetworks = newFeatureGate("VSphereMultiNetworks").
reportProblemsToJiraComponent("SPLAT").
contactPerson("rvanderp").
@@ -771,7 +798,7 @@ var (
contactPerson("vr4manta").
productScope(ocpSpecific).
enhancementPR("https://github.com/openshift/enhancements/pull/1772").
- enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
+ enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
mustRegister()
FeatureGateVSphereMultiVCenterDay2 = newFeatureGate("VSphereMultiVCenterDay2").
@@ -779,7 +806,7 @@ var (
contactPerson("vr4manta").
productScope(ocpSpecific).
enhancementPR("https://github.com/openshift/enhancements/pull/1961").
- enable(inDevPreviewNoUpgrade()).
+ enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
mustRegister()
FeatureGateAWSServiceLBNetworkSecurityGroup = newFeatureGate("AWSServiceLBNetworkSecurityGroup").
@@ -787,8 +814,7 @@ var (
contactPerson("mtulio").
productScope(ocpSpecific).
enhancementPR("https://github.com/openshift/enhancements/pull/1802").
- enable(inClusterProfile(SelfManaged), inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
- enable(inClusterProfile(Hypershift), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
+ enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
mustRegister()
FeatureGateNoRegistryClusterInstall = newFeatureGate("NoRegistryClusterInstall").
@@ -804,7 +830,7 @@ var (
contactPerson("barbacbd").
productScope(ocpSpecific).
enhancementPR("https://github.com/openshift/enhancements/pull/1468").
- enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
+ enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
mustRegister()
FeatureGateGCPCustomAPIEndpointsInstall = newFeatureGate("GCPCustomAPIEndpointsInstall").
@@ -889,7 +915,8 @@ var (
contactPerson("pabrodri").
productScope(ocpSpecific).
enhancementPR("https://github.com/openshift/enhancements/pull/1874").
- enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
+ enable(inClusterProfile(SelfManaged), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade(), inDefault(), inOKD()).
+ enable(inClusterProfile(Hypershift), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
mustRegister()
FeatureGateCRDCompatibilityRequirementOperator = newFeatureGate("CRDCompatibilityRequirementOperator").
@@ -923,14 +950,6 @@ var (
enable(inClusterProfile(Hypershift), inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
mustRegister()
- FeatureGateDRAPartitionableDevices = newFeatureGate("DRAPartitionableDevices").
- reportProblemsToJiraComponent("Node").
- contactPerson("harche").
- productScope(kubernetes).
- enhancementPR("https://github.com/kubernetes/enhancements/issues/4815").
- enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
- mustRegister()
-
FeatureGateConfigurablePKI = newFeatureGate("ConfigurablePKI").
reportProblemsToJiraComponent("kube-apiserver").
contactPerson("sanchezl").
@@ -979,11 +998,42 @@ var (
enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
mustRegister()
- FeatureGateConfidentialCluster = newFeatureGate("ConfidentialCluster").
- reportProblemsToJiraComponent("ConfidentialClusters").
- contactPerson("fjin").
- productScope(ocpSpecific).
- enhancementPR("https://github.com/openshift/enhancements/pull/1962").
- enable(inDevPreviewNoUpgrade()).
- mustRegister()
+ FeatureGateConfidentialCluster = newFeatureGate("ConfidentialCluster").
+ reportProblemsToJiraComponent("ConfidentialClusters").
+ contactPerson("fjin").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/1962").
+ enable(inDevPreviewNoUpgrade()).
+ mustRegister()
+ FeatureGateNetworkObservabilityInstall = newFeatureGate("NetworkObservabilityInstall").
+ reportProblemsToJiraComponent("netobserv").
+ contactPerson("jtakvori").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/1908").
+ enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
+ mustRegister()
+
+ FeatureGateTLSGroupPreferences = newFeatureGate("TLSGroupPreferences").
+ reportProblemsToJiraComponent("Networking / router").
+ contactPerson("davidesalerno").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/1894").
+ enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()).
+ mustRegister()
+
+ FeatureGateMutableTopology = newFeatureGate("MutableTopology").
+ reportProblemsToJiraComponent("Mutable Topology").
+ contactPerson("jaypoulz").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/2008").
+ enable(inClusterProfile(SelfManaged), inDevPreviewNoUpgrade()).
+ mustRegister()
+
+ FeatureGateSELinuxMountGAReadiness = newFeatureGate("SELinuxMountGAReadiness").
+ reportProblemsToJiraComponent("Storage / Operators").
+ contactPerson("jsafrane").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/2010").
+ enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
+ mustRegister()
)
diff --git a/vendor/github.com/openshift/api/helm/v1beta1/doc.go b/vendor/github.com/openshift/api/helm/v1beta1/doc.go
index 8a45cd1c8..85ecec82b 100644
--- a/vendor/github.com/openshift/api/helm/v1beta1/doc.go
+++ b/vendor/github.com/openshift/api/helm/v1beta1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.helm.v1beta1
// +kubebuilder:validation:Optional
// +groupName=helm.openshift.io
diff --git a/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.model_name.go b/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.model_name.go
new file mode 100644
index 000000000..4cf8aee34
--- /dev/null
+++ b/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.model_name.go
@@ -0,0 +1,51 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1beta1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConnectionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.helm.v1beta1.ConnectionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConnectionConfigNamespaceScoped) OpenAPIModelName() string {
+ return "com.github.openshift.api.helm.v1beta1.ConnectionConfigNamespaceScoped"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HelmChartRepository) OpenAPIModelName() string {
+ return "com.github.openshift.api.helm.v1beta1.HelmChartRepository"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HelmChartRepositoryList) OpenAPIModelName() string {
+ return "com.github.openshift.api.helm.v1beta1.HelmChartRepositoryList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HelmChartRepositorySpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.helm.v1beta1.HelmChartRepositorySpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HelmChartRepositoryStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectHelmChartRepository) OpenAPIModelName() string {
+ return "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepository"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectHelmChartRepositoryList) OpenAPIModelName() string {
+ return "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositoryList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectHelmChartRepositorySpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositorySpec"
+}
diff --git a/vendor/github.com/openshift/api/image/v1/doc.go b/vendor/github.com/openshift/api/image/v1/doc.go
index e57d45bbf..c55344ebc 100644
--- a/vendor/github.com/openshift/api/image/v1/doc.go
+++ b/vendor/github.com/openshift/api/image/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/image/apis/image
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.image.v1
// +groupName=image.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/image/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/image/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..e1c8b2bc9
--- /dev/null
+++ b/vendor/github.com/openshift/api/image/v1/zz_generated.model_name.go
@@ -0,0 +1,196 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DockerImageReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.DockerImageReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Image) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.Image"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageBlobReferences) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageBlobReferences"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageImportSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageImportSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageImportStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageImportStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageLayer) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageLayer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageLayerData) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageLayerData"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageList) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageLookupPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageLookupPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageManifest) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageManifest"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageSignature) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageSignature"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStream) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStream"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamImage) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamImage"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamImport) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamImport"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamImportSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamImportSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamImportStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamImportStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamLayers) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamLayers"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamList) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamTag) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamTag"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageStreamTagList) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageStreamTagList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageTag) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageTag"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageTagList) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.ImageTagList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NamedTagEventList) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.NamedTagEventList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RepositoryImportSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.RepositoryImportSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RepositoryImportStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.RepositoryImportStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecretList) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.SecretList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SignatureCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.SignatureCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SignatureGenericEntity) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.SignatureGenericEntity"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SignatureIssuer) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.SignatureIssuer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SignatureSubject) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.SignatureSubject"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TagEvent) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.TagEvent"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TagEventCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.TagEventCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TagImportPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.TagImportPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TagReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.TagReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TagReferencePolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.image.v1.TagReferencePolicy"
+}
diff --git a/vendor/github.com/openshift/api/imageregistry/v1/doc.go b/vendor/github.com/openshift/api/imageregistry/v1/doc.go
index 32ad6f814..46761bad0 100644
--- a/vendor/github.com/openshift/api/imageregistry/v1/doc.go
+++ b/vendor/github.com/openshift/api/imageregistry/v1/doc.go
@@ -1,3 +1,4 @@
// +k8s:deepcopy-gen=package
// +groupName=imageregistry.operator.openshift.io
+// +k8s:openapi-model-package=com.github.openshift.api.imageregistry.v1
package v1
diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..bb51d1e7e
--- /dev/null
+++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.model_name.go
@@ -0,0 +1,141 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureNetworkAccess) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.AzureNetworkAccess"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureNetworkAccessInternal) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.AzureNetworkAccessInternal"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Config) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.Config"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EncryptionAlibaba) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.EncryptionAlibaba"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePruner) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImagePruner"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePrunerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImagePrunerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePrunerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImagePrunerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePrunerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImagePrunerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigProxy) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigProxy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigRequests) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigRequests"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigRequestsLimits) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigRequestsLimits"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigRoute) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigRoute"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigStorage) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigStorage"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigStorageAlibabaOSS) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigStorageAlibabaOSS"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigStorageAzure) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigStorageAzure"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigStorageEmptyDir) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigStorageEmptyDir"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigStorageGCS) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigStorageGCS"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigStorageIBMCOS) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigStorageIBMCOS"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigStoragePVC) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigStoragePVC"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigStorageS3) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigStorageS3"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigStorageS3CloudFront) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigStorageS3CloudFront"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryConfigStorageSwift) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryConfigStorageSwift"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistrySpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistrySpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageRegistryStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.ImageRegistryStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KMSEncryptionAlibaba) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.KMSEncryptionAlibaba"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in S3TrustedCASource) OpenAPIModelName() string {
+ return "com.github.openshift.api.imageregistry.v1.S3TrustedCASource"
+}
diff --git a/vendor/github.com/openshift/api/install.go b/vendor/github.com/openshift/api/install.go
index e4574e7c4..6efcc1c29 100644
--- a/vendor/github.com/openshift/api/install.go
+++ b/vendor/github.com/openshift/api/install.go
@@ -14,8 +14,6 @@ import (
kauthorizationv1beta1 "k8s.io/api/authorization/v1beta1"
kautoscalingv1 "k8s.io/api/autoscaling/v1"
kautoscalingv2 "k8s.io/api/autoscaling/v2"
- kautoscalingv2beta1 "k8s.io/api/autoscaling/v2beta1"
- kautoscalingv2beta2 "k8s.io/api/autoscaling/v2beta2"
kbatchv1 "k8s.io/api/batch/v1"
kbatchv1beta1 "k8s.io/api/batch/v1beta1"
kcertificatesv1 "k8s.io/api/certificates/v1"
@@ -40,7 +38,6 @@ import (
krbacv1alpha1 "k8s.io/api/rbac/v1alpha1"
krbacv1beta1 "k8s.io/api/rbac/v1beta1"
kschedulingv1 "k8s.io/api/scheduling/v1"
- kschedulingv1alpha1 "k8s.io/api/scheduling/v1alpha1"
kschedulingv1beta1 "k8s.io/api/scheduling/v1beta1"
kstoragev1 "k8s.io/api/storage/v1"
kstoragev1alpha1 "k8s.io/api/storage/v1alpha1"
@@ -134,8 +131,6 @@ var (
kauthorizationv1beta1.AddToScheme,
kautoscalingv1.AddToScheme,
kautoscalingv2.AddToScheme,
- kautoscalingv2beta1.AddToScheme,
- kautoscalingv2beta2.AddToScheme,
kbatchv1.AddToScheme,
kbatchv1beta1.AddToScheme,
kcertificatesv1.AddToScheme,
@@ -160,7 +155,6 @@ var (
krbacv1beta1.AddToScheme,
krbacv1alpha1.AddToScheme,
kschedulingv1.AddToScheme,
- kschedulingv1alpha1.AddToScheme,
kschedulingv1beta1.AddToScheme,
kstoragev1.AddToScheme,
kstoragev1beta1.AddToScheme,
diff --git a/vendor/github.com/openshift/api/kubecontrolplane/v1/doc.go b/vendor/github.com/openshift/api/kubecontrolplane/v1/doc.go
index d8872a613..8f60e8e43 100644
--- a/vendor/github.com/openshift/api/kubecontrolplane/v1/doc.go
+++ b/vendor/github.com/openshift/api/kubecontrolplane/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.kubecontrolplane.v1
// +groupName=kubecontrolplane.config.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..404821349
--- /dev/null
+++ b/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.model_name.go
@@ -0,0 +1,76 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AggregatorConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.AggregatorConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeAPIServerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeAPIServerImagePolicyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerImagePolicyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeAPIServerProjectConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerProjectConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeControllerManagerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeControllerManagerProjectConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerProjectConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeletConnectionInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.KubeletConnectionInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MasterAuthConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.MasterAuthConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RequestHeaderAuthenticationOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.RequestHeaderAuthenticationOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceServingCert) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.ServiceServingCert"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserAgentDenyRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.UserAgentDenyRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserAgentMatchRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserAgentMatchingConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchingConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in WebhookTokenAuthenticator) OpenAPIModelName() string {
+ return "com.github.openshift.api.kubecontrolplane.v1.WebhookTokenAuthenticator"
+}
diff --git a/vendor/github.com/openshift/api/legacyconfig/v1/doc.go b/vendor/github.com/openshift/api/legacyconfig/v1/doc.go
index 93fc6dc50..151f0501e 100644
--- a/vendor/github.com/openshift/api/legacyconfig/v1/doc.go
+++ b/vendor/github.com/openshift/api/legacyconfig/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.legacyconfig.v1
// +groupName=legacy.config.openshift.io
// Package v1 is deprecated and exists to ease a transition to current APIs
diff --git a/vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..1010a860a
--- /dev/null
+++ b/vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.model_name.go
@@ -0,0 +1,406 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ActiveDirectoryConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ActiveDirectoryConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AdmissionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.AdmissionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AdmissionPluginConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.AdmissionPluginConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AggregatorConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.AggregatorConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AllowAllPasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.AllowAllPasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AuditConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.AuditConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AugmentedActiveDirectoryConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.AugmentedActiveDirectoryConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BasicAuthPasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.BasicAuthPasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildDefaultsConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.BuildDefaultsConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildOverridesConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.BuildOverridesConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CertInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.CertInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClientConnectionOverrides) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterNetworkEntry) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ClusterNetworkEntry"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ControllerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ControllerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ControllerElectionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ControllerElectionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.DNSConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DefaultAdmissionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.DefaultAdmissionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DenyAllPasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.DenyAllPasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DockerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.DockerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.EtcdConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdConnectionInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.EtcdConnectionInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdStorageConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.EtcdStorageConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitHubIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.GitHubIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitLabIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.GitLabIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GoogleIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.GoogleIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GrantConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.GrantConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GroupResource) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.GroupResource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HTPasswdPasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.HTPasswdPasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HTTPServingInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.HTTPServingInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.IdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ImageConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePolicyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ImagePolicyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in JenkinsPipelineConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.JenkinsPipelineConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KeystonePasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.KeystonePasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeletConnectionInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.KubeletConnectionInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubernetesMasterConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.KubernetesMasterConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LDAPAttributeMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.LDAPAttributeMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LDAPPasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.LDAPPasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LDAPQuery) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.LDAPQuery"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LDAPSyncConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.LDAPSyncConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LocalQuota) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.LocalQuota"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MasterAuthConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.MasterAuthConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MasterClients) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.MasterClients"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MasterConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.MasterConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MasterNetworkConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.MasterNetworkConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MasterVolumeConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.MasterVolumeConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NamedCertificate) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.NamedCertificate"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeAuthConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.NodeAuthConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.NodeConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeNetworkConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.NodeNetworkConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeVolumeConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.NodeVolumeConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.OAuthConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthTemplates) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.OAuthTemplates"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenIDClaims) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.OpenIDClaims"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenIDIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.OpenIDIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenIDURLs) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.OpenIDURLs"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodManifestConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.PodManifestConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PolicyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.PolicyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ProjectConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RFC2307Config) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.RFC2307Config"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RegistryLocation) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.RegistryLocation"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RemoteConnectionInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.RemoteConnectionInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RequestHeaderAuthenticationOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.RequestHeaderAuthenticationOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RequestHeaderIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.RequestHeaderIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RoutingConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.RoutingConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecurityAllocator) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.SecurityAllocator"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceAccountConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ServiceAccountConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceServingCert) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ServiceServingCert"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServingInfo) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.ServingInfo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SessionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.SessionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SessionSecret) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.SessionSecret"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SessionSecrets) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.SessionSecrets"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SourceStrategyDefaultsConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.SourceStrategyDefaultsConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StringSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.StringSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StringSourceSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.StringSourceSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.TokenConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserAgentDenyRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.UserAgentDenyRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserAgentMatchRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.UserAgentMatchRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserAgentMatchingConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.UserAgentMatchingConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in WebhookTokenAuthenticator) OpenAPIModelName() string {
+ return "com.github.openshift.api.legacyconfig.v1.WebhookTokenAuthenticator"
+}
diff --git a/vendor/github.com/openshift/api/machine/v1/doc.go b/vendor/github.com/openshift/api/machine/v1/doc.go
index 7bd97c950..ceddf5bd7 100644
--- a/vendor/github.com/openshift/api/machine/v1/doc.go
+++ b/vendor/github.com/openshift/api/machine/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.machine.v1
// +kubebuilder:validation:Optional
// +groupName=machine.openshift.io
diff --git a/vendor/github.com/openshift/api/machine/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/machine/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..11bf44a90
--- /dev/null
+++ b/vendor/github.com/openshift/api/machine/v1/zz_generated.model_name.go
@@ -0,0 +1,211 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSFailureDomain) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.AWSFailureDomain"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSFailureDomainPlacement) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.AWSFailureDomainPlacement"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSResourceFilter) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.AWSResourceFilter"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSResourceReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.AWSResourceReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlibabaCloudMachineProviderConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlibabaCloudMachineProviderConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlibabaCloudMachineProviderStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlibabaResourceReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.AlibabaResourceReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureFailureDomain) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.AzureFailureDomain"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BandwidthProperties) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.BandwidthProperties"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ControlPlaneMachineSet) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.ControlPlaneMachineSet"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ControlPlaneMachineSetList) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.ControlPlaneMachineSetList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ControlPlaneMachineSetSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.ControlPlaneMachineSetSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ControlPlaneMachineSetStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.ControlPlaneMachineSetStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ControlPlaneMachineSetStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.ControlPlaneMachineSetStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ControlPlaneMachineSetTemplate) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplate"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ControlPlaneMachineSetTemplateObjectMeta) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplateObjectMeta"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DataDiskProperties) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.DataDiskProperties"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FailureDomains) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.FailureDomains"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPFailureDomain) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.GCPFailureDomain"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LoadBalancerReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.LoadBalancerReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixCategory) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.NutanixCategory"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixFailureDomainReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.NutanixFailureDomainReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixGPU) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.NutanixGPU"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixMachineProviderConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.NutanixMachineProviderConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixMachineProviderStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.NutanixMachineProviderStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixResourceIdentifier) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.NutanixResourceIdentifier"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixStorageResourceIdentifier) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.NutanixStorageResourceIdentifier"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixVMDisk) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.NutanixVMDisk"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixVMDiskDeviceProperties) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.NutanixVMDiskDeviceProperties"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NutanixVMStorageConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.NutanixVMStorageConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftMachineV1Beta1MachineTemplate) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.OpenShiftMachineV1Beta1MachineTemplate"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenStackFailureDomain) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.OpenStackFailureDomain"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PowerVSMachineProviderConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.PowerVSMachineProviderConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PowerVSMachineProviderStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.PowerVSMachineProviderStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PowerVSResource) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.PowerVSResource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PowerVSSecretReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.PowerVSSecretReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RootVolume) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.RootVolume"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SystemDiskProperties) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.SystemDiskProperties"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Tag) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.Tag"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSphereFailureDomain) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1.VSphereFailureDomain"
+}
diff --git a/vendor/github.com/openshift/api/machine/v1alpha1/doc.go b/vendor/github.com/openshift/api/machine/v1alpha1/doc.go
index 111cacb63..201889b65 100644
--- a/vendor/github.com/openshift/api/machine/v1alpha1/doc.go
+++ b/vendor/github.com/openshift/api/machine/v1alpha1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.machine.v1alpha1
// +kubebuilder:validation:Optional
// +groupName=machine.openshift.io
diff --git a/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.model_name.go
new file mode 100644
index 000000000..8310e981e
--- /dev/null
+++ b/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.model_name.go
@@ -0,0 +1,76 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1alpha1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AdditionalBlockDevice) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.AdditionalBlockDevice"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AddressPair) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.AddressPair"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BlockDeviceStorage) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.BlockDeviceStorage"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BlockDeviceVolume) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.BlockDeviceVolume"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Filter) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.Filter"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FixedIPs) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.FixedIPs"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkParam) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.NetworkParam"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenstackProviderSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.OpenstackProviderSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PortOpts) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.PortOpts"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RootVolume) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.RootVolume"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecurityGroupFilter) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.SecurityGroupFilter"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecurityGroupParam) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.SecurityGroupParam"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SubnetFilter) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.SubnetFilter"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SubnetParam) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1alpha1.SubnetParam"
+}
diff --git a/vendor/github.com/openshift/api/machine/v1beta1/doc.go b/vendor/github.com/openshift/api/machine/v1beta1/doc.go
index e14fc64e3..5c992f692 100644
--- a/vendor/github.com/openshift/api/machine/v1beta1/doc.go
+++ b/vendor/github.com/openshift/api/machine/v1beta1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.machine.v1beta1
// +kubebuilder:validation:Optional
// +groupName=machine.openshift.io
diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.model_name.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.model_name.go
new file mode 100644
index 000000000..fe84d447f
--- /dev/null
+++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.model_name.go
@@ -0,0 +1,376 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1beta1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSMachineProviderConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSMachineProviderConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSMachineProviderStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.AWSMachineProviderStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSResourceReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.AWSResourceReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AddressesFromPool) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.AddressesFromPool"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureBootDiagnostics) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.AzureBootDiagnostics"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureCustomerManagedBootDiagnostics) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.AzureCustomerManagedBootDiagnostics"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureDiagnostics) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.AzureDiagnostics"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureMachineProviderSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.AzureMachineProviderSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureMachineProviderStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.AzureMachineProviderStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BlockDeviceMappingSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.BlockDeviceMappingSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CPUOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.CPUOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Condition) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.Condition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfidentialVM) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.ConfidentialVM"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DataDisk) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.DataDisk"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DataDiskManagedDiskParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.DataDiskManagedDiskParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DedicatedHost) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.DedicatedHost"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DedicatedHostStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.DedicatedHostStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DiskEncryptionSetParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DiskSettings) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.DiskSettings"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DynamicHostAllocationSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.DynamicHostAllocationSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EBSBlockDeviceSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.EBSBlockDeviceSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Filter) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.Filter"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPDisk) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.GCPDisk"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPEncryptionKeyReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.GCPEncryptionKeyReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPGPUConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.GCPGPUConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPKMSKeyReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.GCPKMSKeyReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPMachineProviderSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.GCPMachineProviderSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPMachineProviderStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.GCPMachineProviderStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPMetadata) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.GCPMetadata"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPNetworkInterface) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.GCPNetworkInterface"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPServiceAccount) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.GCPServiceAccount"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPShieldedInstanceConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.GCPShieldedInstanceConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HostPlacement) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.HostPlacement"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Image) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.Image"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LastOperation) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.LastOperation"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LifecycleHook) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.LifecycleHook"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LifecycleHooks) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.LifecycleHooks"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LoadBalancerReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.LoadBalancerReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Machine) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.Machine"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineHealthCheck) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineHealthCheck"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineHealthCheckList) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineHealthCheckList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineHealthCheckSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineHealthCheckSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineHealthCheckStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineHealthCheckStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineList) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineSet) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineSet"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineSetList) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineSetList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineSetSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineSetSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineSetStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineSetStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineTemplateSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MachineTemplateSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MetadataServiceOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.MetadataServiceOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkDeviceSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.NetworkDeviceSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.NetworkSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OSDisk) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.OSDisk"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OSDiskManagedDiskParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.OSDiskManagedDiskParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ObjectMeta) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.ObjectMeta"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Placement) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.Placement"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProviderSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.ProviderSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ResourceManagerTag) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.ResourceManagerTag"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecurityProfile) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.SecurityProfile"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecuritySettings) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.SecuritySettings"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SpotMarketOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.SpotMarketOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SpotVMOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.SpotVMOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TagSpecification) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.TagSpecification"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TrustedLaunch) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.TrustedLaunch"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UEFISettings) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.UEFISettings"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UnhealthyCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.UnhealthyCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VMDiskSecurityProfile) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.VMDiskSecurityProfile"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSphereDisk) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.VSphereDisk"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSphereMachineProviderSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.VSphereMachineProviderSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSphereMachineProviderStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.VSphereMachineProviderStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Workspace) OpenAPIModelName() string {
+ return "com.github.openshift.api.machine.v1beta1.Workspace"
+}
diff --git a/vendor/github.com/openshift/api/monitoring/v1/doc.go b/vendor/github.com/openshift/api/monitoring/v1/doc.go
index bf046d6ef..54296a5b3 100644
--- a/vendor/github.com/openshift/api/monitoring/v1/doc.go
+++ b/vendor/github.com/openshift/api/monitoring/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.monitoring.v1
// +groupName=monitoring.openshift.io
package v1
diff --git a/vendor/github.com/openshift/api/monitoring/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/monitoring/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..eb2793cef
--- /dev/null
+++ b/vendor/github.com/openshift/api/monitoring/v1/zz_generated.model_name.go
@@ -0,0 +1,66 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlertRelabelConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.AlertRelabelConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlertRelabelConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.AlertRelabelConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlertRelabelConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.AlertRelabelConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlertRelabelConfigStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.AlertRelabelConfigStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlertingRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.AlertingRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlertingRuleList) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.AlertingRuleList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlertingRuleSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.AlertingRuleSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AlertingRuleStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.AlertingRuleStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PrometheusRuleRef) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.PrometheusRuleRef"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RelabelConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.RelabelConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Rule) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.Rule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RuleGroup) OpenAPIModelName() string {
+ return "com.github.openshift.api.monitoring.v1.RuleGroup"
+}
diff --git a/vendor/github.com/openshift/api/network/v1/doc.go b/vendor/github.com/openshift/api/network/v1/doc.go
index 2816420d9..a3a0e7463 100644
--- a/vendor/github.com/openshift/api/network/v1/doc.go
+++ b/vendor/github.com/openshift/api/network/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/network/apis/network
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.network.v1
// +groupName=network.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/network/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/network/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..20c508905
--- /dev/null
+++ b/vendor/github.com/openshift/api/network/v1/zz_generated.model_name.go
@@ -0,0 +1,66 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterNetwork) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.ClusterNetwork"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterNetworkEntry) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.ClusterNetworkEntry"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterNetworkList) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.ClusterNetworkList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressNetworkPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.EgressNetworkPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressNetworkPolicyList) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.EgressNetworkPolicyList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressNetworkPolicyPeer) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.EgressNetworkPolicyPeer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressNetworkPolicyRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.EgressNetworkPolicyRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressNetworkPolicySpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.EgressNetworkPolicySpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HostSubnet) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.HostSubnet"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HostSubnetList) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.HostSubnetList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetNamespace) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.NetNamespace"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetNamespaceList) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1.NetNamespaceList"
+}
diff --git a/vendor/github.com/openshift/api/network/v1alpha1/doc.go b/vendor/github.com/openshift/api/network/v1alpha1/doc.go
index 35539c458..c02bccc31 100644
--- a/vendor/github.com/openshift/api/network/v1alpha1/doc.go
+++ b/vendor/github.com/openshift/api/network/v1alpha1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.network.v1alpha1
// +groupName=network.openshift.io
package v1alpha1
diff --git a/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.model_name.go
new file mode 100644
index 000000000..6a6748328
--- /dev/null
+++ b/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.model_name.go
@@ -0,0 +1,36 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1alpha1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSNameResolver) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1alpha1.DNSNameResolver"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSNameResolverList) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1alpha1.DNSNameResolverList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSNameResolverResolvedAddress) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedAddress"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSNameResolverResolvedName) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedName"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSNameResolverSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1alpha1.DNSNameResolverSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSNameResolverStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.network.v1alpha1.DNSNameResolverStatus"
+}
diff --git a/vendor/github.com/openshift/api/networkoperator/v1/doc.go b/vendor/github.com/openshift/api/networkoperator/v1/doc.go
index 3c958bbc6..e49a8969c 100644
--- a/vendor/github.com/openshift/api/networkoperator/v1/doc.go
+++ b/vendor/github.com/openshift/api/networkoperator/v1/doc.go
@@ -1,5 +1,6 @@
// Package v1 contains API Schema definitions for the network v1 API group
// +k8s:deepcopy-gen=package,register
+// +k8s:openapi-model-package=com.github.openshift.api.networkoperator.v1
// +groupName=network.operator.openshift.io
// +kubebuilder:validation:Optional
package v1
diff --git a/vendor/github.com/openshift/api/networkoperator/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/networkoperator/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..c667f3b2a
--- /dev/null
+++ b/vendor/github.com/openshift/api/networkoperator/v1/zz_generated.model_name.go
@@ -0,0 +1,56 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressRouter) OpenAPIModelName() string {
+ return "com.github.openshift.api.networkoperator.v1.EgressRouter"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressRouterAddress) OpenAPIModelName() string {
+ return "com.github.openshift.api.networkoperator.v1.EgressRouterAddress"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressRouterInterface) OpenAPIModelName() string {
+ return "com.github.openshift.api.networkoperator.v1.EgressRouterInterface"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressRouterList) OpenAPIModelName() string {
+ return "com.github.openshift.api.networkoperator.v1.EgressRouterList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressRouterSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.networkoperator.v1.EgressRouterSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressRouterStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.networkoperator.v1.EgressRouterStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressRouterStatusCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.networkoperator.v1.EgressRouterStatusCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in L4RedirectRule) OpenAPIModelName() string {
+ return "com.github.openshift.api.networkoperator.v1.L4RedirectRule"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MacvlanConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.networkoperator.v1.MacvlanConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RedirectConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.networkoperator.v1.RedirectConfig"
+}
diff --git a/vendor/github.com/openshift/api/oauth/v1/doc.go b/vendor/github.com/openshift/api/oauth/v1/doc.go
index cae9e70d4..d39b24113 100644
--- a/vendor/github.com/openshift/api/oauth/v1/doc.go
+++ b/vendor/github.com/openshift/api/oauth/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/oauth/apis/oauth
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.oauth.v1
// +groupName=oauth.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/oauth/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/oauth/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..9a471d2c4
--- /dev/null
+++ b/vendor/github.com/openshift/api/oauth/v1/zz_generated.model_name.go
@@ -0,0 +1,76 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterRoleScopeRestriction) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthAccessToken) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.OAuthAccessToken"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthAccessTokenList) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.OAuthAccessTokenList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthAuthorizeToken) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.OAuthAuthorizeToken"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthAuthorizeTokenList) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.OAuthAuthorizeTokenList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthClient) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.OAuthClient"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthClientAuthorization) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.OAuthClientAuthorization"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthClientAuthorizationList) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.OAuthClientAuthorizationList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthClientList) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.OAuthClientList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthRedirectReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.OAuthRedirectReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RedirectReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.RedirectReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ScopeRestriction) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.ScopeRestriction"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserOAuthAccessToken) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.UserOAuthAccessToken"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserOAuthAccessTokenList) OpenAPIModelName() string {
+ return "com.github.openshift.api.oauth.v1.UserOAuthAccessTokenList"
+}
diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/doc.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/doc.go
index 4528e3c4a..706f46006 100644
--- a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/doc.go
+++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.openshiftcontrolplane.v1
// +groupName=openshiftcontrolplane.config.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..b843518b1
--- /dev/null
+++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.model_name.go
@@ -0,0 +1,131 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in APIServers) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.APIServers"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildControllerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.BuildControllerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildDefaultsConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.BuildDefaultsConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BuildOverridesConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.BuildOverridesConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterNetworkEntry) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.ClusterNetworkEntry"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeployerControllerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.DeployerControllerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DockerPullSecretControllerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.DockerPullSecretControllerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FrontProxyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.FrontProxyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageImportControllerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.ImageImportControllerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImagePolicyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.ImagePolicyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.IngressControllerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in JenkinsPipelineConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.JenkinsPipelineConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkControllerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.NetworkControllerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftAPIServerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.OpenShiftAPIServerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftControllerManagerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.OpenShiftControllerManagerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PerGroupOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.PerGroupOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.ProjectConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RegistryLocation) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.RegistryLocation"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ResourceQuotaControllerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.ResourceQuotaControllerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RoutingConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.RoutingConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecurityAllocator) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.SecurityAllocator"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceAccountControllerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.ServiceAccountControllerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceServingCert) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.ServiceServingCert"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SourceStrategyDefaultsConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.openshiftcontrolplane.v1.SourceStrategyDefaultsConfig"
+}
diff --git a/vendor/github.com/openshift/api/operator/v1/doc.go b/vendor/github.com/openshift/api/operator/v1/doc.go
index 3de961a7f..1aa50336a 100644
--- a/vendor/github.com/openshift/api/operator/v1/doc.go
+++ b/vendor/github.com/openshift/api/operator/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.operator.v1
// +kubebuilder:validation:Optional
// +groupName=operator.openshift.io
diff --git a/vendor/github.com/openshift/api/operator/v1/types_authentication.go b/vendor/github.com/openshift/api/operator/v1/types_authentication.go
index 7cc22d1e4..4d0e9f6d6 100644
--- a/vendor/github.com/openshift/api/operator/v1/types_authentication.go
+++ b/vendor/github.com/openshift/api/operator/v1/types_authentication.go
@@ -49,6 +49,11 @@ type OAuthAPIServerStatus struct {
// +optional
// +kubebuilder:validation:Minimum=0
LatestAvailableRevision int32 `json:"latestAvailableRevision,omitempty"`
+
+ // encryptionStatus contains status reports for the KMS plugin health and its key rotation.
+ // +optional
+ // +openshift:enable:FeatureGate=KMSEncryption
+ EncryptionStatus KMSEncryptionStatus `json:"encryptionStatus,omitempty,omitzero"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go
index 52f5db78d..51ecab70c 100644
--- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go
+++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go
@@ -21,6 +21,9 @@ import (
// +kubebuilder:subresource:status
// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/701
// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=csi-driver,operatorOrdering=01
+// +kubebuilder:validation:XValidation:rule="self.spec.?driverConfig.driverType.orValue('') == 'SecretsStore' ? self.metadata.name == 'secrets-store.csi.k8s.io' : true",message="driverType 'SecretsStore' requires metadata.name 'secrets-store.csi.k8s.io'"
+// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'secrets-store.csi.k8s.io' ? (!has(self.spec.driverConfig) || self.spec.driverConfig.driverType == 'SecretsStore') : true",message="metadata.name 'secrets-store.csi.k8s.io' requires driverType 'SecretsStore'"
+// +kubebuilder:validation:XValidation:rule="oldSelf.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('') != 'Managed' || self.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('') == 'Managed'",message="tokenRequests type cannot be changed from Managed"
// ClusterCSIDriver object allows management and configuration of a CSI driver operator
// installed by default in OpenShift. Name of the object must be name of the CSI driver
@@ -113,25 +116,27 @@ type ClusterCSIDriverSpec struct {
}
// CSIDriverType indicates type of CSI driver being configured.
-// +kubebuilder:validation:Enum="";AWS;Azure;GCP;IBMCloud;vSphere
+// +kubebuilder:validation:Enum="";AWS;Azure;GCP;IBMCloud;vSphere;SecretsStore
type CSIDriverType string
const (
- AWSDriverType CSIDriverType = "AWS"
- AzureDriverType CSIDriverType = "Azure"
- GCPDriverType CSIDriverType = "GCP"
- IBMCloudDriverType CSIDriverType = "IBMCloud"
- VSphereDriverType CSIDriverType = "vSphere"
+ AWSDriverType CSIDriverType = "AWS"
+ AzureDriverType CSIDriverType = "Azure"
+ GCPDriverType CSIDriverType = "GCP"
+ IBMCloudDriverType CSIDriverType = "IBMCloud"
+ VSphereDriverType CSIDriverType = "vSphere"
+ SecretsStoreDriverType CSIDriverType = "SecretsStore"
)
// CSIDriverConfigSpec defines configuration spec that can be
// used to optionally configure a specific CSI Driver.
// +kubebuilder:validation:XValidation:rule="has(self.driverType) && self.driverType == 'IBMCloud' ? has(self.ibmcloud) : !has(self.ibmcloud)",message="ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise"
+// +kubebuilder:validation:XValidation:rule="has(self.driverType) && self.driverType == 'SecretsStore' ? has(self.secretsStore) : !has(self.secretsStore)",message="secretsStore must be set if driverType is 'SecretsStore', but remain unset otherwise"
// +union
type CSIDriverConfigSpec struct {
// driverType indicates type of CSI driver for which the
// driverConfig is being applied to.
- // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted.
+ // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted.
// Consumers should treat unknown values as a NO-OP.
// +required
// +unionDiscriminator
@@ -156,6 +161,10 @@ type CSIDriverConfigSpec struct {
// vSphere is used to configure the vsphere CSI driver.
// +optional
VSphere *VSphereCSIDriverConfigSpec `json:"vSphere,omitempty"`
+
+ // secretsStore is used to configure the Secrets Store CSI driver.
+ // +optional
+ SecretsStore SecretsStoreCSIDriverConfigSpec `json:"secretsStore,omitzero"`
}
// AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.
@@ -389,6 +398,146 @@ type VSphereCSIDriverConfigSpec struct {
MaxAllowedBlockVolumesPerNode int32 `json:"maxAllowedBlockVolumesPerNode,omitempty"`
}
+// SecretsStoreCSIDriverConfigSpec defines properties that can be configured for the Secrets Store CSI driver.
+// +kubebuilder:validation:MinProperties=1
+type SecretsStoreCSIDriverConfigSpec struct {
+ // secretRotation controls automatic secret rotation behavior.
+ // When omitted, secret rotation is enabled with a default poll interval of 2 minutes.
+ // +optional
+ SecretRotation SecretsStoreSecretRotation `json:"secretRotation,omitzero"`
+
+ // tokenRequests controls service account token configuration for
+ // workload identity federation (WIF) with cloud providers.
+ // When omitted, the operator preserves any existing tokenRequests
+ // already configured on the CSIDriver object without modification.
+ // +optional
+ TokenRequests SecretsStoreTokenRequests `json:"tokenRequests,omitzero"`
+}
+
+// TokenRequestsType determines how the operator manages the tokenRequests
+// field on the storage.k8s.io CSIDriver object.
+// +kubebuilder:validation:Enum=Managed;Unmanaged
+type TokenRequestsType string
+
+const (
+ // TokenRequestsManaged means the operator uses the audiences list
+ // as the sole source of truth for the CSIDriver.spec.tokenRequests field.
+ TokenRequestsManaged TokenRequestsType = "Managed"
+
+ // TokenRequestsUnmanaged means the operator preserves any existing
+ // tokenRequests already configured on the CSIDriver object and does not
+ // overwrite them.
+ TokenRequestsUnmanaged TokenRequestsType = "Unmanaged"
+)
+
+// SecretsStoreTokenRequests configures how service account tokens are
+// provided to the Secrets Store CSI driver for workload identity federation.
+// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Managed' ? has(self.managed) : !has(self.managed)",message="managed must be set when type is 'Managed', and must not be set otherwise"
+// +union
+type SecretsStoreTokenRequests struct {
+ // type determines how the operator manages tokenRequests on the CSIDriver object.
+ // When "Unmanaged", existing tokenRequests on the CSIDriver are preserved
+ // and the managed field is not used.
+ // When "Managed", the operator sets tokenRequests from the audiences
+ // specified in the managed field, replacing any previously configured values.
+ // Once set to "Managed", type cannot be reverted back to "Unmanaged".
+ // +unionDiscriminator
+ // +required
+ Type TokenRequestsType `json:"type,omitempty"`
+
+ // managed holds configuration for operator-managed tokenRequests.
+ // Only valid when type is "Managed".
+ // +optional
+ Managed ManagedTokenRequests `json:"managed,omitzero"`
+}
+
+// ManagedTokenRequests holds the configuration for operator-managed
+// service account token requests.
+// +kubebuilder:validation:MinProperties=1
+type ManagedTokenRequests struct {
+ // audiences specifies service account token audiences that kubelet will
+ // provide to the CSI driver during NodePublishVolume calls. These tokens
+ // enable workload identity federation (WIF) with cloud providers such as
+ // AWS, Azure, and GCP.
+ // When empty, the operator clears all tokenRequests from the CSIDriver object.
+ // +optional
+ // +listType=map
+ // +listMapKey=audience
+ // +kubebuilder:validation:MinItems=0
+ // +kubebuilder:validation:MaxItems=10
+ Audiences *[]SecretsStoreTokenRequest `json:"audiences,omitempty"`
+}
+
+// SecretRotationType determines the secret rotation behavior for the
+// Secrets Store CSI driver.
+// +kubebuilder:validation:Enum=None;Custom
+type SecretRotationType string
+
+const (
+ // SecretRotationNone disables automatic secret rotation. Secrets are only
+ // fetched at initial pod mount time.
+ SecretRotationNone SecretRotationType = "None"
+
+ // SecretRotationCustom enables automatic secret rotation with the
+ // configuration specified in the custom field.
+ SecretRotationCustom SecretRotationType = "Custom"
+)
+
+// SecretsStoreSecretRotation configures the automatic secret rotation behavior
+// for the Secrets Store CSI driver.
+// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Custom' ? has(self.custom) : !has(self.custom)",message="custom must be set when type is 'Custom', and must not be set otherwise"
+// +union
+type SecretsStoreSecretRotation struct {
+ // type determines the secret rotation behavior.
+ // When "None", secret rotation is disabled and secrets are only fetched at
+ // initial pod mount time.
+ // When "Custom", secret rotation is enabled with the configuration specified
+ // in the custom field.
+ // +unionDiscriminator
+ // +required
+ Type SecretRotationType `json:"type,omitempty"`
+
+ // custom holds the custom rotation configuration.
+ // Only valid when type is "Custom".
+ // +optional
+ Custom CustomSecretRotation `json:"custom,omitzero"`
+}
+
+// CustomSecretRotation holds configuration for custom secret rotation behavior.
+// +kubebuilder:validation:MinProperties=1
+type CustomSecretRotation struct {
+ // rotationPollIntervalSeconds is the minimum time in seconds between secret
+ // rotation attempts. The driver skips provider calls if less than this interval
+ // has elapsed since the last successful rotation.
+ // Must be at least 1 second and no more than 31560000 seconds (~1 year).
+ // When omitted, this means no opinion and the platform is left to choose a
+ // reasonable default, which is subject to change over time.
+ // +kubebuilder:validation:Minimum=1
+ // +kubebuilder:validation:Maximum=31560000
+ // +optional
+ RotationPollIntervalSeconds int32 `json:"rotationPollIntervalSeconds,omitempty"`
+}
+
+// SecretsStoreTokenRequest specifies a service account token audience configuration
+// for workload identity federation (WIF) with the Secrets Store CSI driver.
+type SecretsStoreTokenRequest struct {
+ // audience is the intended audience of the service account token.
+ // An empty string means the issued token will use the kube-apiserver's default APIAudiences.
+ // +kubebuilder:validation:MinLength=0
+ // +kubebuilder:validation:MaxLength=253
+ // +required
+ Audience *string `json:"audience,omitempty"`
+
+ // expirationSeconds is the requested duration of validity of the service account token.
+ // The token issuer may return a token with a different validity duration.
+ // When omitted, the token expiration is determined by the kube-apiserver.
+ // Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).
+ // +kubebuilder:validation:Minimum=600
+ // +kubebuilder:validation:Maximum=315360000
+ // +optional
+ ExpirationSeconds int32 `json:"expirationSeconds,omitempty"`
+}
+
// ClusterCSIDriverStatus is the observed status of CSI driver operator
type ClusterCSIDriverStatus struct {
OperatorStatus `json:",inline"`
diff --git a/vendor/github.com/openshift/api/operator/v1/types_etcd.go b/vendor/github.com/openshift/api/operator/v1/types_etcd.go
index 252f3b399..f2f113103 100644
--- a/vendor/github.com/openshift/api/operator/v1/types_etcd.go
+++ b/vendor/github.com/openshift/api/operator/v1/types_etcd.go
@@ -42,11 +42,11 @@ type EtcdSpec struct {
HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"`
// backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
- // The value should be an integer not less than 8 and not more than 32.
+ // The value should be an integer not less than 8 and not more than 16.
// When not specified, the default value is 8.
// +kubebuilder:default:=8
// +kubebuilder:validation:Minimum=8
- // +kubebuilder:validation:Maximum=32
+ // +kubebuilder:validation:Maximum=16
// +kubebuilder:validation:XValidation:rule="self>=oldSelf",message="etcd backendQuotaGiB may not be decreased"
// +openshift:enable:FeatureGate=EtcdBackendQuota
// +default=8
diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go
similarity index 98%
rename from vendor/github.com/openshift/api/operator/v1/types_ingress.go
rename to vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go
index 0c5cf919e..52bfdede3 100644
--- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go
+++ b/vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go
@@ -898,8 +898,53 @@ type AWSNetworkLoadBalancerParameters struct {
// +kubebuilder:validation:XValidation:rule=`self.all(x, self.exists_one(y, x == y))`,message="eipAllocations cannot contain duplicates"
// +kubebuilder:validation:MaxItems=10
EIPAllocations []EIPAllocation `json:"eipAllocations"`
+
+ // protocol specifies whether the Network Load Balancer uses PROXY
+ // protocol to forward connections to the IngressController.
+ //
+ // When set to "TCP", the NLB uses AWS's native client IP preservation.
+ // This may cause hairpin connection failures for internal load
+ // balancers when connections are made from pods to router pods on
+ // the same node.
+ //
+ // When set to "PROXY", the NLB disables native client IP preservation
+ // and uses PROXY protocol v2. The IngressController enables PROXY
+ // protocol on HAProxy so that it can parse PROXY protocol headers to
+ // obtain the original client IP. This avoids hairpin connection
+ // failures.
+ //
+ // The following values are valid for this field:
+ //
+ // * "TCP".
+ // * "PROXY".
+ //
+ // When omitted, this means the user has no opinion and the value is
+ // left to the platform to choose a reasonable default, which is subject to
+ // change over time. The current default is "PROXY".
+ //
+ // Note that changing this field may cause brief connection failures
+ // during the transition as the NLB attribute change and router rollout
+ // occur independently.
+ //
+ // +optional
+ Protocol NLBProtocol `json:"protocol,omitempty"`
}
+// NLBProtocol specifies whether the AWS Network Load Balancer uses
+// PROXY protocol to forward connections to the IngressController.
+// +kubebuilder:validation:Enum=TCP;PROXY
+// +enum
+type NLBProtocol string
+
+const (
+ // NLBProtocolTCP instructs the NLB to forward connections using TCP
+ // without PROXY protocol.
+ NLBProtocolTCP NLBProtocol = "TCP"
+ // NLBProtocolProxy instructs the NLB to forward connections using
+ // PROXY protocol v2.
+ NLBProtocolProxy NLBProtocol = "PROXY"
+)
+
// EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment.
// Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters.
// + Explanation of the regex `^eipalloc-[0-9a-fA-F]{17}$` for validating value of the EIPAllocation:
@@ -2034,6 +2079,7 @@ type IngressControllerTuningOptions struct {
// processes in router containers with the following metric:
// 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'.
//
+ // +kubebuilder:validation:XValidation:rule="self == 0 || self == -1 || (self >= 2000 && self <= 2000000)",message="maxConnections must be 0, -1, or between 2000 and 2000000"
// +optional
MaxConnections int32 `json:"maxConnections,omitempty"`
diff --git a/vendor/github.com/openshift/api/operator/v1/types_kmsencryption.go b/vendor/github.com/openshift/api/operator/v1/types_kmsencryption.go
new file mode 100644
index 000000000..a5dcf7d33
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/types_kmsencryption.go
@@ -0,0 +1,80 @@
+package v1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +kubebuilder:validation:Enum=Healthy;Unhealthy;Error
+type KMSPluginHealthStatus string
+
+const (
+ KMSPluginHealthStatusHealthy KMSPluginHealthStatus = "Healthy"
+
+ KMSPluginHealthStatusUnhealthy KMSPluginHealthStatus = "Unhealthy"
+
+ KMSPluginHealthStatusError KMSPluginHealthStatus = "Error"
+)
+
+// +openshift:compatibility-gen:level=1
+type KMSPluginHealthReport struct {
+
+ // nodeName is the name of the node this instance of the plugin runs on.
+ // The combination of nodeName and keyId makes this health report unique.
+ // The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ // consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ // an alphanumeric character, and be at most 253 characters in length.
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=253
+ // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="nodeName must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character"
+ // +required
+ NodeName string `json:"nodeName,omitempty"`
+
+ // keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ // This is not a cryptographic key used to encrypt/decrypt any resources.
+ // The value must be between 1 and 512 characters.
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=512
+ // +required
+ KeyId string `json:"keyId,omitempty"`
+
+ // status contains a health indicator for the respective KMS plugin
+ // The field can have three states: healthy, unhealthy, error.
+ // With error and unhealthy containing additional information in Detail.
+ // +required
+ Status KMSPluginHealthStatus `json:"status,omitempty"`
+
+ // lastCheckedTime is a timestamp of when the probe was last checked.
+ // +required
+ LastCheckedTime metav1.Time `json:"lastCheckedTime,omitempty"`
+
+ // kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ // This is not a cryptographic key, but a unique representation of the KEK.
+ // The value must be between 1 and 1024 characters.
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=1024
+ // +required
+ KEKId string `json:"kekId,omitempty"`
+
+ // detail contains additional error/health information for the respective KMS plugin.
+ // When omitted, no additional error or health information is provided.
+ // When set, the value must be between 1 and 1024 characters.
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=1024
+ // +optional
+ Detail string `json:"detail,omitempty"`
+}
+
+// +openshift:compatibility-gen:level=1
+// +kubebuilder:validation:MinProperties=1
+type KMSEncryptionStatus struct {
+ // healthReports contains all KMS plugin health reports.
+ // When omitted, no health reports are available.
+ // Each entry must have a unique combination of nodeName and keyId.
+ // +optional
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=200
+ // +listType=map
+ // +listMapKey=nodeName
+ // +listMapKey=keyId
+ HealthReports []KMSPluginHealthReport `json:"healthReports,omitempty"`
+}
diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go
index 1461f11a1..31b0c201b 100644
--- a/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go
+++ b/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go
@@ -63,6 +63,11 @@ type KubeAPIServerStatus struct {
// +optional
// +listType=atomic
ServiceAccountIssuers []ServiceAccountIssuerStatus `json:"serviceAccountIssuers,omitempty"`
+
+ // encryptionStatus contains status reports for the KMS plugin health and its key rotation.
+ // +optional
+ // +openshift:enable:FeatureGate=KMSEncryption
+ EncryptionStatus KMSEncryptionStatus `json:"encryptionStatus,omitempty,omitzero"`
}
type ServiceAccountIssuerStatus struct {
diff --git a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go
index a96e033cb..c9d104ad2 100644
--- a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go
+++ b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go
@@ -39,6 +39,11 @@ type OpenShiftAPIServerSpec struct {
type OpenShiftAPIServerStatus struct {
OperatorStatus `json:",inline"`
+
+ // encryptionStatus contains status reports for the KMS plugin health and its key rotation.
+ // +optional
+ // +openshift:enable:FeatureGate=KMSEncryption
+ EncryptionStatus KMSEncryptionStatus `json:"encryptionStatus,omitempty,omitzero"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml
index 1f58ced4e..1feb64cbb 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml
@@ -50,10 +50,10 @@ spec:
default: 8
description: |-
backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
- The value should be an integer not less than 8 and not more than 32.
+ The value should be an integer not less than 8 and not more than 16.
When not specified, the default value is 8.
format: int32
- maximum: 32
+ maximum: 16
minimum: 8
type: integer
x-kubernetes-validations:
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml
index 76d63711f..2c32b9c96 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml
@@ -50,10 +50,10 @@ spec:
default: 8
description: |-
backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
- The value should be an integer not less than 8 and not more than 32.
+ The value should be an integer not less than 8 and not more than 16.
When not specified, the default value is 8.
format: int32
- maximum: 32
+ maximum: 16
minimum: 8
type: integer
x-kubernetes-validations:
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml
index 7433b66d3..b74dfb989 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml
@@ -50,10 +50,10 @@ spec:
default: 8
description: |-
backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
- The value should be an integer not less than 8 and not more than 32.
+ The value should be an integer not less than 8 and not more than 16.
When not specified, the default value is 8.
format: int32
- maximum: 32
+ maximum: 16
minimum: 8
type: integer
x-kubernetes-validations:
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml
new file mode 100644
index 000000000..57df5e129
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml
@@ -0,0 +1,431 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
+ name: kubeapiservers.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ categories:
+ - coreoperators
+ kind: KubeAPIServer
+ listKind: KubeAPIServerList
+ plural: kubeapiservers
+ singular: kubeapiserver
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeAPIServer provides information to configure an operator to manage kube-apiserver.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec is the specification of the desired behavior of the
+ Kubernetes API Server
+ properties:
+ eventTTLMinutes:
+ description: |-
+ eventTTLMinutes specifies the amount of time that the events are stored before being deleted.
+ The TTL is allowed between 5 minutes minimum up to a maximum of 180 minutes (3 hours).
+
+ Lowering this value will reduce the storage required in etcd. Note that this setting will only apply
+ to new events being created and will not update existing events.
+
+ When omitted this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time.
+ The current default value is 3h (180 minutes).
+ format: int32
+ maximum: 180
+ minimum: 5
+ type: integer
+ failedRevisionLimit:
+ description: |-
+ failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api
+ -1 = unlimited, 0 or unset = 5 (default)
+ format: int32
+ type: integer
+ forceRedeploymentReason:
+ description: |-
+ forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.
+ This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work
+ this time instead of failing again on the same config.
+ type: string
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Force)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ succeededRevisionLimit:
+ description: |-
+ succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api
+ -1 = unlimited, 0 or unset = 5 (default)
+ format: int32
+ type: integer
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ description: status is the most recently observed status of the Kubernetes
+ API Server
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ encryptionStatus:
+ description: encryptionStatus contains status reports for the KMS
+ plugin health and its key rotation.
+ minProperties: 1
+ properties:
+ healthReports:
+ description: |-
+ healthReports contains all KMS plugin health reports.
+ When omitted, no health reports are available.
+ Each entry must have a unique combination of nodeName and keyId.
+ items:
+ properties:
+ detail:
+ description: |-
+ detail contains additional error/health information for the respective KMS plugin.
+ When omitted, no additional error or health information is provided.
+ When set, the value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ kekId:
+ description: |-
+ kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ This is not a cryptographic key, but a unique representation of the KEK.
+ The value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ keyId:
+ description: |-
+ keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ This is not a cryptographic key used to encrypt/decrypt any resources.
+ The value must be between 1 and 512 characters.
+ maxLength: 512
+ minLength: 1
+ type: string
+ lastCheckedTime:
+ description: lastCheckedTime is a timestamp of when the
+ probe was last checked.
+ format: date-time
+ type: string
+ nodeName:
+ description: |-
+ nodeName is the name of the node this instance of the plugin runs on.
+ The combination of nodeName and keyId makes this health report unique.
+ The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ an alphanumeric character, and be at most 253 characters in length.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: nodeName must be a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-'
+ or '.', and must start and end with an alphanumeric
+ character
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ status:
+ description: |-
+ status contains a health indicator for the respective KMS plugin
+ The field can have three states: healthy, unhealthy, error.
+ With error and unhealthy containing additional information in Detail.
+ enum:
+ - Healthy
+ - Unhealthy
+ - Error
+ type: string
+ required:
+ - kekId
+ - keyId
+ - lastCheckedTime
+ - nodeName
+ - status
+ type: object
+ maxItems: 200
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ - keyId
+ x-kubernetes-list-type: map
+ type: object
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ latestAvailableRevisionReason:
+ description: latestAvailableRevisionReason describe the detailed reason
+ for the most recent deployment
+ type: string
+ nodeStatuses:
+ description: nodeStatuses track the deployment values and errors across
+ individual nodes
+ items:
+ description: NodeStatus provides information about the current state
+ of a particular node managed by this operator.
+ properties:
+ currentRevision:
+ description: |-
+ currentRevision is the generation of the most recently successful deployment.
+ Can not be set on creation of a nodeStatus. Updates must only increase the value.
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ lastFailedCount:
+ description: lastFailedCount is how often the installer pod
+ of the last failed revision failed.
+ type: integer
+ lastFailedReason:
+ description: lastFailedReason is a machine readable failure
+ reason string.
+ type: string
+ lastFailedRevision:
+ description: lastFailedRevision is the generation of the deployment
+ we tried and failed to deploy.
+ format: int32
+ type: integer
+ lastFailedRevisionErrors:
+ description: lastFailedRevisionErrors is a list of human readable
+ errors during the failed deployment referenced in lastFailedRevision.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ lastFailedTime:
+ description: lastFailedTime is the time the last failed revision
+ failed the last time.
+ format: date-time
+ type: string
+ lastFallbackCount:
+ description: lastFallbackCount is how often a fallback to a
+ previous revision happened.
+ type: integer
+ nodeName:
+ description: nodeName is the name of the node
+ type: string
+ targetRevision:
+ description: |-
+ targetRevision is the generation of the deployment we're trying to apply.
+ Can not be set on creation of a nodeStatus.
+ format: int32
+ type: integer
+ required:
+ - nodeName
+ type: object
+ x-kubernetes-validations:
+ - fieldPath: .currentRevision
+ message: cannot be unset once set
+ rule: has(self.currentRevision) || !has(oldSelf.currentRevision)
+ - fieldPath: .currentRevision
+ message: currentRevision can not be set on creation of a nodeStatus
+ optionalOldSelf: true
+ rule: oldSelf.hasValue() || !has(self.currentRevision)
+ - fieldPath: .targetRevision
+ message: targetRevision can not be set on creation of a nodeStatus
+ optionalOldSelf: true
+ rule: oldSelf.hasValue() || !has(self.targetRevision)
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: no more than 1 node status may have a nonzero targetRevision
+ rule: size(self.filter(status, status.?targetRevision.orValue(0)
+ != 0)) <= 1
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ serviceAccountIssuers:
+ description: |-
+ serviceAccountIssuers tracks history of used service account issuers.
+ The item without expiration time represents the currently used service account issuer.
+ The other items represents service account issuers that were used previously and are still being trusted.
+ The default expiration for the items is set by the platform and it defaults to 24h.
+ see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
+ items:
+ properties:
+ expirationTime:
+ description: |-
+ expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list
+ of service account issuers.
+ format: date-time
+ type: string
+ name:
+ description: name is the name of the service account issuer
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-Default.crd.yaml
new file mode 100644
index 000000000..3eb9d7d49
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-Default.crd.yaml
@@ -0,0 +1,349 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: Default
+ name: kubeapiservers.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ categories:
+ - coreoperators
+ kind: KubeAPIServer
+ listKind: KubeAPIServerList
+ plural: kubeapiservers
+ singular: kubeapiserver
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeAPIServer provides information to configure an operator to manage kube-apiserver.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec is the specification of the desired behavior of the
+ Kubernetes API Server
+ properties:
+ eventTTLMinutes:
+ description: |-
+ eventTTLMinutes specifies the amount of time that the events are stored before being deleted.
+ The TTL is allowed between 5 minutes minimum up to a maximum of 180 minutes (3 hours).
+
+ Lowering this value will reduce the storage required in etcd. Note that this setting will only apply
+ to new events being created and will not update existing events.
+
+ When omitted this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time.
+ The current default value is 3h (180 minutes).
+ format: int32
+ maximum: 180
+ minimum: 5
+ type: integer
+ failedRevisionLimit:
+ description: |-
+ failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api
+ -1 = unlimited, 0 or unset = 5 (default)
+ format: int32
+ type: integer
+ forceRedeploymentReason:
+ description: |-
+ forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.
+ This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work
+ this time instead of failing again on the same config.
+ type: string
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Force)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ succeededRevisionLimit:
+ description: |-
+ succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api
+ -1 = unlimited, 0 or unset = 5 (default)
+ format: int32
+ type: integer
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ description: status is the most recently observed status of the Kubernetes
+ API Server
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ latestAvailableRevisionReason:
+ description: latestAvailableRevisionReason describe the detailed reason
+ for the most recent deployment
+ type: string
+ nodeStatuses:
+ description: nodeStatuses track the deployment values and errors across
+ individual nodes
+ items:
+ description: NodeStatus provides information about the current state
+ of a particular node managed by this operator.
+ properties:
+ currentRevision:
+ description: |-
+ currentRevision is the generation of the most recently successful deployment.
+ Can not be set on creation of a nodeStatus. Updates must only increase the value.
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ lastFailedCount:
+ description: lastFailedCount is how often the installer pod
+ of the last failed revision failed.
+ type: integer
+ lastFailedReason:
+ description: lastFailedReason is a machine readable failure
+ reason string.
+ type: string
+ lastFailedRevision:
+ description: lastFailedRevision is the generation of the deployment
+ we tried and failed to deploy.
+ format: int32
+ type: integer
+ lastFailedRevisionErrors:
+ description: lastFailedRevisionErrors is a list of human readable
+ errors during the failed deployment referenced in lastFailedRevision.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ lastFailedTime:
+ description: lastFailedTime is the time the last failed revision
+ failed the last time.
+ format: date-time
+ type: string
+ lastFallbackCount:
+ description: lastFallbackCount is how often a fallback to a
+ previous revision happened.
+ type: integer
+ nodeName:
+ description: nodeName is the name of the node
+ type: string
+ targetRevision:
+ description: |-
+ targetRevision is the generation of the deployment we're trying to apply.
+ Can not be set on creation of a nodeStatus.
+ format: int32
+ type: integer
+ required:
+ - nodeName
+ type: object
+ x-kubernetes-validations:
+ - fieldPath: .currentRevision
+ message: cannot be unset once set
+ rule: has(self.currentRevision) || !has(oldSelf.currentRevision)
+ - fieldPath: .currentRevision
+ message: currentRevision can not be set on creation of a nodeStatus
+ optionalOldSelf: true
+ rule: oldSelf.hasValue() || !has(self.currentRevision)
+ - fieldPath: .targetRevision
+ message: targetRevision can not be set on creation of a nodeStatus
+ optionalOldSelf: true
+ rule: oldSelf.hasValue() || !has(self.targetRevision)
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: no more than 1 node status may have a nonzero targetRevision
+ rule: size(self.filter(status, status.?targetRevision.orValue(0)
+ != 0)) <= 1
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ serviceAccountIssuers:
+ description: |-
+ serviceAccountIssuers tracks history of used service account issuers.
+ The item without expiration time represents the currently used service account issuer.
+ The other items represents service account issuers that were used previously and are still being trusted.
+ The default expiration for the items is set by the platform and it defaults to 24h.
+ see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
+ items:
+ properties:
+ expirationTime:
+ description: |-
+ expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list
+ of service account issuers.
+ format: date-time
+ type: string
+ name:
+ description: name is the name of the service account issuer
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 000000000..0371d90d7
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,431 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ name: kubeapiservers.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ categories:
+ - coreoperators
+ kind: KubeAPIServer
+ listKind: KubeAPIServerList
+ plural: kubeapiservers
+ singular: kubeapiserver
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeAPIServer provides information to configure an operator to manage kube-apiserver.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec is the specification of the desired behavior of the
+ Kubernetes API Server
+ properties:
+ eventTTLMinutes:
+ description: |-
+ eventTTLMinutes specifies the amount of time that the events are stored before being deleted.
+ The TTL is allowed between 5 minutes minimum up to a maximum of 180 minutes (3 hours).
+
+ Lowering this value will reduce the storage required in etcd. Note that this setting will only apply
+ to new events being created and will not update existing events.
+
+ When omitted this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time.
+ The current default value is 3h (180 minutes).
+ format: int32
+ maximum: 180
+ minimum: 5
+ type: integer
+ failedRevisionLimit:
+ description: |-
+ failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api
+ -1 = unlimited, 0 or unset = 5 (default)
+ format: int32
+ type: integer
+ forceRedeploymentReason:
+ description: |-
+ forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.
+ This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work
+ this time instead of failing again on the same config.
+ type: string
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Force)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ succeededRevisionLimit:
+ description: |-
+ succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api
+ -1 = unlimited, 0 or unset = 5 (default)
+ format: int32
+ type: integer
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ description: status is the most recently observed status of the Kubernetes
+ API Server
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ encryptionStatus:
+ description: encryptionStatus contains status reports for the KMS
+ plugin health and its key rotation.
+ minProperties: 1
+ properties:
+ healthReports:
+ description: |-
+ healthReports contains all KMS plugin health reports.
+ When omitted, no health reports are available.
+ Each entry must have a unique combination of nodeName and keyId.
+ items:
+ properties:
+ detail:
+ description: |-
+ detail contains additional error/health information for the respective KMS plugin.
+ When omitted, no additional error or health information is provided.
+ When set, the value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ kekId:
+ description: |-
+ kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ This is not a cryptographic key, but a unique representation of the KEK.
+ The value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ keyId:
+ description: |-
+ keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ This is not a cryptographic key used to encrypt/decrypt any resources.
+ The value must be between 1 and 512 characters.
+ maxLength: 512
+ minLength: 1
+ type: string
+ lastCheckedTime:
+ description: lastCheckedTime is a timestamp of when the
+ probe was last checked.
+ format: date-time
+ type: string
+ nodeName:
+ description: |-
+ nodeName is the name of the node this instance of the plugin runs on.
+ The combination of nodeName and keyId makes this health report unique.
+ The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ an alphanumeric character, and be at most 253 characters in length.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: nodeName must be a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-'
+ or '.', and must start and end with an alphanumeric
+ character
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ status:
+ description: |-
+ status contains a health indicator for the respective KMS plugin
+ The field can have three states: healthy, unhealthy, error.
+ With error and unhealthy containing additional information in Detail.
+ enum:
+ - Healthy
+ - Unhealthy
+ - Error
+ type: string
+ required:
+ - kekId
+ - keyId
+ - lastCheckedTime
+ - nodeName
+ - status
+ type: object
+ maxItems: 200
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ - keyId
+ x-kubernetes-list-type: map
+ type: object
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ latestAvailableRevisionReason:
+ description: latestAvailableRevisionReason describe the detailed reason
+ for the most recent deployment
+ type: string
+ nodeStatuses:
+ description: nodeStatuses track the deployment values and errors across
+ individual nodes
+ items:
+ description: NodeStatus provides information about the current state
+ of a particular node managed by this operator.
+ properties:
+ currentRevision:
+ description: |-
+ currentRevision is the generation of the most recently successful deployment.
+ Can not be set on creation of a nodeStatus. Updates must only increase the value.
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ lastFailedCount:
+ description: lastFailedCount is how often the installer pod
+ of the last failed revision failed.
+ type: integer
+ lastFailedReason:
+ description: lastFailedReason is a machine readable failure
+ reason string.
+ type: string
+ lastFailedRevision:
+ description: lastFailedRevision is the generation of the deployment
+ we tried and failed to deploy.
+ format: int32
+ type: integer
+ lastFailedRevisionErrors:
+ description: lastFailedRevisionErrors is a list of human readable
+ errors during the failed deployment referenced in lastFailedRevision.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ lastFailedTime:
+ description: lastFailedTime is the time the last failed revision
+ failed the last time.
+ format: date-time
+ type: string
+ lastFallbackCount:
+ description: lastFallbackCount is how often a fallback to a
+ previous revision happened.
+ type: integer
+ nodeName:
+ description: nodeName is the name of the node
+ type: string
+ targetRevision:
+ description: |-
+ targetRevision is the generation of the deployment we're trying to apply.
+ Can not be set on creation of a nodeStatus.
+ format: int32
+ type: integer
+ required:
+ - nodeName
+ type: object
+ x-kubernetes-validations:
+ - fieldPath: .currentRevision
+ message: cannot be unset once set
+ rule: has(self.currentRevision) || !has(oldSelf.currentRevision)
+ - fieldPath: .currentRevision
+ message: currentRevision can not be set on creation of a nodeStatus
+ optionalOldSelf: true
+ rule: oldSelf.hasValue() || !has(self.currentRevision)
+ - fieldPath: .targetRevision
+ message: targetRevision can not be set on creation of a nodeStatus
+ optionalOldSelf: true
+ rule: oldSelf.hasValue() || !has(self.targetRevision)
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: no more than 1 node status may have a nonzero targetRevision
+ rule: size(self.filter(status, status.?targetRevision.orValue(0)
+ != 0)) <= 1
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ serviceAccountIssuers:
+ description: |-
+ serviceAccountIssuers tracks history of used service account issuers.
+ The item without expiration time represents the currently used service account issuer.
+ The other items represents service account issuers that were used previously and are still being trusted.
+ The default expiration for the items is set by the platform and it defaults to 24h.
+ see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
+ items:
+ properties:
+ expirationTime:
+ description: |-
+ expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list
+ of service account issuers.
+ format: date-time
+ type: string
+ name:
+ description: name is the name of the service account issuer
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-OKD.crd.yaml
similarity index 99%
rename from vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml
rename to vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-OKD.crd.yaml
index 6d2d44026..fa02abd00 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-OKD.crd.yaml
@@ -6,6 +6,7 @@ metadata:
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: OKD
name: kubeapiservers.operator.openshift.io
spec:
group: operator.openshift.io
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml
new file mode 100644
index 000000000..bdabdecd3
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,431 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
+ name: kubeapiservers.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ categories:
+ - coreoperators
+ kind: KubeAPIServer
+ listKind: KubeAPIServerList
+ plural: kubeapiservers
+ singular: kubeapiserver
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeAPIServer provides information to configure an operator to manage kube-apiserver.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec is the specification of the desired behavior of the
+ Kubernetes API Server
+ properties:
+ eventTTLMinutes:
+ description: |-
+ eventTTLMinutes specifies the amount of time that the events are stored before being deleted.
+ The TTL is allowed between 5 minutes minimum up to a maximum of 180 minutes (3 hours).
+
+ Lowering this value will reduce the storage required in etcd. Note that this setting will only apply
+ to new events being created and will not update existing events.
+
+ When omitted this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time.
+ The current default value is 3h (180 minutes).
+ format: int32
+ maximum: 180
+ minimum: 5
+ type: integer
+ failedRevisionLimit:
+ description: |-
+ failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api
+ -1 = unlimited, 0 or unset = 5 (default)
+ format: int32
+ type: integer
+ forceRedeploymentReason:
+ description: |-
+ forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.
+ This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work
+ this time instead of failing again on the same config.
+ type: string
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Force)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ succeededRevisionLimit:
+ description: |-
+ succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api
+ -1 = unlimited, 0 or unset = 5 (default)
+ format: int32
+ type: integer
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ description: status is the most recently observed status of the Kubernetes
+ API Server
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ encryptionStatus:
+ description: encryptionStatus contains status reports for the KMS
+ plugin health and its key rotation.
+ minProperties: 1
+ properties:
+ healthReports:
+ description: |-
+ healthReports contains all KMS plugin health reports.
+ When omitted, no health reports are available.
+ Each entry must have a unique combination of nodeName and keyId.
+ items:
+ properties:
+ detail:
+ description: |-
+ detail contains additional error/health information for the respective KMS plugin.
+ When omitted, no additional error or health information is provided.
+ When set, the value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ kekId:
+ description: |-
+ kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ This is not a cryptographic key, but a unique representation of the KEK.
+ The value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ keyId:
+ description: |-
+ keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ This is not a cryptographic key used to encrypt/decrypt any resources.
+ The value must be between 1 and 512 characters.
+ maxLength: 512
+ minLength: 1
+ type: string
+ lastCheckedTime:
+ description: lastCheckedTime is a timestamp of when the
+ probe was last checked.
+ format: date-time
+ type: string
+ nodeName:
+ description: |-
+ nodeName is the name of the node this instance of the plugin runs on.
+ The combination of nodeName and keyId makes this health report unique.
+ The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ an alphanumeric character, and be at most 253 characters in length.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: nodeName must be a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-'
+ or '.', and must start and end with an alphanumeric
+ character
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ status:
+ description: |-
+ status contains a health indicator for the respective KMS plugin
+ The field can have three states: healthy, unhealthy, error.
+ With error and unhealthy containing additional information in Detail.
+ enum:
+ - Healthy
+ - Unhealthy
+ - Error
+ type: string
+ required:
+ - kekId
+ - keyId
+ - lastCheckedTime
+ - nodeName
+ - status
+ type: object
+ maxItems: 200
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ - keyId
+ x-kubernetes-list-type: map
+ type: object
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ latestAvailableRevisionReason:
+ description: latestAvailableRevisionReason describe the detailed reason
+ for the most recent deployment
+ type: string
+ nodeStatuses:
+ description: nodeStatuses track the deployment values and errors across
+ individual nodes
+ items:
+ description: NodeStatus provides information about the current state
+ of a particular node managed by this operator.
+ properties:
+ currentRevision:
+ description: |-
+ currentRevision is the generation of the most recently successful deployment.
+ Can not be set on creation of a nodeStatus. Updates must only increase the value.
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ lastFailedCount:
+ description: lastFailedCount is how often the installer pod
+ of the last failed revision failed.
+ type: integer
+ lastFailedReason:
+ description: lastFailedReason is a machine readable failure
+ reason string.
+ type: string
+ lastFailedRevision:
+ description: lastFailedRevision is the generation of the deployment
+ we tried and failed to deploy.
+ format: int32
+ type: integer
+ lastFailedRevisionErrors:
+ description: lastFailedRevisionErrors is a list of human readable
+ errors during the failed deployment referenced in lastFailedRevision.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ lastFailedTime:
+ description: lastFailedTime is the time the last failed revision
+ failed the last time.
+ format: date-time
+ type: string
+ lastFallbackCount:
+ description: lastFallbackCount is how often a fallback to a
+ previous revision happened.
+ type: integer
+ nodeName:
+ description: nodeName is the name of the node
+ type: string
+ targetRevision:
+ description: |-
+ targetRevision is the generation of the deployment we're trying to apply.
+ Can not be set on creation of a nodeStatus.
+ format: int32
+ type: integer
+ required:
+ - nodeName
+ type: object
+ x-kubernetes-validations:
+ - fieldPath: .currentRevision
+ message: cannot be unset once set
+ rule: has(self.currentRevision) || !has(oldSelf.currentRevision)
+ - fieldPath: .currentRevision
+ message: currentRevision can not be set on creation of a nodeStatus
+ optionalOldSelf: true
+ rule: oldSelf.hasValue() || !has(self.currentRevision)
+ - fieldPath: .targetRevision
+ message: targetRevision can not be set on creation of a nodeStatus
+ optionalOldSelf: true
+ rule: oldSelf.hasValue() || !has(self.targetRevision)
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: no more than 1 node status may have a nonzero targetRevision
+ rule: size(self.filter(status, status.?targetRevision.orValue(0)
+ != 0)) <= 1
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ serviceAccountIssuers:
+ description: |-
+ serviceAccountIssuers tracks history of used service account issuers.
+ The item without expiration time represents the currently used service account issuer.
+ The other items represents service account issuers that were used previously and are still being trusted.
+ The default expiration for the items is set by the platform and it defaults to 24h.
+ see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
+ items:
+ properties:
+ expirationTime:
+ description: |-
+ expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list
+ of service account issuers.
+ format: date-time
+ type: string
+ name:
+ description: name is the name of the service account issuer
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml
new file mode 100644
index 000000000..0a3beba5b
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml
@@ -0,0 +1,296 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
+ name: openshiftapiservers.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ categories:
+ - coreoperators
+ kind: OpenShiftAPIServer
+ listKind: OpenShiftAPIServerList
+ plural: openshiftapiservers
+ singular: openshiftapiserver
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec is the specification of the desired behavior of the
+ OpenShift API Server.
+ properties:
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Unmanaged|Force|Removed)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ description: status defines the observed status of the OpenShift API Server.
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ encryptionStatus:
+ description: encryptionStatus contains status reports for the KMS
+ plugin health and its key rotation.
+ minProperties: 1
+ properties:
+ healthReports:
+ description: |-
+ healthReports contains all KMS plugin health reports.
+ When omitted, no health reports are available.
+ Each entry must have a unique combination of nodeName and keyId.
+ items:
+ properties:
+ detail:
+ description: |-
+ detail contains additional error/health information for the respective KMS plugin.
+ When omitted, no additional error or health information is provided.
+ When set, the value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ kekId:
+ description: |-
+ kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ This is not a cryptographic key, but a unique representation of the KEK.
+ The value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ keyId:
+ description: |-
+ keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ This is not a cryptographic key used to encrypt/decrypt any resources.
+ The value must be between 1 and 512 characters.
+ maxLength: 512
+ minLength: 1
+ type: string
+ lastCheckedTime:
+ description: lastCheckedTime is a timestamp of when the
+ probe was last checked.
+ format: date-time
+ type: string
+ nodeName:
+ description: |-
+ nodeName is the name of the node this instance of the plugin runs on.
+ The combination of nodeName and keyId makes this health report unique.
+ The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ an alphanumeric character, and be at most 253 characters in length.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: nodeName must be a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-'
+ or '.', and must start and end with an alphanumeric
+ character
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ status:
+ description: |-
+ status contains a health indicator for the respective KMS plugin
+ The field can have three states: healthy, unhealthy, error.
+ With error and unhealthy containing additional information in Detail.
+ enum:
+ - Healthy
+ - Unhealthy
+ - Error
+ type: string
+ required:
+ - kekId
+ - keyId
+ - lastCheckedTime
+ - nodeName
+ - status
+ type: object
+ maxItems: 200
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ - keyId
+ x-kubernetes-list-type: map
+ type: object
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-Default.crd.yaml
new file mode 100644
index 000000000..04e2b329d
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-Default.crd.yaml
@@ -0,0 +1,214 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: Default
+ name: openshiftapiservers.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ categories:
+ - coreoperators
+ kind: OpenShiftAPIServer
+ listKind: OpenShiftAPIServerList
+ plural: openshiftapiservers
+ singular: openshiftapiserver
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec is the specification of the desired behavior of the
+ OpenShift API Server.
+ properties:
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Unmanaged|Force|Removed)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ description: status defines the observed status of the OpenShift API Server.
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 000000000..89cb665ff
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,296 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ name: openshiftapiservers.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ categories:
+ - coreoperators
+ kind: OpenShiftAPIServer
+ listKind: OpenShiftAPIServerList
+ plural: openshiftapiservers
+ singular: openshiftapiserver
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec is the specification of the desired behavior of the
+ OpenShift API Server.
+ properties:
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Unmanaged|Force|Removed)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ description: status defines the observed status of the OpenShift API Server.
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ encryptionStatus:
+ description: encryptionStatus contains status reports for the KMS
+ plugin health and its key rotation.
+ minProperties: 1
+ properties:
+ healthReports:
+ description: |-
+ healthReports contains all KMS plugin health reports.
+ When omitted, no health reports are available.
+ Each entry must have a unique combination of nodeName and keyId.
+ items:
+ properties:
+ detail:
+ description: |-
+ detail contains additional error/health information for the respective KMS plugin.
+ When omitted, no additional error or health information is provided.
+ When set, the value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ kekId:
+ description: |-
+ kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ This is not a cryptographic key, but a unique representation of the KEK.
+ The value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ keyId:
+ description: |-
+ keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ This is not a cryptographic key used to encrypt/decrypt any resources.
+ The value must be between 1 and 512 characters.
+ maxLength: 512
+ minLength: 1
+ type: string
+ lastCheckedTime:
+ description: lastCheckedTime is a timestamp of when the
+ probe was last checked.
+ format: date-time
+ type: string
+ nodeName:
+ description: |-
+ nodeName is the name of the node this instance of the plugin runs on.
+ The combination of nodeName and keyId makes this health report unique.
+ The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ an alphanumeric character, and be at most 253 characters in length.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: nodeName must be a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-'
+ or '.', and must start and end with an alphanumeric
+ character
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ status:
+ description: |-
+ status contains a health indicator for the respective KMS plugin
+ The field can have three states: healthy, unhealthy, error.
+ With error and unhealthy containing additional information in Detail.
+ enum:
+ - Healthy
+ - Unhealthy
+ - Error
+ type: string
+ required:
+ - kekId
+ - keyId
+ - lastCheckedTime
+ - nodeName
+ - status
+ type: object
+ maxItems: 200
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ - keyId
+ x-kubernetes-list-type: map
+ type: object
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-OKD.crd.yaml
similarity index 99%
rename from vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml
rename to vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-OKD.crd.yaml
index bb9b904fc..6c0b86e19 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-OKD.crd.yaml
@@ -6,6 +6,7 @@ metadata:
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: OKD
name: openshiftapiservers.operator.openshift.io
spec:
group: operator.openshift.io
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml
new file mode 100644
index 000000000..d380fa60f
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,296 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
+ name: openshiftapiservers.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ categories:
+ - coreoperators
+ kind: OpenShiftAPIServer
+ listKind: OpenShiftAPIServerList
+ plural: openshiftapiservers
+ singular: openshiftapiserver
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec is the specification of the desired behavior of the
+ OpenShift API Server.
+ properties:
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Unmanaged|Force|Removed)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ description: status defines the observed status of the OpenShift API Server.
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ encryptionStatus:
+ description: encryptionStatus contains status reports for the KMS
+ plugin health and its key rotation.
+ minProperties: 1
+ properties:
+ healthReports:
+ description: |-
+ healthReports contains all KMS plugin health reports.
+ When omitted, no health reports are available.
+ Each entry must have a unique combination of nodeName and keyId.
+ items:
+ properties:
+ detail:
+ description: |-
+ detail contains additional error/health information for the respective KMS plugin.
+ When omitted, no additional error or health information is provided.
+ When set, the value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ kekId:
+ description: |-
+ kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ This is not a cryptographic key, but a unique representation of the KEK.
+ The value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ keyId:
+ description: |-
+ keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ This is not a cryptographic key used to encrypt/decrypt any resources.
+ The value must be between 1 and 512 characters.
+ maxLength: 512
+ minLength: 1
+ type: string
+ lastCheckedTime:
+ description: lastCheckedTime is a timestamp of when the
+ probe was last checked.
+ format: date-time
+ type: string
+ nodeName:
+ description: |-
+ nodeName is the name of the node this instance of the plugin runs on.
+ The combination of nodeName and keyId makes this health report unique.
+ The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ an alphanumeric character, and be at most 253 characters in length.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: nodeName must be a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-'
+ or '.', and must start and end with an alphanumeric
+ character
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ status:
+ description: |-
+ status contains a health indicator for the respective KMS plugin
+ The field can have three states: healthy, unhealthy, error.
+ With error and unhealthy containing additional information in Detail.
+ enum:
+ - Healthy
+ - Unhealthy
+ - Error
+ type: string
+ required:
+ - kekId
+ - keyId
+ - lastCheckedTime
+ - nodeName
+ - status
+ type: object
+ maxItems: 200
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ - keyId
+ x-kubernetes-list-type: map
+ type: object
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml
new file mode 100644
index 000000000..3d5beb8c3
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml
@@ -0,0 +1,301 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
+ name: authentications.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ kind: Authentication
+ listKind: AuthenticationList
+ plural: authentications
+ singular: authentication
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Authentication provides information to configure an operator to manage authentication.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Unmanaged|Force|Removed)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ oauthAPIServer:
+ description: oauthAPIServer holds status specific only to oauth-apiserver
+ properties:
+ encryptionStatus:
+ description: encryptionStatus contains status reports for the
+ KMS plugin health and its key rotation.
+ minProperties: 1
+ properties:
+ healthReports:
+ description: |-
+ healthReports contains all KMS plugin health reports.
+ When omitted, no health reports are available.
+ Each entry must have a unique combination of nodeName and keyId.
+ items:
+ properties:
+ detail:
+ description: |-
+ detail contains additional error/health information for the respective KMS plugin.
+ When omitted, no additional error or health information is provided.
+ When set, the value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ kekId:
+ description: |-
+ kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ This is not a cryptographic key, but a unique representation of the KEK.
+ The value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ keyId:
+ description: |-
+ keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ This is not a cryptographic key used to encrypt/decrypt any resources.
+ The value must be between 1 and 512 characters.
+ maxLength: 512
+ minLength: 1
+ type: string
+ lastCheckedTime:
+ description: lastCheckedTime is a timestamp of when
+ the probe was last checked.
+ format: date-time
+ type: string
+ nodeName:
+ description: |-
+ nodeName is the name of the node this instance of the plugin runs on.
+ The combination of nodeName and keyId makes this health report unique.
+ The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ an alphanumeric character, and be at most 253 characters in length.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: nodeName must be a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters,
+ '-' or '.', and must start and end with an alphanumeric
+ character
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ status:
+ description: |-
+ status contains a health indicator for the respective KMS plugin
+ The field can have three states: healthy, unhealthy, error.
+ With error and unhealthy containing additional information in Detail.
+ enum:
+ - Healthy
+ - Unhealthy
+ - Error
+ type: string
+ required:
+ - kekId
+ - keyId
+ - lastCheckedTime
+ - nodeName
+ - status
+ type: object
+ maxItems: 200
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ - keyId
+ x-kubernetes-list-type: map
+ type: object
+ latestAvailableRevision:
+ description: |-
+ latestAvailableRevision is the latest revision used as suffix of revisioned
+ secrets like encryption-config. A new revision causes a new deployment of pods.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-Default.crd.yaml
new file mode 100644
index 000000000..49a08abc0
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-Default.crd.yaml
@@ -0,0 +1,219 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: Default
+ name: authentications.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ kind: Authentication
+ listKind: AuthenticationList
+ plural: authentications
+ singular: authentication
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Authentication provides information to configure an operator to manage authentication.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Unmanaged|Force|Removed)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ oauthAPIServer:
+ description: oauthAPIServer holds status specific only to oauth-apiserver
+ properties:
+ latestAvailableRevision:
+ description: |-
+ latestAvailableRevision is the latest revision used as suffix of revisioned
+ secrets like encryption-config. A new revision causes a new deployment of pods.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 000000000..9c6a6de7d
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,301 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ name: authentications.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ kind: Authentication
+ listKind: AuthenticationList
+ plural: authentications
+ singular: authentication
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Authentication provides information to configure an operator to manage authentication.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Unmanaged|Force|Removed)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ oauthAPIServer:
+ description: oauthAPIServer holds status specific only to oauth-apiserver
+ properties:
+ encryptionStatus:
+ description: encryptionStatus contains status reports for the
+ KMS plugin health and its key rotation.
+ minProperties: 1
+ properties:
+ healthReports:
+ description: |-
+ healthReports contains all KMS plugin health reports.
+ When omitted, no health reports are available.
+ Each entry must have a unique combination of nodeName and keyId.
+ items:
+ properties:
+ detail:
+ description: |-
+ detail contains additional error/health information for the respective KMS plugin.
+ When omitted, no additional error or health information is provided.
+ When set, the value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ kekId:
+ description: |-
+ kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ This is not a cryptographic key, but a unique representation of the KEK.
+ The value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ keyId:
+ description: |-
+ keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ This is not a cryptographic key used to encrypt/decrypt any resources.
+ The value must be between 1 and 512 characters.
+ maxLength: 512
+ minLength: 1
+ type: string
+ lastCheckedTime:
+ description: lastCheckedTime is a timestamp of when
+ the probe was last checked.
+ format: date-time
+ type: string
+ nodeName:
+ description: |-
+ nodeName is the name of the node this instance of the plugin runs on.
+ The combination of nodeName and keyId makes this health report unique.
+ The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ an alphanumeric character, and be at most 253 characters in length.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: nodeName must be a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters,
+ '-' or '.', and must start and end with an alphanumeric
+ character
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ status:
+ description: |-
+ status contains a health indicator for the respective KMS plugin
+ The field can have three states: healthy, unhealthy, error.
+ With error and unhealthy containing additional information in Detail.
+ enum:
+ - Healthy
+ - Unhealthy
+ - Error
+ type: string
+ required:
+ - kekId
+ - keyId
+ - lastCheckedTime
+ - nodeName
+ - status
+ type: object
+ maxItems: 200
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ - keyId
+ x-kubernetes-list-type: map
+ type: object
+ latestAvailableRevision:
+ description: |-
+ latestAvailableRevision is the latest revision used as suffix of revisioned
+ secrets like encryption-config. A new revision causes a new deployment of pods.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-OKD.crd.yaml
similarity index 99%
rename from vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml
rename to vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-OKD.crd.yaml
index 029c91ac0..d12f5239d 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-OKD.crd.yaml
@@ -5,6 +5,7 @@ metadata:
api-approved.openshift.io: https://github.com/openshift/api/pull/475
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: OKD
name: authentications.operator.openshift.io
spec:
group: operator.openshift.io
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml
new file mode 100644
index 000000000..196a05d60
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,301 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/475
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
+ name: authentications.operator.openshift.io
+spec:
+ group: operator.openshift.io
+ names:
+ kind: Authentication
+ listKind: AuthenticationList
+ plural: authentications
+ singular: authentication
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Authentication provides information to configure an operator to manage authentication.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ logLevel:
+ default: Normal
+ description: |-
+ logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ managementState:
+ description: managementState indicates whether and how the operator
+ should manage the component
+ pattern: ^(Managed|Unmanaged|Force|Removed)$
+ type: string
+ observedConfig:
+ description: |-
+ observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because
+ it is an input to the level for the operator
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ operatorLogLevel:
+ default: Normal
+ description: |-
+ operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a
+ simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+ Defaults to "Normal".
+ enum:
+ - ""
+ - Normal
+ - Debug
+ - Trace
+ - TraceAll
+ type: string
+ unsupportedConfigOverrides:
+ description: |-
+ unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+ Red Hat does not support the use of this field.
+ Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+ Seek guidance from the Red Hat support before using this field.
+ Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ properties:
+ conditions:
+ description: conditions is a list of conditions and their status
+ items:
+ description: OperatorCondition is just the standard condition fields.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ generations:
+ description: generations are used to determine when an item needs
+ to be reconciled or has changed in a way that needs a reaction.
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ latestAvailableRevision:
+ description: latestAvailableRevision is the deploymentID of the most
+ recent deployment
+ format: int32
+ type: integer
+ x-kubernetes-validations:
+ - message: must only increase
+ rule: self >= oldSelf
+ oauthAPIServer:
+ description: oauthAPIServer holds status specific only to oauth-apiserver
+ properties:
+ encryptionStatus:
+ description: encryptionStatus contains status reports for the
+ KMS plugin health and its key rotation.
+ minProperties: 1
+ properties:
+ healthReports:
+ description: |-
+ healthReports contains all KMS plugin health reports.
+ When omitted, no health reports are available.
+ Each entry must have a unique combination of nodeName and keyId.
+ items:
+ properties:
+ detail:
+ description: |-
+ detail contains additional error/health information for the respective KMS plugin.
+ When omitted, no additional error or health information is provided.
+ When set, the value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ kekId:
+ description: |-
+ kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ This is not a cryptographic key, but a unique representation of the KEK.
+ The value must be between 1 and 1024 characters.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ keyId:
+ description: |-
+ keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ This is not a cryptographic key used to encrypt/decrypt any resources.
+ The value must be between 1 and 512 characters.
+ maxLength: 512
+ minLength: 1
+ type: string
+ lastCheckedTime:
+ description: lastCheckedTime is a timestamp of when
+ the probe was last checked.
+ format: date-time
+ type: string
+ nodeName:
+ description: |-
+ nodeName is the name of the node this instance of the plugin runs on.
+ The combination of nodeName and keyId makes this health report unique.
+ The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ an alphanumeric character, and be at most 253 characters in length.
+ maxLength: 253
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: nodeName must be a lowercase RFC 1123 subdomain
+ consisting of lowercase alphanumeric characters,
+ '-' or '.', and must start and end with an alphanumeric
+ character
+ rule: '!format.dns1123Subdomain().validate(self).hasValue()'
+ status:
+ description: |-
+ status contains a health indicator for the respective KMS plugin
+ The field can have three states: healthy, unhealthy, error.
+ With error and unhealthy containing additional information in Detail.
+ enum:
+ - Healthy
+ - Unhealthy
+ - Error
+ type: string
+ required:
+ - kekId
+ - keyId
+ - lastCheckedTime
+ - nodeName
+ - status
+ type: object
+ maxItems: 200
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - nodeName
+ - keyId
+ x-kubernetes-list-type: map
+ type: object
+ latestAvailableRevision:
+ description: |-
+ latestAvailableRevision is the latest revision used as suffix of revisioned
+ secrets like encryption-config. A new revision causes a new deployment of pods.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ observedGeneration:
+ description: observedGeneration is the last generation change you've
+ dealt with
+ format: int64
+ type: integer
+ readyReplicas:
+ description: readyReplicas indicates how many replicas are ready and
+ at the desired state
+ format: int32
+ type: integer
+ version:
+ description: version is the level this availability applies to
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml
index 19b319fcb..02b95f82f 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml
@@ -187,7 +187,7 @@ spec:
description: |-
driverType indicates type of CSI driver for which the
driverConfig is being applied to.
- Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted.
+ Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted.
Consumers should treat unknown values as a NO-OP.
enum:
- ""
@@ -196,6 +196,7 @@ spec:
- GCP
- IBMCloud
- vSphere
+ - SecretsStore
type: string
gcp:
description: gcp is used to configure the GCP CSI driver.
@@ -261,6 +262,127 @@ spec:
required:
- encryptionKeyCRN
type: object
+ secretsStore:
+ description: secretsStore is used to configure the Secrets Store
+ CSI driver.
+ minProperties: 1
+ properties:
+ secretRotation:
+ description: |-
+ secretRotation controls automatic secret rotation behavior.
+ When omitted, secret rotation is enabled with a default poll interval of 2 minutes.
+ properties:
+ custom:
+ description: |-
+ custom holds the custom rotation configuration.
+ Only valid when type is "Custom".
+ minProperties: 1
+ properties:
+ rotationPollIntervalSeconds:
+ description: |-
+ rotationPollIntervalSeconds is the minimum time in seconds between secret
+ rotation attempts. The driver skips provider calls if less than this interval
+ has elapsed since the last successful rotation.
+ Must be at least 1 second and no more than 31560000 seconds (~1 year).
+ When omitted, this means no opinion and the platform is left to choose a
+ reasonable default, which is subject to change over time.
+ format: int32
+ maximum: 31560000
+ minimum: 1
+ type: integer
+ type: object
+ type:
+ description: |-
+ type determines the secret rotation behavior.
+ When "None", secret rotation is disabled and secrets are only fetched at
+ initial pod mount time.
+ When "Custom", secret rotation is enabled with the configuration specified
+ in the custom field.
+ enum:
+ - None
+ - Custom
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: custom must be set when type is 'Custom', and must
+ not be set otherwise
+ rule: 'has(self.type) && self.type == ''Custom'' ? has(self.custom)
+ : !has(self.custom)'
+ tokenRequests:
+ description: |-
+ tokenRequests controls service account token configuration for
+ workload identity federation (WIF) with cloud providers.
+ When omitted, the operator preserves any existing tokenRequests
+ already configured on the CSIDriver object without modification.
+ properties:
+ managed:
+ description: |-
+ managed holds configuration for operator-managed tokenRequests.
+ Only valid when type is "Managed".
+ minProperties: 1
+ properties:
+ audiences:
+ description: |-
+ audiences specifies service account token audiences that kubelet will
+ provide to the CSI driver during NodePublishVolume calls. These tokens
+ enable workload identity federation (WIF) with cloud providers such as
+ AWS, Azure, and GCP.
+ When empty, the operator clears all tokenRequests from the CSIDriver object.
+ items:
+ description: |-
+ SecretsStoreTokenRequest specifies a service account token audience configuration
+ for workload identity federation (WIF) with the Secrets Store CSI driver.
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the service account token.
+ An empty string means the issued token will use the kube-apiserver's default APIAudiences.
+ maxLength: 253
+ minLength: 0
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service account token.
+ The token issuer may return a token with a different validity duration.
+ When omitted, the token expiration is determined by the kube-apiserver.
+ Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).
+ format: int32
+ maximum: 315360000
+ minimum: 600
+ type: integer
+ required:
+ - audience
+ type: object
+ maxItems: 10
+ minItems: 0
+ type: array
+ x-kubernetes-list-map-keys:
+ - audience
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ description: |-
+ type determines how the operator manages tokenRequests on the CSIDriver object.
+ When "Unmanaged", existing tokenRequests on the CSIDriver are preserved
+ and the managed field is not used.
+ When "Managed", the operator sets tokenRequests from the audiences
+ specified in the managed field, replacing any previously configured values.
+ Once set to "Managed", type cannot be reverted back to "Unmanaged".
+ enum:
+ - Managed
+ - Unmanaged
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: managed must be set when type is 'Managed', and
+ must not be set otherwise
+ rule: 'has(self.type) && self.type == ''Managed'' ? has(self.managed)
+ : !has(self.managed)'
+ type: object
vSphere:
description: vSphere is used to configure the vsphere CSI driver.
properties:
@@ -328,6 +450,10 @@ spec:
unset otherwise
rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ?
has(self.ibmcloud) : !has(self.ibmcloud)'
+ - message: secretsStore must be set if driverType is 'SecretsStore',
+ but remain unset otherwise
+ rule: 'has(self.driverType) && self.driverType == ''SecretsStore''
+ ? has(self.secretsStore) : !has(self.secretsStore)'
logLevel:
default: Normal
description: |-
@@ -506,6 +632,17 @@ spec:
required:
- spec
type: object
+ x-kubernetes-validations:
+ - message: driverType 'SecretsStore' requires metadata.name 'secrets-store.csi.k8s.io'
+ rule: 'self.spec.?driverConfig.driverType.orValue('''') == ''SecretsStore''
+ ? self.metadata.name == ''secrets-store.csi.k8s.io'' : true'
+ - message: metadata.name 'secrets-store.csi.k8s.io' requires driverType 'SecretsStore'
+ rule: 'self.metadata.name == ''secrets-store.csi.k8s.io'' ? (!has(self.spec.driverConfig)
+ || self.spec.driverConfig.driverType == ''SecretsStore'') : true'
+ - message: tokenRequests type cannot be changed from Managed
+ rule: oldSelf.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('')
+ != 'Managed' || self.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('')
+ == 'Managed'
served: true
storage: true
subresources:
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml
index 5bb6bdddc..56859fc15 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml
@@ -187,7 +187,7 @@ spec:
description: |-
driverType indicates type of CSI driver for which the
driverConfig is being applied to.
- Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted.
+ Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted.
Consumers should treat unknown values as a NO-OP.
enum:
- ""
@@ -196,6 +196,7 @@ spec:
- GCP
- IBMCloud
- vSphere
+ - SecretsStore
type: string
gcp:
description: gcp is used to configure the GCP CSI driver.
@@ -261,6 +262,127 @@ spec:
required:
- encryptionKeyCRN
type: object
+ secretsStore:
+ description: secretsStore is used to configure the Secrets Store
+ CSI driver.
+ minProperties: 1
+ properties:
+ secretRotation:
+ description: |-
+ secretRotation controls automatic secret rotation behavior.
+ When omitted, secret rotation is enabled with a default poll interval of 2 minutes.
+ properties:
+ custom:
+ description: |-
+ custom holds the custom rotation configuration.
+ Only valid when type is "Custom".
+ minProperties: 1
+ properties:
+ rotationPollIntervalSeconds:
+ description: |-
+ rotationPollIntervalSeconds is the minimum time in seconds between secret
+ rotation attempts. The driver skips provider calls if less than this interval
+ has elapsed since the last successful rotation.
+ Must be at least 1 second and no more than 31560000 seconds (~1 year).
+ When omitted, this means no opinion and the platform is left to choose a
+ reasonable default, which is subject to change over time.
+ format: int32
+ maximum: 31560000
+ minimum: 1
+ type: integer
+ type: object
+ type:
+ description: |-
+ type determines the secret rotation behavior.
+ When "None", secret rotation is disabled and secrets are only fetched at
+ initial pod mount time.
+ When "Custom", secret rotation is enabled with the configuration specified
+ in the custom field.
+ enum:
+ - None
+ - Custom
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: custom must be set when type is 'Custom', and must
+ not be set otherwise
+ rule: 'has(self.type) && self.type == ''Custom'' ? has(self.custom)
+ : !has(self.custom)'
+ tokenRequests:
+ description: |-
+ tokenRequests controls service account token configuration for
+ workload identity federation (WIF) with cloud providers.
+ When omitted, the operator preserves any existing tokenRequests
+ already configured on the CSIDriver object without modification.
+ properties:
+ managed:
+ description: |-
+ managed holds configuration for operator-managed tokenRequests.
+ Only valid when type is "Managed".
+ minProperties: 1
+ properties:
+ audiences:
+ description: |-
+ audiences specifies service account token audiences that kubelet will
+ provide to the CSI driver during NodePublishVolume calls. These tokens
+ enable workload identity federation (WIF) with cloud providers such as
+ AWS, Azure, and GCP.
+ When empty, the operator clears all tokenRequests from the CSIDriver object.
+ items:
+ description: |-
+ SecretsStoreTokenRequest specifies a service account token audience configuration
+ for workload identity federation (WIF) with the Secrets Store CSI driver.
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the service account token.
+ An empty string means the issued token will use the kube-apiserver's default APIAudiences.
+ maxLength: 253
+ minLength: 0
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service account token.
+ The token issuer may return a token with a different validity duration.
+ When omitted, the token expiration is determined by the kube-apiserver.
+ Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).
+ format: int32
+ maximum: 315360000
+ minimum: 600
+ type: integer
+ required:
+ - audience
+ type: object
+ maxItems: 10
+ minItems: 0
+ type: array
+ x-kubernetes-list-map-keys:
+ - audience
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ description: |-
+ type determines how the operator manages tokenRequests on the CSIDriver object.
+ When "Unmanaged", existing tokenRequests on the CSIDriver are preserved
+ and the managed field is not used.
+ When "Managed", the operator sets tokenRequests from the audiences
+ specified in the managed field, replacing any previously configured values.
+ Once set to "Managed", type cannot be reverted back to "Unmanaged".
+ enum:
+ - Managed
+ - Unmanaged
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: managed must be set when type is 'Managed', and
+ must not be set otherwise
+ rule: 'has(self.type) && self.type == ''Managed'' ? has(self.managed)
+ : !has(self.managed)'
+ type: object
vSphere:
description: vSphere is used to configure the vsphere CSI driver.
properties:
@@ -313,6 +435,10 @@ spec:
unset otherwise
rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ?
has(self.ibmcloud) : !has(self.ibmcloud)'
+ - message: secretsStore must be set if driverType is 'SecretsStore',
+ but remain unset otherwise
+ rule: 'has(self.driverType) && self.driverType == ''SecretsStore''
+ ? has(self.secretsStore) : !has(self.secretsStore)'
logLevel:
default: Normal
description: |-
@@ -491,6 +617,17 @@ spec:
required:
- spec
type: object
+ x-kubernetes-validations:
+ - message: driverType 'SecretsStore' requires metadata.name 'secrets-store.csi.k8s.io'
+ rule: 'self.spec.?driverConfig.driverType.orValue('''') == ''SecretsStore''
+ ? self.metadata.name == ''secrets-store.csi.k8s.io'' : true'
+ - message: metadata.name 'secrets-store.csi.k8s.io' requires driverType 'SecretsStore'
+ rule: 'self.metadata.name == ''secrets-store.csi.k8s.io'' ? (!has(self.spec.driverConfig)
+ || self.spec.driverConfig.driverType == ''SecretsStore'') : true'
+ - message: tokenRequests type cannot be changed from Managed
+ rule: oldSelf.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('')
+ != 'Managed' || self.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('')
+ == 'Managed'
served: true
storage: true
subresources:
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml
index a03dd7d88..f2be3b2ee 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml
@@ -187,7 +187,7 @@ spec:
description: |-
driverType indicates type of CSI driver for which the
driverConfig is being applied to.
- Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted.
+ Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted.
Consumers should treat unknown values as a NO-OP.
enum:
- ""
@@ -196,6 +196,7 @@ spec:
- GCP
- IBMCloud
- vSphere
+ - SecretsStore
type: string
gcp:
description: gcp is used to configure the GCP CSI driver.
@@ -261,6 +262,127 @@ spec:
required:
- encryptionKeyCRN
type: object
+ secretsStore:
+ description: secretsStore is used to configure the Secrets Store
+ CSI driver.
+ minProperties: 1
+ properties:
+ secretRotation:
+ description: |-
+ secretRotation controls automatic secret rotation behavior.
+ When omitted, secret rotation is enabled with a default poll interval of 2 minutes.
+ properties:
+ custom:
+ description: |-
+ custom holds the custom rotation configuration.
+ Only valid when type is "Custom".
+ minProperties: 1
+ properties:
+ rotationPollIntervalSeconds:
+ description: |-
+ rotationPollIntervalSeconds is the minimum time in seconds between secret
+ rotation attempts. The driver skips provider calls if less than this interval
+ has elapsed since the last successful rotation.
+ Must be at least 1 second and no more than 31560000 seconds (~1 year).
+ When omitted, this means no opinion and the platform is left to choose a
+ reasonable default, which is subject to change over time.
+ format: int32
+ maximum: 31560000
+ minimum: 1
+ type: integer
+ type: object
+ type:
+ description: |-
+ type determines the secret rotation behavior.
+ When "None", secret rotation is disabled and secrets are only fetched at
+ initial pod mount time.
+ When "Custom", secret rotation is enabled with the configuration specified
+ in the custom field.
+ enum:
+ - None
+ - Custom
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: custom must be set when type is 'Custom', and must
+ not be set otherwise
+ rule: 'has(self.type) && self.type == ''Custom'' ? has(self.custom)
+ : !has(self.custom)'
+ tokenRequests:
+ description: |-
+ tokenRequests controls service account token configuration for
+ workload identity federation (WIF) with cloud providers.
+ When omitted, the operator preserves any existing tokenRequests
+ already configured on the CSIDriver object without modification.
+ properties:
+ managed:
+ description: |-
+ managed holds configuration for operator-managed tokenRequests.
+ Only valid when type is "Managed".
+ minProperties: 1
+ properties:
+ audiences:
+ description: |-
+ audiences specifies service account token audiences that kubelet will
+ provide to the CSI driver during NodePublishVolume calls. These tokens
+ enable workload identity federation (WIF) with cloud providers such as
+ AWS, Azure, and GCP.
+ When empty, the operator clears all tokenRequests from the CSIDriver object.
+ items:
+ description: |-
+ SecretsStoreTokenRequest specifies a service account token audience configuration
+ for workload identity federation (WIF) with the Secrets Store CSI driver.
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the service account token.
+ An empty string means the issued token will use the kube-apiserver's default APIAudiences.
+ maxLength: 253
+ minLength: 0
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service account token.
+ The token issuer may return a token with a different validity duration.
+ When omitted, the token expiration is determined by the kube-apiserver.
+ Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).
+ format: int32
+ maximum: 315360000
+ minimum: 600
+ type: integer
+ required:
+ - audience
+ type: object
+ maxItems: 10
+ minItems: 0
+ type: array
+ x-kubernetes-list-map-keys:
+ - audience
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ description: |-
+ type determines how the operator manages tokenRequests on the CSIDriver object.
+ When "Unmanaged", existing tokenRequests on the CSIDriver are preserved
+ and the managed field is not used.
+ When "Managed", the operator sets tokenRequests from the audiences
+ specified in the managed field, replacing any previously configured values.
+ Once set to "Managed", type cannot be reverted back to "Unmanaged".
+ enum:
+ - Managed
+ - Unmanaged
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: managed must be set when type is 'Managed', and
+ must not be set otherwise
+ rule: 'has(self.type) && self.type == ''Managed'' ? has(self.managed)
+ : !has(self.managed)'
+ type: object
vSphere:
description: vSphere is used to configure the vsphere CSI driver.
properties:
@@ -328,6 +450,10 @@ spec:
unset otherwise
rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ?
has(self.ibmcloud) : !has(self.ibmcloud)'
+ - message: secretsStore must be set if driverType is 'SecretsStore',
+ but remain unset otherwise
+ rule: 'has(self.driverType) && self.driverType == ''SecretsStore''
+ ? has(self.secretsStore) : !has(self.secretsStore)'
logLevel:
default: Normal
description: |-
@@ -506,6 +632,17 @@ spec:
required:
- spec
type: object
+ x-kubernetes-validations:
+ - message: driverType 'SecretsStore' requires metadata.name 'secrets-store.csi.k8s.io'
+ rule: 'self.spec.?driverConfig.driverType.orValue('''') == ''SecretsStore''
+ ? self.metadata.name == ''secrets-store.csi.k8s.io'' : true'
+ - message: metadata.name 'secrets-store.csi.k8s.io' requires driverType 'SecretsStore'
+ rule: 'self.metadata.name == ''secrets-store.csi.k8s.io'' ? (!has(self.spec.driverConfig)
+ || self.spec.driverConfig.driverType == ''SecretsStore'') : true'
+ - message: tokenRequests type cannot be changed from Managed
+ rule: oldSelf.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('')
+ != 'Managed' || self.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('')
+ == 'Managed'
served: true
storage: true
subresources:
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml
index 0e925a751..de5190a52 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml
@@ -187,7 +187,7 @@ spec:
description: |-
driverType indicates type of CSI driver for which the
driverConfig is being applied to.
- Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted.
+ Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted.
Consumers should treat unknown values as a NO-OP.
enum:
- ""
@@ -196,6 +196,7 @@ spec:
- GCP
- IBMCloud
- vSphere
+ - SecretsStore
type: string
gcp:
description: gcp is used to configure the GCP CSI driver.
@@ -261,6 +262,127 @@ spec:
required:
- encryptionKeyCRN
type: object
+ secretsStore:
+ description: secretsStore is used to configure the Secrets Store
+ CSI driver.
+ minProperties: 1
+ properties:
+ secretRotation:
+ description: |-
+ secretRotation controls automatic secret rotation behavior.
+ When omitted, secret rotation is enabled with a default poll interval of 2 minutes.
+ properties:
+ custom:
+ description: |-
+ custom holds the custom rotation configuration.
+ Only valid when type is "Custom".
+ minProperties: 1
+ properties:
+ rotationPollIntervalSeconds:
+ description: |-
+ rotationPollIntervalSeconds is the minimum time in seconds between secret
+ rotation attempts. The driver skips provider calls if less than this interval
+ has elapsed since the last successful rotation.
+ Must be at least 1 second and no more than 31560000 seconds (~1 year).
+ When omitted, this means no opinion and the platform is left to choose a
+ reasonable default, which is subject to change over time.
+ format: int32
+ maximum: 31560000
+ minimum: 1
+ type: integer
+ type: object
+ type:
+ description: |-
+ type determines the secret rotation behavior.
+ When "None", secret rotation is disabled and secrets are only fetched at
+ initial pod mount time.
+ When "Custom", secret rotation is enabled with the configuration specified
+ in the custom field.
+ enum:
+ - None
+ - Custom
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: custom must be set when type is 'Custom', and must
+ not be set otherwise
+ rule: 'has(self.type) && self.type == ''Custom'' ? has(self.custom)
+ : !has(self.custom)'
+ tokenRequests:
+ description: |-
+ tokenRequests controls service account token configuration for
+ workload identity federation (WIF) with cloud providers.
+ When omitted, the operator preserves any existing tokenRequests
+ already configured on the CSIDriver object without modification.
+ properties:
+ managed:
+ description: |-
+ managed holds configuration for operator-managed tokenRequests.
+ Only valid when type is "Managed".
+ minProperties: 1
+ properties:
+ audiences:
+ description: |-
+ audiences specifies service account token audiences that kubelet will
+ provide to the CSI driver during NodePublishVolume calls. These tokens
+ enable workload identity federation (WIF) with cloud providers such as
+ AWS, Azure, and GCP.
+ When empty, the operator clears all tokenRequests from the CSIDriver object.
+ items:
+ description: |-
+ SecretsStoreTokenRequest specifies a service account token audience configuration
+ for workload identity federation (WIF) with the Secrets Store CSI driver.
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the service account token.
+ An empty string means the issued token will use the kube-apiserver's default APIAudiences.
+ maxLength: 253
+ minLength: 0
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service account token.
+ The token issuer may return a token with a different validity duration.
+ When omitted, the token expiration is determined by the kube-apiserver.
+ Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).
+ format: int32
+ maximum: 315360000
+ minimum: 600
+ type: integer
+ required:
+ - audience
+ type: object
+ maxItems: 10
+ minItems: 0
+ type: array
+ x-kubernetes-list-map-keys:
+ - audience
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ description: |-
+ type determines how the operator manages tokenRequests on the CSIDriver object.
+ When "Unmanaged", existing tokenRequests on the CSIDriver are preserved
+ and the managed field is not used.
+ When "Managed", the operator sets tokenRequests from the audiences
+ specified in the managed field, replacing any previously configured values.
+ Once set to "Managed", type cannot be reverted back to "Unmanaged".
+ enum:
+ - Managed
+ - Unmanaged
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: managed must be set when type is 'Managed', and
+ must not be set otherwise
+ rule: 'has(self.type) && self.type == ''Managed'' ? has(self.managed)
+ : !has(self.managed)'
+ type: object
vSphere:
description: vSphere is used to configure the vsphere CSI driver.
properties:
@@ -313,6 +435,10 @@ spec:
unset otherwise
rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ?
has(self.ibmcloud) : !has(self.ibmcloud)'
+ - message: secretsStore must be set if driverType is 'SecretsStore',
+ but remain unset otherwise
+ rule: 'has(self.driverType) && self.driverType == ''SecretsStore''
+ ? has(self.secretsStore) : !has(self.secretsStore)'
logLevel:
default: Normal
description: |-
@@ -491,6 +617,17 @@ spec:
required:
- spec
type: object
+ x-kubernetes-validations:
+ - message: driverType 'SecretsStore' requires metadata.name 'secrets-store.csi.k8s.io'
+ rule: 'self.spec.?driverConfig.driverType.orValue('''') == ''SecretsStore''
+ ? self.metadata.name == ''secrets-store.csi.k8s.io'' : true'
+ - message: metadata.name 'secrets-store.csi.k8s.io' requires driverType 'SecretsStore'
+ rule: 'self.metadata.name == ''secrets-store.csi.k8s.io'' ? (!has(self.spec.driverConfig)
+ || self.spec.driverConfig.driverType == ''SecretsStore'') : true'
+ - message: tokenRequests type cannot be changed from Managed
+ rule: oldSelf.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('')
+ != 'Managed' || self.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('')
+ == 'Managed'
served: true
storage: true
subresources:
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml
index 3dc68028e..51ffcfd97 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml
@@ -187,7 +187,7 @@ spec:
description: |-
driverType indicates type of CSI driver for which the
driverConfig is being applied to.
- Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted.
+ Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted.
Consumers should treat unknown values as a NO-OP.
enum:
- ""
@@ -196,6 +196,7 @@ spec:
- GCP
- IBMCloud
- vSphere
+ - SecretsStore
type: string
gcp:
description: gcp is used to configure the GCP CSI driver.
@@ -261,6 +262,127 @@ spec:
required:
- encryptionKeyCRN
type: object
+ secretsStore:
+ description: secretsStore is used to configure the Secrets Store
+ CSI driver.
+ minProperties: 1
+ properties:
+ secretRotation:
+ description: |-
+ secretRotation controls automatic secret rotation behavior.
+ When omitted, secret rotation is enabled with a default poll interval of 2 minutes.
+ properties:
+ custom:
+ description: |-
+ custom holds the custom rotation configuration.
+ Only valid when type is "Custom".
+ minProperties: 1
+ properties:
+ rotationPollIntervalSeconds:
+ description: |-
+ rotationPollIntervalSeconds is the minimum time in seconds between secret
+ rotation attempts. The driver skips provider calls if less than this interval
+ has elapsed since the last successful rotation.
+ Must be at least 1 second and no more than 31560000 seconds (~1 year).
+ When omitted, this means no opinion and the platform is left to choose a
+ reasonable default, which is subject to change over time.
+ format: int32
+ maximum: 31560000
+ minimum: 1
+ type: integer
+ type: object
+ type:
+ description: |-
+ type determines the secret rotation behavior.
+ When "None", secret rotation is disabled and secrets are only fetched at
+ initial pod mount time.
+ When "Custom", secret rotation is enabled with the configuration specified
+ in the custom field.
+ enum:
+ - None
+ - Custom
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: custom must be set when type is 'Custom', and must
+ not be set otherwise
+ rule: 'has(self.type) && self.type == ''Custom'' ? has(self.custom)
+ : !has(self.custom)'
+ tokenRequests:
+ description: |-
+ tokenRequests controls service account token configuration for
+ workload identity federation (WIF) with cloud providers.
+ When omitted, the operator preserves any existing tokenRequests
+ already configured on the CSIDriver object without modification.
+ properties:
+ managed:
+ description: |-
+ managed holds configuration for operator-managed tokenRequests.
+ Only valid when type is "Managed".
+ minProperties: 1
+ properties:
+ audiences:
+ description: |-
+ audiences specifies service account token audiences that kubelet will
+ provide to the CSI driver during NodePublishVolume calls. These tokens
+ enable workload identity federation (WIF) with cloud providers such as
+ AWS, Azure, and GCP.
+ When empty, the operator clears all tokenRequests from the CSIDriver object.
+ items:
+ description: |-
+ SecretsStoreTokenRequest specifies a service account token audience configuration
+ for workload identity federation (WIF) with the Secrets Store CSI driver.
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the service account token.
+ An empty string means the issued token will use the kube-apiserver's default APIAudiences.
+ maxLength: 253
+ minLength: 0
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service account token.
+ The token issuer may return a token with a different validity duration.
+ When omitted, the token expiration is determined by the kube-apiserver.
+ Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).
+ format: int32
+ maximum: 315360000
+ minimum: 600
+ type: integer
+ required:
+ - audience
+ type: object
+ maxItems: 10
+ minItems: 0
+ type: array
+ x-kubernetes-list-map-keys:
+ - audience
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ description: |-
+ type determines how the operator manages tokenRequests on the CSIDriver object.
+ When "Unmanaged", existing tokenRequests on the CSIDriver are preserved
+ and the managed field is not used.
+ When "Managed", the operator sets tokenRequests from the audiences
+ specified in the managed field, replacing any previously configured values.
+ Once set to "Managed", type cannot be reverted back to "Unmanaged".
+ enum:
+ - Managed
+ - Unmanaged
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: managed must be set when type is 'Managed', and
+ must not be set otherwise
+ rule: 'has(self.type) && self.type == ''Managed'' ? has(self.managed)
+ : !has(self.managed)'
+ type: object
vSphere:
description: vSphere is used to configure the vsphere CSI driver.
properties:
@@ -328,6 +450,10 @@ spec:
unset otherwise
rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ?
has(self.ibmcloud) : !has(self.ibmcloud)'
+ - message: secretsStore must be set if driverType is 'SecretsStore',
+ but remain unset otherwise
+ rule: 'has(self.driverType) && self.driverType == ''SecretsStore''
+ ? has(self.secretsStore) : !has(self.secretsStore)'
logLevel:
default: Normal
description: |-
@@ -506,6 +632,17 @@ spec:
required:
- spec
type: object
+ x-kubernetes-validations:
+ - message: driverType 'SecretsStore' requires metadata.name 'secrets-store.csi.k8s.io'
+ rule: 'self.spec.?driverConfig.driverType.orValue('''') == ''SecretsStore''
+ ? self.metadata.name == ''secrets-store.csi.k8s.io'' : true'
+ - message: metadata.name 'secrets-store.csi.k8s.io' requires driverType 'SecretsStore'
+ rule: 'self.metadata.name == ''secrets-store.csi.k8s.io'' ? (!has(self.spec.driverConfig)
+ || self.spec.driverConfig.driverType == ''SecretsStore'') : true'
+ - message: tokenRequests type cannot be changed from Managed
+ rule: oldSelf.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('')
+ != 'Managed' || self.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('')
+ == 'Managed'
served: true
storage: true
subresources:
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml
index fdf10772d..66b935c91 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml
@@ -512,6 +512,38 @@ spec:
x-kubernetes-validations:
- message: eipAllocations cannot contain duplicates
rule: self.all(x, self.exists_one(y, x == y))
+ protocol:
+ description: |-
+ protocol specifies whether the Network Load Balancer uses PROXY
+ protocol to forward connections to the IngressController.
+
+ When set to "TCP", the NLB uses AWS's native client IP preservation.
+ This may cause hairpin connection failures for internal load
+ balancers when connections are made from pods to router pods on
+ the same node.
+
+ When set to "PROXY", the NLB disables native client IP preservation
+ and uses PROXY protocol v2. The IngressController enables PROXY
+ protocol on HAProxy so that it can parse PROXY protocol headers to
+ obtain the original client IP. This avoids hairpin connection
+ failures.
+
+ The following values are valid for this field:
+
+ * "TCP".
+ * "PROXY".
+
+ When omitted, this means the user has no opinion and the value is
+ left to the platform to choose a reasonable default, which is subject to
+ change over time. The current default is "PROXY".
+
+ Note that changing this field may cause brief connection failures
+ during the transition as the NLB attribute change and router rollout
+ occur independently.
+ enum:
+ - TCP
+ - PROXY
+ type: string
subnets:
description: |-
subnets specifies the subnets to which the load balancer will
@@ -1993,8 +2025,11 @@ spec:
custom:
description: |-
custom is a user-defined TLS security profile. Be extremely careful using a custom
- profile as invalid configurations can be catastrophic. An example custom profile
- looks like this:
+ profile as invalid configurations can be catastrophic.
+
+ The supported groups list for this profile is empty by default.
+
+ An example custom profile looks like this:
minTLSVersion: VersionTLS11
ciphers:
@@ -2019,6 +2054,46 @@ spec:
type: string
type: array
x-kubernetes-list-type: atomic
+ groups:
+ description: |-
+ groups is an optional, ordered field used to specify the supported groups (formerly known as
+ elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ a suggested preference, with the most preferred group first. Note that not all platform
+ components honor the ordering: Go-based components use Go's internal preference order and
+ treat this list as a filter of allowed groups rather than an ordered preference.
+ Operators may remove entries their operands do not support.
+
+ When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ subject to change over time and may be different per platform component depending on the underlying TLS
+ libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ and each group must be unique.
+
+ For example, to use X25519 and secp256r1 (yaml):
+
+ groups:
+ - X25519
+ - secp256r1
+ items:
+ description: |-
+ TLSGroup is a supported group identifier that can be used in TLSProfile.Groups.
+ There is a one-to-one mapping between these names and the group IDs defined
+ in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry:
+ https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
+ enum:
+ - X25519
+ - secp256r1
+ - secp384r1
+ - secp521r1
+ - X25519MLKEM768
+ - SecP256r1MLKEM768
+ - SecP384r1MLKEM1024
+ type: string
+ maxItems: 7
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
minTLSVersion:
description: |-
minTLSVersion is used to specify the minimal version of the TLS protocol
@@ -2039,6 +2114,10 @@ spec:
legacy clients and want to remain highly secure while being compatible with
most clients currently in use.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS12
ciphers:
@@ -2057,7 +2136,9 @@ spec:
description: |-
modern is a TLS security profile for use with clients that support TLS 1.3 and
do not need backward compatibility for older clients.
-
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS13
ciphers:
@@ -2071,6 +2152,10 @@ spec:
old is a TLS profile for use when services need to be accessed by very old
clients or libraries and should be used only as a last resort.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS10
ciphers:
@@ -2087,11 +2172,14 @@ spec:
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
+ - AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
@@ -2102,10 +2190,16 @@ spec:
type is one of Old, Intermediate, Modern or Custom. Custom provides the
ability to specify individual TLS security profile parameters.
- The profiles are based on version 5.7 of the Mozilla Server Side TLS
- configuration guidelines. The cipher lists consist of the configuration's
- "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ The cipher and groups lists in these profiles are based on version 5.8 of the
+ Mozilla Server Side TLS configuration guidelines.
+ See: https://ssl-config.mozilla.org/guidelines/5.8.json
+
+ The groups are listed in suggested preference order, with the most preferred group first.
+ Note that not all platform components honor the ordering: Go-based components use Go's
+ internal preference order and treat this list as a filter of allowed groups rather than
+ an ordered preference.
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
The profiles are intent based, so they may change over time as new ciphers are
developed and existing ciphers are found to be insecure. Depending on
@@ -2118,17 +2212,6 @@ spec:
type: string
type: object
tuningOptions:
- anyOf:
- - properties:
- maxConnections:
- enum:
- - -1
- - 0
- - properties:
- maxConnections:
- format: int32
- maximum: 2000000
- minimum: 2000
description: |-
tuningOptions defines parameters for adjusting the performance of
ingress controller pods. All fields are optional and will use their
@@ -2341,6 +2424,9 @@ spec:
'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'.
format: int32
type: integer
+ x-kubernetes-validations:
+ - message: maxConnections must be 0, -1, or between 2000 and 2000000
+ rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000)
reloadInterval:
description: |-
reloadInterval defines the minimum interval at which the router is allowed to reload
@@ -2784,6 +2870,38 @@ spec:
x-kubernetes-validations:
- message: eipAllocations cannot contain duplicates
rule: self.all(x, self.exists_one(y, x == y))
+ protocol:
+ description: |-
+ protocol specifies whether the Network Load Balancer uses PROXY
+ protocol to forward connections to the IngressController.
+
+ When set to "TCP", the NLB uses AWS's native client IP preservation.
+ This may cause hairpin connection failures for internal load
+ balancers when connections are made from pods to router pods on
+ the same node.
+
+ When set to "PROXY", the NLB disables native client IP preservation
+ and uses PROXY protocol v2. The IngressController enables PROXY
+ protocol on HAProxy so that it can parse PROXY protocol headers to
+ obtain the original client IP. This avoids hairpin connection
+ failures.
+
+ The following values are valid for this field:
+
+ * "TCP".
+ * "PROXY".
+
+ When omitted, this means the user has no opinion and the value is
+ left to the platform to choose a reasonable default, which is subject to
+ change over time. The current default is "PROXY".
+
+ Note that changing this field may cause brief connection failures
+ during the transition as the NLB attribute change and router rollout
+ occur independently.
+ enum:
+ - TCP
+ - PROXY
+ type: string
subnets:
description: |-
subnets specifies the subnets to which the load balancer will
@@ -3286,6 +3404,46 @@ spec:
type: string
type: array
x-kubernetes-list-type: atomic
+ groups:
+ description: |-
+ groups is an optional, ordered field used to specify the supported groups (formerly known as
+ elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ a suggested preference, with the most preferred group first. Note that not all platform
+ components honor the ordering: Go-based components use Go's internal preference order and
+ treat this list as a filter of allowed groups rather than an ordered preference.
+ Operators may remove entries their operands do not support.
+
+ When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ subject to change over time and may be different per platform component depending on the underlying TLS
+ libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ and each group must be unique.
+
+ For example, to use X25519 and secp256r1 (yaml):
+
+ groups:
+ - X25519
+ - secp256r1
+ items:
+ description: |-
+ TLSGroup is a supported group identifier that can be used in TLSProfile.Groups.
+ There is a one-to-one mapping between these names and the group IDs defined
+ in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry:
+ https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
+ enum:
+ - X25519
+ - secp256r1
+ - secp384r1
+ - secp521r1
+ - X25519MLKEM768
+ - SecP256r1MLKEM768
+ - SecP384r1MLKEM1024
+ type: string
+ maxItems: 7
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
minTLSVersion:
description: |-
minTLSVersion is used to specify the minimal version of the TLS protocol
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml
index 97c3ca8c4..05d8a2442 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml
@@ -512,6 +512,38 @@ spec:
x-kubernetes-validations:
- message: eipAllocations cannot contain duplicates
rule: self.all(x, self.exists_one(y, x == y))
+ protocol:
+ description: |-
+ protocol specifies whether the Network Load Balancer uses PROXY
+ protocol to forward connections to the IngressController.
+
+ When set to "TCP", the NLB uses AWS's native client IP preservation.
+ This may cause hairpin connection failures for internal load
+ balancers when connections are made from pods to router pods on
+ the same node.
+
+ When set to "PROXY", the NLB disables native client IP preservation
+ and uses PROXY protocol v2. The IngressController enables PROXY
+ protocol on HAProxy so that it can parse PROXY protocol headers to
+ obtain the original client IP. This avoids hairpin connection
+ failures.
+
+ The following values are valid for this field:
+
+ * "TCP".
+ * "PROXY".
+
+ When omitted, this means the user has no opinion and the value is
+ left to the platform to choose a reasonable default, which is subject to
+ change over time. The current default is "PROXY".
+
+ Note that changing this field may cause brief connection failures
+ during the transition as the NLB attribute change and router rollout
+ occur independently.
+ enum:
+ - TCP
+ - PROXY
+ type: string
subnets:
description: |-
subnets specifies the subnets to which the load balancer will
@@ -1993,8 +2025,11 @@ spec:
custom:
description: |-
custom is a user-defined TLS security profile. Be extremely careful using a custom
- profile as invalid configurations can be catastrophic. An example custom profile
- looks like this:
+ profile as invalid configurations can be catastrophic.
+
+ The supported groups list for this profile is empty by default.
+
+ An example custom profile looks like this:
minTLSVersion: VersionTLS11
ciphers:
@@ -2039,6 +2074,10 @@ spec:
legacy clients and want to remain highly secure while being compatible with
most clients currently in use.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS12
ciphers:
@@ -2057,7 +2096,9 @@ spec:
description: |-
modern is a TLS security profile for use with clients that support TLS 1.3 and
do not need backward compatibility for older clients.
-
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS13
ciphers:
@@ -2071,6 +2112,10 @@ spec:
old is a TLS profile for use when services need to be accessed by very old
clients or libraries and should be used only as a last resort.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS10
ciphers:
@@ -2087,11 +2132,14 @@ spec:
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
+ - AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
@@ -2102,10 +2150,16 @@ spec:
type is one of Old, Intermediate, Modern or Custom. Custom provides the
ability to specify individual TLS security profile parameters.
- The profiles are based on version 5.7 of the Mozilla Server Side TLS
- configuration guidelines. The cipher lists consist of the configuration's
- "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ The cipher and groups lists in these profiles are based on version 5.8 of the
+ Mozilla Server Side TLS configuration guidelines.
+ See: https://ssl-config.mozilla.org/guidelines/5.8.json
+
+ The groups are listed in suggested preference order, with the most preferred group first.
+ Note that not all platform components honor the ordering: Go-based components use Go's
+ internal preference order and treat this list as a filter of allowed groups rather than
+ an ordered preference.
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
The profiles are intent based, so they may change over time as new ciphers are
developed and existing ciphers are found to be insecure. Depending on
@@ -2118,17 +2172,6 @@ spec:
type: string
type: object
tuningOptions:
- anyOf:
- - properties:
- maxConnections:
- enum:
- - -1
- - 0
- - properties:
- maxConnections:
- format: int32
- maximum: 2000000
- minimum: 2000
description: |-
tuningOptions defines parameters for adjusting the performance of
ingress controller pods. All fields are optional and will use their
@@ -2310,6 +2353,9 @@ spec:
'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'.
format: int32
type: integer
+ x-kubernetes-validations:
+ - message: maxConnections must be 0, -1, or between 2000 and 2000000
+ rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000)
reloadInterval:
description: |-
reloadInterval defines the minimum interval at which the router is allowed to reload
@@ -2753,6 +2799,38 @@ spec:
x-kubernetes-validations:
- message: eipAllocations cannot contain duplicates
rule: self.all(x, self.exists_one(y, x == y))
+ protocol:
+ description: |-
+ protocol specifies whether the Network Load Balancer uses PROXY
+ protocol to forward connections to the IngressController.
+
+ When set to "TCP", the NLB uses AWS's native client IP preservation.
+ This may cause hairpin connection failures for internal load
+ balancers when connections are made from pods to router pods on
+ the same node.
+
+ When set to "PROXY", the NLB disables native client IP preservation
+ and uses PROXY protocol v2. The IngressController enables PROXY
+ protocol on HAProxy so that it can parse PROXY protocol headers to
+ obtain the original client IP. This avoids hairpin connection
+ failures.
+
+ The following values are valid for this field:
+
+ * "TCP".
+ * "PROXY".
+
+ When omitted, this means the user has no opinion and the value is
+ left to the platform to choose a reasonable default, which is subject to
+ change over time. The current default is "PROXY".
+
+ Note that changing this field may cause brief connection failures
+ during the transition as the NLB attribute change and router rollout
+ occur independently.
+ enum:
+ - TCP
+ - PROXY
+ type: string
subnets:
description: |-
subnets specifies the subnets to which the load balancer will
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml
index 89c366cda..a9600ab83 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml
@@ -512,6 +512,38 @@ spec:
x-kubernetes-validations:
- message: eipAllocations cannot contain duplicates
rule: self.all(x, self.exists_one(y, x == y))
+ protocol:
+ description: |-
+ protocol specifies whether the Network Load Balancer uses PROXY
+ protocol to forward connections to the IngressController.
+
+ When set to "TCP", the NLB uses AWS's native client IP preservation.
+ This may cause hairpin connection failures for internal load
+ balancers when connections are made from pods to router pods on
+ the same node.
+
+ When set to "PROXY", the NLB disables native client IP preservation
+ and uses PROXY protocol v2. The IngressController enables PROXY
+ protocol on HAProxy so that it can parse PROXY protocol headers to
+ obtain the original client IP. This avoids hairpin connection
+ failures.
+
+ The following values are valid for this field:
+
+ * "TCP".
+ * "PROXY".
+
+ When omitted, this means the user has no opinion and the value is
+ left to the platform to choose a reasonable default, which is subject to
+ change over time. The current default is "PROXY".
+
+ Note that changing this field may cause brief connection failures
+ during the transition as the NLB attribute change and router rollout
+ occur independently.
+ enum:
+ - TCP
+ - PROXY
+ type: string
subnets:
description: |-
subnets specifies the subnets to which the load balancer will
@@ -1993,8 +2025,11 @@ spec:
custom:
description: |-
custom is a user-defined TLS security profile. Be extremely careful using a custom
- profile as invalid configurations can be catastrophic. An example custom profile
- looks like this:
+ profile as invalid configurations can be catastrophic.
+
+ The supported groups list for this profile is empty by default.
+
+ An example custom profile looks like this:
minTLSVersion: VersionTLS11
ciphers:
@@ -2019,6 +2054,46 @@ spec:
type: string
type: array
x-kubernetes-list-type: atomic
+ groups:
+ description: |-
+ groups is an optional, ordered field used to specify the supported groups (formerly known as
+ elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ a suggested preference, with the most preferred group first. Note that not all platform
+ components honor the ordering: Go-based components use Go's internal preference order and
+ treat this list as a filter of allowed groups rather than an ordered preference.
+ Operators may remove entries their operands do not support.
+
+ When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ subject to change over time and may be different per platform component depending on the underlying TLS
+ libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ and each group must be unique.
+
+ For example, to use X25519 and secp256r1 (yaml):
+
+ groups:
+ - X25519
+ - secp256r1
+ items:
+ description: |-
+ TLSGroup is a supported group identifier that can be used in TLSProfile.Groups.
+ There is a one-to-one mapping between these names and the group IDs defined
+ in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry:
+ https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
+ enum:
+ - X25519
+ - secp256r1
+ - secp384r1
+ - secp521r1
+ - X25519MLKEM768
+ - SecP256r1MLKEM768
+ - SecP384r1MLKEM1024
+ type: string
+ maxItems: 7
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
minTLSVersion:
description: |-
minTLSVersion is used to specify the minimal version of the TLS protocol
@@ -2039,6 +2114,10 @@ spec:
legacy clients and want to remain highly secure while being compatible with
most clients currently in use.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS12
ciphers:
@@ -2057,7 +2136,9 @@ spec:
description: |-
modern is a TLS security profile for use with clients that support TLS 1.3 and
do not need backward compatibility for older clients.
-
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS13
ciphers:
@@ -2071,6 +2152,10 @@ spec:
old is a TLS profile for use when services need to be accessed by very old
clients or libraries and should be used only as a last resort.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS10
ciphers:
@@ -2087,11 +2172,14 @@ spec:
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
+ - AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
@@ -2102,10 +2190,16 @@ spec:
type is one of Old, Intermediate, Modern or Custom. Custom provides the
ability to specify individual TLS security profile parameters.
- The profiles are based on version 5.7 of the Mozilla Server Side TLS
- configuration guidelines. The cipher lists consist of the configuration's
- "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ The cipher and groups lists in these profiles are based on version 5.8 of the
+ Mozilla Server Side TLS configuration guidelines.
+ See: https://ssl-config.mozilla.org/guidelines/5.8.json
+
+ The groups are listed in suggested preference order, with the most preferred group first.
+ Note that not all platform components honor the ordering: Go-based components use Go's
+ internal preference order and treat this list as a filter of allowed groups rather than
+ an ordered preference.
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
The profiles are intent based, so they may change over time as new ciphers are
developed and existing ciphers are found to be insecure. Depending on
@@ -2118,17 +2212,6 @@ spec:
type: string
type: object
tuningOptions:
- anyOf:
- - properties:
- maxConnections:
- enum:
- - -1
- - 0
- - properties:
- maxConnections:
- format: int32
- maximum: 2000000
- minimum: 2000
description: |-
tuningOptions defines parameters for adjusting the performance of
ingress controller pods. All fields are optional and will use their
@@ -2341,6 +2424,9 @@ spec:
'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'.
format: int32
type: integer
+ x-kubernetes-validations:
+ - message: maxConnections must be 0, -1, or between 2000 and 2000000
+ rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000)
reloadInterval:
description: |-
reloadInterval defines the minimum interval at which the router is allowed to reload
@@ -2784,6 +2870,38 @@ spec:
x-kubernetes-validations:
- message: eipAllocations cannot contain duplicates
rule: self.all(x, self.exists_one(y, x == y))
+ protocol:
+ description: |-
+ protocol specifies whether the Network Load Balancer uses PROXY
+ protocol to forward connections to the IngressController.
+
+ When set to "TCP", the NLB uses AWS's native client IP preservation.
+ This may cause hairpin connection failures for internal load
+ balancers when connections are made from pods to router pods on
+ the same node.
+
+ When set to "PROXY", the NLB disables native client IP preservation
+ and uses PROXY protocol v2. The IngressController enables PROXY
+ protocol on HAProxy so that it can parse PROXY protocol headers to
+ obtain the original client IP. This avoids hairpin connection
+ failures.
+
+ The following values are valid for this field:
+
+ * "TCP".
+ * "PROXY".
+
+ When omitted, this means the user has no opinion and the value is
+ left to the platform to choose a reasonable default, which is subject to
+ change over time. The current default is "PROXY".
+
+ Note that changing this field may cause brief connection failures
+ during the transition as the NLB attribute change and router rollout
+ occur independently.
+ enum:
+ - TCP
+ - PROXY
+ type: string
subnets:
description: |-
subnets specifies the subnets to which the load balancer will
@@ -3286,6 +3404,46 @@ spec:
type: string
type: array
x-kubernetes-list-type: atomic
+ groups:
+ description: |-
+ groups is an optional, ordered field used to specify the supported groups (formerly known as
+ elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ a suggested preference, with the most preferred group first. Note that not all platform
+ components honor the ordering: Go-based components use Go's internal preference order and
+ treat this list as a filter of allowed groups rather than an ordered preference.
+ Operators may remove entries their operands do not support.
+
+ When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ subject to change over time and may be different per platform component depending on the underlying TLS
+ libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ and each group must be unique.
+
+ For example, to use X25519 and secp256r1 (yaml):
+
+ groups:
+ - X25519
+ - secp256r1
+ items:
+ description: |-
+ TLSGroup is a supported group identifier that can be used in TLSProfile.Groups.
+ There is a one-to-one mapping between these names and the group IDs defined
+ in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry:
+ https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
+ enum:
+ - X25519
+ - secp256r1
+ - secp384r1
+ - secp521r1
+ - X25519MLKEM768
+ - SecP256r1MLKEM768
+ - SecP384r1MLKEM1024
+ type: string
+ maxItems: 7
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
minTLSVersion:
description: |-
minTLSVersion is used to specify the minimal version of the TLS protocol
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml
index 535ddf0bc..2052c5f29 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml
@@ -512,6 +512,38 @@ spec:
x-kubernetes-validations:
- message: eipAllocations cannot contain duplicates
rule: self.all(x, self.exists_one(y, x == y))
+ protocol:
+ description: |-
+ protocol specifies whether the Network Load Balancer uses PROXY
+ protocol to forward connections to the IngressController.
+
+ When set to "TCP", the NLB uses AWS's native client IP preservation.
+ This may cause hairpin connection failures for internal load
+ balancers when connections are made from pods to router pods on
+ the same node.
+
+ When set to "PROXY", the NLB disables native client IP preservation
+ and uses PROXY protocol v2. The IngressController enables PROXY
+ protocol on HAProxy so that it can parse PROXY protocol headers to
+ obtain the original client IP. This avoids hairpin connection
+ failures.
+
+ The following values are valid for this field:
+
+ * "TCP".
+ * "PROXY".
+
+ When omitted, this means the user has no opinion and the value is
+ left to the platform to choose a reasonable default, which is subject to
+ change over time. The current default is "PROXY".
+
+ Note that changing this field may cause brief connection failures
+ during the transition as the NLB attribute change and router rollout
+ occur independently.
+ enum:
+ - TCP
+ - PROXY
+ type: string
subnets:
description: |-
subnets specifies the subnets to which the load balancer will
@@ -1993,8 +2025,11 @@ spec:
custom:
description: |-
custom is a user-defined TLS security profile. Be extremely careful using a custom
- profile as invalid configurations can be catastrophic. An example custom profile
- looks like this:
+ profile as invalid configurations can be catastrophic.
+
+ The supported groups list for this profile is empty by default.
+
+ An example custom profile looks like this:
minTLSVersion: VersionTLS11
ciphers:
@@ -2039,6 +2074,10 @@ spec:
legacy clients and want to remain highly secure while being compatible with
most clients currently in use.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS12
ciphers:
@@ -2057,7 +2096,9 @@ spec:
description: |-
modern is a TLS security profile for use with clients that support TLS 1.3 and
do not need backward compatibility for older clients.
-
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS13
ciphers:
@@ -2071,6 +2112,10 @@ spec:
old is a TLS profile for use when services need to be accessed by very old
clients or libraries and should be used only as a last resort.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS10
ciphers:
@@ -2087,11 +2132,14 @@ spec:
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
+ - AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
@@ -2102,10 +2150,16 @@ spec:
type is one of Old, Intermediate, Modern or Custom. Custom provides the
ability to specify individual TLS security profile parameters.
- The profiles are based on version 5.7 of the Mozilla Server Side TLS
- configuration guidelines. The cipher lists consist of the configuration's
- "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ The cipher and groups lists in these profiles are based on version 5.8 of the
+ Mozilla Server Side TLS configuration guidelines.
+ See: https://ssl-config.mozilla.org/guidelines/5.8.json
+
+ The groups are listed in suggested preference order, with the most preferred group first.
+ Note that not all platform components honor the ordering: Go-based components use Go's
+ internal preference order and treat this list as a filter of allowed groups rather than
+ an ordered preference.
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
The profiles are intent based, so they may change over time as new ciphers are
developed and existing ciphers are found to be insecure. Depending on
@@ -2118,17 +2172,6 @@ spec:
type: string
type: object
tuningOptions:
- anyOf:
- - properties:
- maxConnections:
- enum:
- - -1
- - 0
- - properties:
- maxConnections:
- format: int32
- maximum: 2000000
- minimum: 2000
description: |-
tuningOptions defines parameters for adjusting the performance of
ingress controller pods. All fields are optional and will use their
@@ -2310,6 +2353,9 @@ spec:
'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'.
format: int32
type: integer
+ x-kubernetes-validations:
+ - message: maxConnections must be 0, -1, or between 2000 and 2000000
+ rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000)
reloadInterval:
description: |-
reloadInterval defines the minimum interval at which the router is allowed to reload
@@ -2753,6 +2799,38 @@ spec:
x-kubernetes-validations:
- message: eipAllocations cannot contain duplicates
rule: self.all(x, self.exists_one(y, x == y))
+ protocol:
+ description: |-
+ protocol specifies whether the Network Load Balancer uses PROXY
+ protocol to forward connections to the IngressController.
+
+ When set to "TCP", the NLB uses AWS's native client IP preservation.
+ This may cause hairpin connection failures for internal load
+ balancers when connections are made from pods to router pods on
+ the same node.
+
+ When set to "PROXY", the NLB disables native client IP preservation
+ and uses PROXY protocol v2. The IngressController enables PROXY
+ protocol on HAProxy so that it can parse PROXY protocol headers to
+ obtain the original client IP. This avoids hairpin connection
+ failures.
+
+ The following values are valid for this field:
+
+ * "TCP".
+ * "PROXY".
+
+ When omitted, this means the user has no opinion and the value is
+ left to the platform to choose a reasonable default, which is subject to
+ change over time. The current default is "PROXY".
+
+ Note that changing this field may cause brief connection failures
+ during the transition as the NLB attribute change and router rollout
+ occur independently.
+ enum:
+ - TCP
+ - PROXY
+ type: string
subnets:
description: |-
subnets specifies the subnets to which the load balancer will
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml
index 2fbc3cd4e..ea37a2261 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml
@@ -512,6 +512,38 @@ spec:
x-kubernetes-validations:
- message: eipAllocations cannot contain duplicates
rule: self.all(x, self.exists_one(y, x == y))
+ protocol:
+ description: |-
+ protocol specifies whether the Network Load Balancer uses PROXY
+ protocol to forward connections to the IngressController.
+
+ When set to "TCP", the NLB uses AWS's native client IP preservation.
+ This may cause hairpin connection failures for internal load
+ balancers when connections are made from pods to router pods on
+ the same node.
+
+ When set to "PROXY", the NLB disables native client IP preservation
+ and uses PROXY protocol v2. The IngressController enables PROXY
+ protocol on HAProxy so that it can parse PROXY protocol headers to
+ obtain the original client IP. This avoids hairpin connection
+ failures.
+
+ The following values are valid for this field:
+
+ * "TCP".
+ * "PROXY".
+
+ When omitted, this means the user has no opinion and the value is
+ left to the platform to choose a reasonable default, which is subject to
+ change over time. The current default is "PROXY".
+
+ Note that changing this field may cause brief connection failures
+ during the transition as the NLB attribute change and router rollout
+ occur independently.
+ enum:
+ - TCP
+ - PROXY
+ type: string
subnets:
description: |-
subnets specifies the subnets to which the load balancer will
@@ -1993,8 +2025,11 @@ spec:
custom:
description: |-
custom is a user-defined TLS security profile. Be extremely careful using a custom
- profile as invalid configurations can be catastrophic. An example custom profile
- looks like this:
+ profile as invalid configurations can be catastrophic.
+
+ The supported groups list for this profile is empty by default.
+
+ An example custom profile looks like this:
minTLSVersion: VersionTLS11
ciphers:
@@ -2019,6 +2054,46 @@ spec:
type: string
type: array
x-kubernetes-list-type: atomic
+ groups:
+ description: |-
+ groups is an optional, ordered field used to specify the supported groups (formerly known as
+ elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ a suggested preference, with the most preferred group first. Note that not all platform
+ components honor the ordering: Go-based components use Go's internal preference order and
+ treat this list as a filter of allowed groups rather than an ordered preference.
+ Operators may remove entries their operands do not support.
+
+ When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ subject to change over time and may be different per platform component depending on the underlying TLS
+ libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ and each group must be unique.
+
+ For example, to use X25519 and secp256r1 (yaml):
+
+ groups:
+ - X25519
+ - secp256r1
+ items:
+ description: |-
+ TLSGroup is a supported group identifier that can be used in TLSProfile.Groups.
+ There is a one-to-one mapping between these names and the group IDs defined
+ in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry:
+ https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
+ enum:
+ - X25519
+ - secp256r1
+ - secp384r1
+ - secp521r1
+ - X25519MLKEM768
+ - SecP256r1MLKEM768
+ - SecP384r1MLKEM1024
+ type: string
+ maxItems: 7
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
minTLSVersion:
description: |-
minTLSVersion is used to specify the minimal version of the TLS protocol
@@ -2039,6 +2114,10 @@ spec:
legacy clients and want to remain highly secure while being compatible with
most clients currently in use.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS12
ciphers:
@@ -2057,7 +2136,9 @@ spec:
description: |-
modern is a TLS security profile for use with clients that support TLS 1.3 and
do not need backward compatibility for older clients.
-
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS13
ciphers:
@@ -2071,6 +2152,10 @@ spec:
old is a TLS profile for use when services need to be accessed by very old
clients or libraries and should be used only as a last resort.
+ The supported groups list includes by default the following groups
+ in suggested preference order (ordering may not be honored by all implementations):
+ X25519MLKEM768, X25519, secp256r1, secp384r1.
+
This profile is equivalent to a Custom profile specified as:
minTLSVersion: VersionTLS10
ciphers:
@@ -2087,11 +2172,14 @@ spec:
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
+ - AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
@@ -2102,10 +2190,16 @@ spec:
type is one of Old, Intermediate, Modern or Custom. Custom provides the
ability to specify individual TLS security profile parameters.
- The profiles are based on version 5.7 of the Mozilla Server Side TLS
- configuration guidelines. The cipher lists consist of the configuration's
- "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ The cipher and groups lists in these profiles are based on version 5.8 of the
+ Mozilla Server Side TLS configuration guidelines.
+ See: https://ssl-config.mozilla.org/guidelines/5.8.json
+
+ The groups are listed in suggested preference order, with the most preferred group first.
+ Note that not all platform components honor the ordering: Go-based components use Go's
+ internal preference order and treat this list as a filter of allowed groups rather than
+ an ordered preference.
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
The profiles are intent based, so they may change over time as new ciphers are
developed and existing ciphers are found to be insecure. Depending on
@@ -2118,17 +2212,6 @@ spec:
type: string
type: object
tuningOptions:
- anyOf:
- - properties:
- maxConnections:
- enum:
- - -1
- - 0
- - properties:
- maxConnections:
- format: int32
- maximum: 2000000
- minimum: 2000
description: |-
tuningOptions defines parameters for adjusting the performance of
ingress controller pods. All fields are optional and will use their
@@ -2341,6 +2424,9 @@ spec:
'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'.
format: int32
type: integer
+ x-kubernetes-validations:
+ - message: maxConnections must be 0, -1, or between 2000 and 2000000
+ rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000)
reloadInterval:
description: |-
reloadInterval defines the minimum interval at which the router is allowed to reload
@@ -2784,6 +2870,38 @@ spec:
x-kubernetes-validations:
- message: eipAllocations cannot contain duplicates
rule: self.all(x, self.exists_one(y, x == y))
+ protocol:
+ description: |-
+ protocol specifies whether the Network Load Balancer uses PROXY
+ protocol to forward connections to the IngressController.
+
+ When set to "TCP", the NLB uses AWS's native client IP preservation.
+ This may cause hairpin connection failures for internal load
+ balancers when connections are made from pods to router pods on
+ the same node.
+
+ When set to "PROXY", the NLB disables native client IP preservation
+ and uses PROXY protocol v2. The IngressController enables PROXY
+ protocol on HAProxy so that it can parse PROXY protocol headers to
+ obtain the original client IP. This avoids hairpin connection
+ failures.
+
+ The following values are valid for this field:
+
+ * "TCP".
+ * "PROXY".
+
+ When omitted, this means the user has no opinion and the value is
+ left to the platform to choose a reasonable default, which is subject to
+ change over time. The current default is "PROXY".
+
+ Note that changing this field may cause brief connection failures
+ during the transition as the NLB attribute change and router rollout
+ occur independently.
+ enum:
+ - TCP
+ - PROXY
+ type: string
subnets:
description: |-
subnets specifies the subnets to which the load balancer will
@@ -3286,6 +3404,46 @@ spec:
type: string
type: array
x-kubernetes-list-type: atomic
+ groups:
+ description: |-
+ groups is an optional, ordered field used to specify the supported groups (formerly known as
+ elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ a suggested preference, with the most preferred group first. Note that not all platform
+ components honor the ordering: Go-based components use Go's internal preference order and
+ treat this list as a filter of allowed groups rather than an ordered preference.
+ Operators may remove entries their operands do not support.
+
+ When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ subject to change over time and may be different per platform component depending on the underlying TLS
+ libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ and each group must be unique.
+
+ For example, to use X25519 and secp256r1 (yaml):
+
+ groups:
+ - X25519
+ - secp256r1
+ items:
+ description: |-
+ TLSGroup is a supported group identifier that can be used in TLSProfile.Groups.
+ There is a one-to-one mapping between these names and the group IDs defined
+ in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry:
+ https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ FIPS-approved and should be ignored by components running in FIPS mode.
+ enum:
+ - X25519
+ - secp256r1
+ - secp384r1
+ - secp521r1
+ - X25519MLKEM768
+ - SecP256r1MLKEM768
+ - SecP384r1MLKEM1024
+ type: string
+ maxItems: 7
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
minTLSVersion:
description: |-
minTLSVersion is used to specify the minimal version of the TLS protocol
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go
index 3d3c8f4f8..0a6726b19 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go
@@ -338,7 +338,7 @@ func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AuthenticationStatus) DeepCopyInto(out *AuthenticationStatus) {
*out = *in
- out.OAuthAPIServer = in.OAuthAPIServer
+ in.OAuthAPIServer.DeepCopyInto(&out.OAuthAPIServer)
in.OperatorStatus.DeepCopyInto(&out.OperatorStatus)
return
}
@@ -469,6 +469,7 @@ func (in *CSIDriverConfigSpec) DeepCopyInto(out *CSIDriverConfigSpec) {
*out = new(VSphereCSIDriverConfigSpec)
(*in).DeepCopyInto(*out)
}
+ in.SecretsStore.DeepCopyInto(&out.SecretsStore)
return
}
@@ -1180,6 +1181,22 @@ func (in *ContainerLoggingDestinationParameters) DeepCopy() *ContainerLoggingDes
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CustomSecretRotation) DeepCopyInto(out *CustomSecretRotation) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomSecretRotation.
+func (in *CustomSecretRotation) DeepCopy() *CustomSecretRotation {
+ if in == nil {
+ return nil
+ }
+ out := new(CustomSecretRotation)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DNS) DeepCopyInto(out *DNS) {
*out = *in
@@ -2749,6 +2766,46 @@ func (in *IrreconcilableValidationOverrides) DeepCopy() *IrreconcilableValidatio
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KMSEncryptionStatus) DeepCopyInto(out *KMSEncryptionStatus) {
+ *out = *in
+ if in.HealthReports != nil {
+ in, out := &in.HealthReports, &out.HealthReports
+ *out = make([]KMSPluginHealthReport, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSEncryptionStatus.
+func (in *KMSEncryptionStatus) DeepCopy() *KMSEncryptionStatus {
+ if in == nil {
+ return nil
+ }
+ out := new(KMSEncryptionStatus)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KMSPluginHealthReport) DeepCopyInto(out *KMSPluginHealthReport) {
+ *out = *in
+ in.LastCheckedTime.DeepCopyInto(&out.LastCheckedTime)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSPluginHealthReport.
+func (in *KMSPluginHealthReport) DeepCopy() *KMSPluginHealthReport {
+ if in == nil {
+ return nil
+ }
+ out := new(KMSPluginHealthReport)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *KubeAPIServer) DeepCopyInto(out *KubeAPIServer) {
*out = *in
@@ -2838,6 +2895,7 @@ func (in *KubeAPIServerStatus) DeepCopyInto(out *KubeAPIServerStatus) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
+ in.EncryptionStatus.DeepCopyInto(&out.EncryptionStatus)
return
}
@@ -3432,6 +3490,33 @@ func (in *ManagedBootImages) DeepCopy() *ManagedBootImages {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManagedTokenRequests) DeepCopyInto(out *ManagedTokenRequests) {
+ *out = *in
+ if in.Audiences != nil {
+ in, out := &in.Audiences, &out.Audiences
+ *out = new([]SecretsStoreTokenRequest)
+ if **in != nil {
+ in, out := *in, *out
+ *out = make([]SecretsStoreTokenRequest, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedTokenRequests.
+func (in *ManagedTokenRequests) DeepCopy() *ManagedTokenRequests {
+ if in == nil {
+ return nil
+ }
+ out := new(ManagedTokenRequests)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *MyOperatorResource) DeepCopyInto(out *MyOperatorResource) {
*out = *in
@@ -4038,6 +4123,7 @@ func (in *NodeStatus) DeepCopy() *NodeStatus {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OAuthAPIServerStatus) DeepCopyInto(out *OAuthAPIServerStatus) {
*out = *in
+ in.EncryptionStatus.DeepCopyInto(&out.EncryptionStatus)
return
}
@@ -4287,6 +4373,7 @@ func (in *OpenShiftAPIServerSpec) DeepCopy() *OpenShiftAPIServerSpec {
func (in *OpenShiftAPIServerStatus) DeepCopyInto(out *OpenShiftAPIServerStatus) {
*out = *in
in.OperatorStatus.DeepCopyInto(&out.OperatorStatus)
+ in.EncryptionStatus.DeepCopyInto(&out.EncryptionStatus)
return
}
@@ -4869,6 +4956,79 @@ func (in *SFlowConfig) DeepCopy() *SFlowConfig {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SecretsStoreCSIDriverConfigSpec) DeepCopyInto(out *SecretsStoreCSIDriverConfigSpec) {
+ *out = *in
+ out.SecretRotation = in.SecretRotation
+ in.TokenRequests.DeepCopyInto(&out.TokenRequests)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreCSIDriverConfigSpec.
+func (in *SecretsStoreCSIDriverConfigSpec) DeepCopy() *SecretsStoreCSIDriverConfigSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(SecretsStoreCSIDriverConfigSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SecretsStoreSecretRotation) DeepCopyInto(out *SecretsStoreSecretRotation) {
+ *out = *in
+ out.Custom = in.Custom
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreSecretRotation.
+func (in *SecretsStoreSecretRotation) DeepCopy() *SecretsStoreSecretRotation {
+ if in == nil {
+ return nil
+ }
+ out := new(SecretsStoreSecretRotation)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SecretsStoreTokenRequest) DeepCopyInto(out *SecretsStoreTokenRequest) {
+ *out = *in
+ if in.Audience != nil {
+ in, out := &in.Audience, &out.Audience
+ *out = new(string)
+ **out = **in
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreTokenRequest.
+func (in *SecretsStoreTokenRequest) DeepCopy() *SecretsStoreTokenRequest {
+ if in == nil {
+ return nil
+ }
+ out := new(SecretsStoreTokenRequest)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SecretsStoreTokenRequests) DeepCopyInto(out *SecretsStoreTokenRequests) {
+ *out = *in
+ in.Managed.DeepCopyInto(&out.Managed)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreTokenRequests.
+func (in *SecretsStoreTokenRequests) DeepCopy() *SecretsStoreTokenRequests {
+ if in == nil {
+ return nil
+ }
+ out := new(SecretsStoreTokenRequests)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Server) DeepCopyInto(out *Server) {
*out = *in
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml
index aaf097290..9edb02ec6 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml
@@ -5,7 +5,8 @@ authentications.operator.openshift.io:
CRDName: authentications.operator.openshift.io
Capability: ""
Category: ""
- FeatureGates: []
+ FeatureGates:
+ - KMSEncryption
FilenameOperatorName: authentication
FilenameOperatorOrdering: "01"
FilenameRunLevel: "0000_50"
@@ -178,6 +179,7 @@ ingresscontrollers.operator.openshift.io:
Category: ""
FeatureGates:
- IngressControllerDynamicConfigurationManager
+ - TLSGroupPreferences
FilenameOperatorName: ingress
FilenameOperatorOrdering: "00"
FilenameRunLevel: "0000_50"
@@ -221,6 +223,7 @@ kubeapiservers.operator.openshift.io:
Category: coreoperators
FeatureGates:
- EventTTL
+ - KMSEncryption
FilenameOperatorName: kube-apiserver
FilenameOperatorOrdering: "01"
FilenameRunLevel: "0000_20"
@@ -375,7 +378,8 @@ openshiftapiservers.operator.openshift.io:
CRDName: openshiftapiservers.operator.openshift.io
Capability: ""
Category: coreoperators
- FeatureGates: []
+ FeatureGates:
+ - KMSEncryption
FilenameOperatorName: openshift-apiserver
FilenameOperatorOrdering: "01"
FilenameRunLevel: "0000_30"
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..c6a047d2c
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go
@@ -0,0 +1,1226 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSCSIDriverConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSClassicLoadBalancerParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSEFSVolumeMetrics) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSEFSVolumeMetricsRecursiveWalkConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSLoadBalancerParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AWSLoadBalancerParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSNetworkLoadBalancerParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AWSSubnets) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AWSSubnets"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AccessLogging) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AccessLogging"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AddPage) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AddPage"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AdditionalNetworkDefinition) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AdditionalNetworkDefinition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AdditionalRoutingCapabilities) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Authentication) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Authentication"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AuthenticationList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AuthenticationList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AuthenticationSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AuthenticationSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AuthenticationStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AuthenticationStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureCSIDriverConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AzureDiskEncryptionSet) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.AzureDiskEncryptionSet"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BGPManagedConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.BGPManagedConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BootImageSkewEnforcementConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BootImageSkewEnforcementStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CSIDriverConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CSIDriverConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CSISnapshotController) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CSISnapshotController"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CSISnapshotControllerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CSISnapshotControllerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CSISnapshotControllerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CSISnapshotControllerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CSISnapshotControllerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CSISnapshotControllerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Capability) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Capability"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CapabilityVisibility) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CapabilityVisibility"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClientTLS) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ClientTLS"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudCredential) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CloudCredential"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudCredentialList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CloudCredentialList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudCredentialSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CloudCredentialSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CloudCredentialStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CloudCredentialStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterBootImageAutomatic) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ClusterBootImageAutomatic"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterBootImageManual) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ClusterBootImageManual"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterCSIDriver) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ClusterCSIDriver"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterCSIDriverList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ClusterCSIDriverList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterCSIDriverSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ClusterCSIDriverSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterCSIDriverStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ClusterCSIDriverStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterNetworkEntry) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ClusterNetworkEntry"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Config) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Config"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigMapFileReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ConfigMapFileReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ConfigStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Console) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Console"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleConfigRoute) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ConsoleConfigRoute"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleCustomization) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ConsoleCustomization"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ConsoleList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleProviders) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ConsoleProviders"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ConsoleSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConsoleStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ConsoleStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ContainerLoggingDestinationParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in CustomSecretRotation) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.CustomSecretRotation"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNS) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DNS"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSCache) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DNSCache"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DNSList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSNodePlacement) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DNSNodePlacement"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSOverTLSConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DNSOverTLSConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DNSSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DNSStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DNSTransportConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DNSTransportConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DefaultNetworkDefinition) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DefaultNetworkDefinition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeveloperConsoleCatalogCategory) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeveloperConsoleCatalogCategoryMeta) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeveloperConsoleCatalogCustomization) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DeveloperConsoleCatalogTypes) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EgressIPConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.EgressIPConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EndpointPublishingStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.EndpointPublishingStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Etcd) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Etcd"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.EtcdList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.EtcdSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.EtcdStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ExportNetworkFlows) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ExportNetworkFlows"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FeaturesMigration) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.FeaturesMigration"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FileReferenceSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.FileReferenceSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ForwardPlugin) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ForwardPlugin"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPCSIDriverConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPKMSKeyReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.GCPKMSKeyReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GCPLoadBalancerParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.GCPLoadBalancerParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GatewayConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.GatewayConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GatherStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.GatherStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GathererStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.GathererStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GenerationStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.GenerationStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HTTPCompressionPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.HTTPCompressionPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HealthCheck) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.HealthCheck"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HostNetworkStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.HostNetworkStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HybridOverlayConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.HybridOverlayConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IBMCloudCSIDriverConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IBMLoadBalancerParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IBMLoadBalancerParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IPAMConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IPAMConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IPFIXConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IPFIXConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IPsecConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IPsecConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IPsecFullModeConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IPsecFullModeConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IPv4GatewayConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IPv4GatewayConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IPv4OVNKubernetesConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IPv6GatewayConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IPv6GatewayConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IPv6OVNKubernetesConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Ingress) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Ingress"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressController) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressController"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerCaptureHTTPCookie) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerCaptureHTTPCookieUnion) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookieUnion"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerCaptureHTTPHeader) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerCaptureHTTPHeaders) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerHTTPHeader) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerHTTPHeader"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerHTTPHeaderActionUnion) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerHTTPHeaderActions) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerHTTPHeaders) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerHTTPUniqueIdHeaderPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerLogging) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerLogging"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerSetHTTPHeader) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IngressControllerTuningOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IngressControllerTuningOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsOperator) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.InsightsOperator"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsOperatorList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.InsightsOperatorList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsOperatorSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.InsightsOperatorSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsOperatorStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.InsightsOperatorStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in InsightsReport) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.InsightsReport"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IrreconcilableValidationOverrides) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KMSEncryptionStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KMSEncryptionStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KMSPluginHealthReport) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KMSPluginHealthReport"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeAPIServer) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeAPIServer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeAPIServerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeAPIServerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeAPIServerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeAPIServerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeAPIServerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeAPIServerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeControllerManager) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeControllerManager"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeControllerManagerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeControllerManagerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeControllerManagerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeControllerManagerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeControllerManagerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeControllerManagerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeScheduler) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeScheduler"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeSchedulerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeSchedulerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeSchedulerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeSchedulerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeSchedulerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeSchedulerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeStorageVersionMigrator) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeStorageVersionMigrator"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeStorageVersionMigratorList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeStorageVersionMigratorSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KubeStorageVersionMigratorStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LoadBalancerStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.LoadBalancerStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LoggingDestination) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.LoggingDestination"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Logo) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Logo"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MTUMigration) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MTUMigration"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MTUMigrationValues) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MTUMigrationValues"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineConfiguration) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MachineConfiguration"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineConfigurationList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MachineConfigurationList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineConfigurationSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MachineConfigurationSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineConfigurationStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MachineConfigurationStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineManager) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MachineManager"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MachineManagerSelector) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MachineManagerSelector"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ManagedBootImages) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ManagedBootImages"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ManagedTokenRequests) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ManagedTokenRequests"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MyOperatorResource) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MyOperatorResource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MyOperatorResourceSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MyOperatorResourceSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in MyOperatorResourceStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.MyOperatorResourceStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetFlowConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NetFlowConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Network) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Network"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NetworkList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkMigration) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NetworkMigration"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NetworkSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NetworkStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NetworkStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NoOverlayConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NoOverlayConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicyClusterStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicySpecAction) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicySpecFile) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicySpecSSHKey) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicySpecUnit) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicyStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicyStatusAction) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicyStatusFile) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicyStatusSSHKey) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeDisruptionPolicyStatusUnit) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodePlacement) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodePlacement"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodePortStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodePortStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.NodeStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthAPIServerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OAuthAPIServerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OLM) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OLM"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OLMList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OLMList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OLMSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OLMSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OLMStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OLMStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OVNKubernetesConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OVNKubernetesConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftAPIServer) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OpenShiftAPIServer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftAPIServerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OpenShiftAPIServerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftAPIServerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftAPIServerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftControllerManager) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OpenShiftControllerManager"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftControllerManagerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OpenShiftControllerManagerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftControllerManagerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftControllerManagerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenShiftSDNConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OpenShiftSDNConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenStackLoadBalancerParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperatorCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OperatorCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperatorSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OperatorSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperatorStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.OperatorStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PartialSelector) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.PartialSelector"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Perspective) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Perspective"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PerspectiveVisibility) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.PerspectiveVisibility"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PinnedResourceReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.PinnedResourceReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PolicyAuditConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.PolicyAuditConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PrivateStrategy) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.PrivateStrategy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectAccess) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ProjectAccess"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProviderLoadBalancerParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProxyConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ProxyConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in QuickStarts) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.QuickStarts"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ReloadService) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ReloadService"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ResourceAttributesAccessReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ResourceAttributesAccessReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RestartService) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.RestartService"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteAdmissionPolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.RouteAdmissionPolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SFlowConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.SFlowConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecretsStoreCSIDriverConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.SecretsStoreCSIDriverConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecretsStoreSecretRotation) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.SecretsStoreSecretRotation"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecretsStoreTokenRequest) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.SecretsStoreTokenRequest"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecretsStoreTokenRequests) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.SecretsStoreTokenRequests"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Server) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Server"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceAccountIssuerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCA) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCA"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCAList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCAList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCASpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCASpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCAStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCAStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCatalogAPIServer) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCatalogAPIServer"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCatalogAPIServerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCatalogAPIServerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCatalogAPIServerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCatalogControllerManager) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCatalogControllerManager"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCatalogControllerManagerList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCatalogControllerManagerSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCatalogControllerManagerStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SimpleMacvlanConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.SimpleMacvlanConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StaticIPAMAddresses) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.StaticIPAMAddresses"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StaticIPAMConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.StaticIPAMConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StaticIPAMDNS) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.StaticIPAMDNS"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StaticIPAMRoutes) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.StaticIPAMRoutes"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StaticPodOperatorSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.StaticPodOperatorSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StaticPodOperatorStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.StaticPodOperatorStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StatuspageProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.StatuspageProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Storage) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Storage"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StorageList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.StorageList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StorageSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.StorageSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StorageStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.StorageStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SyslogLoggingDestinationParameters) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Theme) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Theme"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Upstream) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.Upstream"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UpstreamResolvers) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.UpstreamResolvers"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VSphereCSIDriverConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec"
+}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go
index c3ed72602..a79189ffc 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go
@@ -137,6 +137,7 @@ func (AuthenticationStatus) SwaggerDoc() map[string]string {
var map_OAuthAPIServerStatus = map[string]string{
"latestAvailableRevision": "latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.",
+ "encryptionStatus": "encryptionStatus contains status reports for the KMS plugin health and its key rotation.",
}
func (OAuthAPIServerStatus) SwaggerDoc() map[string]string {
@@ -515,13 +516,14 @@ func (AzureDiskEncryptionSet) SwaggerDoc() map[string]string {
}
var map_CSIDriverConfigSpec = map[string]string{
- "": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.",
- "driverType": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.",
- "aws": "aws is used to configure the AWS CSI driver.",
- "azure": "azure is used to configure the Azure CSI driver.",
- "gcp": "gcp is used to configure the GCP CSI driver.",
- "ibmcloud": "ibmcloud is used to configure the IBM Cloud CSI driver.",
- "vSphere": "vSphere is used to configure the vsphere CSI driver.",
+ "": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.",
+ "driverType": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted. Consumers should treat unknown values as a NO-OP.",
+ "aws": "aws is used to configure the AWS CSI driver.",
+ "azure": "azure is used to configure the Azure CSI driver.",
+ "gcp": "gcp is used to configure the GCP CSI driver.",
+ "ibmcloud": "ibmcloud is used to configure the IBM Cloud CSI driver.",
+ "vSphere": "vSphere is used to configure the vsphere CSI driver.",
+ "secretsStore": "secretsStore is used to configure the Secrets Store CSI driver.",
}
func (CSIDriverConfigSpec) SwaggerDoc() map[string]string {
@@ -566,6 +568,15 @@ func (ClusterCSIDriverStatus) SwaggerDoc() map[string]string {
return map_ClusterCSIDriverStatus
}
+var map_CustomSecretRotation = map[string]string{
+ "": "CustomSecretRotation holds configuration for custom secret rotation behavior.",
+ "rotationPollIntervalSeconds": "rotationPollIntervalSeconds is the minimum time in seconds between secret rotation attempts. The driver skips provider calls if less than this interval has elapsed since the last successful rotation. Must be at least 1 second and no more than 31560000 seconds (~1 year). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.",
+}
+
+func (CustomSecretRotation) SwaggerDoc() map[string]string {
+ return map_CustomSecretRotation
+}
+
var map_GCPCSIDriverConfigSpec = map[string]string{
"": "GCPCSIDriverConfigSpec defines properties that can be configured for the GCP CSI driver.",
"kmsKey": "kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.",
@@ -596,6 +607,55 @@ func (IBMCloudCSIDriverConfigSpec) SwaggerDoc() map[string]string {
return map_IBMCloudCSIDriverConfigSpec
}
+var map_ManagedTokenRequests = map[string]string{
+ "": "ManagedTokenRequests holds the configuration for operator-managed service account token requests.",
+ "audiences": "audiences specifies service account token audiences that kubelet will provide to the CSI driver during NodePublishVolume calls. These tokens enable workload identity federation (WIF) with cloud providers such as AWS, Azure, and GCP. When empty, the operator clears all tokenRequests from the CSIDriver object.",
+}
+
+func (ManagedTokenRequests) SwaggerDoc() map[string]string {
+ return map_ManagedTokenRequests
+}
+
+var map_SecretsStoreCSIDriverConfigSpec = map[string]string{
+ "": "SecretsStoreCSIDriverConfigSpec defines properties that can be configured for the Secrets Store CSI driver.",
+ "secretRotation": "secretRotation controls automatic secret rotation behavior. When omitted, secret rotation is enabled with a default poll interval of 2 minutes.",
+ "tokenRequests": "tokenRequests controls service account token configuration for workload identity federation (WIF) with cloud providers. When omitted, the operator preserves any existing tokenRequests already configured on the CSIDriver object without modification.",
+}
+
+func (SecretsStoreCSIDriverConfigSpec) SwaggerDoc() map[string]string {
+ return map_SecretsStoreCSIDriverConfigSpec
+}
+
+var map_SecretsStoreSecretRotation = map[string]string{
+ "": "SecretsStoreSecretRotation configures the automatic secret rotation behavior for the Secrets Store CSI driver.",
+ "type": "type determines the secret rotation behavior. When \"None\", secret rotation is disabled and secrets are only fetched at initial pod mount time. When \"Custom\", secret rotation is enabled with the configuration specified in the custom field.",
+ "custom": "custom holds the custom rotation configuration. Only valid when type is \"Custom\".",
+}
+
+func (SecretsStoreSecretRotation) SwaggerDoc() map[string]string {
+ return map_SecretsStoreSecretRotation
+}
+
+var map_SecretsStoreTokenRequest = map[string]string{
+ "": "SecretsStoreTokenRequest specifies a service account token audience configuration for workload identity federation (WIF) with the Secrets Store CSI driver.",
+ "audience": "audience is the intended audience of the service account token. An empty string means the issued token will use the kube-apiserver's default APIAudiences.",
+ "expirationSeconds": "expirationSeconds is the requested duration of validity of the service account token. The token issuer may return a token with a different validity duration. When omitted, the token expiration is determined by the kube-apiserver. Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).",
+}
+
+func (SecretsStoreTokenRequest) SwaggerDoc() map[string]string {
+ return map_SecretsStoreTokenRequest
+}
+
+var map_SecretsStoreTokenRequests = map[string]string{
+ "": "SecretsStoreTokenRequests configures how service account tokens are provided to the Secrets Store CSI driver for workload identity federation.",
+ "type": "type determines how the operator manages tokenRequests on the CSIDriver object. When \"Unmanaged\", existing tokenRequests on the CSIDriver are preserved and the managed field is not used. When \"Managed\", the operator sets tokenRequests from the audiences specified in the managed field, replacing any previously configured values. Once set to \"Managed\", type cannot be reverted back to \"Unmanaged\".",
+ "managed": "managed holds configuration for operator-managed tokenRequests. Only valid when type is \"Managed\".",
+}
+
+func (SecretsStoreTokenRequests) SwaggerDoc() map[string]string {
+ return map_SecretsStoreTokenRequests
+}
+
var map_VSphereCSIDriverConfigSpec = map[string]string{
"": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.",
"topologyCategories": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.",
@@ -798,7 +858,7 @@ func (EtcdList) SwaggerDoc() map[string]string {
var map_EtcdSpec = map[string]string{
"controlPlaneHardwareSpeed": "HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.",
- "backendQuotaGiB": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 32. When not specified, the default value is 8.",
+ "backendQuotaGiB": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 16. When not specified, the default value is 8.",
}
func (EtcdSpec) SwaggerDoc() map[string]string {
@@ -830,6 +890,7 @@ var map_AWSNetworkLoadBalancerParameters = map[string]string{
"": "AWSNetworkLoadBalancerParameters holds configuration parameters for an AWS Network load balancer. For Example: Setting AWS EIPs https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html",
"subnets": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.",
"eipAllocations": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply:\n\neipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.",
+ "protocol": "protocol specifies whether the Network Load Balancer uses PROXY protocol to forward connections to the IngressController.\n\nWhen set to \"TCP\", the NLB uses AWS's native client IP preservation. This may cause hairpin connection failures for internal load balancers when connections are made from pods to router pods on the same node.\n\nWhen set to \"PROXY\", the NLB disables native client IP preservation and uses PROXY protocol v2. The IngressController enables PROXY protocol on HAProxy so that it can parse PROXY protocol headers to obtain the original client IP. This avoids hairpin connection failures.\n\nThe following values are valid for this field:\n\n* \"TCP\". * \"PROXY\".\n\nWhen omitted, this means the user has no opinion and the value is left to the platform to choose a reasonable default, which is subject to change over time. The current default is \"PROXY\".\n\nNote that changing this field may cause brief connection failures during the transition as the NLB attribute change and router rollout occur independently.",
}
func (AWSNetworkLoadBalancerParameters) SwaggerDoc() map[string]string {
@@ -1296,6 +1357,27 @@ func (InsightsReport) SwaggerDoc() map[string]string {
return map_InsightsReport
}
+var map_KMSEncryptionStatus = map[string]string{
+ "healthReports": "healthReports contains all KMS plugin health reports. When omitted, no health reports are available. Each entry must have a unique combination of nodeName and keyId.",
+}
+
+func (KMSEncryptionStatus) SwaggerDoc() map[string]string {
+ return map_KMSEncryptionStatus
+}
+
+var map_KMSPluginHealthReport = map[string]string{
+ "nodeName": "nodeName is the name of the node this instance of the plugin runs on. The combination of nodeName and keyId makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.",
+ "keyId": "keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters.",
+ "status": "status contains a health indicator for the respective KMS plugin The field can have three states: healthy, unhealthy, error. With error and unhealthy containing additional information in Detail.",
+ "lastCheckedTime": "lastCheckedTime is a timestamp of when the probe was last checked.",
+ "kekId": "kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. This is not a cryptographic key, but a unique representation of the KEK. The value must be between 1 and 1024 characters.",
+ "detail": "detail contains additional error/health information for the respective KMS plugin. When omitted, no additional error or health information is provided. When set, the value must be between 1 and 1024 characters.",
+}
+
+func (KMSPluginHealthReport) SwaggerDoc() map[string]string {
+ return map_KMSPluginHealthReport
+}
+
var map_KubeAPIServer = map[string]string{
"": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
"metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
@@ -1327,6 +1409,7 @@ func (KubeAPIServerSpec) SwaggerDoc() map[string]string {
var map_KubeAPIServerStatus = map[string]string{
"serviceAccountIssuers": "serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection",
+ "encryptionStatus": "encryptionStatus contains status reports for the KMS plugin health and its key rotation.",
}
func (KubeAPIServerStatus) SwaggerDoc() map[string]string {
@@ -2080,6 +2163,14 @@ func (OpenShiftAPIServerList) SwaggerDoc() map[string]string {
return map_OpenShiftAPIServerList
}
+var map_OpenShiftAPIServerStatus = map[string]string{
+ "encryptionStatus": "encryptionStatus contains status reports for the KMS plugin health and its key rotation.",
+}
+
+func (OpenShiftAPIServerStatus) SwaggerDoc() map[string]string {
+ return map_OpenShiftAPIServerStatus
+}
+
var map_OpenShiftControllerManager = map[string]string{
"": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
"metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/doc.go b/vendor/github.com/openshift/api/operator/v1alpha1/doc.go
index 9d1871953..6a48bca3d 100644
--- a/vendor/github.com/openshift/api/operator/v1alpha1/doc.go
+++ b/vendor/github.com/openshift/api/operator/v1alpha1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.operator.v1alpha1
// +groupName=operator.openshift.io
package v1alpha1
diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.model_name.go
new file mode 100644
index 000000000..e3fe9897d
--- /dev/null
+++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.model_name.go
@@ -0,0 +1,191 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1alpha1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BackupJobReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.BackupJobReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterAPI) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterAPI"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterAPIInstallerComponent) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterAPIInstallerComponentImage) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterAPIInstallerComponentSource) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentSource"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterAPIInstallerRevision) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterAPIInstallerRevisionManifestSubstitution) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevisionManifestSubstitution"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterAPIList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterAPIList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterAPISpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterAPISpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterAPIStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterVersionOperator) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterVersionOperatorList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterVersionOperatorSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterVersionOperatorStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DelegatedAuthentication) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.DelegatedAuthentication"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DelegatedAuthorization) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.DelegatedAuthorization"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdBackup) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.EtcdBackup"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdBackupList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.EtcdBackupList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdBackupSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in EtcdBackupStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GenerationHistory) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.GenerationHistory"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GenericOperatorConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.GenericOperatorConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageContentSourcePolicy) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageContentSourcePolicyList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicyList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ImageContentSourcePolicySpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LoggingConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.LoggingConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in NodeStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.NodeStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OLM) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.OLM"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OLMList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.OLMList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OLMSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.OLMSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OLMStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.OLMStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperatorCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.OperatorCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperatorSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.OperatorSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OperatorStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.OperatorStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RepositoryDigestMirrors) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in StaticPodOperatorStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.StaticPodOperatorStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in VersionAvailability) OpenAPIModelName() string {
+ return "com.github.openshift.api.operator.v1alpha1.VersionAvailability"
+}
diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go
index 73f55856a..302abb354 100644
--- a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go
+++ b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.operatorcontrolplane.v1alpha1
// +kubebuilder:validation:Optional
// +groupName=controlplane.operator.openshift.io
diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.model_name.go
new file mode 100644
index 000000000..87f0d3b3c
--- /dev/null
+++ b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.model_name.go
@@ -0,0 +1,41 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1alpha1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LogEntry) OpenAPIModelName() string {
+ return "com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OutageEntry) OpenAPIModelName() string {
+ return "com.github.openshift.api.operatorcontrolplane.v1alpha1.OutageEntry"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodNetworkConnectivityCheck) OpenAPIModelName() string {
+ return "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheck"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodNetworkConnectivityCheckCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodNetworkConnectivityCheckList) OpenAPIModelName() string {
+ return "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodNetworkConnectivityCheckSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodNetworkConnectivityCheckStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckStatus"
+}
diff --git a/vendor/github.com/openshift/api/osin/v1/doc.go b/vendor/github.com/openshift/api/osin/v1/doc.go
index b74dfc48a..970c856a3 100644
--- a/vendor/github.com/openshift/api/osin/v1/doc.go
+++ b/vendor/github.com/openshift/api/osin/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.osin.v1
// +groupName=osin.config.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/osin/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/osin/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..1ac7911e2
--- /dev/null
+++ b/vendor/github.com/openshift/api/osin/v1/zz_generated.model_name.go
@@ -0,0 +1,121 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AllowAllPasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.AllowAllPasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BasicAuthPasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.BasicAuthPasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in DenyAllPasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.DenyAllPasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitHubIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.GitHubIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GitLabIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.GitLabIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GoogleIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.GoogleIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GrantConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.GrantConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in HTPasswdPasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.HTPasswdPasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.IdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in KeystonePasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.KeystonePasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LDAPAttributeMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.LDAPAttributeMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LDAPPasswordIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.LDAPPasswordIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.OAuthConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OAuthTemplates) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.OAuthTemplates"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenIDClaims) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.OpenIDClaims"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenIDIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.OpenIDIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OpenIDURLs) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.OpenIDURLs"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in OsinServerConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.OsinServerConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RequestHeaderIdentityProvider) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.RequestHeaderIdentityProvider"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SessionConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.SessionConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SessionSecret) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.SessionSecret"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SessionSecrets) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.SessionSecrets"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TokenConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.osin.v1.TokenConfig"
+}
diff --git a/vendor/github.com/openshift/api/project/v1/doc.go b/vendor/github.com/openshift/api/project/v1/doc.go
index 5bbd9d5ea..28e4a9985 100644
--- a/vendor/github.com/openshift/api/project/v1/doc.go
+++ b/vendor/github.com/openshift/api/project/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/project/apis/project
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.project.v1
// +groupName=project.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/project/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/project/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..0500036ae
--- /dev/null
+++ b/vendor/github.com/openshift/api/project/v1/zz_generated.model_name.go
@@ -0,0 +1,31 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Project) OpenAPIModelName() string {
+ return "com.github.openshift.api.project.v1.Project"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectList) OpenAPIModelName() string {
+ return "com.github.openshift.api.project.v1.ProjectList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectRequest) OpenAPIModelName() string {
+ return "com.github.openshift.api.project.v1.ProjectRequest"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.project.v1.ProjectSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ProjectStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.project.v1.ProjectStatus"
+}
diff --git a/vendor/github.com/openshift/api/quota/v1/doc.go b/vendor/github.com/openshift/api/quota/v1/doc.go
index ae5c9c2c7..6808c1a24 100644
--- a/vendor/github.com/openshift/api/quota/v1/doc.go
+++ b/vendor/github.com/openshift/api/quota/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/quota/apis/quota
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.quota.v1
// +groupName=quota.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/quota/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/quota/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..537360b60
--- /dev/null
+++ b/vendor/github.com/openshift/api/quota/v1/zz_generated.model_name.go
@@ -0,0 +1,46 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AppliedClusterResourceQuota) OpenAPIModelName() string {
+ return "com.github.openshift.api.quota.v1.AppliedClusterResourceQuota"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AppliedClusterResourceQuotaList) OpenAPIModelName() string {
+ return "com.github.openshift.api.quota.v1.AppliedClusterResourceQuotaList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterResourceQuota) OpenAPIModelName() string {
+ return "com.github.openshift.api.quota.v1.ClusterResourceQuota"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterResourceQuotaList) OpenAPIModelName() string {
+ return "com.github.openshift.api.quota.v1.ClusterResourceQuotaList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterResourceQuotaSelector) OpenAPIModelName() string {
+ return "com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterResourceQuotaSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ClusterResourceQuotaStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ResourceQuotaStatusByNamespace) OpenAPIModelName() string {
+ return "com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace"
+}
diff --git a/vendor/github.com/openshift/api/route/v1/doc.go b/vendor/github.com/openshift/api/route/v1/doc.go
index e56fbbd8d..1fb4d95d4 100644
--- a/vendor/github.com/openshift/api/route/v1/doc.go
+++ b/vendor/github.com/openshift/api/route/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/route/apis/route
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.route.v1
// +groupName=route.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/route/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..cbdd33762
--- /dev/null
+++ b/vendor/github.com/openshift/api/route/v1/zz_generated.model_name.go
@@ -0,0 +1,86 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in LocalObjectReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.LocalObjectReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Route) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.Route"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteHTTPHeader) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteHTTPHeader"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteHTTPHeaderActionUnion) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteHTTPHeaderActions) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteHTTPHeaderActions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteHTTPHeaders) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteHTTPHeaders"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteIngress) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteIngress"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteIngressCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteIngressCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteList) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RoutePort) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RoutePort"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteSetHTTPHeader) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteSetHTTPHeader"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouteTargetReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouteTargetReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RouterShard) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.RouterShard"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TLSConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.route.v1.TLSConfig"
+}
diff --git a/vendor/github.com/openshift/api/samples/v1/doc.go b/vendor/github.com/openshift/api/samples/v1/doc.go
index d63c96b77..3e392e7f6 100644
--- a/vendor/github.com/openshift/api/samples/v1/doc.go
+++ b/vendor/github.com/openshift/api/samples/v1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.samples.v1
// +groupName=samples.operator.openshift.io
// Package v1 ist he v1 version of the API.
diff --git a/vendor/github.com/openshift/api/samples/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/samples/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..bf37632ab
--- /dev/null
+++ b/vendor/github.com/openshift/api/samples/v1/zz_generated.model_name.go
@@ -0,0 +1,31 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Config) OpenAPIModelName() string {
+ return "com.github.openshift.api.samples.v1.Config"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.samples.v1.ConfigCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.samples.v1.ConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.samples.v1.ConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ConfigStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.samples.v1.ConfigStatus"
+}
diff --git a/vendor/github.com/openshift/api/security/v1/doc.go b/vendor/github.com/openshift/api/security/v1/doc.go
index 44fe37eb2..4379db030 100644
--- a/vendor/github.com/openshift/api/security/v1/doc.go
+++ b/vendor/github.com/openshift/api/security/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/security/apis/security
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.security.v1
// +groupName=security.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/security/v1/types.go b/vendor/github.com/openshift/api/security/v1/types.go
index a87590213..8972b0dd6 100644
--- a/vendor/github.com/openshift/api/security/v1/types.go
+++ b/vendor/github.com/openshift/api/security/v1/types.go
@@ -216,6 +216,7 @@ var (
FSTypeCSI FSType = "csi"
FSTypeEphemeral FSType = "ephemeral"
FSTypeImage FSType = "image"
+ FSTypeServiceAccountToken FSType = "serviceAccountToken"
FSTypeAll FSType = "*"
FSTypeNone FSType = "none"
)
diff --git a/vendor/github.com/openshift/api/security/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/security/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..74df1ce10
--- /dev/null
+++ b/vendor/github.com/openshift/api/security/v1/zz_generated.model_name.go
@@ -0,0 +1,101 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in AllowedFlexVolume) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.AllowedFlexVolume"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in FSGroupStrategyOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.FSGroupStrategyOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IDRange) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.IDRange"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodSecurityPolicyReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.PodSecurityPolicyReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodSecurityPolicyReviewSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodSecurityPolicyReviewStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodSecurityPolicySelfSubjectReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodSecurityPolicySelfSubjectReviewSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodSecurityPolicySubjectReview) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReview"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodSecurityPolicySubjectReviewSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in PodSecurityPolicySubjectReviewStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RangeAllocation) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.RangeAllocation"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RangeAllocationList) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.RangeAllocationList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in RunAsUserStrategyOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.RunAsUserStrategyOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SELinuxContextStrategyOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.SELinuxContextStrategyOptions"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecurityContextConstraints) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.SecurityContextConstraints"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SecurityContextConstraintsList) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.SecurityContextConstraintsList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceAccountPodSecurityPolicyReviewStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SupplementalGroupsStrategyOptions) OpenAPIModelName() string {
+ return "com.github.openshift.api.security.v1.SupplementalGroupsStrategyOptions"
+}
diff --git a/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/doc.go b/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/doc.go
index 6ce02bdb3..1f9da2552 100644
--- a/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/doc.go
+++ b/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.servicecertsigner.v1alpha1
// +groupName=servicecertsigner.config.openshift.io
package v1alpha1
diff --git a/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/zz_generated.model_name.go
new file mode 100644
index 000000000..446c48afe
--- /dev/null
+++ b/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/zz_generated.model_name.go
@@ -0,0 +1,26 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1alpha1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCertSignerOperatorConfig) OpenAPIModelName() string {
+ return "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfig"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCertSignerOperatorConfigList) OpenAPIModelName() string {
+ return "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCertSignerOperatorConfigSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in ServiceCertSignerOperatorConfigStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigStatus"
+}
diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/doc.go b/vendor/github.com/openshift/api/sharedresource/v1alpha1/doc.go
index 833dd7f12..3fa2207b8 100644
--- a/vendor/github.com/openshift/api/sharedresource/v1alpha1/doc.go
+++ b/vendor/github.com/openshift/api/sharedresource/v1alpha1/doc.go
@@ -1,6 +1,7 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.sharedresource.v1alpha1
// +groupName=sharedresource.openshift.io
// Package v1alplha1 is the v1alpha1 version of the API.
diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.model_name.go
new file mode 100644
index 000000000..d8c45a7ae
--- /dev/null
+++ b/vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.model_name.go
@@ -0,0 +1,56 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1alpha1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SharedConfigMap) OpenAPIModelName() string {
+ return "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMap"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SharedConfigMapList) OpenAPIModelName() string {
+ return "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SharedConfigMapReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SharedConfigMapSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SharedConfigMapStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SharedSecret) OpenAPIModelName() string {
+ return "com.github.openshift.api.sharedresource.v1alpha1.SharedSecret"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SharedSecretList) OpenAPIModelName() string {
+ return "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SharedSecretReference) OpenAPIModelName() string {
+ return "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretReference"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SharedSecretSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in SharedSecretStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretStatus"
+}
diff --git a/vendor/github.com/openshift/api/template/v1/doc.go b/vendor/github.com/openshift/api/template/v1/doc.go
index 34f9f8d45..0cbca9f7e 100644
--- a/vendor/github.com/openshift/api/template/v1/doc.go
+++ b/vendor/github.com/openshift/api/template/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/template/apis/template
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.template.v1
// +groupName=template.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/template/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/template/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..eb14ace8d
--- /dev/null
+++ b/vendor/github.com/openshift/api/template/v1/zz_generated.model_name.go
@@ -0,0 +1,71 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BrokerTemplateInstance) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.BrokerTemplateInstance"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BrokerTemplateInstanceList) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.BrokerTemplateInstanceList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in BrokerTemplateInstanceSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Parameter) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.Parameter"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Template) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.Template"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TemplateInstance) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.TemplateInstance"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TemplateInstanceCondition) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.TemplateInstanceCondition"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TemplateInstanceList) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.TemplateInstanceList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TemplateInstanceObject) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.TemplateInstanceObject"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TemplateInstanceRequester) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.TemplateInstanceRequester"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TemplateInstanceSpec) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.TemplateInstanceSpec"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TemplateInstanceStatus) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.TemplateInstanceStatus"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in TemplateList) OpenAPIModelName() string {
+ return "com.github.openshift.api.template.v1.TemplateList"
+}
diff --git a/vendor/github.com/openshift/api/user/v1/doc.go b/vendor/github.com/openshift/api/user/v1/doc.go
index 42287095e..a8c24927d 100644
--- a/vendor/github.com/openshift/api/user/v1/doc.go
+++ b/vendor/github.com/openshift/api/user/v1/doc.go
@@ -2,6 +2,7 @@
// +k8s:conversion-gen=github.com/openshift/origin/pkg/user/apis/user
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
+// +k8s:openapi-model-package=com.github.openshift.api.user.v1
// +groupName=user.openshift.io
// Package v1 is the v1 version of the API.
diff --git a/vendor/github.com/openshift/api/user/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/user/v1/zz_generated.model_name.go
new file mode 100644
index 000000000..1d59e2115
--- /dev/null
+++ b/vendor/github.com/openshift/api/user/v1/zz_generated.model_name.go
@@ -0,0 +1,41 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by codegen. DO NOT EDIT.
+
+package v1
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Group) OpenAPIModelName() string {
+ return "com.github.openshift.api.user.v1.Group"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in GroupList) OpenAPIModelName() string {
+ return "com.github.openshift.api.user.v1.GroupList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in Identity) OpenAPIModelName() string {
+ return "com.github.openshift.api.user.v1.Identity"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in IdentityList) OpenAPIModelName() string {
+ return "com.github.openshift.api.user.v1.IdentityList"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in User) OpenAPIModelName() string {
+ return "com.github.openshift.api.user.v1.User"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserIdentityMapping) OpenAPIModelName() string {
+ return "com.github.openshift.api.user.v1.UserIdentityMapping"
+}
+
+// OpenAPIModelName returns the OpenAPI model name for this type.
+func (in UserList) OpenAPIModelName() string {
+ return "com.github.openshift.api.user.v1.UserList"
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go
index f4214f6a9..5a9af0cb2 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go
@@ -32,7 +32,7 @@ type APIServerEncryptionApplyConfiguration struct {
// The Key Management Service (KMS) instance provides symmetric encryption and is responsible for
// managing the lifecyle of the encryption keys outside of the control plane.
// This allows integration with an external provider to manage the data encryption keys securely.
- KMS *KMSConfigApplyConfiguration `json:"kms,omitempty"`
+ KMS *KMSPluginConfigApplyConfiguration `json:"kms,omitempty"`
}
// APIServerEncryptionApplyConfiguration constructs a declarative configuration of the APIServerEncryption type for use with
@@ -52,7 +52,7 @@ func (b *APIServerEncryptionApplyConfiguration) WithType(value configv1.Encrypti
// WithKMS sets the KMS field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the KMS field is set to the value of the last call.
-func (b *APIServerEncryptionApplyConfiguration) WithKMS(value *KMSConfigApplyConfiguration) *APIServerEncryptionApplyConfiguration {
+func (b *APIServerEncryptionApplyConfiguration) WithKMS(value *KMSPluginConfigApplyConfiguration) *APIServerEncryptionApplyConfiguration {
b.KMS = value
return b
}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientcredentialconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientcredentialconfig.go
new file mode 100644
index 000000000..c23f4d530
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientcredentialconfig.go
@@ -0,0 +1,98 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ configv1 "github.com/openshift/api/config/v1"
+)
+
+// ClientCredentialConfigApplyConfiguration represents a declarative configuration of the ClientCredentialConfig type for use
+// with apply.
+//
+// ClientCredentialConfig configures the client credentials and token endpoint
+// to use to get an access token via the OAuth2 client credentials grant flow.
+type ClientCredentialConfigApplyConfiguration struct {
+ // clientID is a required client identifier to use during the OAuth2 client credentials flow.
+ // clientID must be at least 1 character in length, must not exceed 256 characters in length,
+ // and must only contain printable ASCII characters.
+ ClientID *string `json:"clientID,omitempty"`
+ // clientSecret is a required reference to a Secret in the openshift-config namespace to be used
+ // as the client secret during the OAuth2 client credentials flow.
+ //
+ // The key 'client-secret' is used to locate the client secret data in the Secret.
+ ClientSecret *ClientSecretSecretReferenceApplyConfiguration `json:"clientSecret,omitempty"`
+ // tokenEndpoint is a required URL to query for an access token using
+ // the client credential OAuth2 flow.
+ // tokenEndpoint must be at least 1 character in length and must not exceed 2048 characters in length.
+ // tokenEndpoint must be a valid HTTPS URL.
+ // tokenEndpoint must have a host and a path.
+ // tokenEndpoint must not contain query parameters, fragments,
+ // or user information (e.g., "user:password@host").
+ TokenEndpoint *string `json:"tokenEndpoint,omitempty"`
+ // scopes is an optional list of OAuth2 scopes to request when obtaining
+ // an access token.
+ //
+ // If not specified, the token endpoint's default scopes
+ // will be used.
+ //
+ // When specified, there must be at least 1 entry and must not exceed 16 entries.
+ // Each entry must be at least 1 character in length and must not exceed 256 characters in length.
+ // Each entry must only contain printable ASCII characters, excluding spaces, double quotes and backslashes.
+ // Entries must be unique.
+ Scopes []configv1.OAuth2Scope `json:"scopes,omitempty"`
+ // tls is an optional field that allows configuring the TLS
+ // settings used to interact with the identity provider
+ // as an OAuth2 client.
+ //
+ // When omitted, system default TLS settings will be used
+ // for the OAuth2 client.
+ TLS *ExternalSourceTLSApplyConfiguration `json:"tls,omitempty"`
+}
+
+// ClientCredentialConfigApplyConfiguration constructs a declarative configuration of the ClientCredentialConfig type for use with
+// apply.
+func ClientCredentialConfig() *ClientCredentialConfigApplyConfiguration {
+ return &ClientCredentialConfigApplyConfiguration{}
+}
+
+// WithClientID sets the ClientID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ClientID field is set to the value of the last call.
+func (b *ClientCredentialConfigApplyConfiguration) WithClientID(value string) *ClientCredentialConfigApplyConfiguration {
+ b.ClientID = &value
+ return b
+}
+
+// WithClientSecret sets the ClientSecret field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ClientSecret field is set to the value of the last call.
+func (b *ClientCredentialConfigApplyConfiguration) WithClientSecret(value *ClientSecretSecretReferenceApplyConfiguration) *ClientCredentialConfigApplyConfiguration {
+ b.ClientSecret = value
+ return b
+}
+
+// WithTokenEndpoint sets the TokenEndpoint field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the TokenEndpoint field is set to the value of the last call.
+func (b *ClientCredentialConfigApplyConfiguration) WithTokenEndpoint(value string) *ClientCredentialConfigApplyConfiguration {
+ b.TokenEndpoint = &value
+ return b
+}
+
+// WithScopes adds the given value to the Scopes field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Scopes field.
+func (b *ClientCredentialConfigApplyConfiguration) WithScopes(values ...configv1.OAuth2Scope) *ClientCredentialConfigApplyConfiguration {
+ for i := range values {
+ b.Scopes = append(b.Scopes, values[i])
+ }
+ return b
+}
+
+// WithTLS sets the TLS field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the TLS field is set to the value of the last call.
+func (b *ClientCredentialConfigApplyConfiguration) WithTLS(value *ExternalSourceTLSApplyConfiguration) *ClientCredentialConfigApplyConfiguration {
+ b.TLS = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientsecretsecretreference.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientsecretsecretreference.go
new file mode 100644
index 000000000..5b2a8fe03
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientsecretsecretreference.go
@@ -0,0 +1,32 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// ClientSecretSecretReferenceApplyConfiguration represents a declarative configuration of the ClientSecretSecretReference type for use
+// with apply.
+//
+// ClientSecretSecretReference is a reference to a Secret in the openshift-config
+// namespace that should be used for configuring the client secret to be
+// used when sourcing claims from external sources with the client credential authentication flow.
+type ClientSecretSecretReferenceApplyConfiguration struct {
+ // name is the required name of the Secret that exists in the openshift-config namespace.
+ //
+ // It must be at least 1 character in length, must not exceed 253 characters in length,
+ // must start and end with a lowercase alphanumeric character, and must only contain
+ // lowercase alphanumeric characters, '-' or '.'.
+ Name *string `json:"name,omitempty"`
+}
+
+// ClientSecretSecretReferenceApplyConfiguration constructs a declarative configuration of the ClientSecretSecretReference type for use with
+// apply.
+func ClientSecretSecretReference() *ClientSecretSecretReferenceApplyConfiguration {
+ return &ClientSecretSecretReferenceApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ClientSecretSecretReferenceApplyConfiguration) WithName(value string) *ClientSecretSecretReferenceApplyConfiguration {
+ b.Name = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/criocredentialproviderconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/criocredentialproviderconfig.go
new file mode 100644
index 000000000..94be7a1cd
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/criocredentialproviderconfig.go
@@ -0,0 +1,285 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ configv1 "github.com/openshift/api/config/v1"
+ internal "github.com/openshift/client-go/config/applyconfigurations/internal"
+ apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ managedfields "k8s.io/apimachinery/pkg/util/managedfields"
+ metav1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// CRIOCredentialProviderConfigApplyConfiguration represents a declarative configuration of the CRIOCredentialProviderConfig type for use
+// with apply.
+//
+// CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is "cluster". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources.
+// For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in.
+// CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation.
+// Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.
+//
+// The resource is a singleton named "cluster".
+//
+// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+type CRIOCredentialProviderConfigApplyConfiguration struct {
+ metav1.TypeMetaApplyConfiguration `json:",inline"`
+ // metadata is the standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ *metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+ // spec defines the desired configuration of the CRI-O Credential Provider.
+ // This field is required and must be provided when creating the resource.
+ Spec *CRIOCredentialProviderConfigSpecApplyConfiguration `json:"spec,omitempty"`
+ // status represents the current state of the CRIOCredentialProviderConfig.
+ // When omitted or nil, it indicates that the status has not yet been set by the controller.
+ // The controller will populate this field with validation conditions and operational state.
+ Status *CRIOCredentialProviderConfigStatusApplyConfiguration `json:"status,omitempty"`
+}
+
+// CRIOCredentialProviderConfig constructs a declarative configuration of the CRIOCredentialProviderConfig type for use with
+// apply.
+func CRIOCredentialProviderConfig(name string) *CRIOCredentialProviderConfigApplyConfiguration {
+ b := &CRIOCredentialProviderConfigApplyConfiguration{}
+ b.WithName(name)
+ b.WithKind("CRIOCredentialProviderConfig")
+ b.WithAPIVersion("config.openshift.io/v1")
+ return b
+}
+
+// ExtractCRIOCredentialProviderConfigFrom extracts the applied configuration owned by fieldManager from
+// cRIOCredentialProviderConfig for the specified subresource. Pass an empty string for subresource to extract
+// the main resource. Common subresources include "status", "scale", etc.
+// cRIOCredentialProviderConfig must be a unmodified CRIOCredentialProviderConfig API object that was retrieved from the Kubernetes API.
+// ExtractCRIOCredentialProviderConfigFrom provides a way to perform a extract/modify-in-place/apply workflow.
+// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously
+// applied if another fieldManager has updated or force applied any of the previously applied fields.
+func ExtractCRIOCredentialProviderConfigFrom(cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, fieldManager string, subresource string) (*CRIOCredentialProviderConfigApplyConfiguration, error) {
+ b := &CRIOCredentialProviderConfigApplyConfiguration{}
+ err := managedfields.ExtractInto(cRIOCredentialProviderConfig, internal.Parser().Type("com.github.openshift.api.config.v1.CRIOCredentialProviderConfig"), fieldManager, b, subresource)
+ if err != nil {
+ return nil, err
+ }
+ b.WithName(cRIOCredentialProviderConfig.Name)
+
+ b.WithKind("CRIOCredentialProviderConfig")
+ b.WithAPIVersion("config.openshift.io/v1")
+ return b, nil
+}
+
+// ExtractCRIOCredentialProviderConfig extracts the applied configuration owned by fieldManager from
+// cRIOCredentialProviderConfig. If no managedFields are found in cRIOCredentialProviderConfig for fieldManager, a
+// CRIOCredentialProviderConfigApplyConfiguration is returned with only the Name, Namespace (if applicable),
+// APIVersion and Kind populated. It is possible that no managed fields were found for because other
+// field managers have taken ownership of all the fields previously owned by fieldManager, or because
+// the fieldManager never owned fields any fields.
+// cRIOCredentialProviderConfig must be a unmodified CRIOCredentialProviderConfig API object that was retrieved from the Kubernetes API.
+// ExtractCRIOCredentialProviderConfig provides a way to perform a extract/modify-in-place/apply workflow.
+// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously
+// applied if another fieldManager has updated or force applied any of the previously applied fields.
+func ExtractCRIOCredentialProviderConfig(cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, fieldManager string) (*CRIOCredentialProviderConfigApplyConfiguration, error) {
+ return ExtractCRIOCredentialProviderConfigFrom(cRIOCredentialProviderConfig, fieldManager, "")
+}
+
+// ExtractCRIOCredentialProviderConfigStatus extracts the applied configuration owned by fieldManager from
+// cRIOCredentialProviderConfig for the status subresource.
+func ExtractCRIOCredentialProviderConfigStatus(cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, fieldManager string) (*CRIOCredentialProviderConfigApplyConfiguration, error) {
+ return ExtractCRIOCredentialProviderConfigFrom(cRIOCredentialProviderConfig, fieldManager, "status")
+}
+
+func (b CRIOCredentialProviderConfigApplyConfiguration) IsApplyConfiguration() {}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithKind(value string) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.TypeMetaApplyConfiguration.Kind = &value
+ return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithAPIVersion(value string) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.TypeMetaApplyConfiguration.APIVersion = &value
+ return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithName(value string) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ObjectMetaApplyConfiguration.Name = &value
+ return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithGenerateName(value string) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ObjectMetaApplyConfiguration.GenerateName = &value
+ return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithNamespace(value string) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ObjectMetaApplyConfiguration.Namespace = &value
+ return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithUID(value types.UID) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ObjectMetaApplyConfiguration.UID = &value
+ return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithResourceVersion(value string) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ObjectMetaApplyConfiguration.ResourceVersion = &value
+ return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithGeneration(value int64) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ObjectMetaApplyConfiguration.Generation = &value
+ return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithCreationTimestamp(value apismetav1.Time) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ObjectMetaApplyConfiguration.CreationTimestamp = &value
+ return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithDeletionTimestamp(value apismetav1.Time) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value
+ return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value
+ return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithLabels(entries map[string]string) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 {
+ b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.ObjectMetaApplyConfiguration.Labels[k] = v
+ }
+ return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithAnnotations(entries map[string]string) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 {
+ b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.ObjectMetaApplyConfiguration.Annotations[k] = v
+ }
+ return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithOwnerReferences(values ...*metav1.OwnerReferenceApplyConfiguration) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithOwnerReferences")
+ }
+ b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i])
+ }
+ return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithFinalizers(values ...string) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i])
+ }
+ return b
+}
+
+func (b *CRIOCredentialProviderConfigApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+ if b.ObjectMetaApplyConfiguration == nil {
+ b.ObjectMetaApplyConfiguration = &metav1.ObjectMetaApplyConfiguration{}
+ }
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithSpec(value *CRIOCredentialProviderConfigSpecApplyConfiguration) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.Spec = value
+ return b
+}
+
+// WithStatus sets the Status field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Status field is set to the value of the last call.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) WithStatus(value *CRIOCredentialProviderConfigStatusApplyConfiguration) *CRIOCredentialProviderConfigApplyConfiguration {
+ b.Status = value
+ return b
+}
+
+// GetKind retrieves the value of the Kind field in the declarative configuration.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) GetKind() *string {
+ return b.TypeMetaApplyConfiguration.Kind
+}
+
+// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) GetAPIVersion() *string {
+ return b.TypeMetaApplyConfiguration.APIVersion
+}
+
+// GetName retrieves the value of the Name field in the declarative configuration.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) GetName() *string {
+ b.ensureObjectMetaApplyConfigurationExists()
+ return b.ObjectMetaApplyConfiguration.Name
+}
+
+// GetNamespace retrieves the value of the Namespace field in the declarative configuration.
+func (b *CRIOCredentialProviderConfigApplyConfiguration) GetNamespace() *string {
+ b.ensureObjectMetaApplyConfigurationExists()
+ return b.ObjectMetaApplyConfiguration.Namespace
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/criocredentialproviderconfigspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/criocredentialproviderconfigspec.go
new file mode 100644
index 000000000..4820041d7
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/criocredentialproviderconfigspec.go
@@ -0,0 +1,72 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ configv1 "github.com/openshift/api/config/v1"
+)
+
+// CRIOCredentialProviderConfigSpecApplyConfiguration represents a declarative configuration of the CRIOCredentialProviderConfigSpec type for use
+// with apply.
+//
+// CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.
+type CRIOCredentialProviderConfigSpecApplyConfiguration struct {
+ // matchImages is a list of string patterns used to determine whether
+ // the CRI-O credential provider should be invoked for a given image. This list is
+ // passed to the kubelet CredentialProviderConfig, and if any pattern matches
+ // the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling
+ // that image or its mirrors.
+ // Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider.
+ // Conflicts between the existing platform specific provider image match configuration and this list will be handled by
+ // the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those
+ // from the CRIOCredentialProviderConfig when both match the same image.
+ // To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with
+ // existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml).
+ // You can check the resource's Status conditions
+ // to see if any entries were ignored due to exact matches with known built-in provider patterns.
+ //
+ // This field is optional, the items of the list must contain between 1 and 50 entries.
+ // The list is treated as a set, so duplicate entries are not allowed.
+ //
+ // For more details, see:
+ // https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/
+ // https://github.com/cri-o/crio-credential-provider#architecture
+ //
+ // Each entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters.
+ // Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io',
+ // and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net').
+ // A global wildcard '*' (matching any domain) is not allowed.
+ // Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path.
+ // For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not.
+ // Each wildcard matches only a single domain label,
+ // so '*.io' does **not** match '*.k8s.io'.
+ //
+ // A match exists between an image and a matchImage when all of the below are true:
+ // Both contain the same number of domain parts and each part matches.
+ // The URL path of an matchImages must be a prefix of the target image URL path.
+ // If the matchImages contains a port, then the port must match in the image as well.
+ //
+ // Example values of matchImages:
+ // - 123456789.dkr.ecr.us-east-1.amazonaws.com
+ // - *.azurecr.io
+ // - gcr.io
+ // - *.*.registry.io
+ // - registry.io:8080/path
+ MatchImages []configv1.MatchImage `json:"matchImages,omitempty"`
+}
+
+// CRIOCredentialProviderConfigSpecApplyConfiguration constructs a declarative configuration of the CRIOCredentialProviderConfigSpec type for use with
+// apply.
+func CRIOCredentialProviderConfigSpec() *CRIOCredentialProviderConfigSpecApplyConfiguration {
+ return &CRIOCredentialProviderConfigSpecApplyConfiguration{}
+}
+
+// WithMatchImages adds the given value to the MatchImages field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the MatchImages field.
+func (b *CRIOCredentialProviderConfigSpecApplyConfiguration) WithMatchImages(values ...configv1.MatchImage) *CRIOCredentialProviderConfigSpecApplyConfiguration {
+ for i := range values {
+ b.MatchImages = append(b.MatchImages, values[i])
+ }
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/criocredentialproviderconfigstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/criocredentialproviderconfigstatus.go
new file mode 100644
index 000000000..903292fe8
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/criocredentialproviderconfigstatus.go
@@ -0,0 +1,41 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ metav1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// CRIOCredentialProviderConfigStatusApplyConfiguration represents a declarative configuration of the CRIOCredentialProviderConfigStatus type for use
+// with apply.
+//
+// CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig
+type CRIOCredentialProviderConfigStatusApplyConfiguration struct {
+ // conditions represent the latest available observations of the configuration state.
+ // When omitted, it indicates that no conditions have been reported yet.
+ // The maximum number of conditions is 16.
+ // Conditions are stored as a map keyed by condition type, ensuring uniqueness.
+ //
+ // Expected condition types include:
+ // "Validated": indicates whether the matchImages configuration is valid
+ Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"`
+}
+
+// CRIOCredentialProviderConfigStatusApplyConfiguration constructs a declarative configuration of the CRIOCredentialProviderConfigStatus type for use with
+// apply.
+func CRIOCredentialProviderConfigStatus() *CRIOCredentialProviderConfigStatusApplyConfiguration {
+ return &CRIOCredentialProviderConfigStatusApplyConfiguration{}
+}
+
+// WithConditions adds the given value to the Conditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Conditions field.
+func (b *CRIOCredentialProviderConfigStatusApplyConfiguration) WithConditions(values ...*metav1.ConditionApplyConfiguration) *CRIOCredentialProviderConfigStatusApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithConditions")
+ }
+ b.Conditions = append(b.Conditions, *values[i])
+ }
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go
index 7df6a4be9..7b682ef20 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go
@@ -31,6 +31,16 @@ func (b *CustomTLSProfileApplyConfiguration) WithCiphers(values ...string) *Cust
return b
}
+// WithGroups adds the given value to the Groups field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Groups field.
+func (b *CustomTLSProfileApplyConfiguration) WithGroups(values ...configv1.TLSGroup) *CustomTLSProfileApplyConfiguration {
+ for i := range values {
+ b.TLSProfileSpecApplyConfiguration.Groups = append(b.TLSProfileSpecApplyConfiguration.Groups, values[i])
+ }
+ return b
+}
+
// WithMinTLSVersion sets the MinTLSVersion field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the MinTLSVersion field is set to the value of the last call.
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalclaimssource.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalclaimssource.go
new file mode 100644
index 000000000..143544e7c
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalclaimssource.go
@@ -0,0 +1,97 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// ExternalClaimsSourceApplyConfiguration represents a declarative configuration of the ExternalClaimsSource type for use
+// with apply.
+//
+// ExternalClaimsSource provides the configuration for a single external claim source.
+type ExternalClaimsSourceApplyConfiguration struct {
+ // authentication is an optional field that configures how the apiserver authenticates with an external claims source.
+ // When not specified, anonymous authentication is used which means no 'Authorization' header
+ // is sent in the HTTP request to fetch the external claims.
+ Authentication *ExternalSourceAuthenticationApplyConfiguration `json:"authentication,omitempty"`
+ // tls is an optional field that configures the http client TLS
+ // settings when fetching external claims from this source.
+ //
+ // When omitted, system default TLS settings will be used
+ // for fetching claims from the external source.
+ TLS *ExternalSourceTLSApplyConfiguration `json:"tls,omitempty"`
+ // url is a required configuration of the URL
+ // for which the external claims are located.
+ URL *SourceURLApplyConfiguration `json:"url,omitempty"`
+ // mappings is a required list of the claim
+ // and response handling expression pairs
+ // that produces the claims from the external source.
+ // mappings must have at least 1 entry and must not exceed 16 entries.
+ // Entries must have a unique name across all external claim sources.
+ Mappings []SourcedClaimMappingApplyConfiguration `json:"mappings,omitempty"`
+ // predicates is an optional list of constraints in
+ // which claims should attempt to be fetched from this
+ // external source.
+ //
+ // When omitted, claims are always fetched
+ // from this external source.
+ //
+ // When specified, all predicates must evaluate to 'true'
+ // before claims are attempted to be fetched from this external source.
+ // predicates must have at least 1 entry and must not exceed 16 entries.
+ // Entries must have unique expressions.
+ Predicates []ExternalSourcePredicateApplyConfiguration `json:"predicates,omitempty"`
+}
+
+// ExternalClaimsSourceApplyConfiguration constructs a declarative configuration of the ExternalClaimsSource type for use with
+// apply.
+func ExternalClaimsSource() *ExternalClaimsSourceApplyConfiguration {
+ return &ExternalClaimsSourceApplyConfiguration{}
+}
+
+// WithAuthentication sets the Authentication field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Authentication field is set to the value of the last call.
+func (b *ExternalClaimsSourceApplyConfiguration) WithAuthentication(value *ExternalSourceAuthenticationApplyConfiguration) *ExternalClaimsSourceApplyConfiguration {
+ b.Authentication = value
+ return b
+}
+
+// WithTLS sets the TLS field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the TLS field is set to the value of the last call.
+func (b *ExternalClaimsSourceApplyConfiguration) WithTLS(value *ExternalSourceTLSApplyConfiguration) *ExternalClaimsSourceApplyConfiguration {
+ b.TLS = value
+ return b
+}
+
+// WithURL sets the URL field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the URL field is set to the value of the last call.
+func (b *ExternalClaimsSourceApplyConfiguration) WithURL(value *SourceURLApplyConfiguration) *ExternalClaimsSourceApplyConfiguration {
+ b.URL = value
+ return b
+}
+
+// WithMappings adds the given value to the Mappings field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Mappings field.
+func (b *ExternalClaimsSourceApplyConfiguration) WithMappings(values ...*SourcedClaimMappingApplyConfiguration) *ExternalClaimsSourceApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithMappings")
+ }
+ b.Mappings = append(b.Mappings, *values[i])
+ }
+ return b
+}
+
+// WithPredicates adds the given value to the Predicates field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Predicates field.
+func (b *ExternalClaimsSourceApplyConfiguration) WithPredicates(values ...*ExternalSourcePredicateApplyConfiguration) *ExternalClaimsSourceApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithPredicates")
+ }
+ b.Predicates = append(b.Predicates, *values[i])
+ }
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourceauthentication.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourceauthentication.go
new file mode 100644
index 000000000..a2deb822e
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourceauthentication.go
@@ -0,0 +1,57 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ configv1 "github.com/openshift/api/config/v1"
+)
+
+// ExternalSourceAuthenticationApplyConfiguration represents a declarative configuration of the ExternalSourceAuthentication type for use
+// with apply.
+//
+// ExternalSourceAuthentication configures how the apiserver should attempt
+// to authenticate with an external claims source.
+type ExternalSourceAuthenticationApplyConfiguration struct {
+ // type is a required field that sets the type of
+ // authentication method used by the authenticator
+ // when fetching external claims.
+ //
+ // Allowed values are 'RequestProvidedToken' and 'ClientCredential'.
+ //
+ // When set to 'RequestProvidedToken', the authenticator will
+ // use the token provided to the kube-apiserver as part of the
+ // request to authenticate with the external claims source.
+ //
+ // When set to 'ClientCredential', the authenticator will
+ // use the configured client-id, client-secret, and token endpoint
+ // to fetch an access token using the OAuth2 client credentials grant
+ // flow. The fetched access token will then be used to authenticate
+ // with the external claims source.
+ Type *configv1.ExternalSourceAuthenticationType `json:"type,omitempty"`
+ // clientCredential configures the client credentials
+ // and token endpoint to use to get an access token.
+ // clientCredential is required when type is 'ClientCredential', and forbidden otherwise.
+ ClientCredential *ClientCredentialConfigApplyConfiguration `json:"clientCredential,omitempty"`
+}
+
+// ExternalSourceAuthenticationApplyConfiguration constructs a declarative configuration of the ExternalSourceAuthentication type for use with
+// apply.
+func ExternalSourceAuthentication() *ExternalSourceAuthenticationApplyConfiguration {
+ return &ExternalSourceAuthenticationApplyConfiguration{}
+}
+
+// WithType sets the Type field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Type field is set to the value of the last call.
+func (b *ExternalSourceAuthenticationApplyConfiguration) WithType(value configv1.ExternalSourceAuthenticationType) *ExternalSourceAuthenticationApplyConfiguration {
+ b.Type = &value
+ return b
+}
+
+// WithClientCredential sets the ClientCredential field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ClientCredential field is set to the value of the last call.
+func (b *ExternalSourceAuthenticationApplyConfiguration) WithClientCredential(value *ClientCredentialConfigApplyConfiguration) *ExternalSourceAuthenticationApplyConfiguration {
+ b.ClientCredential = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcecertificateauthorityconfigmapreference.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcecertificateauthorityconfigmapreference.go
new file mode 100644
index 000000000..f1fb64e74
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcecertificateauthorityconfigmapreference.go
@@ -0,0 +1,34 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// ExternalSourceCertificateAuthorityConfigMapReferenceApplyConfiguration represents a declarative configuration of the ExternalSourceCertificateAuthorityConfigMapReference type for use
+// with apply.
+//
+// ExternalSourceCertificateAuthorityConfigMapReference is a reference to a ConfigMap in the openshift-config
+// namespace that should be used for configuring the certificate authority to be
+// used when sourcing claims from external sources.
+type ExternalSourceCertificateAuthorityConfigMapReferenceApplyConfiguration struct {
+ // name is the required name of the ConfigMap that exists in the openshift-config namespace.
+ // The key "ca-bundle.crt" must be present and must contain the CA certificate to be used
+ // to verify the external source's TLS certificate.
+ //
+ // It must be at least 1 character in length, must not exceed 253 characters in length,
+ // must start and end with a lowercase alphanumeric character, and must only contain
+ // lowercase alphanumeric characters, '-' or '.'.
+ Name *string `json:"name,omitempty"`
+}
+
+// ExternalSourceCertificateAuthorityConfigMapReferenceApplyConfiguration constructs a declarative configuration of the ExternalSourceCertificateAuthorityConfigMapReference type for use with
+// apply.
+func ExternalSourceCertificateAuthorityConfigMapReference() *ExternalSourceCertificateAuthorityConfigMapReferenceApplyConfiguration {
+ return &ExternalSourceCertificateAuthorityConfigMapReferenceApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ExternalSourceCertificateAuthorityConfigMapReferenceApplyConfiguration) WithName(value string) *ExternalSourceCertificateAuthorityConfigMapReferenceApplyConfiguration {
+ b.Name = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcepredicate.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcepredicate.go
new file mode 100644
index 000000000..ade172dee
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcepredicate.go
@@ -0,0 +1,43 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// ExternalSourcePredicateApplyConfiguration represents a declarative configuration of the ExternalSourcePredicate type for use
+// with apply.
+//
+// ExternalSourcePredicate configures a singular condition
+// that must return true before the external source is queried
+// to retrieve external claims.
+type ExternalSourcePredicateApplyConfiguration struct {
+ // expression is a required CEL expression that
+ // is used to determine whether or not an external
+ // source should be used to fetch external claims.
+ //
+ // The expression must return a boolean value,
+ // where true means that the source should be consulted
+ // and false means that it should not.
+ //
+ // Claims from the token used for the request to the kube-apiserver
+ // are made available via the `claims` variable.
+ //
+ // The contents of the `claims` variable varies based on the claims that are
+ // present in the token being validated. It is the responsibility of those configuring this
+ // field to understand what claims the identity provider includes when issuing tokens.
+ //
+ // expression must be at least 1 character and must not exceed 1024 characters in length.
+ Expression *string `json:"expression,omitempty"`
+}
+
+// ExternalSourcePredicateApplyConfiguration constructs a declarative configuration of the ExternalSourcePredicate type for use with
+// apply.
+func ExternalSourcePredicate() *ExternalSourcePredicateApplyConfiguration {
+ return &ExternalSourcePredicateApplyConfiguration{}
+}
+
+// WithExpression sets the Expression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Expression field is set to the value of the last call.
+func (b *ExternalSourcePredicateApplyConfiguration) WithExpression(value string) *ExternalSourcePredicateApplyConfiguration {
+ b.Expression = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcetls.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcetls.go
new file mode 100644
index 000000000..a0b84ad6d
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcetls.go
@@ -0,0 +1,30 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// ExternalSourceTLSApplyConfiguration represents a declarative configuration of the ExternalSourceTLS type for use
+// with apply.
+//
+// ExternalSourceTLS configures the TLS options that the apiserver uses as a client
+// when making a request to the external claim source.
+type ExternalSourceTLSApplyConfiguration struct {
+ // certificateAuthority is a required reference to a ConfigMap in the openshift-config
+ // namespace that contains the CA certificate to use to validate TLS connections with the external claims source.
+ // The key "ca-bundle.crt" must be present in the referenced ConfigMap and must contain the CA certificate to be used
+ // to verify the external source's TLS certificate.
+ CertificateAuthority *ExternalSourceCertificateAuthorityConfigMapReferenceApplyConfiguration `json:"certificateAuthority,omitempty"`
+}
+
+// ExternalSourceTLSApplyConfiguration constructs a declarative configuration of the ExternalSourceTLS type for use with
+// apply.
+func ExternalSourceTLS() *ExternalSourceTLSApplyConfiguration {
+ return &ExternalSourceTLSApplyConfiguration{}
+}
+
+// WithCertificateAuthority sets the CertificateAuthority field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CertificateAuthority field is set to the value of the last call.
+func (b *ExternalSourceTLSApplyConfiguration) WithCertificateAuthority(value *ExternalSourceCertificateAuthorityConfigMapReferenceApplyConfiguration) *ExternalSourceTLSApplyConfiguration {
+ b.CertificateAuthority = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go
index e48e1368b..135e8568d 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go
@@ -2,6 +2,10 @@
package v1
+import (
+ configv1 "github.com/openshift/api/config/v1"
+)
+
// InfrastructureSpecApplyConfiguration represents a declarative configuration of the InfrastructureSpec type for use
// with apply.
//
@@ -23,6 +27,16 @@ type InfrastructureSpecApplyConfiguration struct {
// platformSpec holds desired information specific to the underlying
// infrastructure provider.
PlatformSpec *PlatformSpecApplyConfiguration `json:"platformSpec,omitempty"`
+ // controlPlaneTopology expresses the desired topology configuration for control nodes.
+ //
+ // When status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable',
+ // a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable.
+ //
+ // When left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value,
+ // no changes are required and no transitions will be triggered.
+ //
+ // This value may be set to match status.controlPlaneTopology regardless of the current value.
+ ControlPlaneTopology *configv1.TopologyMode `json:"controlPlaneTopology,omitempty"`
}
// InfrastructureSpecApplyConfiguration constructs a declarative configuration of the InfrastructureSpec type for use with
@@ -46,3 +60,11 @@ func (b *InfrastructureSpecApplyConfiguration) WithPlatformSpec(value *PlatformS
b.PlatformSpec = value
return b
}
+
+// WithControlPlaneTopology sets the ControlPlaneTopology field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ControlPlaneTopology field is set to the value of the last call.
+func (b *InfrastructureSpecApplyConfiguration) WithControlPlaneTopology(value configv1.TopologyMode) *InfrastructureSpecApplyConfiguration {
+ b.ControlPlaneTopology = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmspluginconfig.go
similarity index 62%
rename from vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go
rename to vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmspluginconfig.go
index 8eac52ddd..fc266edc4 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmspluginconfig.go
@@ -6,12 +6,12 @@ import (
configv1 "github.com/openshift/api/config/v1"
)
-// KMSConfigApplyConfiguration represents a declarative configuration of the KMSConfig type for use
+// KMSPluginConfigApplyConfiguration represents a declarative configuration of the KMSPluginConfig type for use
// with apply.
//
-// KMSConfig defines the configuration for the KMS instance
+// KMSPluginConfig defines the configuration for the KMS instance
// that will be used with KMS encryption
-type KMSConfigApplyConfiguration struct {
+type KMSPluginConfigApplyConfiguration struct {
// type defines the kind of platform for the KMS provider.
// Allowed values are Vault.
// When set to Vault, the plugin connects to a HashiCorp Vault server for key management.
@@ -20,19 +20,19 @@ type KMSConfigApplyConfiguration struct {
// The plugin connects to a Vault Enterprise server that is managed
// by the user outside the purview of the control plane.
// This field must be set when type is Vault, and must be unset otherwise.
- Vault *VaultKMSConfigApplyConfiguration `json:"vault,omitempty"`
+ Vault *VaultKMSPluginConfigApplyConfiguration `json:"vault,omitempty"`
}
-// KMSConfigApplyConfiguration constructs a declarative configuration of the KMSConfig type for use with
+// KMSPluginConfigApplyConfiguration constructs a declarative configuration of the KMSPluginConfig type for use with
// apply.
-func KMSConfig() *KMSConfigApplyConfiguration {
- return &KMSConfigApplyConfiguration{}
+func KMSPluginConfig() *KMSPluginConfigApplyConfiguration {
+ return &KMSPluginConfigApplyConfiguration{}
}
// WithType sets the Type field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Type field is set to the value of the last call.
-func (b *KMSConfigApplyConfiguration) WithType(value configv1.KMSProviderType) *KMSConfigApplyConfiguration {
+func (b *KMSPluginConfigApplyConfiguration) WithType(value configv1.KMSProviderType) *KMSPluginConfigApplyConfiguration {
b.Type = &value
return b
}
@@ -40,7 +40,7 @@ func (b *KMSConfigApplyConfiguration) WithType(value configv1.KMSProviderType) *
// WithVault sets the Vault field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Vault field is set to the value of the last call.
-func (b *KMSConfigApplyConfiguration) WithVault(value *VaultKMSConfigApplyConfiguration) *KMSConfigApplyConfiguration {
+func (b *KMSPluginConfigApplyConfiguration) WithVault(value *VaultKMSPluginConfigApplyConfiguration) *KMSPluginConfigApplyConfiguration {
b.Vault = value
return b
}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkobservabilityspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkobservabilityspec.go
new file mode 100644
index 000000000..1ccd98076
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkobservabilityspec.go
@@ -0,0 +1,33 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ configv1 "github.com/openshift/api/config/v1"
+)
+
+// NetworkObservabilitySpecApplyConfiguration represents a declarative configuration of the NetworkObservabilitySpec type for use
+// with apply.
+//
+// NetworkObservabilitySpec defines the configuration for network observability installation
+type NetworkObservabilitySpecApplyConfiguration struct {
+ // installationPolicy controls whether network observability is installed during cluster deployment.
+ // Valid values are "InstallAndEnable" and "NoAction".
+ // When set to "InstallAndEnable", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again.
+ // When set to "NoAction", nothing will be done regarding Network observability.
+ InstallationPolicy *configv1.NetworkObservabilityInstallationPolicy `json:"installationPolicy,omitempty"`
+}
+
+// NetworkObservabilitySpecApplyConfiguration constructs a declarative configuration of the NetworkObservabilitySpec type for use with
+// apply.
+func NetworkObservabilitySpec() *NetworkObservabilitySpecApplyConfiguration {
+ return &NetworkObservabilitySpecApplyConfiguration{}
+}
+
+// WithInstallationPolicy sets the InstallationPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the InstallationPolicy field is set to the value of the last call.
+func (b *NetworkObservabilitySpecApplyConfiguration) WithInstallationPolicy(value configv1.NetworkObservabilityInstallationPolicy) *NetworkObservabilitySpecApplyConfiguration {
+ b.InstallationPolicy = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go
index 4a3f9b7b8..27e7480ec 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go
@@ -42,6 +42,10 @@ type NetworkSpecApplyConfiguration struct {
// and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true,
// the network diagnostics feature will be disabled.
NetworkDiagnostics *NetworkDiagnosticsApplyConfiguration `json:"networkDiagnostics,omitempty"`
+ // networkObservability is an optional field that configures network observability installation
+ // during cluster deployment (day-0).
+ // When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken.
+ NetworkObservability *NetworkObservabilitySpecApplyConfiguration `json:"networkObservability,omitempty"`
}
// NetworkSpecApplyConfiguration constructs a declarative configuration of the NetworkSpec type for use with
@@ -104,3 +108,11 @@ func (b *NetworkSpecApplyConfiguration) WithNetworkDiagnostics(value *NetworkDia
b.NetworkDiagnostics = value
return b
}
+
+// WithNetworkObservability sets the NetworkObservability field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NetworkObservability field is set to the value of the last call.
+func (b *NetworkSpecApplyConfiguration) WithNetworkObservability(value *NetworkObservabilitySpecApplyConfiguration) *NetworkSpecApplyConfiguration {
+ b.NetworkObservability = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go
index 6f5a249a7..4fb1c97eb 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go
@@ -26,6 +26,27 @@ type OIDCProviderApplyConfiguration struct {
// If any rule in the chain of rules evaluates to 'false', authentication will fail.
// When specified, at least one rule must be specified and no more than 64 rules may be specified.
UserValidationRules []TokenUserValidationRuleApplyConfiguration `json:"userValidationRules,omitempty"`
+ // externalClaimsSources is an optional field that can be used to configure
+ // sources, external to the token provided in a request, in which claims
+ // should be fetched from and made available to the claim mapping process
+ // that is used to build the identity of a token holder.
+ //
+ // For example, fetching additional user metadata from an OIDC provider's UserInfo endpoint.
+ //
+ // When not specified, only claims present in the token itself will be available
+ // in the claim mapping process.
+ //
+ // When specified, at least one external claim source must be specified and no more than 5
+ // sources may be specified.
+ // All external claim sources must have unique claim mappings.
+ // When an external source responds and resolves additional claims successfully, they will
+ // be made available as claims during the claim mapping process.
+ // Externally sourced claims with the same name as a claim existing within the token will
+ // overwrite the claim data from the token with the externally sourced information.
+ // If an external source does not respond, responds with an error, or the additional
+ // claim data cannot be resolved from the response successfully it will not be
+ // included in the claim data passed to the claim mapping process.
+ ExternalClaimsSources []ExternalClaimsSourceApplyConfiguration `json:"externalClaimsSources,omitempty"`
}
// OIDCProviderApplyConfiguration constructs a declarative configuration of the OIDCProvider type for use with
@@ -96,3 +117,16 @@ func (b *OIDCProviderApplyConfiguration) WithUserValidationRules(values ...*Toke
}
return b
}
+
+// WithExternalClaimsSources adds the given value to the ExternalClaimsSources field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ExternalClaimsSources field.
+func (b *OIDCProviderApplyConfiguration) WithExternalClaimsSources(values ...*ExternalClaimsSourceApplyConfiguration) *OIDCProviderApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithExternalClaimsSources")
+ }
+ b.ExternalClaimsSources = append(b.ExternalClaimsSources, *values[i])
+ }
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go
index 61fc436e6..9fd5335da 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go
@@ -8,12 +8,30 @@ package v1
// RegistrySources holds cluster-wide information about how to handle the registries config.
type RegistrySourcesApplyConfiguration struct {
// insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
+ // Each entry must be a valid registry scope in the format hostname[:port][/path],
+ // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com").
+ // The hostname must consist of valid DNS labels separated by dots, where each label
+ // contains only alphanumeric characters and hyphens and does not start or end with a hyphen.
+ // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."),
+ // and must be at most 256 characters in length. The list may contain at most 1024 entries.
InsecureRegistries []string `json:"insecureRegistries,omitempty"`
// blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
+ // Each entry must be a valid registry scope in the format hostname[:port][/path],
+ // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com").
+ // The hostname must consist of valid DNS labels separated by dots, where each label
+ // contains only alphanumeric characters and hyphens and does not start or end with a hyphen.
+ // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."),
+ // and must be at most 256 characters in length. The list may contain at most 1024 entries.
//
// Only one of BlockedRegistries or AllowedRegistries may be set.
BlockedRegistries []string `json:"blockedRegistries,omitempty"`
// allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
+ // Each entry must be a valid registry scope in the format hostname[:port][/path],
+ // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com").
+ // The hostname must consist of valid DNS labels separated by dots, where each label
+ // contains only alphanumeric characters and hyphens and does not start or end with a hyphen.
+ // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."),
+ // and must be at most 256 characters in length. The list may contain at most 1024 entries.
//
// Only one of BlockedRegistries or AllowedRegistries may be set.
AllowedRegistries []string `json:"allowedRegistries,omitempty"`
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourcedclaimmapping.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourcedclaimmapping.go
new file mode 100644
index 000000000..92c4dc24f
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourcedclaimmapping.go
@@ -0,0 +1,51 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// SourcedClaimMappingApplyConfiguration represents a declarative configuration of the SourcedClaimMapping type for use
+// with apply.
+//
+// SourcedClaimMapping configures the mapping behavior for a single external claim
+// from the response the apiserver received from the external claim source.
+type SourcedClaimMappingApplyConfiguration struct {
+ // name is a required name of the claim that
+ // will be produced and made available during
+ // the claim-to-identity mapping process.
+ // name must consist of only lowercase alpha characters and underscores ('_').
+ // name must be at least 1 character and must not exceed 256 characters in length.
+ Name *string `json:"name,omitempty"`
+ // expression is a required CEL expression that
+ // will produce a value to be assigned to the claim.
+ // The full response body from the request to the
+ // external claim source is provided via the
+ // `response.body` variable.
+ //
+ // The contents of the `response.body` variable varies based on the response received
+ // from the external source. It is the responsibility of those configuring
+ // this expression to understand what is returned from the external source.
+ //
+ // expression must be at least 1 character and must not exceed 1024 characters in length.
+ Expression *string `json:"expression,omitempty"`
+}
+
+// SourcedClaimMappingApplyConfiguration constructs a declarative configuration of the SourcedClaimMapping type for use with
+// apply.
+func SourcedClaimMapping() *SourcedClaimMappingApplyConfiguration {
+ return &SourcedClaimMappingApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *SourcedClaimMappingApplyConfiguration) WithName(value string) *SourcedClaimMappingApplyConfiguration {
+ b.Name = &value
+ return b
+}
+
+// WithExpression sets the Expression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Expression field is set to the value of the last call.
+func (b *SourcedClaimMappingApplyConfiguration) WithExpression(value string) *SourcedClaimMappingApplyConfiguration {
+ b.Expression = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourceurl.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourceurl.go
new file mode 100644
index 000000000..b94a89f39
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourceurl.go
@@ -0,0 +1,67 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// SourceURLApplyConfiguration represents a declarative configuration of the SourceURL type for use
+// with apply.
+//
+// SourceURL configures the options used to build the URL that is queried for external claims.
+type SourceURLApplyConfiguration struct {
+ // hostname is a required hostname for which the external claims are located.
+ //
+ // It must be a valid DNS subdomain name as per RFC1123.
+ //
+ // This means that it must start and end with a lowercase alphanumeric character,
+ // must only consist of lowercase alphanumeric characters, '-', and '.'.
+ // hostname may optionally specify a port in the format ':{port}'.
+ // If a port is specified it must not exceed 65535.
+ //
+ // hostname must be at least 1 character in length.
+ // When specifying a port, hostname must not exceed 259 characters in length.
+ // When not specifying a port, hostname must not exceed 253 characters in length.
+ Hostname *string `json:"hostname,omitempty"`
+ // pathExpression is a required CEL expression that returns a list
+ // of string values used to construct the URL path.
+ // Claims from the token used for the request to the kube-apiserver
+ // are made available via the `claims` variable.
+ // expression must be at least 1 character in length and must not exceed 1024 characters in length.
+ //
+ // Values in the returned list will be joined with the hostname using a forward slash
+ // (`/`) as a separator. Values in the returned list do not need to include the forward slash.
+ // If a forward slash is included in a returned value, it will be encoded as `%2F`.
+ //
+ // Example of a static path configuration:
+ //
+ // pathExpression: ['realms', 'k8s', 'protocol', 'openid-connect', 'userinfo']
+ //
+ // The above example would resolve to the path: '/realms/k8s/protocol/openid-connect/userinfo'
+ //
+ // Example of a dynamic path configuration:
+ //
+ // pathExpression: "['admin', 'realms', 'k8s', 'users'] + [claims.sub] + ['groups']"
+ //
+ // Assuming 'claims.sub' is set to '12345', the above example would resolve to the path: '/admin/realms/k8s/users/12345/groups'
+ PathExpression *string `json:"pathExpression,omitempty"`
+}
+
+// SourceURLApplyConfiguration constructs a declarative configuration of the SourceURL type for use with
+// apply.
+func SourceURL() *SourceURLApplyConfiguration {
+ return &SourceURLApplyConfiguration{}
+}
+
+// WithHostname sets the Hostname field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Hostname field is set to the value of the last call.
+func (b *SourceURLApplyConfiguration) WithHostname(value string) *SourceURLApplyConfiguration {
+ b.Hostname = &value
+ return b
+}
+
+// WithPathExpression sets the PathExpression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the PathExpression field is set to the value of the last call.
+func (b *SourceURLApplyConfiguration) WithPathExpression(value string) *SourceURLApplyConfiguration {
+ b.PathExpression = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go
index 5e34ffd5d..cbefaf516 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go
@@ -21,6 +21,24 @@ type TLSProfileSpecApplyConfiguration struct {
// TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable
// and are always enabled when TLS 1.3 is negotiated.
Ciphers []string `json:"ciphers,omitempty"`
+ // groups is an optional, ordered field used to specify the supported groups (formerly known as
+ // elliptic curves) that are used during the TLS handshake. The order of the groups represents
+ // a suggested preference, with the most preferred group first. Note that not all platform
+ // components honor the ordering: Go-based components use Go's internal preference order and
+ // treat this list as a filter of allowed groups rather than an ordered preference.
+ // Operators may remove entries their operands do not support.
+ //
+ // When omitted, this means no opinion and the platform is left to choose reasonable defaults which are
+ // subject to change over time and may be different per platform component depending on the underlying TLS
+ // libraries they use. If specified, the list must contain at least one and at most 7 groups,
+ // and each group must be unique.
+ //
+ // For example, to use X25519 and secp256r1 (yaml):
+ //
+ // groups:
+ // - X25519
+ // - secp256r1
+ Groups []configv1.TLSGroup `json:"groups,omitempty"`
// minTLSVersion is used to specify the minimal version of the TLS protocol
// that is negotiated during the TLS handshake. For example, to use TLS
// versions 1.1, 1.2 and 1.3 (yaml):
@@ -45,6 +63,16 @@ func (b *TLSProfileSpecApplyConfiguration) WithCiphers(values ...string) *TLSPro
return b
}
+// WithGroups adds the given value to the Groups field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Groups field.
+func (b *TLSProfileSpecApplyConfiguration) WithGroups(values ...configv1.TLSGroup) *TLSProfileSpecApplyConfiguration {
+ for i := range values {
+ b.Groups = append(b.Groups, values[i])
+ }
+ return b
+}
+
// WithMinTLSVersion sets the MinTLSVersion field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the MinTLSVersion field is set to the value of the last call.
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go
index dd57aad08..eab7cd452 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go
@@ -15,10 +15,16 @@ type TLSSecurityProfileApplyConfiguration struct {
// type is one of Old, Intermediate, Modern or Custom. Custom provides the
// ability to specify individual TLS security profile parameters.
//
- // The profiles are based on version 5.7 of the Mozilla Server Side TLS
- // configuration guidelines. The cipher lists consist of the configuration's
- // "ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
- // See: https://ssl-config.mozilla.org/guidelines/5.7.json
+ // The cipher and groups lists in these profiles are based on version 5.8 of the
+ // Mozilla Server Side TLS configuration guidelines.
+ // See: https://ssl-config.mozilla.org/guidelines/5.8.json
+ //
+ // The groups are listed in suggested preference order, with the most preferred group first.
+ // Note that not all platform components honor the ordering: Go-based components use Go's
+ // internal preference order and treat this list as a filter of allowed groups rather than
+ // an ordered preference.
+ // Note that X25519MLKEM768 is a post-quantum hybrid group that is not
+ // FIPS-approved and should be ignored by components running in FIPS mode.
//
// The profiles are intent based, so they may change over time as new ciphers are
// developed and existing ciphers are found to be insecure. Depending on
@@ -27,6 +33,10 @@ type TLSSecurityProfileApplyConfiguration struct {
// old is a TLS profile for use when services need to be accessed by very old
// clients or libraries and should be used only as a last resort.
//
+ // The supported groups list includes by default the following groups
+ // in suggested preference order (ordering may not be honored by all implementations):
+ // X25519MLKEM768, X25519, secp256r1, secp384r1.
+ //
// This profile is equivalent to a Custom profile specified as:
// minTLSVersion: VersionTLS10
// ciphers:
@@ -43,11 +53,14 @@ type TLSSecurityProfileApplyConfiguration struct {
// - ECDHE-RSA-AES128-SHA256
// - ECDHE-ECDSA-AES128-SHA
// - ECDHE-RSA-AES128-SHA
+ // - ECDHE-ECDSA-AES256-SHA384
+ // - ECDHE-RSA-AES256-SHA384
// - ECDHE-ECDSA-AES256-SHA
// - ECDHE-RSA-AES256-SHA
// - AES128-GCM-SHA256
// - AES256-GCM-SHA384
// - AES128-SHA256
+ // - AES256-SHA256
// - AES128-SHA
// - AES256-SHA
// - DES-CBC3-SHA
@@ -56,6 +69,10 @@ type TLSSecurityProfileApplyConfiguration struct {
// legacy clients and want to remain highly secure while being compatible with
// most clients currently in use.
//
+ // The supported groups list includes by default the following groups
+ // in suggested preference order (ordering may not be honored by all implementations):
+ // X25519MLKEM768, X25519, secp256r1, secp384r1.
+ //
// This profile is equivalent to a Custom profile specified as:
// minTLSVersion: VersionTLS12
// ciphers:
@@ -71,7 +88,9 @@ type TLSSecurityProfileApplyConfiguration struct {
Intermediate *configv1.IntermediateTLSProfile `json:"intermediate,omitempty"`
// modern is a TLS security profile for use with clients that support TLS 1.3 and
// do not need backward compatibility for older clients.
- //
+ // The supported groups list includes by default the following groups
+ // in suggested preference order (ordering may not be honored by all implementations):
+ // X25519MLKEM768, X25519, secp256r1, secp384r1.
// This profile is equivalent to a Custom profile specified as:
// minTLSVersion: VersionTLS13
// ciphers:
@@ -80,8 +99,11 @@ type TLSSecurityProfileApplyConfiguration struct {
// - TLS_CHACHA20_POLY1305_SHA256
Modern *configv1.ModernTLSProfile `json:"modern,omitempty"`
// custom is a user-defined TLS security profile. Be extremely careful using a custom
- // profile as invalid configurations can be catastrophic. An example custom profile
- // looks like this:
+ // profile as invalid configurations can be catastrophic.
+ //
+ // The supported groups list for this profile is empty by default.
+ //
+ // An example custom profile looks like this:
//
// minTLSVersion: VersionTLS11
// ciphers:
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go
index ab924194c..9119cbe19 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go
@@ -9,9 +9,7 @@ package v1
type VaultAppRoleAuthenticationApplyConfiguration struct {
// secret references a secret in the openshift-config namespace containing
// the AppRole credentials used to authenticate with Vault.
- // The secret must contain two keys: "roleID" for the AppRole Role ID and "secretID" for the AppRole Secret ID.
- //
- // The namespace for the secret is openshift-config.
+ // The referenced Secret must contain two keys: "role-id" for the AppRole Role ID and "secret-id" for the AppRole Secret ID.
Secret *VaultSecretReferenceApplyConfiguration `json:"secret,omitempty"`
}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmsconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmspluginconfig.go
similarity index 72%
rename from vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmsconfig.go
rename to vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmspluginconfig.go
index 7602f33e3..736095a27 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmsconfig.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmspluginconfig.go
@@ -2,11 +2,11 @@
package v1
-// VaultKMSConfigApplyConfiguration represents a declarative configuration of the VaultKMSConfig type for use
+// VaultKMSPluginConfigApplyConfiguration represents a declarative configuration of the VaultKMSPluginConfig type for use
// with apply.
//
-// VaultKMSConfig defines the KMS plugin configuration specific to Vault KMS
-type VaultKMSConfigApplyConfiguration struct {
+// VaultKMSPluginConfig defines the KMS plugin configuration specific to Vault KMS
+type VaultKMSPluginConfigApplyConfiguration struct {
// kmsPluginImage specifies the container image for the HashiCorp Vault KMS plugin.
//
// The image must be a fully qualified OCI image pull spec with a SHA256 digest.
@@ -46,32 +46,30 @@ type VaultKMSConfigApplyConfiguration struct {
// authentication defines the authentication method used to authenticate with Vault.
Authentication *VaultAuthenticationApplyConfiguration `json:"authentication,omitempty"`
// transitMount specifies the mount path of the Vault Transit engine.
- // The value must be between 1 and 1024 characters when specified.
//
- // When omitted, this means the user has no opinion and the platform is left
- // to choose a reasonable default. These defaults are subject to change over time.
- // The current default is "transit".
- //
- // The mount path cannot start or end with a forward slash, cannot contain spaces,
- // and cannot contain consecutive forward slashes.
+ // The transit mount must be between 1 and 1024 characters, cannot start or
+ // end with a forward slash, cannot contain consecutive forward slashes, and
+ // must only contain RFC 3986 unreserved characters (alphanumeric, hyphen,
+ // period, underscore, tilde) and forward slashes as path separators.
TransitMount *string `json:"transitMount,omitempty"`
// transitKey specifies the name of the encryption key in Vault's Transit engine.
// This key is used to encrypt and decrypt data.
//
- // The key name must be between 1 and 512 characters and cannot contain spaces or forward slashes.
+ // The transit key must be between 1 and 512 characters, cannot contain forward slashes,
+ // and must only contain alphanumeric characters, hyphens, periods, and underscores.
TransitKey *string `json:"transitKey,omitempty"`
}
-// VaultKMSConfigApplyConfiguration constructs a declarative configuration of the VaultKMSConfig type for use with
+// VaultKMSPluginConfigApplyConfiguration constructs a declarative configuration of the VaultKMSPluginConfig type for use with
// apply.
-func VaultKMSConfig() *VaultKMSConfigApplyConfiguration {
- return &VaultKMSConfigApplyConfiguration{}
+func VaultKMSPluginConfig() *VaultKMSPluginConfigApplyConfiguration {
+ return &VaultKMSPluginConfigApplyConfiguration{}
}
// WithKMSPluginImage sets the KMSPluginImage field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the KMSPluginImage field is set to the value of the last call.
-func (b *VaultKMSConfigApplyConfiguration) WithKMSPluginImage(value string) *VaultKMSConfigApplyConfiguration {
+func (b *VaultKMSPluginConfigApplyConfiguration) WithKMSPluginImage(value string) *VaultKMSPluginConfigApplyConfiguration {
b.KMSPluginImage = &value
return b
}
@@ -79,7 +77,7 @@ func (b *VaultKMSConfigApplyConfiguration) WithKMSPluginImage(value string) *Vau
// WithVaultAddress sets the VaultAddress field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the VaultAddress field is set to the value of the last call.
-func (b *VaultKMSConfigApplyConfiguration) WithVaultAddress(value string) *VaultKMSConfigApplyConfiguration {
+func (b *VaultKMSPluginConfigApplyConfiguration) WithVaultAddress(value string) *VaultKMSPluginConfigApplyConfiguration {
b.VaultAddress = &value
return b
}
@@ -87,7 +85,7 @@ func (b *VaultKMSConfigApplyConfiguration) WithVaultAddress(value string) *Vault
// WithVaultNamespace sets the VaultNamespace field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the VaultNamespace field is set to the value of the last call.
-func (b *VaultKMSConfigApplyConfiguration) WithVaultNamespace(value string) *VaultKMSConfigApplyConfiguration {
+func (b *VaultKMSPluginConfigApplyConfiguration) WithVaultNamespace(value string) *VaultKMSPluginConfigApplyConfiguration {
b.VaultNamespace = &value
return b
}
@@ -95,7 +93,7 @@ func (b *VaultKMSConfigApplyConfiguration) WithVaultNamespace(value string) *Vau
// WithTLS sets the TLS field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the TLS field is set to the value of the last call.
-func (b *VaultKMSConfigApplyConfiguration) WithTLS(value *VaultTLSConfigApplyConfiguration) *VaultKMSConfigApplyConfiguration {
+func (b *VaultKMSPluginConfigApplyConfiguration) WithTLS(value *VaultTLSConfigApplyConfiguration) *VaultKMSPluginConfigApplyConfiguration {
b.TLS = value
return b
}
@@ -103,7 +101,7 @@ func (b *VaultKMSConfigApplyConfiguration) WithTLS(value *VaultTLSConfigApplyCon
// WithAuthentication sets the Authentication field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Authentication field is set to the value of the last call.
-func (b *VaultKMSConfigApplyConfiguration) WithAuthentication(value *VaultAuthenticationApplyConfiguration) *VaultKMSConfigApplyConfiguration {
+func (b *VaultKMSPluginConfigApplyConfiguration) WithAuthentication(value *VaultAuthenticationApplyConfiguration) *VaultKMSPluginConfigApplyConfiguration {
b.Authentication = value
return b
}
@@ -111,7 +109,7 @@ func (b *VaultKMSConfigApplyConfiguration) WithAuthentication(value *VaultAuthen
// WithTransitMount sets the TransitMount field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the TransitMount field is set to the value of the last call.
-func (b *VaultKMSConfigApplyConfiguration) WithTransitMount(value string) *VaultKMSConfigApplyConfiguration {
+func (b *VaultKMSPluginConfigApplyConfiguration) WithTransitMount(value string) *VaultKMSPluginConfigApplyConfiguration {
b.TransitMount = &value
return b
}
@@ -119,7 +117,7 @@ func (b *VaultKMSConfigApplyConfiguration) WithTransitMount(value string) *Vault
// WithTransitKey sets the TransitKey field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the TransitKey field is set to the value of the last call.
-func (b *VaultKMSConfigApplyConfiguration) WithTransitKey(value string) *VaultKMSConfigApplyConfiguration {
+func (b *VaultKMSPluginConfigApplyConfiguration) WithTransitKey(value string) *VaultKMSPluginConfigApplyConfiguration {
b.TransitKey = &value
return b
}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go
index 9fba4e1a4..04bf8c3bf 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go
@@ -9,7 +9,7 @@ package v1
type VaultTLSConfigApplyConfiguration struct {
// caBundle references a ConfigMap in the openshift-config namespace containing
// the CA certificate bundle used to verify the TLS connection to the Vault server.
- // The ConfigMap must contain the CA bundle in the key "ca-bundle.crt".
+ // The referenced ConfigMap must contain the CA bundle in the key "ca-bundle.crt".
// When this field is not set, the system's trusted CA certificates are used.
//
// The namespace for the ConfigMap is openshift-config.
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go
index f8037b67a..4f31602e5 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go
@@ -14,10 +14,11 @@ import (
// use these fields for configuration.
type VSpherePlatformSpecApplyConfiguration struct {
// vcenters holds the connection details for services to communicate with vCenter.
- // Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.
+ // Up to 3 vCenters are supported.
// Once the cluster has been installed, you are unable to change the current number of defined
- // vCenters except in the case where the cluster has been upgraded from a version of OpenShift
- // where the vsphere platform spec was not present. You may make modifications to the existing
+ // vCenters except when 1.) the cluster has been upgraded from a version of OpenShift
+ // where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and
+ // remove vCenters but may not remove all vCenters. You may make modifications to the existing
// vCenters that are defined in the vcenters list in order to match with any added or modified
// failure domains.
// ---
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go
index c47130a18..37c93f7e1 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go
@@ -13,8 +13,23 @@ import (
// AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment.
// alertmanagerCustomConfig provides configuration options for the default Alertmanager instance
// that runs in the `openshift-monitoring` namespace. Use this configuration to control
-// whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.
+// whether user-defined namespaces are selected for AlertmanagerConfig lookups, how it logs,
+// and how its pods are scheduled.
type AlertmanagerCustomConfigApplyConfiguration struct {
+ // userAlertmanagerConfigSelection is an optional field that controls whether user-defined
+ // namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager
+ // instance in the `openshift-monitoring` namespace.
+ // Valid values are Selectable and None.
+ // When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources
+ // in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in
+ // the cluster-monitoring-config ConfigMap.
+ // When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups
+ // on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false`
+ // in the cluster-monitoring-config ConfigMap.
+ // This setting only applies when the user-workload monitoring Alertmanager is not enabled.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
+ // The current default value is `None`.
+ UserAlertmanagerConfigSelection *configv1alpha1.UserAlertmanagerConfigSelection `json:"userAlertmanagerConfigSelection,omitempty"`
// logLevel defines the verbosity of logs emitted by Alertmanager.
// This field allows users to control the amount and severity of logs generated, which can be useful
// for debugging issues or reducing noise in production environments.
@@ -103,6 +118,14 @@ func AlertmanagerCustomConfig() *AlertmanagerCustomConfigApplyConfiguration {
return &AlertmanagerCustomConfigApplyConfiguration{}
}
+// WithUserAlertmanagerConfigSelection sets the UserAlertmanagerConfigSelection field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UserAlertmanagerConfigSelection field is set to the value of the last call.
+func (b *AlertmanagerCustomConfigApplyConfiguration) WithUserAlertmanagerConfigSelection(value configv1alpha1.UserAlertmanagerConfigSelection) *AlertmanagerCustomConfigApplyConfiguration {
+ b.UserAlertmanagerConfigSelection = &value
+ return b
+}
+
// WithLogLevel sets the LogLevel field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the LogLevel field is set to the value of the last call.
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go
index 35ec6d14e..288edad61 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go
@@ -78,6 +78,11 @@ type ClusterMonitoringSpecApplyConfiguration struct {
// or topology spread constraints.
// When set, at least one field must be specified within monitoringPluginConfig.
MonitoringPluginConfig *MonitoringPluginConfigApplyConfiguration `json:"monitoringPluginConfig,omitempty"`
+ // kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics
+ // agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about
+ // the state of Kubernetes objects such as Deployments, Nodes, and Pods.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
+ KubeStateMetricsConfig *KubeStateMetricsConfigApplyConfiguration `json:"kubeStateMetricsConfig,omitempty"`
}
// ClusterMonitoringSpecApplyConfiguration constructs a declarative configuration of the ClusterMonitoringSpec type for use with
@@ -173,3 +178,11 @@ func (b *ClusterMonitoringSpecApplyConfiguration) WithMonitoringPluginConfig(val
b.MonitoringPluginConfig = value
return b
}
+
+// WithKubeStateMetricsConfig sets the KubeStateMetricsConfig field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the KubeStateMetricsConfig field is set to the value of the last call.
+func (b *ClusterMonitoringSpecApplyConfiguration) WithKubeStateMetricsConfig(value *KubeStateMetricsConfigApplyConfiguration) *ClusterMonitoringSpecApplyConfiguration {
+ b.KubeStateMetricsConfig = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsconfig.go
new file mode 100644
index 000000000..ed850ef34
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsconfig.go
@@ -0,0 +1,145 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ v1 "k8s.io/api/core/v1"
+)
+
+// KubeStateMetricsConfigApplyConfiguration represents a declarative configuration of the KubeStateMetricsConfig type for use
+// with apply.
+//
+// KubeStateMetricsConfig provides configuration options for the kube-state-metrics agent
+// that runs in the `openshift-monitoring` namespace. kube-state-metrics generates metrics
+// about the state of Kubernetes objects such as Deployments, Nodes, and Pods.
+type KubeStateMetricsConfigApplyConfiguration struct {
+ // nodeSelector defines the nodes on which the Pods are scheduled.
+ // nodeSelector is optional.
+ //
+ // When omitted, this means the user has no opinion and the platform is left
+ // to choose reasonable defaults. These defaults are subject to change over time.
+ // The current default value is `kubernetes.io/os: linux`.
+ // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.
+ NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+ // resources defines the compute resource requests and limits for the kube-state-metrics container.
+ // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage.
+ // When not specified, defaults are used by the platform. Requests cannot exceed limits.
+ // This field is optional.
+ // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ // This is a simplified API that maps to Kubernetes ResourceRequirements.
+ // The current default values are:
+ // resources:
+ // - name: cpu
+ // request: 4m
+ // limit: null
+ // - name: memory
+ // request: 40Mi
+ // limit: null
+ // Maximum length for this list is 5.
+ // Minimum length for this list is 1.
+ // Each resource name must be unique within this list.
+ Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"`
+ // tolerations defines tolerations for the pods.
+ // tolerations is optional.
+ //
+ // When omitted, no tolerations are applied. This default is subject to change over time.
+ // When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries.
+ // Each toleration's operator, when specified, must be either "Exists" or "Equal".
+ // Each toleration's effect, when specified, must be one of "NoSchedule", "PreferNoSchedule", or "NoExecute".
+ // An empty or unset effect means match all effects.
+ Tolerations []v1.Toleration `json:"tolerations,omitempty"`
+ // topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed
+ // across topology domains such as zones, nodes, or other user-defined labels.
+ // topologySpreadConstraints is optional.
+ // This helps improve high availability and resource efficiency by avoiding placing
+ // too many replicas in the same failure domain.
+ //
+ // This field maps directly to the `topologySpreadConstraints` field in the Pod spec.
+ // When omitted, no topology spread constraints are applied. This default is subject to change over time.
+ // When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries.
+ // Entries must have unique topologyKey and whenUnsatisfiable pairs.
+ // Each entry's whenUnsatisfiable must be either "DoNotSchedule" or "ScheduleAnyway".
+ // Each entry's maxSkew must be at least 1.
+ // When minDomains is specified, it must be at least 1 and whenUnsatisfiable must be "DoNotSchedule".
+ TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
+ // additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics
+ // in kube-state-metrics.
+ // Currently, only "Job" and "CronJob" resources are supported due to cardinality concerns.
+ // Each entry specifies a resource name and a list of Kubernetes label names to expose.
+ // Use "*" in the labels list to expose all labels for a given resource.
+ // additionalResourceLabels is optional.
+ // When omitted, no additional Kubernetes object labels are exposed as metrics
+ // by kube-state-metrics beyond its built-in metric labels (e.g. namespace, job_name).
+ // Use this field to opt in to exposing specific Kubernetes labels as metric labels
+ // for the supported resource types.
+ // Minimum length for this list is 1.
+ // Maximum length for this list is 2.
+ // Each resource name must be unique within this list.
+ AdditionalResourceLabels []KubeStateMetricsResourceLabelsApplyConfiguration `json:"additionalResourceLabels,omitempty"`
+}
+
+// KubeStateMetricsConfigApplyConfiguration constructs a declarative configuration of the KubeStateMetricsConfig type for use with
+// apply.
+func KubeStateMetricsConfig() *KubeStateMetricsConfigApplyConfiguration {
+ return &KubeStateMetricsConfigApplyConfiguration{}
+}
+
+// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the NodeSelector field,
+// overwriting an existing map entries in NodeSelector field with the same key.
+func (b *KubeStateMetricsConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *KubeStateMetricsConfigApplyConfiguration {
+ if b.NodeSelector == nil && len(entries) > 0 {
+ b.NodeSelector = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.NodeSelector[k] = v
+ }
+ return b
+}
+
+// WithResources adds the given value to the Resources field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Resources field.
+func (b *KubeStateMetricsConfigApplyConfiguration) WithResources(values ...*ContainerResourceApplyConfiguration) *KubeStateMetricsConfigApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithResources")
+ }
+ b.Resources = append(b.Resources, *values[i])
+ }
+ return b
+}
+
+// WithTolerations adds the given value to the Tolerations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Tolerations field.
+func (b *KubeStateMetricsConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *KubeStateMetricsConfigApplyConfiguration {
+ for i := range values {
+ b.Tolerations = append(b.Tolerations, values[i])
+ }
+ return b
+}
+
+// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field.
+func (b *KubeStateMetricsConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *KubeStateMetricsConfigApplyConfiguration {
+ for i := range values {
+ b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i])
+ }
+ return b
+}
+
+// WithAdditionalResourceLabels adds the given value to the AdditionalResourceLabels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the AdditionalResourceLabels field.
+func (b *KubeStateMetricsConfigApplyConfiguration) WithAdditionalResourceLabels(values ...*KubeStateMetricsResourceLabelsApplyConfiguration) *KubeStateMetricsConfigApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithAdditionalResourceLabels")
+ }
+ b.AdditionalResourceLabels = append(b.AdditionalResourceLabels, *values[i])
+ }
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsresourcelabels.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsresourcelabels.go
new file mode 100644
index 000000000..8b4de02a9
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsresourcelabels.go
@@ -0,0 +1,53 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ configv1alpha1 "github.com/openshift/api/config/v1alpha1"
+)
+
+// KubeStateMetricsResourceLabelsApplyConfiguration represents a declarative configuration of the KubeStateMetricsResourceLabels type for use
+// with apply.
+//
+// KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics
+// for a given resource type in kube-state-metrics.
+type KubeStateMetricsResourceLabelsApplyConfiguration struct {
+ // resource is the Kubernetes resource name whose labels should be exposed as metrics.
+ // Currently, only "Job" and "CronJob" are supported due to cardinality concerns.
+ // Valid values are "Job" and "CronJob".
+ // This field is required.
+ Resource *configv1alpha1.KubeStateMetricsResourceName `json:"resource,omitempty"`
+ // labels is the list of Kubernetes label names to expose as metrics for this resource.
+ // Use "*" to expose all labels for the specified resource.
+ // When "*" is specified, it must be the only entry in the list; mixing "*" with
+ // specific label names is not allowed.
+ // This field is required.
+ // Each label name must be unique within this list.
+ // Minimum length for this list is 1.
+ // Maximum length for this list is 50.
+ Labels []configv1alpha1.KubeStateMetricsLabelName `json:"labels,omitempty"`
+}
+
+// KubeStateMetricsResourceLabelsApplyConfiguration constructs a declarative configuration of the KubeStateMetricsResourceLabels type for use with
+// apply.
+func KubeStateMetricsResourceLabels() *KubeStateMetricsResourceLabelsApplyConfiguration {
+ return &KubeStateMetricsResourceLabelsApplyConfiguration{}
+}
+
+// WithResource sets the Resource field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Resource field is set to the value of the last call.
+func (b *KubeStateMetricsResourceLabelsApplyConfiguration) WithResource(value configv1alpha1.KubeStateMetricsResourceName) *KubeStateMetricsResourceLabelsApplyConfiguration {
+ b.Resource = &value
+ return b
+}
+
+// WithLabels adds the given value to the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Labels field.
+func (b *KubeStateMetricsResourceLabelsApplyConfiguration) WithLabels(values ...configv1alpha1.KubeStateMetricsLabelName) *KubeStateMetricsResourceLabelsApplyConfiguration {
+ for i := range values {
+ b.Labels = append(b.Labels, values[i])
+ }
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorconfig.go
index cb1c33804..ce8b83e06 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorconfig.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorconfig.go
@@ -80,6 +80,13 @@ type NodeExporterCollectorConfigApplyConfiguration struct {
// for excessive memory usage.
// Enable when you need metrics for specific units; scope units carefully.
Systemd *NodeExporterCollectorSystemdConfigApplyConfiguration `json:"systemd,omitempty"`
+ // softirqs configures the softirqs collector, which exposes detailed softirq statistics
+ // from /proc/softirqs.
+ // softirqs is optional.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ // which is subject to change over time. The current default is disabled.
+ // Enable when you need visibility into kernel softirq processing across CPUs.
+ Softirqs *NodeExporterCollectorSoftirqsConfigApplyConfiguration `json:"softirqs,omitempty"`
}
// NodeExporterCollectorConfigApplyConfiguration constructs a declarative configuration of the NodeExporterCollectorConfig type for use with
@@ -167,3 +174,11 @@ func (b *NodeExporterCollectorConfigApplyConfiguration) WithSystemd(value *NodeE
b.Systemd = value
return b
}
+
+// WithSoftirqs sets the Softirqs field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Softirqs field is set to the value of the last call.
+func (b *NodeExporterCollectorConfigApplyConfiguration) WithSoftirqs(value *NodeExporterCollectorSoftirqsConfigApplyConfiguration) *NodeExporterCollectorConfigApplyConfiguration {
+ b.Softirqs = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsoftirqsconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsoftirqsconfig.go
new file mode 100644
index 000000000..4f9936bc1
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsoftirqsconfig.go
@@ -0,0 +1,37 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ configv1alpha1 "github.com/openshift/api/config/v1alpha1"
+)
+
+// NodeExporterCollectorSoftirqsConfigApplyConfiguration represents a declarative configuration of the NodeExporterCollectorSoftirqsConfig type for use
+// with apply.
+//
+// NodeExporterCollectorSoftirqsConfig provides configuration for the softirqs collector
+// of the node-exporter agent. The softirqs collector exposes detailed softirq statistics
+// from /proc/softirqs.
+// It is disabled by default.
+type NodeExporterCollectorSoftirqsConfigApplyConfiguration struct {
+ // collectionPolicy declares whether the softirqs collector collects metrics.
+ // This field is required.
+ // Valid values are "Collect" and "DoNotCollect".
+ // When set to "Collect", the softirqs collector is active and softirq statistics are collected.
+ // When set to "DoNotCollect", the softirqs collector is inactive.
+ CollectionPolicy *configv1alpha1.NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"`
+}
+
+// NodeExporterCollectorSoftirqsConfigApplyConfiguration constructs a declarative configuration of the NodeExporterCollectorSoftirqsConfig type for use with
+// apply.
+func NodeExporterCollectorSoftirqsConfig() *NodeExporterCollectorSoftirqsConfigApplyConfiguration {
+ return &NodeExporterCollectorSoftirqsConfigApplyConfiguration{}
+}
+
+// WithCollectionPolicy sets the CollectionPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CollectionPolicy field is set to the value of the last call.
+func (b *NodeExporterCollectorSoftirqsConfigApplyConfiguration) WithCollectionPolicy(value configv1alpha1.NodeExporterCollectorCollectionPolicy) *NodeExporterCollectorSoftirqsConfigApplyConfiguration {
+ b.CollectionPolicy = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexporterconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexporterconfig.go
index 8c6a288f5..a4a250fc2 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexporterconfig.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexporterconfig.go
@@ -4,7 +4,6 @@ package v1alpha1
import (
configv1alpha1 "github.com/openshift/api/config/v1alpha1"
- v1 "k8s.io/api/core/v1"
)
// NodeExporterConfigApplyConfiguration represents a declarative configuration of the NodeExporterConfig type for use
@@ -16,14 +15,6 @@ import (
// network statistics.
// At least one field must be specified.
type NodeExporterConfigApplyConfiguration struct {
- // nodeSelector defines the nodes on which the Pods are scheduled.
- // nodeSelector is optional.
- //
- // When omitted, this means the user has no opinion and the platform is left
- // to choose reasonable defaults. These defaults are subject to change over time.
- // The current default value is `kubernetes.io/os: linux`.
- // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.
- NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// resources defines the compute resource requests and limits for the node-exporter container.
// This includes CPU, memory and HugePages constraints to help control scheduling and resource usage.
// When not specified, defaults are used by the platform. Requests cannot exceed limits.
@@ -44,16 +35,6 @@ type NodeExporterConfigApplyConfiguration struct {
// Minimum length for this list is 1.
// Each resource name must be unique within this list.
Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"`
- // tolerations defines tolerations for the pods.
- // tolerations is optional.
- //
- // When omitted, this means the user has no opinion and the platform is left
- // to choose reasonable defaults. These defaults are subject to change over time.
- // The current default is to tolerate all taints (operator: Exists without any key),
- // which is typical for DaemonSets that must run on every node.
- // Maximum length for this list is 10.
- // Minimum length for this list is 1.
- Tolerations []v1.Toleration `json:"tolerations,omitempty"`
// collectors configures which node-exporter metric collectors are enabled.
// collectors is optional.
// Each collector can be individually enabled or disabled. Some collectors may have
@@ -96,20 +77,6 @@ func NodeExporterConfig() *NodeExporterConfigApplyConfiguration {
return &NodeExporterConfigApplyConfiguration{}
}
-// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, the entries provided by each call will be put on the NodeSelector field,
-// overwriting an existing map entries in NodeSelector field with the same key.
-func (b *NodeExporterConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *NodeExporterConfigApplyConfiguration {
- if b.NodeSelector == nil && len(entries) > 0 {
- b.NodeSelector = make(map[string]string, len(entries))
- }
- for k, v := range entries {
- b.NodeSelector[k] = v
- }
- return b
-}
-
// WithResources adds the given value to the Resources field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Resources field.
@@ -123,16 +90,6 @@ func (b *NodeExporterConfigApplyConfiguration) WithResources(values ...*Containe
return b
}
-// WithTolerations adds the given value to the Tolerations field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the Tolerations field.
-func (b *NodeExporterConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *NodeExporterConfigApplyConfiguration {
- for i := range values {
- b.Tolerations = append(b.Tolerations, values[i])
- }
- return b
-}
-
// WithCollectors sets the Collectors field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Collectors field is set to the value of the last call.
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go
index 31d3b9f58..2565d5e49 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go
@@ -101,7 +101,7 @@ type PrometheusConfigApplyConfiguration struct {
// Each resource name must be unique within this list.
Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"`
// retention configures how long Prometheus retains metrics data and how much storage it can use.
- // When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).
+ // When omitted, the platform chooses reasonable defaults (currently 15d retention, no size limit).
Retention *RetentionApplyConfiguration `json:"retention,omitempty"`
// tolerations defines tolerations for the pods.
// tolerations is optional.
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go
index 2ca903f21..2c999b21d 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go
@@ -7,20 +7,28 @@ package v1alpha1
//
// Retention configures how long Prometheus retains metrics data and how much storage it can use.
type RetentionApplyConfiguration struct {
- // durationInDays specifies how many days Prometheus will retain metrics data.
+ // duration is an optional field that specifies how long Prometheus retains metrics data.
+ // Valid values are Prometheus-style duration strings with unit suffixes y, w, d, h, m, s, or ms
+ // (for example, "15d", "24h", or "5d1h30m"). Each unit value must be a positive integer.
+ // Composite durations must follow the fixed unit order y, w, d, h, m, s, ms.
+ // Must be at least 1 character and at most 64 characters.
+ // When set to "0", time-based retention is disabled. This is the only supported form for disabling
+ // time-based retention; other zero-duration representations such as "0d", "0h", or "0y" are rejected.
// Prometheus automatically deletes data older than this duration.
// When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
- // The default value is 15.
- // Minimum value is 1 day.
- // Maximum value is 365 days (1 year).
- DurationInDays *int32 `json:"durationInDays,omitempty"`
- // sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus
+ // The current default value is `15d`.
+ Duration *string `json:"duration,omitempty"`
+ // size is an optional field that specifies the maximum storage size that Prometheus
// can use for data blocks and the write-ahead log (WAL).
- // When the limit is reached, Prometheus will delete oldest data first.
+ // Valid values are byte-size strings with an optional decimal prefix and a unit suffix B, KB, MB, GB,
+ // TB, EB, PB, or their binary equivalents KiB, MiB, GiB, TiB, EiB, PiB (for example, "500MiB", "10GiB").
+ // The numeric value must be greater than zero.
+ // Must be at least 1 character and at most 32 characters.
+ // When set to "0", no size limit is enforced. This is the only supported form for disabling size-based
+ // retention; other zero-size representations such as "0B" or "0MiB" are rejected.
+ // When the limit is reached, Prometheus deletes oldest data first.
// When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity.
- // Minimum value is 1 GiB.
- // Maximum value is 16384 GiB (16 TiB).
- SizeInGiB *int32 `json:"sizeInGiB,omitempty"`
+ Size *string `json:"size,omitempty"`
}
// RetentionApplyConfiguration constructs a declarative configuration of the Retention type for use with
@@ -29,18 +37,18 @@ func Retention() *RetentionApplyConfiguration {
return &RetentionApplyConfiguration{}
}
-// WithDurationInDays sets the DurationInDays field in the declarative configuration to the given value
+// WithDuration sets the Duration field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the DurationInDays field is set to the value of the last call.
-func (b *RetentionApplyConfiguration) WithDurationInDays(value int32) *RetentionApplyConfiguration {
- b.DurationInDays = &value
+// If called multiple times, the Duration field is set to the value of the last call.
+func (b *RetentionApplyConfiguration) WithDuration(value string) *RetentionApplyConfiguration {
+ b.Duration = &value
return b
}
-// WithSizeInGiB sets the SizeInGiB field in the declarative configuration to the given value
+// WithSize sets the Size field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the SizeInGiB field is set to the value of the last call.
-func (b *RetentionApplyConfiguration) WithSizeInGiB(value int32) *RetentionApplyConfiguration {
- b.SizeInGiB = &value
+// If called multiple times, the Size field is set to the value of the last call.
+func (b *RetentionApplyConfiguration) WithSize(value string) *RetentionApplyConfiguration {
+ b.Size = &value
return b
}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go
index f2fda246e..9210a0a30 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go
@@ -3,6 +3,7 @@
package v1alpha1
import (
+ configv1alpha1 "github.com/openshift/api/config/v1alpha1"
v1 "k8s.io/api/core/v1"
)
@@ -13,6 +14,31 @@ import (
// that runs in the `openshift-monitoring` namespace.
// At least one field must be specified; an empty thanosQuerierConfig object is not allowed.
type ThanosQuerierConfigApplyConfiguration struct {
+ // logLevel defines the verbosity of logs emitted by Thanos Querier.
+ // logLevel is optional.
+ // Allowed values are Error, Warn, Info, and Debug.
+ // When set to Error, only errors will be logged.
+ // When set to Warn, both warnings and errors will be logged.
+ // When set to Info, general information, warnings, and errors will all be logged.
+ // When set to Debug, detailed debugging information will be logged.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time.
+ // The current default value is `Info`.
+ LogLevel *configv1alpha1.LogLevel `json:"logLevel,omitempty"`
+ // requestLogging configures request logging for Thanos Querier.
+ // requestLogging is optional.
+ // When provided, the policy field within is required.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time.
+ // The current default behavior is to not log any requests.
+ RequestLogging *ThanosQuerierRequestLoggingConfigApplyConfiguration `json:"requestLogging,omitempty"`
+ // crossOriginRequestPolicy configures the CORS (Cross-Origin Resource Sharing) policy
+ // for Thanos Querier's HTTP endpoints.
+ // crossOriginRequestPolicy is optional.
+ // Valid values are "AllowAll" and "DenyAll".
+ // When set to "AllowAll", CORS headers are added to responses, allowing cross-origin requests from any domain.
+ // When set to "DenyAll", no CORS headers are added and cross-origin requests are rejected by the browser.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time.
+ // The current default value is "DenyAll".
+ CrossOriginRequestPolicy *configv1alpha1.CrossOriginRequestPolicy `json:"crossOriginRequestPolicy,omitempty"`
// nodeSelector defines the nodes on which the Pods are scheduled.
// nodeSelector is optional.
//
@@ -69,6 +95,30 @@ func ThanosQuerierConfig() *ThanosQuerierConfigApplyConfiguration {
return &ThanosQuerierConfigApplyConfiguration{}
}
+// WithLogLevel sets the LogLevel field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LogLevel field is set to the value of the last call.
+func (b *ThanosQuerierConfigApplyConfiguration) WithLogLevel(value configv1alpha1.LogLevel) *ThanosQuerierConfigApplyConfiguration {
+ b.LogLevel = &value
+ return b
+}
+
+// WithRequestLogging sets the RequestLogging field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RequestLogging field is set to the value of the last call.
+func (b *ThanosQuerierConfigApplyConfiguration) WithRequestLogging(value *ThanosQuerierRequestLoggingConfigApplyConfiguration) *ThanosQuerierConfigApplyConfiguration {
+ b.RequestLogging = value
+ return b
+}
+
+// WithCrossOriginRequestPolicy sets the CrossOriginRequestPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CrossOriginRequestPolicy field is set to the value of the last call.
+func (b *ThanosQuerierConfigApplyConfiguration) WithCrossOriginRequestPolicy(value configv1alpha1.CrossOriginRequestPolicy) *ThanosQuerierConfigApplyConfiguration {
+ b.CrossOriginRequestPolicy = &value
+ return b
+}
+
// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, the entries provided by each call will be put on the NodeSelector field,
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierrequestloggingconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierrequestloggingconfig.go
new file mode 100644
index 000000000..d9a626442
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierrequestloggingconfig.go
@@ -0,0 +1,34 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ configv1alpha1 "github.com/openshift/api/config/v1alpha1"
+)
+
+// ThanosQuerierRequestLoggingConfigApplyConfiguration represents a declarative configuration of the ThanosQuerierRequestLoggingConfig type for use
+// with apply.
+//
+// ThanosQuerierRequestLoggingConfig configures request logging for Thanos Querier.
+type ThanosQuerierRequestLoggingConfigApplyConfiguration struct {
+ // policy determines which HTTP and gRPC requests are logged by Thanos Querier.
+ // Valid values are "AllRequests" and "NoRequests".
+ // When set to "AllRequests", every request received by Thanos Querier is logged with method, path, and response status.
+ // The log level for request logs is derived from the logLevel field.
+ // When set to "NoRequests", request logging is turned off.
+ Policy *configv1alpha1.RequestLoggingPolicy `json:"policy,omitempty"`
+}
+
+// ThanosQuerierRequestLoggingConfigApplyConfiguration constructs a declarative configuration of the ThanosQuerierRequestLoggingConfig type for use with
+// apply.
+func ThanosQuerierRequestLoggingConfig() *ThanosQuerierRequestLoggingConfigApplyConfiguration {
+ return &ThanosQuerierRequestLoggingConfigApplyConfiguration{}
+}
+
+// WithPolicy sets the Policy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Policy field is set to the value of the last call.
+func (b *ThanosQuerierRequestLoggingConfigApplyConfiguration) WithPolicy(value configv1alpha1.RequestLoggingPolicy) *ThanosQuerierRequestLoggingConfigApplyConfiguration {
+ b.Policy = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go
index 2021ad596..2251f8427 100644
--- a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go
+++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go
@@ -23,80 +23,96 @@ func Parser() *typed.Parser {
var parserOnce sync.Once
var parser *typed.Parser
var schemaYAML = typed.YAMLObject(`types:
-- name: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
+- name: com.github.openshift.api.config.v1.APIServer
map:
fields:
- - name: lastTransitionTime
+ - name: apiVersion
type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: message
+ scalar: string
+ - name: kind
type:
scalar: string
- default: ""
- - name: observedGeneration
+ - name: metadata
type:
- scalar: numeric
- - name: reason
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
type:
- scalar: string
- default: ""
+ namedType: com.github.openshift.api.config.v1.APIServerSpec
+ default: {}
- name: status
type:
- scalar: string
- default: ""
- - name: type
- type:
- scalar: string
- default: ""
-- name: ConfigMapKeySelector.v1.core.api.k8s.io
+ namedType: com.github.openshift.api.config.v1.APIServerStatus
+ default: {}
+- name: com.github.openshift.api.config.v1.APIServerEncryption
map:
fields:
- - name: key
+ - name: kms
type:
- scalar: string
- default: ""
- - name: name
+ namedType: com.github.openshift.api.config.v1.KMSPluginConfig
+ default: {}
+ - name: type
type:
scalar: string
- default: ""
- - name: optional
- type:
- scalar: boolean
- elementRelationship: atomic
-- name: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
- scalar: string
-- name: EnvVar.v1.core.api.k8s.io
+ unions:
+ - discriminator: type
+ fields:
+ - fieldName: kms
+ discriminatorValue: KMS
+- name: com.github.openshift.api.config.v1.APIServerNamedServingCert
map:
fields:
- - name: name
+ - name: names
type:
- scalar: string
- default: ""
- - name: value
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: servingCertificate
type:
- scalar: string
- - name: valueFrom
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
+ default: {}
+- name: com.github.openshift.api.config.v1.APIServerServingCerts
+ map:
+ fields:
+ - name: namedCertificates
type:
- namedType: EnvVarSource.v1.core.api.k8s.io
-- name: EnvVarSource.v1.core.api.k8s.io
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.APIServerNamedServingCert
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.APIServerSpec
map:
fields:
- - name: configMapKeyRef
+ - name: additionalCORSAllowedOrigins
type:
- namedType: ConfigMapKeySelector.v1.core.api.k8s.io
- - name: fieldRef
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: audit
type:
- namedType: ObjectFieldSelector.v1.core.api.k8s.io
- - name: fileKeyRef
+ namedType: com.github.openshift.api.config.v1.Audit
+ default: {}
+ - name: clientCA
type:
- namedType: FileKeySelector.v1.core.api.k8s.io
- - name: resourceFieldRef
+ namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
+ default: {}
+ - name: encryption
type:
- namedType: ResourceFieldSelector.v1.core.api.k8s.io
- - name: secretKeyRef
+ namedType: com.github.openshift.api.config.v1.APIServerEncryption
+ default: {}
+ - name: servingCerts
type:
- namedType: SecretKeySelector.v1.core.api.k8s.io
-- name: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: com.github.openshift.api.config.v1.APIServerServingCerts
+ default: {}
+ - name: tlsAdherence
+ type:
+ scalar: string
+ - name: tlsSecurityProfile
+ type:
+ namedType: com.github.openshift.api.config.v1.TLSSecurityProfile
+- name: com.github.openshift.api.config.v1.APIServerStatus
map:
elementType:
scalar: untyped
@@ -108,229 +124,190 @@ var schemaYAML = typed.YAMLObject(`types:
elementType:
namedType: __untyped_deduced_
elementRelationship: separable
-- name: FileKeySelector.v1.core.api.k8s.io
+- name: com.github.openshift.api.config.v1.AWSDNSSpec
map:
fields:
- - name: key
- type:
- scalar: string
- default: ""
- - name: optional
- type:
- scalar: boolean
- default: false
- - name: path
+ - name: privateZoneIAMRole
type:
scalar: string
default: ""
- - name: volumeName
+- name: com.github.openshift.api.config.v1.AWSIngressSpec
+ map:
+ fields:
+ - name: type
type:
scalar: string
default: ""
- elementRelationship: atomic
-- name: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
+ unions:
+ - discriminator: type
+- name: com.github.openshift.api.config.v1.AWSPlatformSpec
map:
fields:
- - name: matchExpressions
+ - name: serviceEndpoints
type:
list:
elementType:
- namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint
elementRelationship: atomic
- - name: matchLabels
- type:
- map:
- elementType:
- scalar: string
- elementRelationship: atomic
-- name: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io
+- name: com.github.openshift.api.config.v1.AWSPlatformStatus
map:
fields:
- - name: key
+ - name: cloudLoadBalancerConfig
+ type:
+ namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig
+ default:
+ dnsType: PlatformDefault
+ - name: ipFamily
type:
scalar: string
- default: ""
- - name: operator
+ default: IPv4
+ - name: region
type:
scalar: string
default: ""
- - name: values
+ - name: resourceTags
type:
list:
elementType:
- scalar: string
+ namedType: com.github.openshift.api.config.v1.AWSResourceTag
+ elementRelationship: atomic
+ - name: serviceEndpoints
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint
elementRelationship: atomic
-- name: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io
+- name: com.github.openshift.api.config.v1.AWSResourceTag
map:
fields:
- - name: apiVersion
+ - name: key
type:
scalar: string
- - name: fieldsType
+ default: ""
+ - name: value
type:
scalar: string
- - name: fieldsV1
- type:
- namedType: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: manager
+ default: ""
+- name: com.github.openshift.api.config.v1.AWSServiceEndpoint
+ map:
+ fields:
+ - name: name
type:
scalar: string
- - name: operation
+ default: ""
+ - name: url
type:
scalar: string
- - name: subresource
+ default: ""
+- name: com.github.openshift.api.config.v1.AcceptRisk
+ map:
+ fields:
+ - name: name
type:
scalar: string
- - name: time
- type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
-- name: ModifyVolumeStatus.v1.core.api.k8s.io
+- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus
map:
fields:
- - name: status
+ - name: region
type:
scalar: string
default: ""
- - name: targetVolumeAttributesClassName
+ - name: resourceGroupID
type:
scalar: string
-- name: ObjectFieldSelector.v1.core.api.k8s.io
+ - name: resourceTags
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.AlibabaCloudResourceTag
+ elementRelationship: associative
+ keys:
+ - key
+- name: com.github.openshift.api.config.v1.AlibabaCloudResourceTag
map:
fields:
- - name: apiVersion
+ - name: key
type:
scalar: string
- - name: fieldPath
+ default: ""
+ - name: value
type:
scalar: string
default: ""
- elementRelationship: atomic
-- name: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+- name: com.github.openshift.api.config.v1.Audit
map:
fields:
- - name: annotations
- type:
- map:
- elementType:
- scalar: string
- - name: creationTimestamp
- type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: deletionGracePeriodSeconds
- type:
- scalar: numeric
- - name: deletionTimestamp
- type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: finalizers
+ - name: customRules
type:
list:
elementType:
- scalar: string
+ namedType: com.github.openshift.api.config.v1.AuditCustomRule
elementRelationship: associative
- - name: generateName
+ keys:
+ - group
+ - name: profile
type:
scalar: string
- - name: generation
- type:
- scalar: numeric
- - name: labels
+- name: com.github.openshift.api.config.v1.AuditCustomRule
+ map:
+ fields:
+ - name: group
type:
- map:
- elementType:
- scalar: string
- - name: managedFields
+ scalar: string
+ default: ""
+ - name: profile
type:
- list:
- elementType:
- namedType: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io
- elementRelationship: atomic
- - name: name
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.Authentication
+ map:
+ fields:
+ - name: apiVersion
type:
scalar: string
- - name: namespace
+ - name: kind
type:
scalar: string
- - name: ownerReferences
+ - name: metadata
type:
- list:
- elementType:
- namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io
- elementRelationship: associative
- keys:
- - uid
- - name: resourceVersion
- type:
- scalar: string
- - name: selfLink
- type:
- scalar: string
- - name: uid
- type:
- scalar: string
-- name: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io
- map:
- fields:
- - name: apiVersion
- type:
- scalar: string
- default: ""
- - name: blockOwnerDeletion
- type:
- scalar: boolean
- - name: controller
- type:
- scalar: boolean
- - name: kind
- type:
- scalar: string
- default: ""
- - name: name
- type:
- scalar: string
- default: ""
- - name: uid
- type:
- scalar: string
- default: ""
- elementRelationship: atomic
-- name: PersistentVolumeClaim.v1.core.api.k8s.io
- map:
- fields:
- - name: apiVersion
- type:
- scalar: string
- - name: kind
- type:
- scalar: string
- - name: metadata
- type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
- namedType: PersistentVolumeClaimSpec.v1.core.api.k8s.io
+ namedType: com.github.openshift.api.config.v1.AuthenticationSpec
default: {}
- name: status
type:
- namedType: PersistentVolumeClaimStatus.v1.core.api.k8s.io
+ namedType: com.github.openshift.api.config.v1.AuthenticationStatus
default: {}
-- name: PersistentVolumeClaimCondition.v1.core.api.k8s.io
+- name: com.github.openshift.api.config.v1.AuthenticationSpec
map:
fields:
- - name: lastProbeTime
- type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: lastTransitionTime
- type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: message
+ - name: oauthMetadata
type:
- scalar: string
- - name: reason
+ namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
+ default: {}
+ - name: oidcProviders
type:
- scalar: string
- - name: status
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.OIDCProvider
+ elementRelationship: associative
+ keys:
+ - name
+ - name: serviceAccountIssuer
type:
scalar: string
default: ""
@@ -338,85 +315,32 @@ var schemaYAML = typed.YAMLObject(`types:
type:
scalar: string
default: ""
-- name: PersistentVolumeClaimSpec.v1.core.api.k8s.io
- map:
- fields:
- - name: accessModes
+ - name: webhookTokenAuthenticator
+ type:
+ namedType: com.github.openshift.api.config.v1.WebhookTokenAuthenticator
+ - name: webhookTokenAuthenticators
type:
list:
elementType:
- scalar: string
+ namedType: com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator
elementRelationship: atomic
- - name: dataSource
- type:
- namedType: TypedLocalObjectReference.v1.core.api.k8s.io
- - name: dataSourceRef
- type:
- namedType: TypedObjectReference.v1.core.api.k8s.io
- - name: resources
- type:
- namedType: VolumeResourceRequirements.v1.core.api.k8s.io
- default: {}
- - name: selector
- type:
- namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: storageClassName
- type:
- scalar: string
- - name: volumeAttributesClassName
- type:
- scalar: string
- - name: volumeMode
- type:
- scalar: string
- - name: volumeName
- type:
- scalar: string
-- name: PersistentVolumeClaimStatus.v1.core.api.k8s.io
+- name: com.github.openshift.api.config.v1.AuthenticationStatus
map:
fields:
- - name: accessModes
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: allocatedResourceStatuses
- type:
- map:
- elementType:
- scalar: string
- elementRelationship: separable
- - name: allocatedResources
- type:
- map:
- elementType:
- namedType: Quantity.resource.api.pkg.apimachinery.k8s.io
- - name: capacity
+ - name: integratedOAuthMetadata
type:
- map:
- elementType:
- namedType: Quantity.resource.api.pkg.apimachinery.k8s.io
- - name: conditions
+ namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
+ default: {}
+ - name: oidcClients
type:
list:
elementType:
- namedType: PersistentVolumeClaimCondition.v1.core.api.k8s.io
+ namedType: com.github.openshift.api.config.v1.OIDCClientStatus
elementRelationship: associative
keys:
- - type
- - name: currentVolumeAttributesClassName
- type:
- scalar: string
- - name: modifyVolumeStatus
- type:
- namedType: ModifyVolumeStatus.v1.core.api.k8s.io
- - name: phase
- type:
- scalar: string
-- name: Quantity.resource.api.pkg.apimachinery.k8s.io
- scalar: string
-- name: RawExtension.runtime.pkg.apimachinery.k8s.io
+ - componentNamespace
+ - componentName
+- name: com.github.openshift.api.config.v1.AzurePlatformSpec
map:
elementType:
scalar: untyped
@@ -428,165 +352,136 @@ var schemaYAML = typed.YAMLObject(`types:
elementType:
namedType: __untyped_deduced_
elementRelationship: separable
-- name: ResourceClaim.v1.core.api.k8s.io
+- name: com.github.openshift.api.config.v1.AzurePlatformStatus
map:
fields:
- - name: name
+ - name: armEndpoint
type:
scalar: string
- default: ""
- - name: request
+ - name: cloudLoadBalancerConfig
+ type:
+ namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig
+ default:
+ dnsType: PlatformDefault
+ - name: cloudName
type:
scalar: string
-- name: ResourceFieldSelector.v1.core.api.k8s.io
- map:
- fields:
- - name: containerName
+ - name: ipFamily
type:
scalar: string
- - name: divisor
+ default: IPv4
+ - name: networkResourceGroupName
type:
- namedType: Quantity.resource.api.pkg.apimachinery.k8s.io
- - name: resource
+ scalar: string
+ - name: resourceGroupName
type:
scalar: string
default: ""
- elementRelationship: atomic
-- name: ResourceRequirements.v1.core.api.k8s.io
- map:
- fields:
- - name: claims
+ - name: resourceTags
type:
list:
elementType:
- namedType: ResourceClaim.v1.core.api.k8s.io
- elementRelationship: associative
- keys:
- - name
- - name: limits
- type:
- map:
- elementType:
- namedType: Quantity.resource.api.pkg.apimachinery.k8s.io
- - name: requests
- type:
- map:
- elementType:
- namedType: Quantity.resource.api.pkg.apimachinery.k8s.io
-- name: SecretKeySelector.v1.core.api.k8s.io
+ namedType: com.github.openshift.api.config.v1.AzureResourceTag
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.AzureResourceTag
map:
fields:
- name: key
type:
scalar: string
default: ""
- - name: name
+ - name: value
type:
scalar: string
default: ""
- - name: optional
- type:
- scalar: boolean
- elementRelationship: atomic
-- name: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- scalar: untyped
-- name: Toleration.v1.core.api.k8s.io
+- name: com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer
map:
fields:
- - name: effect
- type:
- scalar: string
- - name: key
- type:
- scalar: string
- - name: operator
- type:
- scalar: string
- - name: tolerationSeconds
- type:
- scalar: numeric
- - name: value
+ - name: type
type:
scalar: string
-- name: TopologySpreadConstraint.v1.core.api.k8s.io
+ default: OpenShiftManagedDefault
+ unions:
+ - discriminator: type
+- name: com.github.openshift.api.config.v1.BareMetalPlatformSpec
map:
fields:
- - name: labelSelector
- type:
- namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: matchLabelKeys
+ - name: apiServerInternalIPs
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- - name: maxSkew
+ - name: ingressIPs
type:
- scalar: numeric
- default: 0
- - name: minDomains
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: machineNetworks
type:
- scalar: numeric
- - name: nodeAffinityPolicy
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.BareMetalPlatformStatus
+ map:
+ fields:
+ - name: apiServerInternalIP
type:
scalar: string
- - name: nodeTaintsPolicy
+ - name: apiServerInternalIPs
type:
- scalar: string
- - name: topologyKey
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: dnsRecordsType
type:
scalar: string
- default: ""
- - name: whenUnsatisfiable
+ - name: ingressIP
type:
scalar: string
- default: ""
-- name: TypedLocalObjectReference.v1.core.api.k8s.io
- map:
- fields:
- - name: apiGroup
+ - name: ingressIPs
type:
- scalar: string
- - name: kind
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: loadBalancer
type:
- scalar: string
- default: ""
- - name: name
+ namedType: com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer
+ default:
+ type: OpenShiftManagedDefault
+ - name: machineNetworks
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: nodeDNSIP
type:
scalar: string
- default: ""
- elementRelationship: atomic
-- name: TypedObjectReference.v1.core.api.k8s.io
+- name: com.github.openshift.api.config.v1.BasicAuthIdentityProvider
map:
fields:
- - name: apiGroup
+ - name: ca
type:
- scalar: string
- - name: kind
+ namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
+ default: {}
+ - name: tlsClientCert
type:
- scalar: string
- default: ""
- - name: name
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
+ default: {}
+ - name: tlsClientKey
type:
- scalar: string
- default: ""
- - name: namespace
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
+ default: {}
+ - name: url
type:
scalar: string
-- name: VolumeResourceRequirements.v1.core.api.k8s.io
- map:
- fields:
- - name: limits
- type:
- map:
- elementType:
- namedType: Quantity.resource.api.pkg.apimachinery.k8s.io
- - name: requests
- type:
- map:
- elementType:
- namedType: Quantity.resource.api.pkg.apimachinery.k8s.io
-- name: com.github.openshift.api.config.v1.APIServer
+ default: ""
+- name: com.github.openshift.api.config.v1.Build
map:
fields:
- name: apiVersion
@@ -597,243 +492,223 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
- namedType: com.github.openshift.api.config.v1.APIServerSpec
- default: {}
- - name: status
- type:
- namedType: com.github.openshift.api.config.v1.APIServerStatus
+ namedType: com.github.openshift.api.config.v1.BuildSpec
default: {}
-- name: com.github.openshift.api.config.v1.APIServerEncryption
+- name: com.github.openshift.api.config.v1.BuildDefaults
map:
fields:
- - name: kms
+ - name: defaultProxy
type:
- namedType: com.github.openshift.api.config.v1.KMSConfig
- - name: type
+ namedType: com.github.openshift.api.config.v1.ProxySpec
+ - name: env
type:
- scalar: string
- unions:
- - discriminator: type
- fields:
- - fieldName: kms
- discriminatorValue: KMS
-- name: com.github.openshift.api.config.v1.APIServerNamedServingCert
- map:
- fields:
- - name: names
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.EnvVar
+ elementRelationship: atomic
+ - name: gitProxy
+ type:
+ namedType: com.github.openshift.api.config.v1.ProxySpec
+ - name: imageLabels
type:
list:
elementType:
- scalar: string
+ namedType: com.github.openshift.api.config.v1.ImageLabel
elementRelationship: atomic
- - name: servingCertificate
+ - name: resources
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
+ namedType: io.k8s.api.core.v1.ResourceRequirements
default: {}
-- name: com.github.openshift.api.config.v1.APIServerServingCerts
+- name: com.github.openshift.api.config.v1.BuildOverrides
map:
fields:
- - name: namedCertificates
+ - name: forcePull
+ type:
+ scalar: boolean
+ - name: imageLabels
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.APIServerNamedServingCert
+ namedType: com.github.openshift.api.config.v1.ImageLabel
elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.APIServerSpec
- map:
- fields:
- - name: additionalCORSAllowedOrigins
+ - name: nodeSelector
type:
- list:
+ map:
elementType:
scalar: string
- elementRelationship: atomic
- - name: audit
+ - name: tolerations
type:
- namedType: com.github.openshift.api.config.v1.Audit
- default: {}
- - name: clientCA
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.Toleration
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.BuildSpec
+ map:
+ fields:
+ - name: additionalTrustedCA
type:
namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
default: {}
- - name: encryption
+ - name: buildDefaults
type:
- namedType: com.github.openshift.api.config.v1.APIServerEncryption
+ namedType: com.github.openshift.api.config.v1.BuildDefaults
default: {}
- - name: servingCerts
+ - name: buildOverrides
type:
- namedType: com.github.openshift.api.config.v1.APIServerServingCerts
+ namedType: com.github.openshift.api.config.v1.BuildOverrides
default: {}
- - name: tlsAdherence
- type:
- scalar: string
- - name: tlsSecurityProfile
- type:
- namedType: com.github.openshift.api.config.v1.TLSSecurityProfile
-- name: com.github.openshift.api.config.v1.APIServerStatus
+- name: com.github.openshift.api.config.v1.CRIOCredentialProviderConfig
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
map:
elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.AWSDNSSpec
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1.ClientCredentialConfig
map:
fields:
- - name: privateZoneIAMRole
+ - name: clientID
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.AWSIngressSpec
+ - name: clientSecret
+ type:
+ namedType: com.github.openshift.api.config.v1.ClientSecretSecretReference
+ default: {}
+ - name: scopes
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: associative
+ - name: tls
+ type:
+ namedType: com.github.openshift.api.config.v1.ExternalSourceTLS
+ default: {}
+ - name: tokenEndpoint
+ type:
+ scalar: string
+- name: com.github.openshift.api.config.v1.ClientSecretSecretReference
map:
fields:
- - name: type
+ - name: name
type:
scalar: string
- default: ""
- unions:
- - discriminator: type
-- name: com.github.openshift.api.config.v1.AWSPlatformSpec
+- name: com.github.openshift.api.config.v1.CloudControllerManagerStatus
map:
fields:
- - name: serviceEndpoints
+ - name: state
type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.AWSPlatformStatus
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.CloudLoadBalancerConfig
map:
fields:
- - name: cloudLoadBalancerConfig
+ - name: clusterHosted
type:
- namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig
- default:
- dnsType: PlatformDefault
- - name: ipFamily
+ namedType: com.github.openshift.api.config.v1.CloudLoadBalancerIPs
+ - name: dnsType
type:
scalar: string
- default: IPv4
- - name: region
+ default: PlatformDefault
+ unions:
+ - discriminator: dnsType
+ fields:
+ - fieldName: clusterHosted
+ discriminatorValue: ClusterHosted
+- name: com.github.openshift.api.config.v1.CloudLoadBalancerIPs
+ map:
+ fields:
+ - name: apiIntLoadBalancerIPs
type:
- scalar: string
- default: ""
- - name: resourceTags
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: associative
+ - name: apiLoadBalancerIPs
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.AWSResourceTag
- elementRelationship: atomic
- - name: serviceEndpoints
+ scalar: string
+ elementRelationship: associative
+ - name: ingressLoadBalancerIPs
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.AWSResourceTag
+ scalar: string
+ elementRelationship: associative
+- name: com.github.openshift.api.config.v1.ClusterCondition
map:
fields:
- - name: key
+ - name: promql
type:
- scalar: string
- default: ""
- - name: value
+ namedType: com.github.openshift.api.config.v1.PromQLClusterCondition
+ - name: type
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.AWSServiceEndpoint
+- name: com.github.openshift.api.config.v1.ClusterImagePolicy
map:
fields:
- - name: name
+ - name: apiVersion
type:
scalar: string
- default: ""
- - name: url
+ - name: kind
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.AcceptRisk
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.config.v1.ClusterImagePolicySpec
+ default: {}
+ - name: status
+ type:
+ namedType: com.github.openshift.api.config.v1.ClusterImagePolicyStatus
+ default: {}
+- name: com.github.openshift.api.config.v1.ClusterImagePolicySpec
map:
fields:
- - name: name
+ - name: policy
type:
- scalar: string
-- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus
- map:
- fields:
- - name: region
- type:
- scalar: string
- default: ""
- - name: resourceGroupID
- type:
- scalar: string
- - name: resourceTags
+ namedType: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy
+ default: {}
+ - name: scopes
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.AlibabaCloudResourceTag
+ scalar: string
elementRelationship: associative
- keys:
- - key
-- name: com.github.openshift.api.config.v1.AlibabaCloudResourceTag
- map:
- fields:
- - name: key
- type:
- scalar: string
- default: ""
- - name: value
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.Audit
+- name: com.github.openshift.api.config.v1.ClusterImagePolicyStatus
map:
fields:
- - name: customRules
+ - name: conditions
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.AuditCustomRule
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
elementRelationship: associative
keys:
- - group
- - name: profile
- type:
- scalar: string
-- name: com.github.openshift.api.config.v1.AuditCustomRule
+ - type
+- name: com.github.openshift.api.config.v1.ClusterNetworkEntry
map:
fields:
- - name: group
+ - name: cidr
type:
scalar: string
default: ""
- - name: profile
+ - name: hostPrefix
type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.Authentication
+ scalar: numeric
+- name: com.github.openshift.api.config.v1.ClusterOperator
map:
fields:
- name: apiVersion
@@ -844,394 +719,372 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
- namedType: com.github.openshift.api.config.v1.AuthenticationSpec
+ namedType: com.github.openshift.api.config.v1.ClusterOperatorSpec
default: {}
- name: status
type:
- namedType: com.github.openshift.api.config.v1.AuthenticationStatus
+ namedType: com.github.openshift.api.config.v1.ClusterOperatorStatus
default: {}
-- name: com.github.openshift.api.config.v1.AuthenticationSpec
+- name: com.github.openshift.api.config.v1.ClusterOperatorSpec
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1.ClusterOperatorStatus
map:
fields:
- - name: oauthMetadata
- type:
- namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
- default: {}
- - name: oidcProviders
+ - name: conditions
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.OIDCProvider
+ namedType: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition
elementRelationship: associative
keys:
- - name
- - name: serviceAccountIssuer
- type:
- scalar: string
- default: ""
- - name: type
- type:
- scalar: string
- default: ""
- - name: webhookTokenAuthenticator
+ - type
+ - name: extension
type:
- namedType: com.github.openshift.api.config.v1.WebhookTokenAuthenticator
- - name: webhookTokenAuthenticators
+ namedType: __untyped_atomic_
+ - name: relatedObjects
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator
+ namedType: com.github.openshift.api.config.v1.ObjectReference
elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.AuthenticationStatus
- map:
- fields:
- - name: integratedOAuthMetadata
- type:
- namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
- default: {}
- - name: oidcClients
+ - name: versions
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.OIDCClientStatus
- elementRelationship: associative
- keys:
- - componentNamespace
- - componentName
-- name: com.github.openshift.api.config.v1.AzurePlatformSpec
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.AzurePlatformStatus
+ namedType: com.github.openshift.api.config.v1.OperandVersion
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition
map:
fields:
- - name: armEndpoint
- type:
- scalar: string
- - name: cloudLoadBalancerConfig
+ - name: lastTransitionTime
type:
- namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig
- default:
- dnsType: PlatformDefault
- - name: cloudName
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ - name: message
type:
scalar: string
- - name: ipFamily
+ - name: reason
type:
scalar: string
- default: IPv4
- - name: networkResourceGroupName
+ - name: status
type:
scalar: string
- - name: resourceGroupName
+ default: ""
+ - name: type
type:
scalar: string
default: ""
- - name: resourceTags
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.AzureResourceTag
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.AzureResourceTag
+- name: com.github.openshift.api.config.v1.ClusterVersion
map:
fields:
- - name: key
+ - name: apiVersion
type:
scalar: string
- default: ""
- - name: value
+ - name: kind
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer
- map:
- fields:
- - name: type
+ - name: metadata
type:
- scalar: string
- default: OpenShiftManagedDefault
- unions:
- - discriminator: type
-- name: com.github.openshift.api.config.v1.BareMetalPlatformSpec
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.config.v1.ClusterVersionSpec
+ default: {}
+ - name: status
+ type:
+ namedType: com.github.openshift.api.config.v1.ClusterVersionStatus
+ default: {}
+- name: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec
map:
fields:
- - name: apiServerInternalIPs
+ - name: additionalEnabledCapabilities
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- - name: ingressIPs
+ - name: baselineCapabilitySet
+ type:
+ scalar: string
+- name: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus
+ map:
+ fields:
+ - name: enabledCapabilities
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- - name: machineNetworks
+ - name: knownCapabilities
type:
list:
elementType:
scalar: string
elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.BareMetalPlatformStatus
+- name: com.github.openshift.api.config.v1.ClusterVersionSpec
map:
fields:
- - name: apiServerInternalIP
- type:
- scalar: string
- - name: apiServerInternalIPs
+ - name: capabilities
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: dnsRecordsType
+ namedType: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec
+ - name: channel
type:
scalar: string
- - name: ingressIP
+ - name: clusterID
type:
scalar: string
- - name: ingressIPs
+ default: ""
+ - name: desiredUpdate
+ type:
+ namedType: com.github.openshift.api.config.v1.Update
+ - name: overrides
type:
list:
elementType:
- scalar: string
- elementRelationship: atomic
- - name: loadBalancer
- type:
- namedType: com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer
- default:
- type: OpenShiftManagedDefault
- - name: machineNetworks
+ namedType: com.github.openshift.api.config.v1.ComponentOverride
+ elementRelationship: associative
+ keys:
+ - kind
+ - group
+ - namespace
+ - name
+ - name: signatureStores
type:
list:
elementType:
- scalar: string
- elementRelationship: atomic
- - name: nodeDNSIP
+ namedType: com.github.openshift.api.config.v1.SignatureStore
+ elementRelationship: associative
+ keys:
+ - url
+ - name: upstream
type:
scalar: string
-- name: com.github.openshift.api.config.v1.BasicAuthIdentityProvider
+- name: com.github.openshift.api.config.v1.ClusterVersionStatus
map:
fields:
- - name: ca
+ - name: availableUpdates
type:
- namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
- default: {}
- - name: tlsClientCert
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.Release
+ elementRelationship: atomic
+ - name: capabilities
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
+ namedType: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus
default: {}
- - name: tlsClientKey
+ - name: conditionalUpdateRisks
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
- default: {}
- - name: url
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.Build
- map:
- fields:
- - name: apiVersion
- type:
- scalar: string
- - name: kind
- type:
- scalar: string
- - name: metadata
- type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
- type:
- namedType: com.github.openshift.api.config.v1.BuildSpec
- default: {}
-- name: com.github.openshift.api.config.v1.BuildDefaults
- map:
- fields:
- - name: defaultProxy
- type:
- namedType: com.github.openshift.api.config.v1.ProxySpec
- - name: env
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.ConditionalUpdateRisk
+ elementRelationship: associative
+ keys:
+ - name
+ - name: conditionalUpdates
type:
list:
elementType:
- namedType: EnvVar.v1.core.api.k8s.io
+ namedType: com.github.openshift.api.config.v1.ConditionalUpdate
elementRelationship: atomic
- - name: gitProxy
- type:
- namedType: com.github.openshift.api.config.v1.ProxySpec
- - name: imageLabels
+ - name: conditions
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.ImageLabel
- elementRelationship: atomic
- - name: resources
+ namedType: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition
+ elementRelationship: associative
+ keys:
+ - type
+ - name: desired
type:
- namedType: ResourceRequirements.v1.core.api.k8s.io
+ namedType: com.github.openshift.api.config.v1.Release
default: {}
-- name: com.github.openshift.api.config.v1.BuildOverrides
- map:
- fields:
- - name: forcePull
- type:
- scalar: boolean
- - name: imageLabels
+ - name: history
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.ImageLabel
+ namedType: com.github.openshift.api.config.v1.UpdateHistory
elementRelationship: atomic
- - name: nodeSelector
+ - name: observedGeneration
type:
- map:
- elementType:
- scalar: string
- - name: tolerations
+ scalar: numeric
+ default: 0
+ - name: versionHash
type:
- list:
- elementType:
- namedType: Toleration.v1.core.api.k8s.io
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.BuildSpec
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.ComponentOverride
map:
fields:
- - name: additionalTrustedCA
+ - name: group
type:
- namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
- default: {}
- - name: buildDefaults
+ scalar: string
+ default: ""
+ - name: kind
type:
- namedType: com.github.openshift.api.config.v1.BuildDefaults
- default: {}
- - name: buildOverrides
+ scalar: string
+ default: ""
+ - name: name
type:
- namedType: com.github.openshift.api.config.v1.BuildOverrides
- default: {}
-- name: com.github.openshift.api.config.v1.CloudControllerManagerStatus
- map:
- fields:
- - name: state
+ scalar: string
+ default: ""
+ - name: namespace
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.CloudLoadBalancerConfig
+ - name: unmanaged
+ type:
+ scalar: boolean
+ default: false
+- name: com.github.openshift.api.config.v1.ComponentRouteSpec
map:
fields:
- - name: clusterHosted
+ - name: hostname
type:
- namedType: com.github.openshift.api.config.v1.CloudLoadBalancerIPs
- - name: dnsType
+ scalar: string
+ default: ""
+ - name: name
type:
scalar: string
- default: PlatformDefault
- unions:
- - discriminator: dnsType
- fields:
- - fieldName: clusterHosted
- discriminatorValue: ClusterHosted
-- name: com.github.openshift.api.config.v1.CloudLoadBalancerIPs
+ default: ""
+ - name: namespace
+ type:
+ scalar: string
+ default: ""
+ - name: servingCertKeyPairSecret
+ type:
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
+ default: {}
+- name: com.github.openshift.api.config.v1.ComponentRouteStatus
map:
fields:
- - name: apiIntLoadBalancerIPs
+ - name: conditions
type:
list:
elementType:
- scalar: string
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
elementRelationship: associative
- - name: apiLoadBalancerIPs
+ keys:
+ - type
+ - name: consumingUsers
type:
list:
elementType:
scalar: string
- elementRelationship: associative
- - name: ingressLoadBalancerIPs
+ elementRelationship: atomic
+ - name: currentHostnames
type:
list:
elementType:
scalar: string
- elementRelationship: associative
-- name: com.github.openshift.api.config.v1.ClusterCondition
- map:
- fields:
- - name: promql
- type:
- namedType: com.github.openshift.api.config.v1.PromQLClusterCondition
- - name: type
+ elementRelationship: atomic
+ - name: defaultHostname
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.ClusterImagePolicy
- map:
- fields:
- - name: apiVersion
+ - name: name
type:
scalar: string
- - name: kind
+ default: ""
+ - name: namespace
type:
scalar: string
- - name: metadata
- type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
- type:
- namedType: com.github.openshift.api.config.v1.ClusterImagePolicySpec
- default: {}
- - name: status
+ default: ""
+ - name: relatedObjects
type:
- namedType: com.github.openshift.api.config.v1.ClusterImagePolicyStatus
- default: {}
-- name: com.github.openshift.api.config.v1.ClusterImagePolicySpec
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.ObjectReference
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.ConditionalUpdate
map:
fields:
- - name: policy
+ - name: conditions
type:
- namedType: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy
+ list:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
+ elementRelationship: associative
+ keys:
+ - type
+ - name: release
+ type:
+ namedType: com.github.openshift.api.config.v1.Release
default: {}
- - name: scopes
+ - name: riskNames
type:
list:
elementType:
scalar: string
elementRelationship: associative
-- name: com.github.openshift.api.config.v1.ClusterImagePolicyStatus
+ - name: risks
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.ConditionalUpdateRisk
+ elementRelationship: associative
+ keys:
+ - name
+- name: com.github.openshift.api.config.v1.ConditionalUpdateRisk
map:
fields:
- name: conditions
type:
list:
elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
elementRelationship: associative
keys:
- type
-- name: com.github.openshift.api.config.v1.ClusterNetworkEntry
+ - name: matchingRules
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.ClusterCondition
+ elementRelationship: atomic
+ - name: message
+ type:
+ scalar: string
+ default: ""
+ - name: name
+ type:
+ scalar: string
+ default: ""
+ - name: url
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.ConfigMapFileReference
map:
fields:
- - name: cidr
+ - name: key
+ type:
+ scalar: string
+ - name: name
type:
scalar: string
default: ""
- - name: hostPrefix
+- name: com.github.openshift.api.config.v1.ConfigMapNameReference
+ map:
+ fields:
+ - name: name
type:
- scalar: numeric
-- name: com.github.openshift.api.config.v1.ClusterOperator
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.Console
map:
fields:
- name: apiVersion
@@ -1242,75 +1095,82 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
- namedType: com.github.openshift.api.config.v1.ClusterOperatorSpec
+ namedType: com.github.openshift.api.config.v1.ConsoleSpec
default: {}
- name: status
type:
- namedType: com.github.openshift.api.config.v1.ClusterOperatorStatus
+ namedType: com.github.openshift.api.config.v1.ConsoleStatus
default: {}
-- name: com.github.openshift.api.config.v1.ClusterOperatorSpec
+- name: com.github.openshift.api.config.v1.ConsoleAuthentication
map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.ClusterOperatorStatus
+ fields:
+ - name: logoutRedirect
+ type:
+ scalar: string
+- name: com.github.openshift.api.config.v1.ConsoleSpec
map:
fields:
- - name: conditions
+ - name: authentication
+ type:
+ namedType: com.github.openshift.api.config.v1.ConsoleAuthentication
+ default: {}
+- name: com.github.openshift.api.config.v1.ConsoleStatus
+ map:
+ fields:
+ - name: consoleURL
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.Custom
+ map:
+ fields:
+ - name: configs
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition
+ namedType: com.github.openshift.api.config.v1.GathererConfig
elementRelationship: associative
keys:
- - type
- - name: extension
- type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
- - name: relatedObjects
+ - name
+- name: com.github.openshift.api.config.v1.CustomFeatureGates
+ map:
+ fields:
+ - name: disabled
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.ObjectReference
+ scalar: string
elementRelationship: atomic
- - name: versions
+ - name: enabled
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.OperandVersion
+ scalar: string
elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition
+- name: com.github.openshift.api.config.v1.CustomTLSProfile
map:
fields:
- - name: lastTransitionTime
- type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: message
- type:
- scalar: string
- - name: reason
+ - name: ciphers
type:
- scalar: string
- - name: status
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: groups
type:
- scalar: string
- default: ""
- - name: type
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: associative
+ - name: minTLSVersion
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.ClusterVersion
+- name: com.github.openshift.api.config.v1.DNS
map:
fields:
- name: apiVersion
@@ -1321,529 +1181,584 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
- namedType: com.github.openshift.api.config.v1.ClusterVersionSpec
+ namedType: com.github.openshift.api.config.v1.DNSSpec
default: {}
- name: status
type:
- namedType: com.github.openshift.api.config.v1.ClusterVersionStatus
+ namedType: com.github.openshift.api.config.v1.DNSStatus
default: {}
-- name: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec
+- name: com.github.openshift.api.config.v1.DNSPlatformSpec
map:
fields:
- - name: additionalEnabledCapabilities
+ - name: aws
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: baselineCapabilitySet
+ namedType: com.github.openshift.api.config.v1.AWSDNSSpec
+ - name: type
type:
scalar: string
-- name: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus
+ default: ""
+ unions:
+ - discriminator: type
+ fields:
+ - fieldName: aws
+ discriminatorValue: AWS
+- name: com.github.openshift.api.config.v1.DNSSpec
map:
fields:
- - name: enabledCapabilities
+ - name: baseDomain
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: knownCapabilities
+ scalar: string
+ default: ""
+ - name: platform
type:
- list:
+ namedType: com.github.openshift.api.config.v1.DNSPlatformSpec
+ default: {}
+ - name: privateZone
+ type:
+ namedType: com.github.openshift.api.config.v1.DNSZone
+ - name: publicZone
+ type:
+ namedType: com.github.openshift.api.config.v1.DNSZone
+- name: com.github.openshift.api.config.v1.DNSStatus
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1.DNSZone
+ map:
+ fields:
+ - name: id
+ type:
+ scalar: string
+ - name: tags
+ type:
+ map:
elementType:
scalar: string
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.ClusterVersionSpec
+- name: com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator
map:
fields:
- - name: capabilities
+ - name: kubeConfig
type:
- namedType: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec
- - name: channel
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
+ default: {}
+- name: com.github.openshift.api.config.v1.EquinixMetalPlatformSpec
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1.EquinixMetalPlatformStatus
+ map:
+ fields:
+ - name: apiServerInternalIP
type:
scalar: string
- - name: clusterID
+ - name: ingressIP
type:
scalar: string
- default: ""
- - name: desiredUpdate
+- name: com.github.openshift.api.config.v1.ExternalClaimsSource
+ map:
+ fields:
+ - name: authentication
type:
- namedType: com.github.openshift.api.config.v1.Update
- - name: overrides
+ namedType: com.github.openshift.api.config.v1.ExternalSourceAuthentication
+ default: {}
+ - name: mappings
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.ComponentOverride
+ namedType: com.github.openshift.api.config.v1.SourcedClaimMapping
elementRelationship: associative
keys:
- - kind
- - group
- - namespace
- name
- - name: signatureStores
+ - name: predicates
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.SignatureStore
+ namedType: com.github.openshift.api.config.v1.ExternalSourcePredicate
elementRelationship: associative
keys:
- - url
- - name: upstream
+ - expression
+ - name: tls
type:
- scalar: string
-- name: com.github.openshift.api.config.v1.ClusterVersionStatus
+ namedType: com.github.openshift.api.config.v1.ExternalSourceTLS
+ default: {}
+ - name: url
+ type:
+ namedType: com.github.openshift.api.config.v1.SourceURL
+ default: {}
+- name: com.github.openshift.api.config.v1.ExternalIPConfig
map:
fields:
- - name: availableUpdates
+ - name: autoAssignCIDRs
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.Release
+ scalar: string
elementRelationship: atomic
- - name: capabilities
- type:
- namedType: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus
- default: {}
- - name: conditionalUpdateRisks
+ - name: policy
type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.ConditionalUpdateRisk
- elementRelationship: associative
- keys:
- - name
- - name: conditionalUpdates
+ namedType: com.github.openshift.api.config.v1.ExternalIPPolicy
+- name: com.github.openshift.api.config.v1.ExternalIPPolicy
+ map:
+ fields:
+ - name: allowedCIDRs
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.ConditionalUpdate
+ scalar: string
elementRelationship: atomic
- - name: conditions
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition
- elementRelationship: associative
- keys:
- - type
- - name: desired
- type:
- namedType: com.github.openshift.api.config.v1.Release
- default: {}
- - name: history
+ - name: rejectedCIDRs
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.UpdateHistory
+ scalar: string
elementRelationship: atomic
- - name: observedGeneration
- type:
- scalar: numeric
- default: 0
- - name: versionHash
+- name: com.github.openshift.api.config.v1.ExternalPlatformSpec
+ map:
+ fields:
+ - name: platformName
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.ComponentOverride
+ default: Unknown
+- name: com.github.openshift.api.config.v1.ExternalPlatformStatus
map:
fields:
- - name: group
+ - name: cloudControllerManager
type:
- scalar: string
- default: ""
- - name: kind
+ namedType: com.github.openshift.api.config.v1.CloudControllerManagerStatus
+ default: {}
+- name: com.github.openshift.api.config.v1.ExternalSourceAuthentication
+ map:
+ fields:
+ - name: clientCredential
+ type:
+ namedType: com.github.openshift.api.config.v1.ClientCredentialConfig
+ default: {}
+ - name: type
type:
scalar: string
- default: ""
+- name: com.github.openshift.api.config.v1.ExternalSourceCertificateAuthorityConfigMapReference
+ map:
+ fields:
- name: name
type:
scalar: string
- default: ""
- - name: namespace
+- name: com.github.openshift.api.config.v1.ExternalSourcePredicate
+ map:
+ fields:
+ - name: expression
type:
scalar: string
- default: ""
- - name: unmanaged
+- name: com.github.openshift.api.config.v1.ExternalSourceTLS
+ map:
+ fields:
+ - name: certificateAuthority
type:
- scalar: boolean
- default: false
-- name: com.github.openshift.api.config.v1.ComponentRouteSpec
+ namedType: com.github.openshift.api.config.v1.ExternalSourceCertificateAuthorityConfigMapReference
+ default: {}
+- name: com.github.openshift.api.config.v1.ExtraMapping
map:
fields:
- - name: hostname
+ - name: key
type:
scalar: string
default: ""
- - name: name
+ - name: valueExpression
type:
scalar: string
default: ""
- - name: namespace
+- name: com.github.openshift.api.config.v1.FeatureGate
+ map:
+ fields:
+ - name: apiVersion
type:
scalar: string
- default: ""
- - name: servingCertKeyPairSecret
+ - name: kind
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
+ scalar: string
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
-- name: com.github.openshift.api.config.v1.ComponentRouteStatus
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.config.v1.FeatureGateSpec
+ default: {}
+ - name: status
+ type:
+ namedType: com.github.openshift.api.config.v1.FeatureGateStatus
+ default: {}
+- name: com.github.openshift.api.config.v1.FeatureGateAttributes
map:
fields:
- - name: conditions
+ - name: name
type:
- list:
- elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
- elementRelationship: associative
- keys:
- - type
- - name: consumingUsers
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.FeatureGateDetails
+ map:
+ fields:
+ - name: disabled
type:
list:
elementType:
- scalar: string
+ namedType: com.github.openshift.api.config.v1.FeatureGateAttributes
elementRelationship: atomic
- - name: currentHostnames
+ - name: enabled
type:
list:
elementType:
- scalar: string
+ namedType: com.github.openshift.api.config.v1.FeatureGateAttributes
elementRelationship: atomic
- - name: defaultHostname
+ - name: version
type:
scalar: string
default: ""
- - name: name
+- name: com.github.openshift.api.config.v1.FeatureGateSpec
+ map:
+ fields:
+ - name: customNoUpgrade
type:
- scalar: string
- default: ""
- - name: namespace
+ namedType: com.github.openshift.api.config.v1.CustomFeatureGates
+ - name: featureSet
type:
scalar: string
- default: ""
- - name: relatedObjects
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.ObjectReference
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.ConditionalUpdate
+ unions:
+ - discriminator: featureSet
+ fields:
+ - fieldName: customNoUpgrade
+ discriminatorValue: CustomNoUpgrade
+- name: com.github.openshift.api.config.v1.FeatureGateStatus
map:
fields:
- name: conditions
type:
list:
elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
elementRelationship: associative
keys:
- type
- - name: release
- type:
- namedType: com.github.openshift.api.config.v1.Release
- default: {}
- - name: riskNames
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: associative
- - name: risks
+ - name: featureGates
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.ConditionalUpdateRisk
+ namedType: com.github.openshift.api.config.v1.FeatureGateDetails
elementRelationship: associative
keys:
- - name
-- name: com.github.openshift.api.config.v1.ConditionalUpdateRisk
+ - version
+- name: com.github.openshift.api.config.v1.GCPPlatformSpec
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1.GCPPlatformStatus
map:
fields:
- - name: conditions
+ - name: cloudLoadBalancerConfig
+ type:
+ namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig
+ default:
+ dnsType: PlatformDefault
+ - name: projectID
+ type:
+ scalar: string
+ default: ""
+ - name: region
+ type:
+ scalar: string
+ default: ""
+ - name: resourceLabels
type:
list:
elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: com.github.openshift.api.config.v1.GCPResourceLabel
elementRelationship: associative
keys:
- - type
- - name: matchingRules
+ - key
+ - name: resourceTags
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.ClusterCondition
- elementRelationship: atomic
- - name: message
- type:
- scalar: string
- default: ""
- - name: name
+ namedType: com.github.openshift.api.config.v1.GCPResourceTag
+ elementRelationship: associative
+ keys:
+ - key
+- name: com.github.openshift.api.config.v1.GCPResourceLabel
+ map:
+ fields:
+ - name: key
type:
scalar: string
default: ""
- - name: url
+ - name: value
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.ConfigMapFileReference
+- name: com.github.openshift.api.config.v1.GCPResourceTag
map:
fields:
- name: key
type:
scalar: string
- - name: name
+ default: ""
+ - name: parentID
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.ConfigMapNameReference
- map:
- fields:
- - name: name
+ - name: value
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.Console
+- name: com.github.openshift.api.config.v1.GatherConfig
map:
fields:
- - name: apiVersion
- type:
- scalar: string
- - name: kind
- type:
- scalar: string
- - name: metadata
+ - name: dataPolicy
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: gatherers
type:
- namedType: com.github.openshift.api.config.v1.ConsoleSpec
+ namedType: com.github.openshift.api.config.v1.Gatherers
default: {}
- - name: status
+ - name: storage
type:
- namedType: com.github.openshift.api.config.v1.ConsoleStatus
+ namedType: com.github.openshift.api.config.v1.Storage
default: {}
-- name: com.github.openshift.api.config.v1.ConsoleAuthentication
+- name: com.github.openshift.api.config.v1.GathererConfig
map:
fields:
- - name: logoutRedirect
+ - name: name
type:
scalar: string
-- name: com.github.openshift.api.config.v1.ConsoleSpec
+ - name: state
+ type:
+ scalar: string
+- name: com.github.openshift.api.config.v1.Gatherers
map:
fields:
- - name: authentication
+ - name: custom
type:
- namedType: com.github.openshift.api.config.v1.ConsoleAuthentication
+ namedType: com.github.openshift.api.config.v1.Custom
default: {}
-- name: com.github.openshift.api.config.v1.ConsoleStatus
+ - name: mode
+ type:
+ scalar: string
+ unions:
+ - discriminator: mode
+ fields:
+ - fieldName: custom
+ discriminatorValue: Custom
+- name: com.github.openshift.api.config.v1.GitHubIdentityProvider
map:
fields:
- - name: consoleURL
+ - name: ca
+ type:
+ namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
+ default: {}
+ - name: clientID
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.Custom
- map:
- fields:
- - name: configs
+ - name: clientSecret
type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.GathererConfig
- elementRelationship: associative
- keys:
- - name
-- name: com.github.openshift.api.config.v1.CustomFeatureGates
- map:
- fields:
- - name: disabled
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
+ default: {}
+ - name: hostname
+ type:
+ scalar: string
+ default: ""
+ - name: organizations
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- - name: enabled
+ - name: teams
type:
list:
elementType:
scalar: string
elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.CustomTLSProfile
+- name: com.github.openshift.api.config.v1.GitLabIdentityProvider
map:
fields:
- - name: ciphers
+ - name: ca
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: minTLSVersion
+ namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
+ default: {}
+ - name: clientID
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.DNS
- map:
- fields:
- - name: apiVersion
+ - name: clientSecret
+ type:
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
+ default: {}
+ - name: url
type:
scalar: string
- - name: kind
+ default: ""
+- name: com.github.openshift.api.config.v1.GoogleIdentityProvider
+ map:
+ fields:
+ - name: clientID
type:
scalar: string
- - name: metadata
+ default: ""
+ - name: clientSecret
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
default: {}
- - name: spec
+ - name: hostedDomain
type:
- namedType: com.github.openshift.api.config.v1.DNSSpec
- default: {}
- - name: status
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.HTPasswdIdentityProvider
+ map:
+ fields:
+ - name: fileData
type:
- namedType: com.github.openshift.api.config.v1.DNSStatus
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
default: {}
-- name: com.github.openshift.api.config.v1.DNSPlatformSpec
+- name: com.github.openshift.api.config.v1.HubSource
map:
fields:
- - name: aws
+ - name: disabled
type:
- namedType: com.github.openshift.api.config.v1.AWSDNSSpec
- - name: type
+ scalar: boolean
+ default: false
+ - name: name
type:
scalar: string
default: ""
- unions:
- - discriminator: type
- fields:
- - fieldName: aws
- discriminatorValue: AWS
-- name: com.github.openshift.api.config.v1.DNSSpec
+- name: com.github.openshift.api.config.v1.HubSourceStatus
map:
fields:
- - name: baseDomain
+ - name: message
type:
scalar: string
- default: ""
- - name: platform
- type:
- namedType: com.github.openshift.api.config.v1.DNSPlatformSpec
- default: {}
- - name: privateZone
- type:
- namedType: com.github.openshift.api.config.v1.DNSZone
- - name: publicZone
- type:
- namedType: com.github.openshift.api.config.v1.DNSZone
-- name: com.github.openshift.api.config.v1.DNSStatus
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.DNSZone
- map:
- fields:
- - name: id
+ - name: status
type:
scalar: string
- - name: tags
- type:
- map:
- elementType:
- scalar: string
-- name: com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator
+- name: com.github.openshift.api.config.v1.IBMCloudPlatformSpec
map:
fields:
- - name: kubeConfig
+ - name: serviceEndpoints
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
- default: {}
-- name: com.github.openshift.api.config.v1.EquinixMetalPlatformSpec
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.EquinixMetalPlatformStatus
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint
+ elementRelationship: associative
+ keys:
+ - name
+- name: com.github.openshift.api.config.v1.IBMCloudPlatformStatus
map:
fields:
- - name: apiServerInternalIP
+ - name: cisInstanceCRN
type:
scalar: string
- - name: ingressIP
+ - name: dnsInstanceCRN
type:
scalar: string
-- name: com.github.openshift.api.config.v1.ExternalIPConfig
- map:
- fields:
- - name: autoAssignCIDRs
+ - name: location
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: policy
+ scalar: string
+ - name: providerType
type:
- namedType: com.github.openshift.api.config.v1.ExternalIPPolicy
-- name: com.github.openshift.api.config.v1.ExternalIPPolicy
- map:
- fields:
- - name: allowedCIDRs
+ scalar: string
+ - name: resourceGroupName
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: rejectedCIDRs
+ scalar: string
+ - name: serviceEndpoints
type:
list:
elementType:
- scalar: string
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.ExternalPlatformSpec
+ namedType: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint
+ elementRelationship: associative
+ keys:
+ - name
+- name: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint
map:
fields:
- - name: platformName
+ - name: name
type:
scalar: string
- default: Unknown
-- name: com.github.openshift.api.config.v1.ExternalPlatformStatus
- map:
- fields:
- - name: cloudControllerManager
+ default: ""
+ - name: url
type:
- namedType: com.github.openshift.api.config.v1.CloudControllerManagerStatus
- default: {}
-- name: com.github.openshift.api.config.v1.ExtraMapping
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.IdentityProvider
map:
fields:
- - name: key
+ - name: basicAuth
+ type:
+ namedType: com.github.openshift.api.config.v1.BasicAuthIdentityProvider
+ - name: github
+ type:
+ namedType: com.github.openshift.api.config.v1.GitHubIdentityProvider
+ - name: gitlab
+ type:
+ namedType: com.github.openshift.api.config.v1.GitLabIdentityProvider
+ - name: google
+ type:
+ namedType: com.github.openshift.api.config.v1.GoogleIdentityProvider
+ - name: htpasswd
+ type:
+ namedType: com.github.openshift.api.config.v1.HTPasswdIdentityProvider
+ - name: keystone
+ type:
+ namedType: com.github.openshift.api.config.v1.KeystoneIdentityProvider
+ - name: ldap
+ type:
+ namedType: com.github.openshift.api.config.v1.LDAPIdentityProvider
+ - name: mappingMethod
+ type:
+ scalar: string
+ - name: name
type:
scalar: string
default: ""
- - name: valueExpression
+ - name: openID
+ type:
+ namedType: com.github.openshift.api.config.v1.OpenIDIdentityProvider
+ - name: requestHeader
+ type:
+ namedType: com.github.openshift.api.config.v1.RequestHeaderIdentityProvider
+ - name: type
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.FeatureGate
+- name: com.github.openshift.api.config.v1.Image
map:
fields:
- name: apiVersion
@@ -1854,76 +1769,75 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
- namedType: com.github.openshift.api.config.v1.FeatureGateSpec
+ namedType: com.github.openshift.api.config.v1.ImageSpec
default: {}
- name: status
type:
- namedType: com.github.openshift.api.config.v1.FeatureGateStatus
+ namedType: com.github.openshift.api.config.v1.ImageStatus
default: {}
-- name: com.github.openshift.api.config.v1.FeatureGateAttributes
+- name: com.github.openshift.api.config.v1.ImageContentPolicy
map:
fields:
- - name: name
+ - name: apiVersion
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.FeatureGateDetails
+ - name: kind
+ type:
+ scalar: string
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.config.v1.ImageContentPolicySpec
+ default: {}
+- name: com.github.openshift.api.config.v1.ImageContentPolicySpec
map:
fields:
- - name: disabled
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.FeatureGateAttributes
- elementRelationship: atomic
- - name: enabled
+ - name: repositoryDigestMirrors
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.FeatureGateAttributes
- elementRelationship: atomic
- - name: version
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.FeatureGateSpec
+ namedType: com.github.openshift.api.config.v1.RepositoryDigestMirrors
+ elementRelationship: associative
+ keys:
+ - source
+- name: com.github.openshift.api.config.v1.ImageDigestMirrorSet
map:
fields:
- - name: customNoUpgrade
+ - name: apiVersion
type:
- namedType: com.github.openshift.api.config.v1.CustomFeatureGates
- - name: featureSet
+ scalar: string
+ - name: kind
type:
scalar: string
- unions:
- - discriminator: featureSet
- fields:
- - fieldName: customNoUpgrade
- discriminatorValue: CustomNoUpgrade
-- name: com.github.openshift.api.config.v1.FeatureGateStatus
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec
+ default: {}
+ - name: status
+ type:
+ namedType: com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus
+ default: {}
+- name: com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec
map:
fields:
- - name: conditions
- type:
- list:
- elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
- elementRelationship: associative
- keys:
- - type
- - name: featureGates
+ - name: imageDigestMirrors
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.FeatureGateDetails
- elementRelationship: associative
- keys:
- - version
-- name: com.github.openshift.api.config.v1.GCPPlatformSpec
+ namedType: com.github.openshift.api.config.v1.ImageDigestMirrors
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus
map:
elementType:
scalar: untyped
@@ -1935,287 +1849,294 @@ var schemaYAML = typed.YAMLObject(`types:
elementType:
namedType: __untyped_deduced_
elementRelationship: separable
-- name: com.github.openshift.api.config.v1.GCPPlatformStatus
+- name: com.github.openshift.api.config.v1.ImageDigestMirrors
map:
fields:
- - name: cloudLoadBalancerConfig
- type:
- namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig
- default:
- dnsType: PlatformDefault
- - name: projectID
- type:
- scalar: string
- default: ""
- - name: region
+ - name: mirrorSourcePolicy
type:
scalar: string
- default: ""
- - name: resourceLabels
+ - name: mirrors
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.GCPResourceLabel
+ scalar: string
elementRelationship: associative
- keys:
- - key
- - name: resourceTags
+ - name: source
type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.GCPResourceTag
- elementRelationship: associative
- keys:
- - key
-- name: com.github.openshift.api.config.v1.GCPResourceLabel
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.ImageLabel
map:
fields:
- - name: key
+ - name: name
type:
scalar: string
default: ""
- name: value
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.GCPResourceTag
+- name: com.github.openshift.api.config.v1.ImagePolicy
map:
fields:
- - name: key
- type:
- scalar: string
- default: ""
- - name: parentID
+ - name: apiVersion
type:
scalar: string
- default: ""
- - name: value
+ - name: kind
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.GatherConfig
- map:
- fields:
- - name: dataPolicy
+ - name: metadata
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: gatherers
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
type:
- namedType: com.github.openshift.api.config.v1.Gatherers
+ namedType: com.github.openshift.api.config.v1.ImagePolicySpec
default: {}
- - name: storage
+ - name: status
type:
- namedType: com.github.openshift.api.config.v1.Storage
+ namedType: com.github.openshift.api.config.v1.ImagePolicyStatus
default: {}
-- name: com.github.openshift.api.config.v1.GathererConfig
+- name: com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust
map:
fields:
- - name: name
+ - name: fulcioCAData
type:
scalar: string
- - name: state
+ - name: fulcioSubject
+ type:
+ namedType: com.github.openshift.api.config.v1.PolicyFulcioSubject
+ default: {}
+ - name: rekorKeyData
type:
scalar: string
-- name: com.github.openshift.api.config.v1.Gatherers
+- name: com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust
map:
fields:
- - name: custom
+ - name: caIntermediatesData
type:
- namedType: com.github.openshift.api.config.v1.Custom
- default: {}
- - name: mode
+ scalar: string
+ - name: caRootsData
type:
scalar: string
- unions:
- - discriminator: mode
- fields:
- - fieldName: custom
- discriminatorValue: Custom
-- name: com.github.openshift.api.config.v1.GitHubIdentityProvider
+ - name: pkiCertificateSubject
+ type:
+ namedType: com.github.openshift.api.config.v1.PKICertificateSubject
+ default: {}
+- name: com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust
map:
fields:
- - name: ca
+ - name: keyData
type:
- namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
- default: {}
- - name: clientID
+ scalar: string
+ - name: rekorKeyData
type:
scalar: string
- default: ""
- - name: clientSecret
+- name: com.github.openshift.api.config.v1.ImagePolicySpec
+ map:
+ fields:
+ - name: policy
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
+ namedType: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy
default: {}
- - name: hostname
- type:
- scalar: string
- default: ""
- - name: organizations
+ - name: scopes
type:
list:
elementType:
scalar: string
- elementRelationship: atomic
- - name: teams
+ elementRelationship: associative
+- name: com.github.openshift.api.config.v1.ImagePolicyStatus
+ map:
+ fields:
+ - name: conditions
type:
list:
elementType:
- scalar: string
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.GitLabIdentityProvider
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
+ elementRelationship: associative
+ keys:
+ - type
+- name: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy
map:
fields:
- - name: ca
- type:
- namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
- default: {}
- - name: clientID
- type:
- scalar: string
- default: ""
- - name: clientSecret
+ - name: rootOfTrust
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
+ namedType: com.github.openshift.api.config.v1.PolicyRootOfTrust
default: {}
- - name: url
+ - name: signedIdentity
type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.GoogleIdentityProvider
+ namedType: com.github.openshift.api.config.v1.PolicyIdentity
+- name: com.github.openshift.api.config.v1.ImageSpec
map:
fields:
- - name: clientID
- type:
- scalar: string
- default: ""
- - name: clientSecret
+ - name: additionalTrustedCA
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
+ namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
default: {}
- - name: hostedDomain
+ - name: allowedRegistriesForImport
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.RegistryLocation
+ elementRelationship: atomic
+ - name: externalRegistryHostnames
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: imageStreamImportMode
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.HTPasswdIdentityProvider
- map:
- fields:
- - name: fileData
+ - name: registrySources
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
+ namedType: com.github.openshift.api.config.v1.RegistrySources
default: {}
-- name: com.github.openshift.api.config.v1.HubSource
+- name: com.github.openshift.api.config.v1.ImageStatus
map:
fields:
- - name: disabled
+ - name: externalRegistryHostnames
type:
- scalar: boolean
- default: false
- - name: name
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: imageStreamImportMode
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.HubSourceStatus
+ - name: internalRegistryHostname
+ type:
+ scalar: string
+- name: com.github.openshift.api.config.v1.ImageTagMirrorSet
map:
fields:
- - name: message
+ - name: apiVersion
type:
scalar: string
- - name: status
+ - name: kind
type:
scalar: string
-- name: com.github.openshift.api.config.v1.IBMCloudPlatformSpec
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.config.v1.ImageTagMirrorSetSpec
+ default: {}
+ - name: status
+ type:
+ namedType: com.github.openshift.api.config.v1.ImageTagMirrorSetStatus
+ default: {}
+- name: com.github.openshift.api.config.v1.ImageTagMirrorSetSpec
map:
fields:
- - name: serviceEndpoints
+ - name: imageTagMirrors
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint
- elementRelationship: associative
- keys:
- - name
-- name: com.github.openshift.api.config.v1.IBMCloudPlatformStatus
+ namedType: com.github.openshift.api.config.v1.ImageTagMirrors
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.ImageTagMirrorSetStatus
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1.ImageTagMirrors
map:
fields:
- - name: cisInstanceCRN
+ - name: mirrorSourcePolicy
type:
scalar: string
- - name: dnsInstanceCRN
+ - name: mirrors
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: associative
+ - name: source
type:
scalar: string
- - name: location
+ default: ""
+- name: com.github.openshift.api.config.v1.Infrastructure
+ map:
+ fields:
+ - name: apiVersion
type:
scalar: string
- - name: providerType
+ - name: kind
type:
scalar: string
- - name: resourceGroupName
+ - name: metadata
type:
- scalar: string
- - name: serviceEndpoints
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint
- elementRelationship: associative
- keys:
- - name
-- name: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint
+ namedType: com.github.openshift.api.config.v1.InfrastructureSpec
+ default: {}
+ - name: status
+ type:
+ namedType: com.github.openshift.api.config.v1.InfrastructureStatus
+ default: {}
+- name: com.github.openshift.api.config.v1.InfrastructureSpec
map:
fields:
- - name: name
+ - name: cloudConfig
type:
- scalar: string
- default: ""
- - name: url
+ namedType: com.github.openshift.api.config.v1.ConfigMapFileReference
+ default: {}
+ - name: controlPlaneTopology
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.IdentityProvider
+ - name: platformSpec
+ type:
+ namedType: com.github.openshift.api.config.v1.PlatformSpec
+ default: {}
+- name: com.github.openshift.api.config.v1.InfrastructureStatus
map:
fields:
- - name: basicAuth
- type:
- namedType: com.github.openshift.api.config.v1.BasicAuthIdentityProvider
- - name: github
- type:
- namedType: com.github.openshift.api.config.v1.GitHubIdentityProvider
- - name: gitlab
- type:
- namedType: com.github.openshift.api.config.v1.GitLabIdentityProvider
- - name: google
- type:
- namedType: com.github.openshift.api.config.v1.GoogleIdentityProvider
- - name: htpasswd
+ - name: apiServerInternalURI
type:
- namedType: com.github.openshift.api.config.v1.HTPasswdIdentityProvider
- - name: keystone
+ scalar: string
+ default: ""
+ - name: apiServerURL
type:
- namedType: com.github.openshift.api.config.v1.KeystoneIdentityProvider
- - name: ldap
+ scalar: string
+ default: ""
+ - name: controlPlaneTopology
type:
- namedType: com.github.openshift.api.config.v1.LDAPIdentityProvider
- - name: mappingMethod
+ scalar: string
+ default: ""
+ - name: cpuPartitioning
type:
scalar: string
- - name: name
+ default: None
+ - name: etcdDiscoveryDomain
type:
scalar: string
default: ""
- - name: openID
+ - name: infrastructureName
type:
- namedType: com.github.openshift.api.config.v1.OpenIDIdentityProvider
- - name: requestHeader
+ scalar: string
+ default: ""
+ - name: infrastructureTopology
type:
- namedType: com.github.openshift.api.config.v1.RequestHeaderIdentityProvider
- - name: type
+ scalar: string
+ - name: platform
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.Image
+ - name: platformStatus
+ type:
+ namedType: com.github.openshift.api.config.v1.PlatformStatus
+- name: com.github.openshift.api.config.v1.Ingress
map:
fields:
- name: apiVersion
@@ -2226,45 +2147,77 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
- namedType: com.github.openshift.api.config.v1.ImageSpec
+ namedType: com.github.openshift.api.config.v1.IngressSpec
default: {}
- name: status
type:
- namedType: com.github.openshift.api.config.v1.ImageStatus
+ namedType: com.github.openshift.api.config.v1.IngressStatus
default: {}
-- name: com.github.openshift.api.config.v1.ImageContentPolicy
+- name: com.github.openshift.api.config.v1.IngressPlatformSpec
map:
fields:
- - name: apiVersion
+ - name: aws
+ type:
+ namedType: com.github.openshift.api.config.v1.AWSIngressSpec
+ - name: type
type:
scalar: string
- - name: kind
+ default: ""
+ unions:
+ - discriminator: type
+ fields:
+ - fieldName: aws
+ discriminatorValue: AWS
+- name: com.github.openshift.api.config.v1.IngressSpec
+ map:
+ fields:
+ - name: appsDomain
type:
scalar: string
- - name: metadata
+ - name: componentRoutes
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.ComponentRouteSpec
+ elementRelationship: associative
+ keys:
+ - namespace
+ - name
+ - name: domain
type:
- namedType: com.github.openshift.api.config.v1.ImageContentPolicySpec
+ scalar: string
+ default: ""
+ - name: loadBalancer
+ type:
+ namedType: com.github.openshift.api.config.v1.LoadBalancer
default: {}
-- name: com.github.openshift.api.config.v1.ImageContentPolicySpec
+ - name: requiredHSTSPolicies
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.RequiredHSTSPolicy
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.IngressStatus
map:
fields:
- - name: repositoryDigestMirrors
+ - name: componentRoutes
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.RepositoryDigestMirrors
+ namedType: com.github.openshift.api.config.v1.ComponentRouteStatus
elementRelationship: associative
keys:
- - source
-- name: com.github.openshift.api.config.v1.ImageDigestMirrorSet
+ - namespace
+ - name
+ - name: defaultPlacement
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.InsightsDataGather
map:
fields:
- name: apiVersion
@@ -2275,26 +2228,20 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
- namedType: com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec
- default: {}
- - name: status
- type:
- namedType: com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus
+ namedType: com.github.openshift.api.config.v1.InsightsDataGatherSpec
default: {}
-- name: com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec
+- name: com.github.openshift.api.config.v1.InsightsDataGatherSpec
map:
fields:
- - name: imageDigestMirrors
+ - name: gatherConfig
type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.ImageDigestMirrors
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus
+ namedType: com.github.openshift.api.config.v1.GatherConfig
+ default: {}
+- name: com.github.openshift.api.config.v1.IntermediateTLSProfile
map:
elementType:
scalar: untyped
@@ -2306,195 +2253,155 @@ var schemaYAML = typed.YAMLObject(`types:
elementType:
namedType: __untyped_deduced_
elementRelationship: separable
-- name: com.github.openshift.api.config.v1.ImageDigestMirrors
- map:
- fields:
- - name: mirrorSourcePolicy
- type:
- scalar: string
- - name: mirrors
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: associative
- - name: source
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.ImageLabel
+- name: com.github.openshift.api.config.v1.KMSPluginConfig
map:
fields:
- - name: name
+ - name: type
type:
scalar: string
default: ""
- - name: value
+ - name: vault
type:
- scalar: string
-- name: com.github.openshift.api.config.v1.ImagePolicy
+ namedType: com.github.openshift.api.config.v1.VaultKMSPluginConfig
+ default: {}
+ unions:
+ - discriminator: type
+ fields:
+ - fieldName: vault
+ discriminatorValue: Vault
+- name: com.github.openshift.api.config.v1.KeystoneIdentityProvider
map:
fields:
- - name: apiVersion
+ - name: ca
type:
- scalar: string
- - name: kind
+ namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
+ default: {}
+ - name: domainName
type:
scalar: string
- - name: metadata
+ default: ""
+ - name: tlsClientCert
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
default: {}
- - name: spec
+ - name: tlsClientKey
type:
- namedType: com.github.openshift.api.config.v1.ImagePolicySpec
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
default: {}
- - name: status
+ - name: url
type:
- namedType: com.github.openshift.api.config.v1.ImagePolicyStatus
- default: {}
-- name: com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.KubevirtPlatformSpec
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1.KubevirtPlatformStatus
map:
fields:
- - name: fulcioCAData
+ - name: apiServerInternalIP
type:
scalar: string
- - name: fulcioSubject
- type:
- namedType: com.github.openshift.api.config.v1.PolicyFulcioSubject
- default: {}
- - name: rekorKeyData
+ - name: ingressIP
type:
scalar: string
-- name: com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust
+- name: com.github.openshift.api.config.v1.LDAPAttributeMapping
map:
fields:
- - name: caIntermediatesData
+ - name: email
type:
- scalar: string
- - name: caRootsData
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: id
type:
- scalar: string
- - name: pkiCertificateSubject
- type:
- namedType: com.github.openshift.api.config.v1.PKICertificateSubject
- default: {}
-- name: com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust
- map:
- fields:
- - name: keyData
- type:
- scalar: string
- - name: rekorKeyData
- type:
- scalar: string
-- name: com.github.openshift.api.config.v1.ImagePolicySpec
- map:
- fields:
- - name: policy
- type:
- namedType: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy
- default: {}
- - name: scopes
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: name
type:
list:
elementType:
scalar: string
- elementRelationship: associative
-- name: com.github.openshift.api.config.v1.ImagePolicyStatus
- map:
- fields:
- - name: conditions
+ elementRelationship: atomic
+ - name: preferredUsername
type:
list:
elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
- elementRelationship: associative
- keys:
- - type
-- name: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy
+ scalar: string
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.LDAPIdentityProvider
map:
fields:
- - name: rootOfTrust
+ - name: attributes
type:
- namedType: com.github.openshift.api.config.v1.PolicyRootOfTrust
+ namedType: com.github.openshift.api.config.v1.LDAPAttributeMapping
default: {}
- - name: signedIdentity
+ - name: bindDN
type:
- namedType: com.github.openshift.api.config.v1.PolicyIdentity
-- name: com.github.openshift.api.config.v1.ImageSpec
- map:
- fields:
- - name: additionalTrustedCA
+ scalar: string
+ default: ""
+ - name: bindPassword
type:
- namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
default: {}
- - name: allowedRegistriesForImport
+ - name: ca
type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.RegistryLocation
- elementRelationship: atomic
- - name: externalRegistryHostnames
+ namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
+ default: {}
+ - name: insecure
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: imageStreamImportMode
+ scalar: boolean
+ default: false
+ - name: url
type:
scalar: string
default: ""
- - name: registrySources
+- name: com.github.openshift.api.config.v1.LoadBalancer
+ map:
+ fields:
+ - name: platform
type:
- namedType: com.github.openshift.api.config.v1.RegistrySources
+ namedType: com.github.openshift.api.config.v1.IngressPlatformSpec
default: {}
-- name: com.github.openshift.api.config.v1.ImageStatus
+- name: com.github.openshift.api.config.v1.MTUMigration
map:
fields:
- - name: externalRegistryHostnames
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: imageStreamImportMode
+ - name: machine
type:
- scalar: string
- - name: internalRegistryHostname
+ namedType: com.github.openshift.api.config.v1.MTUMigrationValues
+ - name: network
type:
- scalar: string
-- name: com.github.openshift.api.config.v1.ImageTagMirrorSet
+ namedType: com.github.openshift.api.config.v1.MTUMigrationValues
+- name: com.github.openshift.api.config.v1.MTUMigrationValues
map:
fields:
- - name: apiVersion
- type:
- scalar: string
- - name: kind
- type:
- scalar: string
- - name: metadata
- type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
+ - name: from
type:
- namedType: com.github.openshift.api.config.v1.ImageTagMirrorSetSpec
- default: {}
- - name: status
+ scalar: numeric
+ - name: to
type:
- namedType: com.github.openshift.api.config.v1.ImageTagMirrorSetStatus
- default: {}
-- name: com.github.openshift.api.config.v1.ImageTagMirrorSetSpec
+ scalar: numeric
+- name: com.github.openshift.api.config.v1.MaxAgePolicy
map:
fields:
- - name: imageTagMirrors
+ - name: largestMaxAge
type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.ImageTagMirrors
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.ImageTagMirrorSetStatus
+ scalar: numeric
+ - name: smallestMaxAge
+ type:
+ scalar: numeric
+- name: com.github.openshift.api.config.v1.ModernTLSProfile
map:
elementType:
scalar: untyped
@@ -2506,23 +2413,7 @@ var schemaYAML = typed.YAMLObject(`types:
elementType:
namedType: __untyped_deduced_
elementRelationship: separable
-- name: com.github.openshift.api.config.v1.ImageTagMirrors
- map:
- fields:
- - name: mirrorSourcePolicy
- type:
- scalar: string
- - name: mirrors
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: associative
- - name: source
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.Infrastructure
+- name: com.github.openshift.api.config.v1.Network
map:
fields:
- name: apiVersion
@@ -2533,145 +2424,140 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
- namedType: com.github.openshift.api.config.v1.InfrastructureSpec
+ namedType: com.github.openshift.api.config.v1.NetworkSpec
default: {}
- name: status
type:
- namedType: com.github.openshift.api.config.v1.InfrastructureStatus
+ namedType: com.github.openshift.api.config.v1.NetworkStatus
default: {}
-- name: com.github.openshift.api.config.v1.InfrastructureSpec
+- name: com.github.openshift.api.config.v1.NetworkDiagnostics
map:
fields:
- - name: cloudConfig
+ - name: mode
type:
- namedType: com.github.openshift.api.config.v1.ConfigMapFileReference
+ scalar: string
+ default: ""
+ - name: sourcePlacement
+ type:
+ namedType: com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement
default: {}
- - name: platformSpec
+ - name: targetPlacement
type:
- namedType: com.github.openshift.api.config.v1.PlatformSpec
+ namedType: com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement
default: {}
-- name: com.github.openshift.api.config.v1.InfrastructureStatus
+- name: com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement
map:
fields:
- - name: apiServerInternalURI
- type:
- scalar: string
- default: ""
- - name: apiServerURL
- type:
- scalar: string
- default: ""
- - name: controlPlaneTopology
+ - name: nodeSelector
type:
- scalar: string
- default: ""
- - name: cpuPartitioning
+ map:
+ elementType:
+ scalar: string
+ - name: tolerations
type:
- scalar: string
- default: None
- - name: etcdDiscoveryDomain
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.Toleration
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement
+ map:
+ fields:
+ - name: nodeSelector
type:
- scalar: string
- default: ""
- - name: infrastructureName
+ map:
+ elementType:
+ scalar: string
+ - name: tolerations
type:
- scalar: string
- default: ""
- - name: infrastructureTopology
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.Toleration
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.NetworkMigration
+ map:
+ fields:
+ - name: mtu
type:
- scalar: string
- - name: platform
+ namedType: com.github.openshift.api.config.v1.MTUMigration
+ - name: networkType
type:
scalar: string
- - name: platformStatus
- type:
- namedType: com.github.openshift.api.config.v1.PlatformStatus
-- name: com.github.openshift.api.config.v1.Ingress
+- name: com.github.openshift.api.config.v1.NetworkObservabilitySpec
map:
fields:
- - name: apiVersion
+ - name: installationPolicy
type:
scalar: string
- - name: kind
+- name: com.github.openshift.api.config.v1.NetworkSpec
+ map:
+ fields:
+ - name: clusterNetwork
type:
- scalar: string
- - name: metadata
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.ClusterNetworkEntry
+ elementRelationship: atomic
+ - name: externalIP
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
+ namedType: com.github.openshift.api.config.v1.ExternalIPConfig
+ - name: networkDiagnostics
type:
- namedType: com.github.openshift.api.config.v1.IngressSpec
+ namedType: com.github.openshift.api.config.v1.NetworkDiagnostics
default: {}
- - name: status
+ - name: networkObservability
type:
- namedType: com.github.openshift.api.config.v1.IngressStatus
+ namedType: com.github.openshift.api.config.v1.NetworkObservabilitySpec
default: {}
-- name: com.github.openshift.api.config.v1.IngressPlatformSpec
- map:
- fields:
- - name: aws
- type:
- namedType: com.github.openshift.api.config.v1.AWSIngressSpec
- - name: type
+ - name: networkType
type:
scalar: string
default: ""
- unions:
- - discriminator: type
- fields:
- - fieldName: aws
- discriminatorValue: AWS
-- name: com.github.openshift.api.config.v1.IngressSpec
- map:
- fields:
- - name: appsDomain
- type:
- scalar: string
- - name: componentRoutes
+ - name: serviceNetwork
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.ComponentRouteSpec
- elementRelationship: associative
- keys:
- - namespace
- - name
- - name: domain
+ scalar: string
+ elementRelationship: atomic
+ - name: serviceNodePortRange
type:
scalar: string
- default: ""
- - name: loadBalancer
- type:
- namedType: com.github.openshift.api.config.v1.LoadBalancer
- default: {}
- - name: requiredHSTSPolicies
+- name: com.github.openshift.api.config.v1.NetworkStatus
+ map:
+ fields:
+ - name: clusterNetwork
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.RequiredHSTSPolicy
+ namedType: com.github.openshift.api.config.v1.ClusterNetworkEntry
elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.IngressStatus
- map:
- fields:
- - name: componentRoutes
+ - name: clusterNetworkMTU
+ type:
+ scalar: numeric
+ - name: conditions
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.ComponentRouteStatus
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
elementRelationship: associative
keys:
- - namespace
- - name
- - name: defaultPlacement
+ - type
+ - name: migration
+ type:
+ namedType: com.github.openshift.api.config.v1.NetworkMigration
+ - name: networkType
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.InsightsDataGather
+ - name: serviceNetwork
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.Node
map:
fields:
- name: apiVersion
@@ -2682,180 +2568,199 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
- namedType: com.github.openshift.api.config.v1.InsightsDataGatherSpec
+ namedType: com.github.openshift.api.config.v1.NodeSpec
default: {}
-- name: com.github.openshift.api.config.v1.InsightsDataGatherSpec
- map:
- fields:
- - name: gatherConfig
+ - name: status
type:
- namedType: com.github.openshift.api.config.v1.GatherConfig
+ namedType: com.github.openshift.api.config.v1.NodeStatus
default: {}
-- name: com.github.openshift.api.config.v1.IntermediateTLSProfile
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.KMSConfig
+- name: com.github.openshift.api.config.v1.NodeSpec
map:
fields:
- - name: type
+ - name: cgroupMode
+ type:
+ scalar: string
+ - name: minimumKubeletVersion
type:
scalar: string
default: ""
- - name: vault
+ - name: workerLatencyProfile
type:
- namedType: com.github.openshift.api.config.v1.VaultKMSConfig
- default: {}
- unions:
- - discriminator: type
- fields:
- - fieldName: vault
- discriminatorValue: Vault
-- name: com.github.openshift.api.config.v1.KeystoneIdentityProvider
+ scalar: string
+- name: com.github.openshift.api.config.v1.NodeStatus
map:
fields:
- - name: ca
- type:
- namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
- default: {}
- - name: domainName
- type:
- scalar: string
- default: ""
- - name: tlsClientCert
+ - name: conditions
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
- default: {}
- - name: tlsClientKey
+ list:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
+ elementRelationship: associative
+ keys:
+ - type
+- name: com.github.openshift.api.config.v1.NutanixFailureDomain
+ map:
+ fields:
+ - name: cluster
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
+ namedType: com.github.openshift.api.config.v1.NutanixResourceIdentifier
default: {}
- - name: url
+ - name: name
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.KubevirtPlatformSpec
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.KubevirtPlatformStatus
+ - name: subnets
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.NutanixResourceIdentifier
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer
map:
fields:
- - name: apiServerInternalIP
- type:
- scalar: string
- - name: ingressIP
+ - name: type
type:
scalar: string
-- name: com.github.openshift.api.config.v1.LDAPAttributeMapping
+ default: OpenShiftManagedDefault
+ unions:
+ - discriminator: type
+- name: com.github.openshift.api.config.v1.NutanixPlatformSpec
map:
fields:
- - name: email
+ - name: failureDomains
type:
list:
elementType:
- scalar: string
- elementRelationship: atomic
- - name: id
+ namedType: com.github.openshift.api.config.v1.NutanixFailureDomain
+ elementRelationship: associative
+ keys:
+ - name
+ - name: prismCentral
+ type:
+ namedType: com.github.openshift.api.config.v1.NutanixPrismEndpoint
+ default: {}
+ - name: prismElements
type:
list:
elementType:
- scalar: string
- elementRelationship: atomic
- - name: name
+ namedType: com.github.openshift.api.config.v1.NutanixPrismElementEndpoint
+ elementRelationship: associative
+ keys:
+ - name
+- name: com.github.openshift.api.config.v1.NutanixPlatformStatus
+ map:
+ fields:
+ - name: apiServerInternalIP
+ type:
+ scalar: string
+ - name: apiServerInternalIPs
type:
list:
elementType:
scalar: string
- elementRelationship: atomic
- - name: preferredUsername
+ elementRelationship: associative
+ - name: dnsRecordsType
+ type:
+ scalar: string
+ - name: ingressIP
+ type:
+ scalar: string
+ - name: ingressIPs
type:
list:
elementType:
scalar: string
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.LDAPIdentityProvider
+ elementRelationship: associative
+ - name: loadBalancer
+ type:
+ namedType: com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer
+ default:
+ type: OpenShiftManagedDefault
+- name: com.github.openshift.api.config.v1.NutanixPrismElementEndpoint
map:
fields:
- - name: attributes
+ - name: endpoint
type:
- namedType: com.github.openshift.api.config.v1.LDAPAttributeMapping
+ namedType: com.github.openshift.api.config.v1.NutanixPrismEndpoint
default: {}
- - name: bindDN
+ - name: name
type:
scalar: string
default: ""
- - name: bindPassword
+- name: com.github.openshift.api.config.v1.NutanixPrismEndpoint
+ map:
+ fields:
+ - name: address
type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
- default: {}
- - name: ca
+ scalar: string
+ default: ""
+ - name: port
type:
- namedType: com.github.openshift.api.config.v1.ConfigMapNameReference
- default: {}
- - name: insecure
+ scalar: numeric
+ default: 0
+- name: com.github.openshift.api.config.v1.NutanixResourceIdentifier
+ map:
+ fields:
+ - name: name
type:
- scalar: boolean
- default: false
- - name: url
+ scalar: string
+ - name: type
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1.LoadBalancer
+ - name: uuid
+ type:
+ scalar: string
+ unions:
+ - discriminator: type
+ fields:
+ - fieldName: name
+ discriminatorValue: Name
+ - fieldName: uuid
+ discriminatorValue: UUID
+- name: com.github.openshift.api.config.v1.OAuth
map:
fields:
- - name: platform
+ - name: apiVersion
type:
- namedType: com.github.openshift.api.config.v1.IngressPlatformSpec
+ scalar: string
+ - name: kind
+ type:
+ scalar: string
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
-- name: com.github.openshift.api.config.v1.MTUMigration
- map:
- fields:
- - name: machine
+ - name: spec
type:
- namedType: com.github.openshift.api.config.v1.MTUMigrationValues
- - name: network
+ namedType: com.github.openshift.api.config.v1.OAuthSpec
+ default: {}
+ - name: status
type:
- namedType: com.github.openshift.api.config.v1.MTUMigrationValues
-- name: com.github.openshift.api.config.v1.MTUMigrationValues
+ namedType: com.github.openshift.api.config.v1.OAuthStatus
+ default: {}
+- name: com.github.openshift.api.config.v1.OAuthSpec
map:
fields:
- - name: from
- type:
- scalar: numeric
- - name: to
+ - name: identityProviders
type:
- scalar: numeric
-- name: com.github.openshift.api.config.v1.MaxAgePolicy
- map:
- fields:
- - name: largestMaxAge
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.IdentityProvider
+ elementRelationship: atomic
+ - name: templates
type:
- scalar: numeric
- - name: smallestMaxAge
+ namedType: com.github.openshift.api.config.v1.OAuthTemplates
+ default: {}
+ - name: tokenConfig
type:
- scalar: numeric
-- name: com.github.openshift.api.config.v1.ModernTLSProfile
+ namedType: com.github.openshift.api.config.v1.TokenConfig
+ default: {}
+- name: com.github.openshift.api.config.v1.OAuthStatus
map:
elementType:
scalar: untyped
@@ -2867,497 +2772,154 @@ var schemaYAML = typed.YAMLObject(`types:
elementType:
namedType: __untyped_deduced_
elementRelationship: separable
-- name: com.github.openshift.api.config.v1.Network
+- name: com.github.openshift.api.config.v1.OAuthTemplates
map:
fields:
- - name: apiVersion
- type:
- scalar: string
- - name: kind
- type:
- scalar: string
- - name: metadata
+ - name: error
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
default: {}
- - name: spec
+ - name: login
type:
- namedType: com.github.openshift.api.config.v1.NetworkSpec
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
default: {}
- - name: status
+ - name: providerSelection
type:
- namedType: com.github.openshift.api.config.v1.NetworkStatus
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
default: {}
-- name: com.github.openshift.api.config.v1.NetworkDiagnostics
+- name: com.github.openshift.api.config.v1.OIDCClientConfig
map:
fields:
- - name: mode
+ - name: clientID
type:
scalar: string
default: ""
- - name: sourcePlacement
+ - name: clientSecret
type:
- namedType: com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement
+ namedType: com.github.openshift.api.config.v1.SecretNameReference
default: {}
- - name: targetPlacement
+ - name: componentName
type:
- namedType: com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement
- default: {}
-- name: com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement
- map:
- fields:
- - name: nodeSelector
+ scalar: string
+ default: ""
+ - name: componentNamespace
type:
- map:
- elementType:
- scalar: string
- - name: tolerations
+ scalar: string
+ default: ""
+ - name: extraScopes
type:
list:
- elementType:
- namedType: Toleration.v1.core.api.k8s.io
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement
- map:
- fields:
- - name: nodeSelector
- type:
- map:
elementType:
scalar: string
- - name: tolerations
- type:
- list:
- elementType:
- namedType: Toleration.v1.core.api.k8s.io
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.NetworkMigration
+ elementRelationship: associative
+- name: com.github.openshift.api.config.v1.OIDCClientReference
map:
fields:
- - name: mtu
- type:
- namedType: com.github.openshift.api.config.v1.MTUMigration
- - name: networkType
+ - name: clientID
type:
scalar: string
-- name: com.github.openshift.api.config.v1.NetworkSpec
- map:
- fields:
- - name: clusterNetwork
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.ClusterNetworkEntry
- elementRelationship: atomic
- - name: externalIP
- type:
- namedType: com.github.openshift.api.config.v1.ExternalIPConfig
- - name: networkDiagnostics
- type:
- namedType: com.github.openshift.api.config.v1.NetworkDiagnostics
- default: {}
- - name: networkType
+ default: ""
+ - name: issuerURL
type:
scalar: string
default: ""
- - name: serviceNetwork
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: serviceNodePortRange
+ - name: oidcProviderName
type:
scalar: string
-- name: com.github.openshift.api.config.v1.NetworkStatus
+ default: ""
+- name: com.github.openshift.api.config.v1.OIDCClientStatus
map:
fields:
- - name: clusterNetwork
+ - name: componentName
type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.ClusterNetworkEntry
- elementRelationship: atomic
- - name: clusterNetworkMTU
+ scalar: string
+ default: ""
+ - name: componentNamespace
type:
- scalar: numeric
+ scalar: string
+ default: ""
- name: conditions
type:
list:
elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
elementRelationship: associative
keys:
- type
- - name: migration
- type:
- namedType: com.github.openshift.api.config.v1.NetworkMigration
- - name: networkType
- type:
- scalar: string
- - name: serviceNetwork
+ - name: consumingUsers
type:
list:
elementType:
scalar: string
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.Node
- map:
- fields:
- - name: apiVersion
- type:
- scalar: string
- - name: kind
- type:
- scalar: string
- - name: metadata
- type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
- type:
- namedType: com.github.openshift.api.config.v1.NodeSpec
- default: {}
- - name: status
- type:
- namedType: com.github.openshift.api.config.v1.NodeStatus
- default: {}
-- name: com.github.openshift.api.config.v1.NodeSpec
- map:
- fields:
- - name: cgroupMode
- type:
- scalar: string
- - name: minimumKubeletVersion
- type:
- scalar: string
- default: ""
- - name: workerLatencyProfile
- type:
- scalar: string
-- name: com.github.openshift.api.config.v1.NodeStatus
- map:
- fields:
- - name: conditions
+ elementRelationship: associative
+ - name: currentOIDCClients
type:
list:
elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: com.github.openshift.api.config.v1.OIDCClientReference
elementRelationship: associative
keys:
- - type
-- name: com.github.openshift.api.config.v1.NutanixFailureDomain
+ - issuerURL
+ - clientID
+- name: com.github.openshift.api.config.v1.OIDCProvider
map:
fields:
- - name: cluster
+ - name: claimMappings
type:
- namedType: com.github.openshift.api.config.v1.NutanixResourceIdentifier
+ namedType: com.github.openshift.api.config.v1.TokenClaimMappings
default: {}
- - name: name
+ - name: claimValidationRules
type:
- scalar: string
- default: ""
- - name: subnets
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1.TokenClaimValidationRule
+ elementRelationship: atomic
+ - name: externalClaimsSources
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.NutanixResourceIdentifier
+ namedType: com.github.openshift.api.config.v1.ExternalClaimsSource
elementRelationship: atomic
-- name: com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer
- map:
- fields:
- - name: type
+ - name: issuer
+ type:
+ namedType: com.github.openshift.api.config.v1.TokenIssuer
+ default: {}
+ - name: name
type:
scalar: string
- default: OpenShiftManagedDefault
- unions:
- - discriminator: type
-- name: com.github.openshift.api.config.v1.NutanixPlatformSpec
- map:
- fields:
- - name: failureDomains
+ default: ""
+ - name: oidcClients
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.NutanixFailureDomain
+ namedType: com.github.openshift.api.config.v1.OIDCClientConfig
elementRelationship: associative
keys:
- - name
- - name: prismCentral
- type:
- namedType: com.github.openshift.api.config.v1.NutanixPrismEndpoint
- default: {}
- - name: prismElements
+ - componentNamespace
+ - componentName
+ - name: userValidationRules
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1.NutanixPrismElementEndpoint
+ namedType: com.github.openshift.api.config.v1.TokenUserValidationRule
elementRelationship: associative
keys:
- - name
-- name: com.github.openshift.api.config.v1.NutanixPlatformStatus
+ - expression
+- name: com.github.openshift.api.config.v1.ObjectReference
map:
fields:
- - name: apiServerInternalIP
+ - name: group
type:
scalar: string
- - name: apiServerInternalIPs
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: associative
- - name: dnsRecordsType
+ default: ""
+ - name: name
type:
scalar: string
- - name: ingressIP
+ default: ""
+ - name: namespace
type:
scalar: string
- - name: ingressIPs
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: associative
- - name: loadBalancer
- type:
- namedType: com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer
- default:
- type: OpenShiftManagedDefault
-- name: com.github.openshift.api.config.v1.NutanixPrismElementEndpoint
- map:
- fields:
- - name: endpoint
- type:
- namedType: com.github.openshift.api.config.v1.NutanixPrismEndpoint
- default: {}
- - name: name
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.NutanixPrismEndpoint
- map:
- fields:
- - name: address
- type:
- scalar: string
- default: ""
- - name: port
- type:
- scalar: numeric
- default: 0
-- name: com.github.openshift.api.config.v1.NutanixResourceIdentifier
- map:
- fields:
- - name: name
- type:
- scalar: string
- - name: type
- type:
- scalar: string
- default: ""
- - name: uuid
- type:
- scalar: string
- unions:
- - discriminator: type
- fields:
- - fieldName: name
- discriminatorValue: Name
- - fieldName: uuid
- discriminatorValue: UUID
-- name: com.github.openshift.api.config.v1.OAuth
- map:
- fields:
- - name: apiVersion
- type:
- scalar: string
- - name: kind
- type:
- scalar: string
- - name: metadata
- type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
- type:
- namedType: com.github.openshift.api.config.v1.OAuthSpec
- default: {}
- - name: status
- type:
- namedType: com.github.openshift.api.config.v1.OAuthStatus
- default: {}
-- name: com.github.openshift.api.config.v1.OAuthSpec
- map:
- fields:
- - name: identityProviders
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.IdentityProvider
- elementRelationship: atomic
- - name: templates
- type:
- namedType: com.github.openshift.api.config.v1.OAuthTemplates
- default: {}
- - name: tokenConfig
- type:
- namedType: com.github.openshift.api.config.v1.TokenConfig
- default: {}
-- name: com.github.openshift.api.config.v1.OAuthStatus
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.OAuthTemplates
- map:
- fields:
- - name: error
- type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
- default: {}
- - name: login
- type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
- default: {}
- - name: providerSelection
- type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
- default: {}
-- name: com.github.openshift.api.config.v1.OIDCClientConfig
- map:
- fields:
- - name: clientID
- type:
- scalar: string
- default: ""
- - name: clientSecret
- type:
- namedType: com.github.openshift.api.config.v1.SecretNameReference
- default: {}
- - name: componentName
- type:
- scalar: string
- default: ""
- - name: componentNamespace
- type:
- scalar: string
- default: ""
- - name: extraScopes
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: associative
-- name: com.github.openshift.api.config.v1.OIDCClientReference
- map:
- fields:
- - name: clientID
- type:
- scalar: string
- default: ""
- - name: issuerURL
- type:
- scalar: string
- default: ""
- - name: oidcProviderName
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.OIDCClientStatus
- map:
- fields:
- - name: componentName
- type:
- scalar: string
- default: ""
- - name: componentNamespace
- type:
- scalar: string
- default: ""
- - name: conditions
- type:
- list:
- elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
- elementRelationship: associative
- keys:
- - type
- - name: consumingUsers
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: associative
- - name: currentOIDCClients
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.OIDCClientReference
- elementRelationship: associative
- keys:
- - issuerURL
- - clientID
-- name: com.github.openshift.api.config.v1.OIDCProvider
- map:
- fields:
- - name: claimMappings
- type:
- namedType: com.github.openshift.api.config.v1.TokenClaimMappings
- default: {}
- - name: claimValidationRules
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.TokenClaimValidationRule
- elementRelationship: atomic
- - name: issuer
- type:
- namedType: com.github.openshift.api.config.v1.TokenIssuer
- default: {}
- - name: name
- type:
- scalar: string
- default: ""
- - name: oidcClients
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.OIDCClientConfig
- elementRelationship: associative
- keys:
- - componentNamespace
- - componentName
- - name: userValidationRules
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1.TokenUserValidationRule
- elementRelationship: associative
- keys:
- - expression
-- name: com.github.openshift.api.config.v1.ObjectReference
- map:
- fields:
- - name: group
- type:
- scalar: string
- default: ""
- - name: name
- type:
- scalar: string
- default: ""
- - name: namespace
- type:
- scalar: string
- - name: resource
+ - name: resource
type:
scalar: string
default: ""
@@ -3527,7 +3089,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -3891,7 +3453,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -3942,7 +3504,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -4125,7 +3687,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: {}
- name: namespaceSelector
type:
- namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
- name: preloadPolicy
type:
scalar: string
@@ -4140,7 +3702,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -4201,6 +3763,24 @@ var schemaYAML = typed.YAMLObject(`types:
type:
scalar: string
default: ""
+- name: com.github.openshift.api.config.v1.SourceURL
+ map:
+ fields:
+ - name: hostname
+ type:
+ scalar: string
+ - name: pathExpression
+ type:
+ scalar: string
+- name: com.github.openshift.api.config.v1.SourcedClaimMapping
+ map:
+ fields:
+ - name: expression
+ type:
+ scalar: string
+ - name: name
+ type:
+ scalar: string
- name: com.github.openshift.api.config.v1.Storage
map:
fields:
@@ -4312,7 +3892,7 @@ var schemaYAML = typed.YAMLObject(`types:
fields:
- name: accessTokenInactivityTimeout
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: accessTokenInactivityTimeoutSeconds
type:
scalar: numeric
@@ -4397,14 +3977,14 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: completionTime
type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
- name: image
type:
scalar: string
default: ""
- name: startedTime
type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
- name: state
type:
scalar: string
@@ -4706,7 +4286,7 @@ var schemaYAML = typed.YAMLObject(`types:
- name: name
type:
scalar: string
-- name: com.github.openshift.api.config.v1.VaultKMSConfig
+- name: com.github.openshift.api.config.v1.VaultKMSPluginConfig
map:
fields:
- name: authentication
@@ -4823,20 +4403,23 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: Toleration.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.Toleration
elementRelationship: atomic
- name: topologySpreadConstraints
type:
list:
elementType:
- namedType: TopologySpreadConstraint.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.TopologySpreadConstraint
elementRelationship: associative
keys:
- topologyKey
- whenUnsatisfiable
+ - name: userAlertmanagerConfigSelection
+ type:
+ scalar: string
- name: volumeClaimTemplate
type:
- namedType: PersistentVolumeClaim.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.PersistentVolumeClaim
- name: com.github.openshift.api.config.v1alpha1.Audit
map:
fields:
@@ -4869,7 +4452,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -4920,7 +4503,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -4945,7 +4528,7 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
elementRelationship: associative
keys:
- type
@@ -4967,7 +4550,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -4984,7 +4567,11 @@ var schemaYAML = typed.YAMLObject(`types:
type:
namedType: com.github.openshift.api.config.v1alpha1.AlertmanagerConfig
default: {}
- - name: metricsServerConfig
+ - name: kubeStateMetricsConfig
+ type:
+ namedType: com.github.openshift.api.config.v1alpha1.KubeStateMetricsConfig
+ default: {}
+ - name: metricsServerConfig
type:
namedType: com.github.openshift.api.config.v1alpha1.MetricsServerConfig
default: {}
@@ -5041,13 +4628,13 @@ var schemaYAML = typed.YAMLObject(`types:
fields:
- name: limit
type:
- namedType: Quantity.resource.api.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.api.resource.Quantity
- name: name
type:
scalar: string
- name: request
type:
- namedType: Quantity.resource.api.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.api.resource.Quantity
- name: com.github.openshift.api.config.v1alpha1.CustomPKIPolicy
map:
fields:
@@ -5140,7 +4727,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -5196,6 +4783,57 @@ var schemaYAML = typed.YAMLObject(`types:
discriminatorValue: ECDSA
- fieldName: rsa
discriminatorValue: RSA
+- name: com.github.openshift.api.config.v1alpha1.KubeStateMetricsConfig
+ map:
+ fields:
+ - name: additionalResourceLabels
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1alpha1.KubeStateMetricsResourceLabels
+ elementRelationship: associative
+ keys:
+ - resource
+ - name: nodeSelector
+ type:
+ map:
+ elementType:
+ scalar: string
+ - name: resources
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1alpha1.ContainerResource
+ elementRelationship: associative
+ keys:
+ - name
+ - name: tolerations
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.Toleration
+ elementRelationship: atomic
+ - name: topologySpreadConstraints
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.TopologySpreadConstraint
+ elementRelationship: associative
+ keys:
+ - topologyKey
+ - whenUnsatisfiable
+- name: com.github.openshift.api.config.v1alpha1.KubeStateMetricsResourceLabels
+ map:
+ fields:
+ - name: labels
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: associative
+ - name: resource
+ type:
+ scalar: string
- name: com.github.openshift.api.config.v1alpha1.Label
map:
fields:
@@ -5257,13 +4895,13 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: Toleration.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.Toleration
elementRelationship: atomic
- name: topologySpreadConstraints
type:
list:
elementType:
- namedType: TopologySpreadConstraint.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.TopologySpreadConstraint
elementRelationship: associative
keys:
- topologyKey
@@ -5291,13 +4929,13 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: Toleration.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.Toleration
elementRelationship: atomic
- name: topologySpreadConstraints
type:
list:
elementType:
- namedType: TopologySpreadConstraint.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.TopologySpreadConstraint
elementRelationship: associative
keys:
- topologyKey
@@ -5343,6 +4981,10 @@ var schemaYAML = typed.YAMLObject(`types:
type:
namedType: com.github.openshift.api.config.v1alpha1.NodeExporterCollectorProcessesConfig
default: {}
+ - name: softirqs
+ type:
+ namedType: com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSoftirqsConfig
+ default: {}
- name: systemd
type:
namedType: com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSystemdConfig
@@ -5408,6 +5050,12 @@ var schemaYAML = typed.YAMLObject(`types:
- name: collectionPolicy
type:
scalar: string
+- name: com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSoftirqsConfig
+ map:
+ fields:
+ - name: collectionPolicy
+ type:
+ scalar: string
- name: com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSystemdCollectConfig
map:
fields:
@@ -5454,11 +5102,6 @@ var schemaYAML = typed.YAMLObject(`types:
- name: maxProcs
type:
scalar: numeric
- - name: nodeSelector
- type:
- map:
- elementType:
- scalar: string
- name: resources
type:
list:
@@ -5467,12 +5110,6 @@ var schemaYAML = typed.YAMLObject(`types:
elementRelationship: associative
keys:
- name
- - name: tolerations
- type:
- list:
- elementType:
- namedType: Toleration.v1.core.api.k8s.io
- elementRelationship: atomic
- name: com.github.openshift.api.config.v1alpha1.OAuth2
map:
fields:
@@ -5530,13 +5167,13 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: Toleration.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.Toleration
elementRelationship: atomic
- name: topologySpreadConstraints
type:
list:
elementType:
- namedType: TopologySpreadConstraint.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.TopologySpreadConstraint
elementRelationship: associative
keys:
- topologyKey
@@ -5552,7 +5189,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -5657,20 +5294,20 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: Toleration.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.Toleration
elementRelationship: atomic
- name: topologySpreadConstraints
type:
list:
elementType:
- namedType: TopologySpreadConstraint.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.TopologySpreadConstraint
elementRelationship: associative
keys:
- topologyKey
- whenUnsatisfiable
- name: volumeClaimTemplate
type:
- namedType: PersistentVolumeClaim.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.PersistentVolumeClaim
- name: com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig
map:
fields:
@@ -5686,7 +5323,7 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: TopologySpreadConstraint.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.TopologySpreadConstraint
elementRelationship: associative
keys:
- topologyKey
@@ -5714,13 +5351,13 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: Toleration.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.Toleration
elementRelationship: atomic
- name: topologySpreadConstraints
type:
list:
elementType:
- namedType: TopologySpreadConstraint.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.TopologySpreadConstraint
elementRelationship: associative
keys:
- topologyKey
@@ -5857,7 +5494,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: {}
- name: safeAuthorization
type:
- namedType: SecretKeySelector.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.SecretKeySelector
- name: sigv4
type:
namedType: com.github.openshift.api.config.v1alpha1.Sigv4
@@ -5940,12 +5577,12 @@ var schemaYAML = typed.YAMLObject(`types:
- name: com.github.openshift.api.config.v1alpha1.Retention
map:
fields:
- - name: durationInDays
+ - name: duration
type:
- scalar: numeric
- - name: sizeInGiB
+ scalar: string
+ - name: size
type:
- scalar: numeric
+ scalar: string
- name: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig
map:
fields:
@@ -5983,216 +5620,822 @@ var schemaYAML = typed.YAMLObject(`types:
- name: com.github.openshift.api.config.v1alpha1.SecretKeySelector
map:
fields:
- - name: key
+ - name: key
+ type:
+ scalar: string
+ - name: name
+ type:
+ scalar: string
+ elementRelationship: atomic
+- name: com.github.openshift.api.config.v1alpha1.Sigv4
+ map:
+ fields:
+ - name: accessKey
+ type:
+ namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector
+ default: {}
+ - name: profile
+ type:
+ scalar: string
+ - name: region
+ type:
+ scalar: string
+ - name: roleArn
+ type:
+ scalar: string
+ - name: secretKey
+ type:
+ namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector
+ default: {}
+- name: com.github.openshift.api.config.v1alpha1.Storage
+ map:
+ fields:
+ - name: persistentVolume
+ type:
+ namedType: com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig
+ - name: type
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1alpha1.TLSConfig
+ map:
+ fields:
+ - name: ca
+ type:
+ namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector
+ default: {}
+ - name: cert
+ type:
+ namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector
+ default: {}
+ - name: certificateVerification
+ type:
+ scalar: string
+ - name: key
+ type:
+ namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector
+ default: {}
+ - name: serverName
+ type:
+ scalar: string
+- name: com.github.openshift.api.config.v1alpha1.TelemeterClientConfig
+ map:
+ fields:
+ - name: nodeSelector
+ type:
+ map:
+ elementType:
+ scalar: string
+ - name: resources
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1alpha1.ContainerResource
+ elementRelationship: associative
+ keys:
+ - name
+ - name: tolerations
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.Toleration
+ elementRelationship: atomic
+ - name: topologySpreadConstraints
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.TopologySpreadConstraint
+ elementRelationship: associative
+ keys:
+ - topologyKey
+ - whenUnsatisfiable
+- name: com.github.openshift.api.config.v1alpha1.ThanosQuerierConfig
+ map:
+ fields:
+ - name: crossOriginRequestPolicy
+ type:
+ scalar: string
+ - name: logLevel
+ type:
+ scalar: string
+ - name: nodeSelector
+ type:
+ map:
+ elementType:
+ scalar: string
+ - name: requestLogging
+ type:
+ namedType: com.github.openshift.api.config.v1alpha1.ThanosQuerierRequestLoggingConfig
+ default: {}
+ - name: resources
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1alpha1.ContainerResource
+ elementRelationship: associative
+ keys:
+ - name
+ - name: tolerations
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.Toleration
+ elementRelationship: atomic
+ - name: topologySpreadConstraints
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.TopologySpreadConstraint
+ elementRelationship: associative
+ keys:
+ - topologyKey
+ - whenUnsatisfiable
+- name: com.github.openshift.api.config.v1alpha1.ThanosQuerierRequestLoggingConfig
+ map:
+ fields:
+ - name: policy
+ type:
+ scalar: string
+- name: com.github.openshift.api.config.v1alpha1.UppercaseActionConfig
+ map:
+ fields:
+ - name: targetLabel
+ type:
+ scalar: string
+- name: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring
+ map:
+ fields:
+ - name: mode
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1alpha2.Custom
+ map:
+ fields:
+ - name: configs
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.config.v1alpha2.GathererConfig
+ elementRelationship: associative
+ keys:
+ - name
+- name: com.github.openshift.api.config.v1alpha2.GatherConfig
+ map:
+ fields:
+ - name: dataPolicy
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: gatherers
+ type:
+ namedType: com.github.openshift.api.config.v1alpha2.Gatherers
+ default: {}
+ - name: storage
+ type:
+ namedType: com.github.openshift.api.config.v1alpha2.Storage
+- name: com.github.openshift.api.config.v1alpha2.GathererConfig
+ map:
+ fields:
+ - name: name
+ type:
+ scalar: string
+ default: ""
+ - name: state
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1alpha2.Gatherers
+ map:
+ fields:
+ - name: custom
+ type:
+ namedType: com.github.openshift.api.config.v1alpha2.Custom
+ - name: mode
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1alpha2.InsightsDataGather
+ map:
+ fields:
+ - name: apiVersion
+ type:
+ scalar: string
+ - name: kind
+ type:
+ scalar: string
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec
+ default: {}
+ - name: status
+ type:
+ namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus
+ default: {}
+- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec
+ map:
+ fields:
+ - name: gatherConfig
+ type:
+ namedType: com.github.openshift.api.config.v1alpha2.GatherConfig
+ default: {}
+- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference
+ map:
+ fields:
+ - name: name
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig
+ map:
+ fields:
+ - name: claim
+ type:
+ namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference
+ default: {}
+ - name: mountPath
+ type:
+ scalar: string
+- name: com.github.openshift.api.config.v1alpha2.Storage
+ map:
+ fields:
+ - name: persistentVolume
+ type:
+ namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig
+ - name: type
+ type:
+ scalar: string
+ default: ""
+- name: io.k8s.api.core.v1.ConfigMapKeySelector
+ map:
+ fields:
+ - name: key
+ type:
+ scalar: string
+ default: ""
+ - name: name
+ type:
+ scalar: string
+ default: ""
+ - name: optional
+ type:
+ scalar: boolean
+ elementRelationship: atomic
+- name: io.k8s.api.core.v1.EnvVar
+ map:
+ fields:
+ - name: name
+ type:
+ scalar: string
+ default: ""
+ - name: value
+ type:
+ scalar: string
+ - name: valueFrom
+ type:
+ namedType: io.k8s.api.core.v1.EnvVarSource
+- name: io.k8s.api.core.v1.EnvVarSource
+ map:
+ fields:
+ - name: configMapKeyRef
+ type:
+ namedType: io.k8s.api.core.v1.ConfigMapKeySelector
+ - name: fieldRef
+ type:
+ namedType: io.k8s.api.core.v1.ObjectFieldSelector
+ - name: fileKeyRef
+ type:
+ namedType: io.k8s.api.core.v1.FileKeySelector
+ - name: resourceFieldRef
+ type:
+ namedType: io.k8s.api.core.v1.ResourceFieldSelector
+ - name: secretKeyRef
+ type:
+ namedType: io.k8s.api.core.v1.SecretKeySelector
+- name: io.k8s.api.core.v1.FileKeySelector
+ map:
+ fields:
+ - name: key
+ type:
+ scalar: string
+ default: ""
+ - name: optional
+ type:
+ scalar: boolean
+ default: false
+ - name: path
+ type:
+ scalar: string
+ default: ""
+ - name: volumeName
+ type:
+ scalar: string
+ default: ""
+ elementRelationship: atomic
+- name: io.k8s.api.core.v1.ModifyVolumeStatus
+ map:
+ fields:
+ - name: status
+ type:
+ scalar: string
+ default: ""
+ - name: targetVolumeAttributesClassName
+ type:
+ scalar: string
+- name: io.k8s.api.core.v1.ObjectFieldSelector
+ map:
+ fields:
+ - name: apiVersion
+ type:
+ scalar: string
+ - name: fieldPath
+ type:
+ scalar: string
+ default: ""
+ elementRelationship: atomic
+- name: io.k8s.api.core.v1.PersistentVolumeClaim
+ map:
+ fields:
+ - name: apiVersion
+ type:
+ scalar: string
+ - name: kind
+ type:
+ scalar: string
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: io.k8s.api.core.v1.PersistentVolumeClaimSpec
+ default: {}
+ - name: status
+ type:
+ namedType: io.k8s.api.core.v1.PersistentVolumeClaimStatus
+ default: {}
+- name: io.k8s.api.core.v1.PersistentVolumeClaimCondition
+ map:
+ fields:
+ - name: lastProbeTime
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ - name: lastTransitionTime
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ - name: message
+ type:
+ scalar: string
+ - name: reason
+ type:
+ scalar: string
+ - name: status
+ type:
+ scalar: string
+ default: ""
+ - name: type
+ type:
+ scalar: string
+ default: ""
+- name: io.k8s.api.core.v1.PersistentVolumeClaimSpec
+ map:
+ fields:
+ - name: accessModes
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: dataSource
+ type:
+ namedType: io.k8s.api.core.v1.TypedLocalObjectReference
+ - name: dataSourceRef
+ type:
+ namedType: io.k8s.api.core.v1.TypedObjectReference
+ - name: resources
+ type:
+ namedType: io.k8s.api.core.v1.VolumeResourceRequirements
+ default: {}
+ - name: selector
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
+ - name: storageClassName
+ type:
+ scalar: string
+ - name: volumeAttributesClassName
+ type:
+ scalar: string
+ - name: volumeMode
+ type:
+ scalar: string
+ - name: volumeName
+ type:
+ scalar: string
+- name: io.k8s.api.core.v1.PersistentVolumeClaimStatus
+ map:
+ fields:
+ - name: accessModes
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: allocatedResourceStatuses
+ type:
+ map:
+ elementType:
+ scalar: string
+ elementRelationship: separable
+ - name: allocatedResources
+ type:
+ map:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.api.resource.Quantity
+ - name: capacity
+ type:
+ map:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.api.resource.Quantity
+ - name: conditions
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.PersistentVolumeClaimCondition
+ elementRelationship: associative
+ keys:
+ - type
+ - name: currentVolumeAttributesClassName
+ type:
+ scalar: string
+ - name: modifyVolumeStatus
+ type:
+ namedType: io.k8s.api.core.v1.ModifyVolumeStatus
+ - name: phase
+ type:
+ scalar: string
+- name: io.k8s.api.core.v1.ResourceClaim
+ map:
+ fields:
+ - name: name
+ type:
+ scalar: string
+ default: ""
+ - name: request
+ type:
+ scalar: string
+- name: io.k8s.api.core.v1.ResourceFieldSelector
+ map:
+ fields:
+ - name: containerName
+ type:
+ scalar: string
+ - name: divisor
+ type:
+ namedType: io.k8s.apimachinery.pkg.api.resource.Quantity
+ - name: resource
+ type:
+ scalar: string
+ default: ""
+ elementRelationship: atomic
+- name: io.k8s.api.core.v1.ResourceRequirements
+ map:
+ fields:
+ - name: claims
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.api.core.v1.ResourceClaim
+ elementRelationship: associative
+ keys:
+ - name
+ - name: limits
+ type:
+ map:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.api.resource.Quantity
+ - name: requests
+ type:
+ map:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.api.resource.Quantity
+- name: io.k8s.api.core.v1.SecretKeySelector
+ map:
+ fields:
+ - name: key
+ type:
+ scalar: string
+ default: ""
+ - name: name
+ type:
+ scalar: string
+ default: ""
+ - name: optional
+ type:
+ scalar: boolean
+ elementRelationship: atomic
+- name: io.k8s.api.core.v1.Toleration
+ map:
+ fields:
+ - name: effect
+ type:
+ scalar: string
+ - name: key
+ type:
+ scalar: string
+ - name: operator
+ type:
+ scalar: string
+ - name: tolerationSeconds
+ type:
+ scalar: numeric
+ - name: value
+ type:
+ scalar: string
+- name: io.k8s.api.core.v1.TopologySpreadConstraint
+ map:
+ fields:
+ - name: labelSelector
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
+ - name: matchLabelKeys
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: maxSkew
+ type:
+ scalar: numeric
+ default: 0
+ - name: minDomains
+ type:
+ scalar: numeric
+ - name: nodeAffinityPolicy
+ type:
+ scalar: string
+ - name: nodeTaintsPolicy
+ type:
+ scalar: string
+ - name: topologyKey
+ type:
+ scalar: string
+ default: ""
+ - name: whenUnsatisfiable
+ type:
+ scalar: string
+ default: ""
+- name: io.k8s.api.core.v1.TypedLocalObjectReference
+ map:
+ fields:
+ - name: apiGroup
+ type:
+ scalar: string
+ - name: kind
+ type:
+ scalar: string
+ default: ""
+ - name: name
+ type:
+ scalar: string
+ default: ""
+ elementRelationship: atomic
+- name: io.k8s.api.core.v1.TypedObjectReference
+ map:
+ fields:
+ - name: apiGroup
+ type:
+ scalar: string
+ - name: kind
+ type:
+ scalar: string
+ default: ""
+ - name: name
+ type:
+ scalar: string
+ default: ""
+ - name: namespace
+ type:
+ scalar: string
+- name: io.k8s.api.core.v1.VolumeResourceRequirements
+ map:
+ fields:
+ - name: limits
+ type:
+ map:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.api.resource.Quantity
+ - name: requests
+ type:
+ map:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.api.resource.Quantity
+- name: io.k8s.apimachinery.pkg.api.resource.Quantity
+ scalar: untyped
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
+ map:
+ fields:
+ - name: lastTransitionTime
type:
- scalar: string
- - name: name
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ - name: message
type:
scalar: string
- elementRelationship: atomic
-- name: com.github.openshift.api.config.v1alpha1.Sigv4
- map:
- fields:
- - name: accessKey
+ default: ""
+ - name: observedGeneration
type:
- namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector
- default: {}
- - name: profile
+ scalar: numeric
+ - name: reason
type:
scalar: string
- - name: region
+ default: ""
+ - name: status
type:
scalar: string
- - name: roleArn
+ default: ""
+ - name: type
type:
scalar: string
- - name: secretKey
+ default: ""
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
+ scalar: string
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
+ map:
+ fields:
+ - name: matchExpressions
type:
- namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector
- default: {}
-- name: com.github.openshift.api.config.v1alpha1.Storage
+ list:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement
+ elementRelationship: atomic
+ - name: matchLabels
+ type:
+ map:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement
map:
fields:
- - name: persistentVolume
+ - name: key
type:
- namedType: com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig
- - name: type
+ scalar: string
+ default: ""
+ - name: operator
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1alpha1.TLSConfig
+ - name: values
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry
map:
fields:
- - name: ca
+ - name: apiVersion
type:
- namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector
- default: {}
- - name: cert
+ scalar: string
+ - name: fieldsType
type:
- namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector
- default: {}
- - name: certificateVerification
+ scalar: string
+ - name: fieldsV1
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1
+ - name: manager
type:
scalar: string
- - name: key
+ - name: operation
type:
- namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector
- default: {}
- - name: serverName
+ scalar: string
+ - name: subresource
type:
scalar: string
-- name: com.github.openshift.api.config.v1alpha1.TelemeterClientConfig
+ - name: time
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
map:
fields:
- - name: nodeSelector
+ - name: annotations
type:
map:
elementType:
scalar: string
- - name: resources
+ - name: creationTimestamp
type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1alpha1.ContainerResource
- elementRelationship: associative
- keys:
- - name
- - name: tolerations
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ - name: deletionGracePeriodSeconds
type:
- list:
- elementType:
- namedType: Toleration.v1.core.api.k8s.io
- elementRelationship: atomic
- - name: topologySpreadConstraints
+ scalar: numeric
+ - name: deletionTimestamp
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ - name: finalizers
type:
list:
elementType:
- namedType: TopologySpreadConstraint.v1.core.api.k8s.io
+ scalar: string
elementRelationship: associative
- keys:
- - topologyKey
- - whenUnsatisfiable
-- name: com.github.openshift.api.config.v1alpha1.ThanosQuerierConfig
- map:
- fields:
- - name: nodeSelector
+ - name: generateName
+ type:
+ scalar: string
+ - name: generation
+ type:
+ scalar: numeric
+ - name: labels
type:
map:
elementType:
scalar: string
- - name: resources
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.config.v1alpha1.ContainerResource
- elementRelationship: associative
- keys:
- - name
- - name: tolerations
+ - name: managedFields
type:
list:
elementType:
- namedType: Toleration.v1.core.api.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry
elementRelationship: atomic
- - name: topologySpreadConstraints
- type:
- list:
- elementType:
- namedType: TopologySpreadConstraint.v1.core.api.k8s.io
- elementRelationship: associative
- keys:
- - topologyKey
- - whenUnsatisfiable
-- name: com.github.openshift.api.config.v1alpha1.UppercaseActionConfig
- map:
- fields:
- - name: targetLabel
+ - name: name
type:
scalar: string
-- name: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring
- map:
- fields:
- - name: mode
+ - name: namespace
type:
scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1alpha2.Custom
- map:
- fields:
- - name: configs
+ - name: ownerReferences
type:
list:
elementType:
- namedType: com.github.openshift.api.config.v1alpha2.GathererConfig
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference
elementRelationship: associative
keys:
- - name
-- name: com.github.openshift.api.config.v1alpha2.GatherConfig
- map:
- fields:
- - name: dataPolicy
+ - uid
+ - name: resourceVersion
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: gatherers
+ scalar: string
+ - name: selfLink
type:
- namedType: com.github.openshift.api.config.v1alpha2.Gatherers
- default: {}
- - name: storage
+ scalar: string
+ - name: uid
type:
- namedType: com.github.openshift.api.config.v1alpha2.Storage
-- name: com.github.openshift.api.config.v1alpha2.GathererConfig
+ scalar: string
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference
map:
fields:
- - name: name
+ - name: apiVersion
type:
scalar: string
default: ""
- - name: state
+ - name: blockOwnerDeletion
type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1alpha2.Gatherers
- map:
- fields:
- - name: custom
+ scalar: boolean
+ - name: controller
type:
- namedType: com.github.openshift.api.config.v1alpha2.Custom
- - name: mode
+ scalar: boolean
+ - name: kind
type:
scalar: string
default: ""
-- name: com.github.openshift.api.config.v1alpha2.InsightsDataGather
- map:
- fields:
- - name: apiVersion
+ - name: name
type:
scalar: string
- - name: kind
+ default: ""
+ - name: uid
type:
scalar: string
- - name: metadata
- type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
- type:
- namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec
- default: {}
- - name: status
- type:
- namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus
- default: {}
-- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec
- map:
- fields:
- - name: gatherConfig
- type:
- namedType: com.github.openshift.api.config.v1alpha2.GatherConfig
- default: {}
-- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus
+ default: ""
+ elementRelationship: atomic
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ scalar: untyped
+- name: io.k8s.apimachinery.pkg.runtime.RawExtension
map:
elementType:
scalar: untyped
@@ -6204,33 +6447,6 @@ var schemaYAML = typed.YAMLObject(`types:
elementType:
namedType: __untyped_deduced_
elementRelationship: separable
-- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference
- map:
- fields:
- - name: name
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig
- map:
- fields:
- - name: claim
- type:
- namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference
- default: {}
- - name: mountPath
- type:
- scalar: string
-- name: com.github.openshift.api.config.v1alpha2.Storage
- map:
- fields:
- - name: persistentVolume
- type:
- namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig
- - name: type
- type:
- scalar: string
- default: ""
- name: __untyped_atomic_
scalar: untyped
list:
diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/config_client.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/config_client.go
index afce6aef5..6235cd977 100644
--- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/config_client.go
+++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/config_client.go
@@ -15,6 +15,7 @@ type ConfigV1Interface interface {
APIServersGetter
AuthenticationsGetter
BuildsGetter
+ CRIOCredentialProviderConfigsGetter
ClusterImagePoliciesGetter
ClusterOperatorsGetter
ClusterVersionsGetter
@@ -55,6 +56,10 @@ func (c *ConfigV1Client) Builds() BuildInterface {
return newBuilds(c)
}
+func (c *ConfigV1Client) CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInterface {
+ return newCRIOCredentialProviderConfigs(c)
+}
+
func (c *ConfigV1Client) ClusterImagePolicies() ClusterImagePolicyInterface {
return newClusterImagePolicies(c)
}
diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/criocredentialproviderconfig.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/criocredentialproviderconfig.go
new file mode 100644
index 000000000..69272fac4
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/criocredentialproviderconfig.go
@@ -0,0 +1,58 @@
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ context "context"
+
+ configv1 "github.com/openshift/api/config/v1"
+ applyconfigurationsconfigv1 "github.com/openshift/client-go/config/applyconfigurations/config/v1"
+ scheme "github.com/openshift/client-go/config/clientset/versioned/scheme"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ gentype "k8s.io/client-go/gentype"
+)
+
+// CRIOCredentialProviderConfigsGetter has a method to return a CRIOCredentialProviderConfigInterface.
+// A group's client should implement this interface.
+type CRIOCredentialProviderConfigsGetter interface {
+ CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInterface
+}
+
+// CRIOCredentialProviderConfigInterface has methods to work with CRIOCredentialProviderConfig resources.
+type CRIOCredentialProviderConfigInterface interface {
+ Create(ctx context.Context, cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, opts metav1.CreateOptions) (*configv1.CRIOCredentialProviderConfig, error)
+ Update(ctx context.Context, cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, opts metav1.UpdateOptions) (*configv1.CRIOCredentialProviderConfig, error)
+ // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+ UpdateStatus(ctx context.Context, cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, opts metav1.UpdateOptions) (*configv1.CRIOCredentialProviderConfig, error)
+ Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+ Get(ctx context.Context, name string, opts metav1.GetOptions) (*configv1.CRIOCredentialProviderConfig, error)
+ List(ctx context.Context, opts metav1.ListOptions) (*configv1.CRIOCredentialProviderConfigList, error)
+ Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *configv1.CRIOCredentialProviderConfig, err error)
+ Apply(ctx context.Context, cRIOCredentialProviderConfig *applyconfigurationsconfigv1.CRIOCredentialProviderConfigApplyConfiguration, opts metav1.ApplyOptions) (result *configv1.CRIOCredentialProviderConfig, err error)
+ // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus().
+ ApplyStatus(ctx context.Context, cRIOCredentialProviderConfig *applyconfigurationsconfigv1.CRIOCredentialProviderConfigApplyConfiguration, opts metav1.ApplyOptions) (result *configv1.CRIOCredentialProviderConfig, err error)
+ CRIOCredentialProviderConfigExpansion
+}
+
+// cRIOCredentialProviderConfigs implements CRIOCredentialProviderConfigInterface
+type cRIOCredentialProviderConfigs struct {
+ *gentype.ClientWithListAndApply[*configv1.CRIOCredentialProviderConfig, *configv1.CRIOCredentialProviderConfigList, *applyconfigurationsconfigv1.CRIOCredentialProviderConfigApplyConfiguration]
+}
+
+// newCRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigs
+func newCRIOCredentialProviderConfigs(c *ConfigV1Client) *cRIOCredentialProviderConfigs {
+ return &cRIOCredentialProviderConfigs{
+ gentype.NewClientWithListAndApply[*configv1.CRIOCredentialProviderConfig, *configv1.CRIOCredentialProviderConfigList, *applyconfigurationsconfigv1.CRIOCredentialProviderConfigApplyConfiguration](
+ "criocredentialproviderconfigs",
+ c.RESTClient(),
+ scheme.ParameterCodec,
+ "",
+ func() *configv1.CRIOCredentialProviderConfig { return &configv1.CRIOCredentialProviderConfig{} },
+ func() *configv1.CRIOCredentialProviderConfigList { return &configv1.CRIOCredentialProviderConfigList{} },
+ ),
+ }
+}
diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/generated_expansion.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/generated_expansion.go
index 27c5fd110..0f3e44588 100644
--- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/generated_expansion.go
+++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/generated_expansion.go
@@ -8,6 +8,8 @@ type AuthenticationExpansion interface{}
type BuildExpansion interface{}
+type CRIOCredentialProviderConfigExpansion interface{}
+
type ClusterImagePolicyExpansion interface{}
type ClusterOperatorExpansion interface{}
diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/criocredentialproviderconfig.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/criocredentialproviderconfig.go
new file mode 100644
index 000000000..6f7db0c7b
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/criocredentialproviderconfig.go
@@ -0,0 +1,85 @@
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ context "context"
+ time "time"
+
+ apiconfigv1 "github.com/openshift/api/config/v1"
+ versioned "github.com/openshift/client-go/config/clientset/versioned"
+ internalinterfaces "github.com/openshift/client-go/config/informers/externalversions/internalinterfaces"
+ configv1 "github.com/openshift/client-go/config/listers/config/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// CRIOCredentialProviderConfigInformer provides access to a shared informer and lister for
+// CRIOCredentialProviderConfigs.
+type CRIOCredentialProviderConfigInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() configv1.CRIOCredentialProviderConfigLister
+}
+
+type cRIOCredentialProviderConfigInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewCRIOCredentialProviderConfigInformer constructs a new informer for CRIOCredentialProviderConfig type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewCRIOCredentialProviderConfigInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredCRIOCredentialProviderConfigInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredCRIOCredentialProviderConfigInformer constructs a new informer for CRIOCredentialProviderConfig type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredCRIOCredentialProviderConfigInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
+ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ConfigV1().CRIOCredentialProviderConfigs().List(context.Background(), options)
+ },
+ WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ConfigV1().CRIOCredentialProviderConfigs().Watch(context.Background(), options)
+ },
+ ListWithContextFunc: func(ctx context.Context, options metav1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ConfigV1().CRIOCredentialProviderConfigs().List(ctx, options)
+ },
+ WatchFuncWithContext: func(ctx context.Context, options metav1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.ConfigV1().CRIOCredentialProviderConfigs().Watch(ctx, options)
+ },
+ }, client),
+ &apiconfigv1.CRIOCredentialProviderConfig{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *cRIOCredentialProviderConfigInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredCRIOCredentialProviderConfigInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *cRIOCredentialProviderConfigInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&apiconfigv1.CRIOCredentialProviderConfig{}, f.defaultInformer)
+}
+
+func (f *cRIOCredentialProviderConfigInformer) Lister() configv1.CRIOCredentialProviderConfigLister {
+ return configv1.NewCRIOCredentialProviderConfigLister(f.Informer().GetIndexer())
+}
diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/interface.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/interface.go
index 0ad1b98f3..2f762ff42 100644
--- a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/interface.go
+++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/interface.go
@@ -14,6 +14,8 @@ type Interface interface {
Authentications() AuthenticationInformer
// Builds returns a BuildInformer.
Builds() BuildInformer
+ // CRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigInformer.
+ CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInformer
// ClusterImagePolicies returns a ClusterImagePolicyInformer.
ClusterImagePolicies() ClusterImagePolicyInformer
// ClusterOperators returns a ClusterOperatorInformer.
@@ -84,6 +86,11 @@ func (v *version) Builds() BuildInformer {
return &buildInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
+// CRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigInformer.
+func (v *version) CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInformer {
+ return &cRIOCredentialProviderConfigInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
// ClusterImagePolicies returns a ClusterImagePolicyInformer.
func (v *version) ClusterImagePolicies() ClusterImagePolicyInformer {
return &clusterImagePolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go
index 4c00a13f1..fbc19aaef 100644
--- a/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go
+++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go
@@ -45,6 +45,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().Authentications().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("builds"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().Builds().Informer()}, nil
+ case v1.SchemeGroupVersion.WithResource("criocredentialproviderconfigs"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().CRIOCredentialProviderConfigs().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("clusterimagepolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().ClusterImagePolicies().Informer()}, nil
case v1.SchemeGroupVersion.WithResource("clusteroperators"):
diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/criocredentialproviderconfig.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/criocredentialproviderconfig.go
new file mode 100644
index 000000000..7b4c42ade
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/criocredentialproviderconfig.go
@@ -0,0 +1,32 @@
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ configv1 "github.com/openshift/api/config/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ listers "k8s.io/client-go/listers"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// CRIOCredentialProviderConfigLister helps list CRIOCredentialProviderConfigs.
+// All objects returned here must be treated as read-only.
+type CRIOCredentialProviderConfigLister interface {
+ // List lists all CRIOCredentialProviderConfigs in the indexer.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*configv1.CRIOCredentialProviderConfig, err error)
+ // Get retrieves the CRIOCredentialProviderConfig from the index for a given name.
+ // Objects returned here must be treated as read-only.
+ Get(name string) (*configv1.CRIOCredentialProviderConfig, error)
+ CRIOCredentialProviderConfigListerExpansion
+}
+
+// cRIOCredentialProviderConfigLister implements the CRIOCredentialProviderConfigLister interface.
+type cRIOCredentialProviderConfigLister struct {
+ listers.ResourceIndexer[*configv1.CRIOCredentialProviderConfig]
+}
+
+// NewCRIOCredentialProviderConfigLister returns a new CRIOCredentialProviderConfigLister.
+func NewCRIOCredentialProviderConfigLister(indexer cache.Indexer) CRIOCredentialProviderConfigLister {
+ return &cRIOCredentialProviderConfigLister{listers.New[*configv1.CRIOCredentialProviderConfig](indexer, configv1.Resource("criocredentialproviderconfig"))}
+}
diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/expansion_generated.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/expansion_generated.go
index ca93cb283..f41c1f2fb 100644
--- a/vendor/github.com/openshift/client-go/config/listers/config/v1/expansion_generated.go
+++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/expansion_generated.go
@@ -14,6 +14,10 @@ type AuthenticationListerExpansion interface{}
// BuildLister.
type BuildListerExpansion interface{}
+// CRIOCredentialProviderConfigListerExpansion allows custom methods to be added to
+// CRIOCredentialProviderConfigLister.
+type CRIOCredentialProviderConfigListerExpansion interface{}
+
// ClusterImagePolicyListerExpansion allows custom methods to be added to
// ClusterImagePolicyLister.
type ClusterImagePolicyListerExpansion interface{}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go
index 7603b0595..a7f34e264 100644
--- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go
@@ -23,63 +23,67 @@ func Parser() *typed.Parser {
var parserOnce sync.Once
var parser *typed.Parser
var schemaYAML = typed.YAMLObject(`types:
-- name: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
+- name: com.github.openshift.api.config.v1.ConfigMapFileReference
map:
fields:
- - name: lastTransitionTime
- type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: message
- type:
- scalar: string
- default: ""
- - name: observedGeneration
- type:
- scalar: numeric
- - name: reason
+ - name: key
type:
scalar: string
- default: ""
- - name: status
+ - name: name
type:
scalar: string
default: ""
- - name: type
+- name: com.github.openshift.api.config.v1.ConfigMapNameReference
+ map:
+ fields:
+ - name: name
type:
scalar: string
default: ""
-- name: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
- scalar: string
-- name: FieldSelectorAttributes.v1.authorization.api.k8s.io
+- name: com.github.openshift.api.config.v1.CustomTLSProfile
map:
fields:
- - name: rawSelector
- type:
- scalar: string
- - name: requirements
+ - name: ciphers
type:
list:
elementType:
- namedType: FieldSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io
+ scalar: string
elementRelationship: atomic
-- name: FieldSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io
- map:
- fields:
- - name: key
- type:
- scalar: string
- default: ""
- - name: operator
- type:
- scalar: string
- default: ""
- - name: values
+ - name: groups
type:
list:
elementType:
scalar: string
- elementRelationship: atomic
-- name: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io
+ elementRelationship: associative
+ - name: minTLSVersion
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.IntermediateTLSProfile
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1.ModernTLSProfile
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: com.github.openshift.api.config.v1.OldTLSProfile
map:
elementType:
scalar: untyped
@@ -91,465 +95,178 @@ var schemaYAML = typed.YAMLObject(`types:
elementType:
namedType: __untyped_deduced_
elementRelationship: separable
-- name: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
+- name: com.github.openshift.api.config.v1.SecretNameReference
map:
fields:
- - name: matchExpressions
+ - name: name
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.config.v1.TLSProfileSpec
+ map:
+ fields:
+ - name: ciphers
type:
list:
elementType:
- namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io
+ scalar: string
elementRelationship: atomic
- - name: matchLabels
+ - name: groups
type:
- map:
+ list:
elementType:
scalar: string
- elementRelationship: atomic
-- name: LabelSelectorAttributes.v1.authorization.api.k8s.io
- map:
- fields:
- - name: rawSelector
+ elementRelationship: associative
+ - name: minTLSVersion
type:
scalar: string
- - name: requirements
- type:
- list:
- elementType:
- namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io
- elementRelationship: atomic
-- name: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io
+ default: ""
+- name: com.github.openshift.api.config.v1.TLSSecurityProfile
map:
fields:
- - name: key
+ - name: custom
type:
- scalar: string
- default: ""
- - name: operator
+ namedType: com.github.openshift.api.config.v1.CustomTLSProfile
+ - name: intermediate
type:
- scalar: string
- default: ""
- - name: values
+ namedType: com.github.openshift.api.config.v1.IntermediateTLSProfile
+ - name: modern
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
-- name: LocalObjectReference.v1.core.api.k8s.io
- map:
- fields:
- - name: name
+ namedType: com.github.openshift.api.config.v1.ModernTLSProfile
+ - name: old
+ type:
+ namedType: com.github.openshift.api.config.v1.OldTLSProfile
+ - name: type
type:
scalar: string
default: ""
- elementRelationship: atomic
-- name: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io
+ unions:
+ - discriminator: type
+ fields:
+ - fieldName: custom
+ discriminatorValue: Custom
+ - fieldName: intermediate
+ discriminatorValue: Intermediate
+ - fieldName: modern
+ discriminatorValue: Modern
+ - fieldName: old
+ discriminatorValue: Old
+- name: com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec
map:
fields:
- - name: apiVersion
+ - name: efsVolumeMetrics
type:
- scalar: string
- - name: fieldsType
+ namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics
+ - name: kmsKeyARN
type:
scalar: string
- - name: fieldsV1
+- name: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters
+ map:
+ fields:
+ - name: connectionIdleTimeout
type:
- namedType: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: manager
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
+ - name: subnets
type:
- scalar: string
- - name: operation
+ namedType: com.github.openshift.api.operator.v1.AWSSubnets
+- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics
+ map:
+ fields:
+ - name: recursiveWalk
type:
- scalar: string
- - name: subresource
+ namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig
+ - name: state
type:
scalar: string
- - name: time
- type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
-- name: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ default: ""
+ unions:
+ - discriminator: state
+ fields:
+ - fieldName: recursiveWalk
+ discriminatorValue: RecursiveWalk
+- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig
map:
fields:
- - name: annotations
- type:
- map:
- elementType:
- scalar: string
- - name: creationTimestamp
+ - name: fsRateLimit
type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: deletionGracePeriodSeconds
+ scalar: numeric
+ - name: refreshPeriodMinutes
type:
scalar: numeric
- - name: deletionTimestamp
+- name: com.github.openshift.api.operator.v1.AWSLoadBalancerParameters
+ map:
+ fields:
+ - name: classicLoadBalancer
type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: finalizers
+ namedType: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters
+ - name: networkLoadBalancer
+ type:
+ namedType: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters
+ - name: type
+ type:
+ scalar: string
+ default: ""
+ unions:
+ - discriminator: type
+ fields:
+ - fieldName: classicLoadBalancer
+ discriminatorValue: ClassicLoadBalancerParameters
+ - fieldName: networkLoadBalancer
+ discriminatorValue: NetworkLoadBalancerParameters
+- name: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters
+ map:
+ fields:
+ - name: eipAllocations
type:
list:
elementType:
scalar: string
- elementRelationship: associative
- - name: generateName
- type:
- scalar: string
- - name: generation
+ elementRelationship: atomic
+ - name: subnets
type:
- scalar: numeric
- - name: labels
+ namedType: com.github.openshift.api.operator.v1.AWSSubnets
+- name: com.github.openshift.api.operator.v1.AWSSubnets
+ map:
+ fields:
+ - name: ids
type:
- map:
+ list:
elementType:
scalar: string
- - name: managedFields
+ elementRelationship: atomic
+ - name: names
type:
list:
elementType:
- namedType: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io
+ scalar: string
elementRelationship: atomic
- - name: name
- type:
- scalar: string
- - name: namespace
+- name: com.github.openshift.api.operator.v1.AccessLogging
+ map:
+ fields:
+ - name: destination
type:
- scalar: string
- - name: ownerReferences
+ namedType: com.github.openshift.api.operator.v1.LoggingDestination
+ default: {}
+ - name: httpCaptureCookies
type:
list:
elementType:
- namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io
- elementRelationship: associative
- keys:
- - uid
- - name: resourceVersion
+ namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie
+ elementRelationship: atomic
+ - name: httpCaptureHeaders
type:
- scalar: string
- - name: selfLink
+ namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders
+ default: {}
+ - name: httpLogFormat
type:
scalar: string
- - name: uid
+ - name: logEmptyRequests
type:
scalar: string
-- name: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io
+- name: com.github.openshift.api.operator.v1.AddPage
map:
fields:
- - name: apiVersion
- type:
- scalar: string
- default: ""
- - name: blockOwnerDeletion
- type:
- scalar: boolean
- - name: controller
- type:
- scalar: boolean
- - name: kind
- type:
- scalar: string
- default: ""
- - name: name
- type:
- scalar: string
- default: ""
- - name: uid
- type:
- scalar: string
- default: ""
- elementRelationship: atomic
-- name: RawExtension.runtime.pkg.apimachinery.k8s.io
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: ResourceAttributes.v1.authorization.api.k8s.io
- map:
- fields:
- - name: fieldSelector
- type:
- namedType: FieldSelectorAttributes.v1.authorization.api.k8s.io
- - name: group
- type:
- scalar: string
- - name: labelSelector
- type:
- namedType: LabelSelectorAttributes.v1.authorization.api.k8s.io
- - name: name
- type:
- scalar: string
- - name: namespace
- type:
- scalar: string
- - name: resource
- type:
- scalar: string
- - name: subresource
- type:
- scalar: string
- - name: verb
- type:
- scalar: string
- - name: version
- type:
- scalar: string
-- name: Time.v1.meta.apis.pkg.apimachinery.k8s.io
- scalar: untyped
-- name: Toleration.v1.core.api.k8s.io
- map:
- fields:
- - name: effect
- type:
- scalar: string
- - name: key
- type:
- scalar: string
- - name: operator
- type:
- scalar: string
- - name: tolerationSeconds
- type:
- scalar: numeric
- - name: value
- type:
- scalar: string
-- name: com.github.openshift.api.config.v1.ConfigMapFileReference
- map:
- fields:
- - name: key
- type:
- scalar: string
- - name: name
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.ConfigMapNameReference
- map:
- fields:
- - name: name
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.CustomTLSProfile
- map:
- fields:
- - name: ciphers
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: minTLSVersion
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.IntermediateTLSProfile
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.ModernTLSProfile
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.OldTLSProfile
- map:
- elementType:
- scalar: untyped
- list:
- elementType:
- namedType: __untyped_atomic_
- elementRelationship: atomic
- map:
- elementType:
- namedType: __untyped_deduced_
- elementRelationship: separable
-- name: com.github.openshift.api.config.v1.SecretNameReference
- map:
- fields:
- - name: name
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.TLSProfileSpec
- map:
- fields:
- - name: ciphers
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: minTLSVersion
- type:
- scalar: string
- default: ""
-- name: com.github.openshift.api.config.v1.TLSSecurityProfile
- map:
- fields:
- - name: custom
- type:
- namedType: com.github.openshift.api.config.v1.CustomTLSProfile
- - name: intermediate
- type:
- namedType: com.github.openshift.api.config.v1.IntermediateTLSProfile
- - name: modern
- type:
- namedType: com.github.openshift.api.config.v1.ModernTLSProfile
- - name: old
- type:
- namedType: com.github.openshift.api.config.v1.OldTLSProfile
- - name: type
- type:
- scalar: string
- default: ""
- unions:
- - discriminator: type
- fields:
- - fieldName: custom
- discriminatorValue: Custom
- - fieldName: intermediate
- discriminatorValue: Intermediate
- - fieldName: modern
- discriminatorValue: Modern
- - fieldName: old
- discriminatorValue: Old
-- name: com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec
- map:
- fields:
- - name: efsVolumeMetrics
- type:
- namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics
- - name: kmsKeyARN
- type:
- scalar: string
-- name: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters
- map:
- fields:
- - name: connectionIdleTimeout
- type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
- - name: subnets
- type:
- namedType: com.github.openshift.api.operator.v1.AWSSubnets
-- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics
- map:
- fields:
- - name: recursiveWalk
- type:
- namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig
- - name: state
- type:
- scalar: string
- default: ""
- unions:
- - discriminator: state
- fields:
- - fieldName: recursiveWalk
- discriminatorValue: RecursiveWalk
-- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig
- map:
- fields:
- - name: fsRateLimit
- type:
- scalar: numeric
- - name: refreshPeriodMinutes
- type:
- scalar: numeric
-- name: com.github.openshift.api.operator.v1.AWSLoadBalancerParameters
- map:
- fields:
- - name: classicLoadBalancer
- type:
- namedType: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters
- - name: networkLoadBalancer
- type:
- namedType: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters
- - name: type
- type:
- scalar: string
- default: ""
- unions:
- - discriminator: type
- fields:
- - fieldName: classicLoadBalancer
- discriminatorValue: ClassicLoadBalancerParameters
- - fieldName: networkLoadBalancer
- discriminatorValue: NetworkLoadBalancerParameters
-- name: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters
- map:
- fields:
- - name: eipAllocations
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: subnets
- type:
- namedType: com.github.openshift.api.operator.v1.AWSSubnets
-- name: com.github.openshift.api.operator.v1.AWSSubnets
- map:
- fields:
- - name: ids
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: names
- type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
-- name: com.github.openshift.api.operator.v1.AccessLogging
- map:
- fields:
- - name: destination
- type:
- namedType: com.github.openshift.api.operator.v1.LoggingDestination
- default: {}
- - name: httpCaptureCookies
- type:
- list:
- elementType:
- namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie
- elementRelationship: atomic
- - name: httpCaptureHeaders
- type:
- namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders
- default: {}
- - name: httpLogFormat
- type:
- scalar: string
- - name: logEmptyRequests
- type:
- scalar: string
-- name: com.github.openshift.api.operator.v1.AddPage
- map:
- fields:
- - name: disabledActions
+ - name: disabledActions
type:
list:
elementType:
@@ -595,7 +312,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -617,13 +334,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.AuthenticationStatus
map:
fields:
@@ -776,7 +493,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -798,13 +515,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.CSISnapshotControllerStatus
map:
fields:
@@ -888,7 +605,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -913,13 +630,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.CloudCredentialStatus
map:
fields:
@@ -994,7 +711,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -1020,7 +737,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
@@ -1029,7 +746,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.ClusterCSIDriverStatus
map:
fields:
@@ -1086,7 +803,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -1119,13 +836,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.ConfigStatus
map:
fields:
@@ -1172,7 +889,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -1275,7 +992,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
@@ -1295,7 +1012,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: {}
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.ConsoleStatus
map:
fields:
@@ -1348,7 +1065,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -1363,10 +1080,10 @@ var schemaYAML = typed.YAMLObject(`types:
fields:
- name: negativeTTL
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: positiveTTL
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: com.github.openshift.api.operator.v1.DNSNodePlacement
map:
fields:
@@ -1379,7 +1096,7 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: Toleration.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.Toleration
elementRelationship: atomic
- name: com.github.openshift.api.operator.v1.DNSOverTLSConfig
map:
@@ -1594,7 +1311,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -1631,7 +1348,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
@@ -1640,7 +1357,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: numeric
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.EtcdStatus
map:
fields:
@@ -1803,10 +1520,10 @@ var schemaYAML = typed.YAMLObject(`types:
elementRelationship: atomic
- name: lastGatherDuration
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: lastGatherTime
type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
- name: com.github.openshift.api.operator.v1.GathererStatus
map:
fields:
@@ -1814,11 +1531,11 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
elementRelationship: atomic
- name: lastGatherDuration
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: name
type:
scalar: string
@@ -2009,7 +1726,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -2171,7 +1888,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: Continue
- name: defaultCertificate
type:
- namedType: LocalObjectReference.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.LocalObjectReference
- name: domain
type:
scalar: string
@@ -2201,7 +1918,7 @@ var schemaYAML = typed.YAMLObject(`types:
namedType: com.github.openshift.api.operator.v1.IngressControllerLogging
- name: namespaceSelector
type:
- namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
- name: nodePlacement
type:
namedType: com.github.openshift.api.operator.v1.NodePlacement
@@ -2213,7 +1930,7 @@ var schemaYAML = typed.YAMLObject(`types:
namedType: com.github.openshift.api.operator.v1.RouteAdmissionPolicy
- name: routeSelector
type:
- namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
- name: tlsSecurityProfile
type:
namedType: com.github.openshift.api.config.v1.TLSSecurityProfile
@@ -2223,7 +1940,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: {}
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.IngressControllerStatus
map:
fields:
@@ -2248,13 +1965,13 @@ var schemaYAML = typed.YAMLObject(`types:
namedType: com.github.openshift.api.operator.v1.EndpointPublishingStrategy
- name: namespaceSelector
type:
- namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
- name: observedGeneration
type:
scalar: numeric
- name: routeSelector
type:
- namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
- name: selector
type:
scalar: string
@@ -2267,16 +1984,16 @@ var schemaYAML = typed.YAMLObject(`types:
fields:
- name: clientFinTimeout
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: clientTimeout
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: configurationManagement
type:
scalar: string
- name: connectTimeout
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: headerBufferBytes
type:
scalar: numeric
@@ -2285,31 +2002,31 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: numeric
- name: healthCheckInterval
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: httpKeepAliveTimeout
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: maxConnections
type:
scalar: numeric
- name: reloadInterval
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: serverFinTimeout
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: serverTimeout
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: threadCount
type:
scalar: numeric
- name: tlsInspectDelay
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: tunnelTimeout
type:
- namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
- name: com.github.openshift.api.operator.v1.InsightsOperator
map:
fields:
@@ -2321,7 +2038,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -2343,13 +2060,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.InsightsOperatorStatus
map:
fields:
@@ -2398,22 +2115,55 @@ var schemaYAML = typed.YAMLObject(`types:
fields:
- name: downloadedAt
type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
- name: healthChecks
type:
- list:
- elementType:
- namedType: com.github.openshift.api.operator.v1.HealthCheck
- elementRelationship: atomic
-- name: com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides
- map:
- fields:
- - name: storage
+ list:
+ elementType:
+ namedType: com.github.openshift.api.operator.v1.HealthCheck
+ elementRelationship: atomic
+- name: com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides
+ map:
+ fields:
+ - name: storage
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: associative
+- name: com.github.openshift.api.operator.v1.KMSEncryptionStatus
+ map:
+ fields:
+ - name: healthReports
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.operator.v1.KMSPluginHealthReport
+ elementRelationship: associative
+ keys:
+ - nodeName
+ - keyId
+- name: com.github.openshift.api.operator.v1.KMSPluginHealthReport
+ map:
+ fields:
+ - name: detail
+ type:
+ scalar: string
+ - name: kekId
+ type:
+ scalar: string
+ - name: keyId
+ type:
+ scalar: string
+ - name: lastCheckedTime
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ - name: nodeName
+ type:
+ scalar: string
+ - name: status
type:
- list:
- elementType:
- scalar: string
- elementRelationship: associative
+ scalar: string
- name: com.github.openshift.api.operator.v1.KubeAPIServer
map:
fields:
@@ -2425,7 +2175,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -2457,7 +2207,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
@@ -2466,7 +2216,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: numeric
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.KubeAPIServerStatus
map:
fields:
@@ -2478,6 +2228,10 @@ var schemaYAML = typed.YAMLObject(`types:
elementRelationship: associative
keys:
- type
+ - name: encryptionStatus
+ type:
+ namedType: com.github.openshift.api.operator.v1.KMSEncryptionStatus
+ default: {}
- name: generations
type:
list:
@@ -2530,7 +2284,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -2559,7 +2313,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
@@ -2568,7 +2322,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: numeric
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: useMoreSecureServiceCA
type:
scalar: boolean
@@ -2630,7 +2384,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -2659,7 +2413,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
@@ -2668,7 +2422,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: numeric
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.KubeSchedulerStatus
map:
fields:
@@ -2726,7 +2480,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -2748,13 +2502,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus
map:
fields:
@@ -2874,7 +2628,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -2919,7 +2673,7 @@ var schemaYAML = typed.YAMLObject(`types:
default: {}
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
@@ -2928,7 +2682,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: numeric
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.MachineConfigurationStatus
map:
fields:
@@ -2940,7 +2694,7 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
elementRelationship: associative
keys:
- type
@@ -3017,7 +2771,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -3094,7 +2848,7 @@ var schemaYAML = typed.YAMLObject(`types:
namedType: com.github.openshift.api.operator.v1.NetworkMigration
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
@@ -3106,7 +2860,7 @@ var schemaYAML = typed.YAMLObject(`types:
elementRelationship: atomic
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: useMultiNetworkPolicy
type:
scalar: boolean
@@ -3322,12 +3076,12 @@ var schemaYAML = typed.YAMLObject(`types:
fields:
- name: nodeSelector
type:
- namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
- name: tolerations
type:
list:
elementType:
- namedType: Toleration.v1.core.api.k8s.io
+ namedType: io.k8s.api.core.v1.Toleration
elementRelationship: atomic
- name: com.github.openshift.api.operator.v1.NodePortStrategy
map:
@@ -3358,7 +3112,7 @@ var schemaYAML = typed.YAMLObject(`types:
elementRelationship: atomic
- name: lastFailedTime
type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
- name: lastFallbackCount
type:
scalar: numeric
@@ -3372,6 +3126,10 @@ var schemaYAML = typed.YAMLObject(`types:
- name: com.github.openshift.api.operator.v1.OAuthAPIServerStatus
map:
fields:
+ - name: encryptionStatus
+ type:
+ namedType: com.github.openshift.api.operator.v1.KMSEncryptionStatus
+ default: {}
- name: latestAvailableRevision
type:
scalar: numeric
@@ -3386,7 +3144,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -3408,13 +3166,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.OLMStatus
map:
fields:
@@ -3514,7 +3272,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -3536,13 +3294,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus
map:
fields:
@@ -3554,6 +3312,10 @@ var schemaYAML = typed.YAMLObject(`types:
elementRelationship: associative
keys:
- type
+ - name: encryptionStatus
+ type:
+ namedType: com.github.openshift.api.operator.v1.KMSEncryptionStatus
+ default: {}
- name: generations
type:
list:
@@ -3589,7 +3351,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -3611,13 +3373,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus
map:
fields:
@@ -3683,7 +3445,7 @@ var schemaYAML = typed.YAMLObject(`types:
fields:
- name: lastTransitionTime
type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
- name: message
type:
scalar: string
@@ -3703,7 +3465,7 @@ var schemaYAML = typed.YAMLObject(`types:
fields:
- name: machineResourceSelector
type:
- namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
- name: com.github.openshift.api.operator.v1.Perspective
map:
fields:
@@ -3854,13 +3616,13 @@ var schemaYAML = typed.YAMLObject(`types:
type:
list:
elementType:
- namedType: ResourceAttributes.v1.authorization.api.k8s.io
+ namedType: io.k8s.api.authorization.v1.ResourceAttributes
elementRelationship: atomic
- name: required
type:
list:
elementType:
- namedType: ResourceAttributes.v1.authorization.api.k8s.io
+ namedType: io.k8s.api.authorization.v1.ResourceAttributes
elementRelationship: atomic
- name: com.github.openshift.api.operator.v1.RestartService
map:
@@ -3909,7 +3671,7 @@ var schemaYAML = typed.YAMLObject(`types:
fields:
- name: expirationTime
type:
- namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
- name: name
type:
scalar: string
@@ -3925,7 +3687,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -3947,13 +3709,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.ServiceCAStatus
map:
fields:
@@ -4000,7 +3762,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -4022,13 +3784,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus
map:
fields:
@@ -4075,7 +3837,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -4097,13 +3859,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus
map:
fields:
@@ -4228,7 +3990,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -4250,13 +4012,13 @@ var schemaYAML = typed.YAMLObject(`types:
default: ""
- name: observedConfig
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: operatorLogLevel
type:
scalar: string
- name: unsupportedConfigOverrides
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
+ namedType: __untyped_atomic_
- name: vsphereStorageDriver
type:
scalar: string
@@ -4400,7 +4162,7 @@ var schemaYAML = typed.YAMLObject(`types:
scalar: string
- name: metadata
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
@@ -4496,204 +4258,499 @@ var schemaYAML = typed.YAMLObject(`types:
- name: desiredRevision
type:
scalar: string
- - name: observedRevisionGeneration
+ - name: observedRevisionGeneration
+ type:
+ scalar: numeric
+ - name: revisions
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision
+ elementRelationship: atomic
+- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator
+ map:
+ fields:
+ - name: apiVersion
+ type:
+ scalar: string
+ - name: kind
+ type:
+ scalar: string
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec
+ default: {}
+ - name: status
+ type:
+ namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus
+ default: {}
+- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec
+ map:
+ fields:
+ - name: operatorLogLevel
+ type:
+ scalar: string
+- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus
+ map:
+ fields:
+ - name: observedGeneration
+ type:
+ scalar: numeric
+- name: com.github.openshift.api.operator.v1alpha1.EtcdBackup
+ map:
+ fields:
+ - name: apiVersion
+ type:
+ scalar: string
+ - name: kind
+ type:
+ scalar: string
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec
+ default: {}
+ - name: status
+ type:
+ namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus
+ default: {}
+- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec
+ map:
+ fields:
+ - name: pvcName
+ type:
+ scalar: string
+ default: ""
+- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus
+ map:
+ fields:
+ - name: backupJob
+ type:
+ namedType: com.github.openshift.api.operator.v1alpha1.BackupJobReference
+ - name: conditions
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
+ elementRelationship: associative
+ keys:
+ - type
+- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy
+ map:
+ fields:
+ - name: apiVersion
+ type:
+ scalar: string
+ - name: kind
+ type:
+ scalar: string
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec
+ default: {}
+- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec
+ map:
+ fields:
+ - name: repositoryDigestMirrors
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors
+ elementRelationship: atomic
+- name: com.github.openshift.api.operator.v1alpha1.OLM
+ map:
+ fields:
+ - name: apiVersion
+ type:
+ scalar: string
+ - name: kind
+ type:
+ scalar: string
+ - name: metadata
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+ default: {}
+ - name: spec
+ type:
+ namedType: com.github.openshift.api.operator.v1alpha1.OLMSpec
+ default: {}
+ - name: status
+ type:
+ namedType: com.github.openshift.api.operator.v1alpha1.OLMStatus
+ default: {}
+- name: com.github.openshift.api.operator.v1alpha1.OLMSpec
+ map:
+ fields:
+ - name: logLevel
+ type:
+ scalar: string
+ - name: managementState
+ type:
+ scalar: string
+ default: ""
+ - name: observedConfig
+ type:
+ namedType: __untyped_atomic_
+ - name: operatorLogLevel
+ type:
+ scalar: string
+ - name: unsupportedConfigOverrides
+ type:
+ namedType: __untyped_atomic_
+- name: com.github.openshift.api.operator.v1alpha1.OLMStatus
+ map:
+ fields:
+ - name: conditions
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.operator.v1.OperatorCondition
+ elementRelationship: associative
+ keys:
+ - type
+ - name: generations
+ type:
+ list:
+ elementType:
+ namedType: com.github.openshift.api.operator.v1.GenerationStatus
+ elementRelationship: associative
+ keys:
+ - group
+ - resource
+ - namespace
+ - name
+ - name: latestAvailableRevision
+ type:
+ scalar: numeric
+ - name: observedGeneration
+ type:
+ scalar: numeric
+ - name: readyReplicas
+ type:
+ scalar: numeric
+ default: 0
+ - name: version
+ type:
+ scalar: string
+- name: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors
+ map:
+ fields:
+ - name: mirrors
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+ - name: source
+ type:
+ scalar: string
+ default: ""
+- name: io.k8s.api.authorization.v1.FieldSelectorAttributes
+ map:
+ fields:
+ - name: rawSelector
+ type:
+ scalar: string
+ - name: requirements
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement
+ elementRelationship: atomic
+- name: io.k8s.api.authorization.v1.LabelSelectorAttributes
+ map:
+ fields:
+ - name: rawSelector
+ type:
+ scalar: string
+ - name: requirements
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement
+ elementRelationship: atomic
+- name: io.k8s.api.authorization.v1.ResourceAttributes
+ map:
+ fields:
+ - name: fieldSelector
+ type:
+ namedType: io.k8s.api.authorization.v1.FieldSelectorAttributes
+ - name: group
+ type:
+ scalar: string
+ - name: labelSelector
+ type:
+ namedType: io.k8s.api.authorization.v1.LabelSelectorAttributes
+ - name: name
+ type:
+ scalar: string
+ - name: namespace
+ type:
+ scalar: string
+ - name: resource
+ type:
+ scalar: string
+ - name: subresource
+ type:
+ scalar: string
+ - name: verb
+ type:
+ scalar: string
+ - name: version
type:
- scalar: numeric
- - name: revisions
+ scalar: string
+- name: io.k8s.api.core.v1.LocalObjectReference
+ map:
+ fields:
+ - name: name
type:
- list:
- elementType:
- namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision
- elementRelationship: atomic
-- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator
+ scalar: string
+ default: ""
+ elementRelationship: atomic
+- name: io.k8s.api.core.v1.Toleration
map:
fields:
- - name: apiVersion
+ - name: effect
type:
scalar: string
- - name: kind
+ - name: key
type:
scalar: string
- - name: metadata
+ - name: operator
type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
+ scalar: string
+ - name: tolerationSeconds
type:
- namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec
- default: {}
- - name: status
+ scalar: numeric
+ - name: value
type:
- namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus
- default: {}
-- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec
+ scalar: string
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
map:
fields:
- - name: operatorLogLevel
+ - name: lastTransitionTime
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ - name: message
type:
scalar: string
-- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus
- map:
- fields:
+ default: ""
- name: observedGeneration
type:
scalar: numeric
-- name: com.github.openshift.api.operator.v1alpha1.EtcdBackup
- map:
- fields:
- - name: apiVersion
+ - name: reason
type:
scalar: string
- - name: kind
+ default: ""
+ - name: status
type:
scalar: string
- - name: metadata
- type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
- type:
- namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec
- default: {}
- - name: status
+ default: ""
+ - name: type
type:
- namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus
- default: {}
-- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec
+ scalar: string
+ default: ""
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.Duration
+ scalar: string
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement
map:
fields:
- - name: pvcName
+ - name: key
type:
scalar: string
default: ""
-- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus
+ - name: operator
+ type:
+ scalar: string
+ default: ""
+ - name: values
+ type:
+ list:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
map:
fields:
- - name: backupJob
- type:
- namedType: com.github.openshift.api.operator.v1alpha1.BackupJobReference
- - name: conditions
+ - name: matchExpressions
type:
list:
elementType:
- namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io
- elementRelationship: associative
- keys:
- - type
-- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement
+ elementRelationship: atomic
+ - name: matchLabels
+ type:
+ map:
+ elementType:
+ scalar: string
+ elementRelationship: atomic
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement
map:
fields:
- - name: apiVersion
+ - name: key
type:
scalar: string
- - name: kind
+ default: ""
+ - name: operator
type:
scalar: string
- - name: metadata
- type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
- type:
- namedType: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec
- default: {}
-- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec
- map:
- fields:
- - name: repositoryDigestMirrors
+ default: ""
+ - name: values
type:
list:
elementType:
- namedType: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors
+ scalar: string
elementRelationship: atomic
-- name: com.github.openshift.api.operator.v1alpha1.OLM
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry
map:
fields:
- name: apiVersion
type:
scalar: string
- - name: kind
+ - name: fieldsType
type:
scalar: string
- - name: metadata
- type:
- namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io
- default: {}
- - name: spec
- type:
- namedType: com.github.openshift.api.operator.v1alpha1.OLMSpec
- default: {}
- - name: status
+ - name: fieldsV1
type:
- namedType: com.github.openshift.api.operator.v1alpha1.OLMStatus
- default: {}
-- name: com.github.openshift.api.operator.v1alpha1.OLMSpec
- map:
- fields:
- - name: logLevel
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1
+ - name: manager
type:
scalar: string
- - name: managementState
+ - name: operation
type:
scalar: string
- default: ""
- - name: observedConfig
- type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
- - name: operatorLogLevel
+ - name: subresource
type:
scalar: string
- - name: unsupportedConfigOverrides
+ - name: time
type:
- namedType: RawExtension.runtime.pkg.apimachinery.k8s.io
-- name: com.github.openshift.api.operator.v1alpha1.OLMStatus
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
map:
fields:
- - name: conditions
+ - name: annotations
+ type:
+ map:
+ elementType:
+ scalar: string
+ - name: creationTimestamp
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ - name: deletionGracePeriodSeconds
+ type:
+ scalar: numeric
+ - name: deletionTimestamp
+ type:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ - name: finalizers
type:
list:
elementType:
- namedType: com.github.openshift.api.operator.v1.OperatorCondition
+ scalar: string
elementRelationship: associative
- keys:
- - type
- - name: generations
+ - name: generateName
+ type:
+ scalar: string
+ - name: generation
+ type:
+ scalar: numeric
+ - name: labels
+ type:
+ map:
+ elementType:
+ scalar: string
+ - name: managedFields
type:
list:
elementType:
- namedType: com.github.openshift.api.operator.v1.GenerationStatus
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry
+ elementRelationship: atomic
+ - name: name
+ type:
+ scalar: string
+ - name: namespace
+ type:
+ scalar: string
+ - name: ownerReferences
+ type:
+ list:
+ elementType:
+ namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference
elementRelationship: associative
keys:
- - group
- - resource
- - namespace
- - name
- - name: latestAvailableRevision
- type:
- scalar: numeric
- - name: observedGeneration
+ - uid
+ - name: resourceVersion
type:
- scalar: numeric
- - name: readyReplicas
+ scalar: string
+ - name: selfLink
type:
- scalar: numeric
- default: 0
- - name: version
+ scalar: string
+ - name: uid
type:
scalar: string
-- name: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference
map:
fields:
- - name: mirrors
+ - name: apiVersion
type:
- list:
- elementType:
- scalar: string
- elementRelationship: atomic
- - name: source
+ scalar: string
+ default: ""
+ - name: blockOwnerDeletion
+ type:
+ scalar: boolean
+ - name: controller
+ type:
+ scalar: boolean
+ - name: kind
+ type:
+ scalar: string
+ default: ""
+ - name: name
+ type:
+ scalar: string
+ default: ""
+ - name: uid
type:
scalar: string
default: ""
+ elementRelationship: atomic
+- name: io.k8s.apimachinery.pkg.apis.meta.v1.Time
+ scalar: untyped
+- name: io.k8s.apimachinery.pkg.runtime.RawExtension
+ map:
+ elementType:
+ scalar: untyped
+ list:
+ elementType:
+ namedType: __untyped_atomic_
+ elementRelationship: atomic
+ map:
+ elementType:
+ namedType: __untyped_deduced_
+ elementRelationship: separable
- name: __untyped_atomic_
scalar: untyped
list:
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awsnetworkloadbalancerparameters.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awsnetworkloadbalancerparameters.go
index 3785c6995..40cd5a65b 100644
--- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awsnetworkloadbalancerparameters.go
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awsnetworkloadbalancerparameters.go
@@ -38,6 +38,33 @@ type AWSNetworkLoadBalancerParametersApplyConfiguration struct {
// See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general
// information about configuration, characteristics, and limitations of Elastic IP addresses.
EIPAllocations []operatorv1.EIPAllocation `json:"eipAllocations,omitempty"`
+ // protocol specifies whether the Network Load Balancer uses PROXY
+ // protocol to forward connections to the IngressController.
+ //
+ // When set to "TCP", the NLB uses AWS's native client IP preservation.
+ // This may cause hairpin connection failures for internal load
+ // balancers when connections are made from pods to router pods on
+ // the same node.
+ //
+ // When set to "PROXY", the NLB disables native client IP preservation
+ // and uses PROXY protocol v2. The IngressController enables PROXY
+ // protocol on HAProxy so that it can parse PROXY protocol headers to
+ // obtain the original client IP. This avoids hairpin connection
+ // failures.
+ //
+ // The following values are valid for this field:
+ //
+ // * "TCP".
+ // * "PROXY".
+ //
+ // When omitted, this means the user has no opinion and the value is
+ // left to the platform to choose a reasonable default, which is subject to
+ // change over time. The current default is "PROXY".
+ //
+ // Note that changing this field may cause brief connection failures
+ // during the transition as the NLB attribute change and router rollout
+ // occur independently.
+ Protocol *operatorv1.NLBProtocol `json:"protocol,omitempty"`
}
// AWSNetworkLoadBalancerParametersApplyConfiguration constructs a declarative configuration of the AWSNetworkLoadBalancerParameters type for use with
@@ -63,3 +90,11 @@ func (b *AWSNetworkLoadBalancerParametersApplyConfiguration) WithEIPAllocations(
}
return b
}
+
+// WithProtocol sets the Protocol field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Protocol field is set to the value of the last call.
+func (b *AWSNetworkLoadBalancerParametersApplyConfiguration) WithProtocol(value operatorv1.NLBProtocol) *AWSNetworkLoadBalancerParametersApplyConfiguration {
+ b.Protocol = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/csidriverconfigspec.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/csidriverconfigspec.go
index 215a65371..4ff829f8a 100644
--- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/csidriverconfigspec.go
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/csidriverconfigspec.go
@@ -14,7 +14,7 @@ import (
type CSIDriverConfigSpecApplyConfiguration struct {
// driverType indicates type of CSI driver for which the
// driverConfig is being applied to.
- // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted.
+ // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted.
// Consumers should treat unknown values as a NO-OP.
DriverType *operatorv1.CSIDriverType `json:"driverType,omitempty"`
// aws is used to configure the AWS CSI driver.
@@ -27,6 +27,8 @@ type CSIDriverConfigSpecApplyConfiguration struct {
IBMCloud *IBMCloudCSIDriverConfigSpecApplyConfiguration `json:"ibmcloud,omitempty"`
// vSphere is used to configure the vsphere CSI driver.
VSphere *VSphereCSIDriverConfigSpecApplyConfiguration `json:"vSphere,omitempty"`
+ // secretsStore is used to configure the Secrets Store CSI driver.
+ SecretsStore *SecretsStoreCSIDriverConfigSpecApplyConfiguration `json:"secretsStore,omitempty"`
}
// CSIDriverConfigSpecApplyConfiguration constructs a declarative configuration of the CSIDriverConfigSpec type for use with
@@ -82,3 +84,11 @@ func (b *CSIDriverConfigSpecApplyConfiguration) WithVSphere(value *VSphereCSIDri
b.VSphere = value
return b
}
+
+// WithSecretsStore sets the SecretsStore field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the SecretsStore field is set to the value of the last call.
+func (b *CSIDriverConfigSpecApplyConfiguration) WithSecretsStore(value *SecretsStoreCSIDriverConfigSpecApplyConfiguration) *CSIDriverConfigSpecApplyConfiguration {
+ b.SecretsStore = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/customsecretrotation.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/customsecretrotation.go
new file mode 100644
index 000000000..1dd976a86
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/customsecretrotation.go
@@ -0,0 +1,31 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// CustomSecretRotationApplyConfiguration represents a declarative configuration of the CustomSecretRotation type for use
+// with apply.
+//
+// CustomSecretRotation holds configuration for custom secret rotation behavior.
+type CustomSecretRotationApplyConfiguration struct {
+ // rotationPollIntervalSeconds is the minimum time in seconds between secret
+ // rotation attempts. The driver skips provider calls if less than this interval
+ // has elapsed since the last successful rotation.
+ // Must be at least 1 second and no more than 31560000 seconds (~1 year).
+ // When omitted, this means no opinion and the platform is left to choose a
+ // reasonable default, which is subject to change over time.
+ RotationPollIntervalSeconds *int32 `json:"rotationPollIntervalSeconds,omitempty"`
+}
+
+// CustomSecretRotationApplyConfiguration constructs a declarative configuration of the CustomSecretRotation type for use with
+// apply.
+func CustomSecretRotation() *CustomSecretRotationApplyConfiguration {
+ return &CustomSecretRotationApplyConfiguration{}
+}
+
+// WithRotationPollIntervalSeconds sets the RotationPollIntervalSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RotationPollIntervalSeconds field is set to the value of the last call.
+func (b *CustomSecretRotationApplyConfiguration) WithRotationPollIntervalSeconds(value int32) *CustomSecretRotationApplyConfiguration {
+ b.RotationPollIntervalSeconds = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/etcdspec.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/etcdspec.go
index c3f57e516..5b685313a 100644
--- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/etcdspec.go
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/etcdspec.go
@@ -19,7 +19,7 @@ type EtcdSpecApplyConfiguration struct {
// which is subject to change without notice.
HardwareSpeed *operatorv1.ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed,omitempty"`
// backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
- // The value should be an integer not less than 8 and not more than 32.
+ // The value should be an integer not less than 8 and not more than 16.
// When not specified, the default value is 8.
BackendQuotaGiB *int32 `json:"backendQuotaGiB,omitempty"`
}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kmsencryptionstatus.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kmsencryptionstatus.go
new file mode 100644
index 000000000..34297c214
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kmsencryptionstatus.go
@@ -0,0 +1,31 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// KMSEncryptionStatusApplyConfiguration represents a declarative configuration of the KMSEncryptionStatus type for use
+// with apply.
+type KMSEncryptionStatusApplyConfiguration struct {
+ // healthReports contains all KMS plugin health reports.
+ // When omitted, no health reports are available.
+ // Each entry must have a unique combination of nodeName and keyId.
+ HealthReports []KMSPluginHealthReportApplyConfiguration `json:"healthReports,omitempty"`
+}
+
+// KMSEncryptionStatusApplyConfiguration constructs a declarative configuration of the KMSEncryptionStatus type for use with
+// apply.
+func KMSEncryptionStatus() *KMSEncryptionStatusApplyConfiguration {
+ return &KMSEncryptionStatusApplyConfiguration{}
+}
+
+// WithHealthReports adds the given value to the HealthReports field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the HealthReports field.
+func (b *KMSEncryptionStatusApplyConfiguration) WithHealthReports(values ...*KMSPluginHealthReportApplyConfiguration) *KMSEncryptionStatusApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithHealthReports")
+ }
+ b.HealthReports = append(b.HealthReports, *values[i])
+ }
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kmspluginhealthreport.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kmspluginhealthreport.go
new file mode 100644
index 000000000..40d8eac77
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kmspluginhealthreport.go
@@ -0,0 +1,91 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ operatorv1 "github.com/openshift/api/operator/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// KMSPluginHealthReportApplyConfiguration represents a declarative configuration of the KMSPluginHealthReport type for use
+// with apply.
+type KMSPluginHealthReportApplyConfiguration struct {
+ // nodeName is the name of the node this instance of the plugin runs on.
+ // The combination of nodeName and keyId makes this health report unique.
+ // The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain
+ // consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with
+ // an alphanumeric character, and be at most 253 characters in length.
+ NodeName *string `json:"nodeName,omitempty"`
+ // keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node.
+ // This is not a cryptographic key used to encrypt/decrypt any resources.
+ // The value must be between 1 and 512 characters.
+ KeyId *string `json:"keyId,omitempty"`
+ // status contains a health indicator for the respective KMS plugin
+ // The field can have three states: healthy, unhealthy, error.
+ // With error and unhealthy containing additional information in Detail.
+ Status *operatorv1.KMSPluginHealthStatus `json:"status,omitempty"`
+ // lastCheckedTime is a timestamp of when the probe was last checked.
+ LastCheckedTime *metav1.Time `json:"lastCheckedTime,omitempty"`
+ // kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id.
+ // This is not a cryptographic key, but a unique representation of the KEK.
+ // The value must be between 1 and 1024 characters.
+ KEKId *string `json:"kekId,omitempty"`
+ // detail contains additional error/health information for the respective KMS plugin.
+ // When omitted, no additional error or health information is provided.
+ // When set, the value must be between 1 and 1024 characters.
+ Detail *string `json:"detail,omitempty"`
+}
+
+// KMSPluginHealthReportApplyConfiguration constructs a declarative configuration of the KMSPluginHealthReport type for use with
+// apply.
+func KMSPluginHealthReport() *KMSPluginHealthReportApplyConfiguration {
+ return &KMSPluginHealthReportApplyConfiguration{}
+}
+
+// WithNodeName sets the NodeName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NodeName field is set to the value of the last call.
+func (b *KMSPluginHealthReportApplyConfiguration) WithNodeName(value string) *KMSPluginHealthReportApplyConfiguration {
+ b.NodeName = &value
+ return b
+}
+
+// WithKeyId sets the KeyId field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the KeyId field is set to the value of the last call.
+func (b *KMSPluginHealthReportApplyConfiguration) WithKeyId(value string) *KMSPluginHealthReportApplyConfiguration {
+ b.KeyId = &value
+ return b
+}
+
+// WithStatus sets the Status field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Status field is set to the value of the last call.
+func (b *KMSPluginHealthReportApplyConfiguration) WithStatus(value operatorv1.KMSPluginHealthStatus) *KMSPluginHealthReportApplyConfiguration {
+ b.Status = &value
+ return b
+}
+
+// WithLastCheckedTime sets the LastCheckedTime field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LastCheckedTime field is set to the value of the last call.
+func (b *KMSPluginHealthReportApplyConfiguration) WithLastCheckedTime(value metav1.Time) *KMSPluginHealthReportApplyConfiguration {
+ b.LastCheckedTime = &value
+ return b
+}
+
+// WithKEKId sets the KEKId field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the KEKId field is set to the value of the last call.
+func (b *KMSPluginHealthReportApplyConfiguration) WithKEKId(value string) *KMSPluginHealthReportApplyConfiguration {
+ b.KEKId = &value
+ return b
+}
+
+// WithDetail sets the Detail field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Detail field is set to the value of the last call.
+func (b *KMSPluginHealthReportApplyConfiguration) WithDetail(value string) *KMSPluginHealthReportApplyConfiguration {
+ b.Detail = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kubeapiserverstatus.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kubeapiserverstatus.go
index b6b6bd866..c6eec2ce4 100644
--- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kubeapiserverstatus.go
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kubeapiserverstatus.go
@@ -12,6 +12,8 @@ type KubeAPIServerStatusApplyConfiguration struct {
// The default expiration for the items is set by the platform and it defaults to 24h.
// see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
ServiceAccountIssuers []ServiceAccountIssuerStatusApplyConfiguration `json:"serviceAccountIssuers,omitempty"`
+ // encryptionStatus contains status reports for the KMS plugin health and its key rotation.
+ EncryptionStatus *KMSEncryptionStatusApplyConfiguration `json:"encryptionStatus,omitempty"`
}
// KubeAPIServerStatusApplyConfiguration constructs a declarative configuration of the KubeAPIServerStatus type for use with
@@ -111,3 +113,11 @@ func (b *KubeAPIServerStatusApplyConfiguration) WithServiceAccountIssuers(values
}
return b
}
+
+// WithEncryptionStatus sets the EncryptionStatus field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the EncryptionStatus field is set to the value of the last call.
+func (b *KubeAPIServerStatusApplyConfiguration) WithEncryptionStatus(value *KMSEncryptionStatusApplyConfiguration) *KubeAPIServerStatusApplyConfiguration {
+ b.EncryptionStatus = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/managedtokenrequests.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/managedtokenrequests.go
new file mode 100644
index 000000000..5b65a6628
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/managedtokenrequests.go
@@ -0,0 +1,43 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// ManagedTokenRequestsApplyConfiguration represents a declarative configuration of the ManagedTokenRequests type for use
+// with apply.
+//
+// ManagedTokenRequests holds the configuration for operator-managed
+// service account token requests.
+type ManagedTokenRequestsApplyConfiguration struct {
+ // audiences specifies service account token audiences that kubelet will
+ // provide to the CSI driver during NodePublishVolume calls. These tokens
+ // enable workload identity federation (WIF) with cloud providers such as
+ // AWS, Azure, and GCP.
+ // When empty, the operator clears all tokenRequests from the CSIDriver object.
+ Audiences *[]SecretsStoreTokenRequestApplyConfiguration `json:"audiences,omitempty"`
+}
+
+// ManagedTokenRequestsApplyConfiguration constructs a declarative configuration of the ManagedTokenRequests type for use with
+// apply.
+func ManagedTokenRequests() *ManagedTokenRequestsApplyConfiguration {
+ return &ManagedTokenRequestsApplyConfiguration{}
+}
+
+func (b *ManagedTokenRequestsApplyConfiguration) ensureSecretsStoreTokenRequestApplyConfigurationExists() {
+ if b.Audiences == nil {
+ b.Audiences = &[]SecretsStoreTokenRequestApplyConfiguration{}
+ }
+}
+
+// WithAudiences adds the given value to the Audiences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Audiences field.
+func (b *ManagedTokenRequestsApplyConfiguration) WithAudiences(values ...*SecretsStoreTokenRequestApplyConfiguration) *ManagedTokenRequestsApplyConfiguration {
+ b.ensureSecretsStoreTokenRequestApplyConfigurationExists()
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithAudiences")
+ }
+ *b.Audiences = append(*b.Audiences, *values[i])
+ }
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/oauthapiserverstatus.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/oauthapiserverstatus.go
index 381d4a7e7..1ccbf802f 100644
--- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/oauthapiserverstatus.go
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/oauthapiserverstatus.go
@@ -8,6 +8,8 @@ type OAuthAPIServerStatusApplyConfiguration struct {
// latestAvailableRevision is the latest revision used as suffix of revisioned
// secrets like encryption-config. A new revision causes a new deployment of pods.
LatestAvailableRevision *int32 `json:"latestAvailableRevision,omitempty"`
+ // encryptionStatus contains status reports for the KMS plugin health and its key rotation.
+ EncryptionStatus *KMSEncryptionStatusApplyConfiguration `json:"encryptionStatus,omitempty"`
}
// OAuthAPIServerStatusApplyConfiguration constructs a declarative configuration of the OAuthAPIServerStatus type for use with
@@ -23,3 +25,11 @@ func (b *OAuthAPIServerStatusApplyConfiguration) WithLatestAvailableRevision(val
b.LatestAvailableRevision = &value
return b
}
+
+// WithEncryptionStatus sets the EncryptionStatus field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the EncryptionStatus field is set to the value of the last call.
+func (b *OAuthAPIServerStatusApplyConfiguration) WithEncryptionStatus(value *KMSEncryptionStatusApplyConfiguration) *OAuthAPIServerStatusApplyConfiguration {
+ b.EncryptionStatus = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/openshiftapiserverstatus.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/openshiftapiserverstatus.go
index 776701d54..3a68909d5 100644
--- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/openshiftapiserverstatus.go
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/openshiftapiserverstatus.go
@@ -6,6 +6,8 @@ package v1
// with apply.
type OpenShiftAPIServerStatusApplyConfiguration struct {
OperatorStatusApplyConfiguration `json:",inline"`
+ // encryptionStatus contains status reports for the KMS plugin health and its key rotation.
+ EncryptionStatus *KMSEncryptionStatusApplyConfiguration `json:"encryptionStatus,omitempty"`
}
// OpenShiftAPIServerStatusApplyConfiguration constructs a declarative configuration of the OpenShiftAPIServerStatus type for use with
@@ -71,3 +73,11 @@ func (b *OpenShiftAPIServerStatusApplyConfiguration) WithGenerations(values ...*
}
return b
}
+
+// WithEncryptionStatus sets the EncryptionStatus field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the EncryptionStatus field is set to the value of the last call.
+func (b *OpenShiftAPIServerStatusApplyConfiguration) WithEncryptionStatus(value *KMSEncryptionStatusApplyConfiguration) *OpenShiftAPIServerStatusApplyConfiguration {
+ b.EncryptionStatus = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstorecsidriverconfigspec.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstorecsidriverconfigspec.go
new file mode 100644
index 000000000..145aa9070
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstorecsidriverconfigspec.go
@@ -0,0 +1,40 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// SecretsStoreCSIDriverConfigSpecApplyConfiguration represents a declarative configuration of the SecretsStoreCSIDriverConfigSpec type for use
+// with apply.
+//
+// SecretsStoreCSIDriverConfigSpec defines properties that can be configured for the Secrets Store CSI driver.
+type SecretsStoreCSIDriverConfigSpecApplyConfiguration struct {
+ // secretRotation controls automatic secret rotation behavior.
+ // When omitted, secret rotation is enabled with a default poll interval of 2 minutes.
+ SecretRotation *SecretsStoreSecretRotationApplyConfiguration `json:"secretRotation,omitempty"`
+ // tokenRequests controls service account token configuration for
+ // workload identity federation (WIF) with cloud providers.
+ // When omitted, the operator preserves any existing tokenRequests
+ // already configured on the CSIDriver object without modification.
+ TokenRequests *SecretsStoreTokenRequestsApplyConfiguration `json:"tokenRequests,omitempty"`
+}
+
+// SecretsStoreCSIDriverConfigSpecApplyConfiguration constructs a declarative configuration of the SecretsStoreCSIDriverConfigSpec type for use with
+// apply.
+func SecretsStoreCSIDriverConfigSpec() *SecretsStoreCSIDriverConfigSpecApplyConfiguration {
+ return &SecretsStoreCSIDriverConfigSpecApplyConfiguration{}
+}
+
+// WithSecretRotation sets the SecretRotation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the SecretRotation field is set to the value of the last call.
+func (b *SecretsStoreCSIDriverConfigSpecApplyConfiguration) WithSecretRotation(value *SecretsStoreSecretRotationApplyConfiguration) *SecretsStoreCSIDriverConfigSpecApplyConfiguration {
+ b.SecretRotation = value
+ return b
+}
+
+// WithTokenRequests sets the TokenRequests field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the TokenRequests field is set to the value of the last call.
+func (b *SecretsStoreCSIDriverConfigSpecApplyConfiguration) WithTokenRequests(value *SecretsStoreTokenRequestsApplyConfiguration) *SecretsStoreCSIDriverConfigSpecApplyConfiguration {
+ b.TokenRequests = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstoresecretrotation.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstoresecretrotation.go
new file mode 100644
index 000000000..0624fe9c6
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstoresecretrotation.go
@@ -0,0 +1,46 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ operatorv1 "github.com/openshift/api/operator/v1"
+)
+
+// SecretsStoreSecretRotationApplyConfiguration represents a declarative configuration of the SecretsStoreSecretRotation type for use
+// with apply.
+//
+// SecretsStoreSecretRotation configures the automatic secret rotation behavior
+// for the Secrets Store CSI driver.
+type SecretsStoreSecretRotationApplyConfiguration struct {
+ // type determines the secret rotation behavior.
+ // When "None", secret rotation is disabled and secrets are only fetched at
+ // initial pod mount time.
+ // When "Custom", secret rotation is enabled with the configuration specified
+ // in the custom field.
+ Type *operatorv1.SecretRotationType `json:"type,omitempty"`
+ // custom holds the custom rotation configuration.
+ // Only valid when type is "Custom".
+ Custom *CustomSecretRotationApplyConfiguration `json:"custom,omitempty"`
+}
+
+// SecretsStoreSecretRotationApplyConfiguration constructs a declarative configuration of the SecretsStoreSecretRotation type for use with
+// apply.
+func SecretsStoreSecretRotation() *SecretsStoreSecretRotationApplyConfiguration {
+ return &SecretsStoreSecretRotationApplyConfiguration{}
+}
+
+// WithType sets the Type field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Type field is set to the value of the last call.
+func (b *SecretsStoreSecretRotationApplyConfiguration) WithType(value operatorv1.SecretRotationType) *SecretsStoreSecretRotationApplyConfiguration {
+ b.Type = &value
+ return b
+}
+
+// WithCustom sets the Custom field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Custom field is set to the value of the last call.
+func (b *SecretsStoreSecretRotationApplyConfiguration) WithCustom(value *CustomSecretRotationApplyConfiguration) *SecretsStoreSecretRotationApplyConfiguration {
+ b.Custom = value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstoretokenrequest.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstoretokenrequest.go
new file mode 100644
index 000000000..b8eb7597f
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstoretokenrequest.go
@@ -0,0 +1,41 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// SecretsStoreTokenRequestApplyConfiguration represents a declarative configuration of the SecretsStoreTokenRequest type for use
+// with apply.
+//
+// SecretsStoreTokenRequest specifies a service account token audience configuration
+// for workload identity federation (WIF) with the Secrets Store CSI driver.
+type SecretsStoreTokenRequestApplyConfiguration struct {
+ // audience is the intended audience of the service account token.
+ // An empty string means the issued token will use the kube-apiserver's default APIAudiences.
+ Audience *string `json:"audience,omitempty"`
+ // expirationSeconds is the requested duration of validity of the service account token.
+ // The token issuer may return a token with a different validity duration.
+ // When omitted, the token expiration is determined by the kube-apiserver.
+ // Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).
+ ExpirationSeconds *int32 `json:"expirationSeconds,omitempty"`
+}
+
+// SecretsStoreTokenRequestApplyConfiguration constructs a declarative configuration of the SecretsStoreTokenRequest type for use with
+// apply.
+func SecretsStoreTokenRequest() *SecretsStoreTokenRequestApplyConfiguration {
+ return &SecretsStoreTokenRequestApplyConfiguration{}
+}
+
+// WithAudience sets the Audience field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Audience field is set to the value of the last call.
+func (b *SecretsStoreTokenRequestApplyConfiguration) WithAudience(value string) *SecretsStoreTokenRequestApplyConfiguration {
+ b.Audience = &value
+ return b
+}
+
+// WithExpirationSeconds sets the ExpirationSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ExpirationSeconds field is set to the value of the last call.
+func (b *SecretsStoreTokenRequestApplyConfiguration) WithExpirationSeconds(value int32) *SecretsStoreTokenRequestApplyConfiguration {
+ b.ExpirationSeconds = &value
+ return b
+}
diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstoretokenrequests.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstoretokenrequests.go
new file mode 100644
index 000000000..ea9ac415d
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/secretsstoretokenrequests.go
@@ -0,0 +1,47 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ operatorv1 "github.com/openshift/api/operator/v1"
+)
+
+// SecretsStoreTokenRequestsApplyConfiguration represents a declarative configuration of the SecretsStoreTokenRequests type for use
+// with apply.
+//
+// SecretsStoreTokenRequests configures how service account tokens are
+// provided to the Secrets Store CSI driver for workload identity federation.
+type SecretsStoreTokenRequestsApplyConfiguration struct {
+ // type determines how the operator manages tokenRequests on the CSIDriver object.
+ // When "Unmanaged", existing tokenRequests on the CSIDriver are preserved
+ // and the managed field is not used.
+ // When "Managed", the operator sets tokenRequests from the audiences
+ // specified in the managed field, replacing any previously configured values.
+ // Once set to "Managed", type cannot be reverted back to "Unmanaged".
+ Type *operatorv1.TokenRequestsType `json:"type,omitempty"`
+ // managed holds configuration for operator-managed tokenRequests.
+ // Only valid when type is "Managed".
+ Managed *ManagedTokenRequestsApplyConfiguration `json:"managed,omitempty"`
+}
+
+// SecretsStoreTokenRequestsApplyConfiguration constructs a declarative configuration of the SecretsStoreTokenRequests type for use with
+// apply.
+func SecretsStoreTokenRequests() *SecretsStoreTokenRequestsApplyConfiguration {
+ return &SecretsStoreTokenRequestsApplyConfiguration{}
+}
+
+// WithType sets the Type field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Type field is set to the value of the last call.
+func (b *SecretsStoreTokenRequestsApplyConfiguration) WithType(value operatorv1.TokenRequestsType) *SecretsStoreTokenRequestsApplyConfiguration {
+ b.Type = &value
+ return b
+}
+
+// WithManaged sets the Managed field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Managed field is set to the value of the last call.
+func (b *SecretsStoreTokenRequestsApplyConfiguration) WithManaged(value *ManagedTokenRequestsApplyConfiguration) *SecretsStoreTokenRequestsApplyConfiguration {
+ b.Managed = value
+ return b
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/serialization.go b/vendor/k8s.io/kube-openapi/pkg/internal/serialization.go
index 7393bacf7..5d8ee9aa4 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/serialization.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/serialization.go
@@ -24,7 +24,7 @@ import (
// DeterministicMarshal calls the jsonv2 library with the deterministic
// flag in order to have stable marshaling.
func DeterministicMarshal(in any) ([]byte, error) {
- return jsonv2.MarshalOptions{Deterministic: true}.Marshal(jsonv2.EncodeOptions{}, in)
+ return jsonv2.Marshal(in, jsonv2.Deterministic(true))
}
// JSONRefFromMap populates a json reference object if the map v contains a $ref key.
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/README.md b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/README.md
index 0349adf69..937c39800 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/README.md
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/README.md
@@ -7,17 +7,24 @@ This module hosts an experimental implementation of v2 `encoding/json`.
The API is unstable and breaking changes will regularly be made.
Do not depend on this in publicly available modules.
+Any commits that make breaking API or behavior changes will be marked
+with the string "WARNING: " near the top of the commit message.
+It is your responsibility to inspect the list of commit changes
+when upgrading the module. Not all breaking changes will lead to build failures.
+
+A [proposal to include this module in Go as `encoding/json/v2` and `encoding/json/jsontext`](https://github.com/golang/go/issues/71497) has been started on the Go Github project on 2025-01-30. Please provide your feedback there.
+
## Goals and objectives
* **Mostly backwards compatible:** If possible, v2 should aim to be _mostly_
compatible with v1 in terms of both API and default behavior to ease migration.
For example, the `Marshal` and `Unmarshal` functions are the most widely used
declarations in the v1 package. It seems sensible for equivalent functionality
-in v2 to be named the same and have the same signature.
+in v2 to be named the same and have a mostly compatible signature.
Behaviorally, we should aim for 95% to 99% backwards compatibility.
We do not aim for 100% compatibility since we want the freedom to break
certain behaviors that are now considered to have been a mistake.
-We may provide options that can bring the v2 implementation to 100% compatibility,
+Options exist that can bring the v2 implementation to 100% compatibility,
but it will not be the default.
* **More flexible:** There is a
@@ -96,26 +103,32 @@ Syntax deals with the structural representation of JSON (as specified in
Semantics deals with the meaning of syntactic data as usable application data.
The `Encoder` and `Decoder` types are streaming tokenizers concerned with the
-packing or parsing of JSON data. They operate on `Token` and `RawValue` types
+packing or parsing of JSON data. They operate on `Token` and `Value` types
which represent the common data structures that are representable in JSON.
`Encoder` and `Decoder` do not aim to provide any interpretation of the data.
-Functions like `Marshal`, `MarshalFull`, `MarshalNext`, `Unmarshal`,
-`UnmarshalFull`, and `UnmarshalNext` provide semantic meaning by correlating
+Functions like `Marshal`, `MarshalWrite`, `MarshalEncode`, `Unmarshal`,
+`UnmarshalRead`, and `UnmarshalDecode` provide semantic meaning by correlating
any arbitrary Go type with some JSON representation of that type (as stored in
data types like `[]byte`, `io.Writer`, `io.Reader`, `Encoder`, or `Decoder`).
-This diagram provides a high-level overview of the v2 `json` package.
+This diagram provides a high-level overview of the v2 `json` and `jsontext` packages.
Purple blocks represent types, while blue blocks represent functions or methods.
The arrows and their direction represent the approximate flow of data.
The bottom half of the diagram contains functionality that is only concerned
-with syntax, while the upper half contains functionality that assigns
-semantic meaning to syntactic data handled by the bottom half.
+with syntax (implemented by the `jsontext` package),
+while the upper half contains functionality that assigns
+semantic meaning to syntactic data handled by the bottom half
+(as implemented by the v2 `json` package).
In contrast to v1 `encoding/json`, options are represented as separate types
rather than being setter methods on the `Encoder` or `Decoder` types.
+Some options affects JSON serialization at the syntactic layer,
+while others affect it at the semantic layer.
+Some options only affect JSON when decoding,
+while others affect JSON while encoding.
## Behavior changes
@@ -128,194 +141,35 @@ This table shows an overview of the changes:
| v1 | v2 | Details |
| -- | -- | ------- |
-| JSON object members are unmarshaled into a Go struct using a **case-insensitive name match**. | JSON object members are unmarshaled into a Go struct using a **case-sensitive name match**. | [CaseSensitivity](/diff_test.go#:~:text=TestCaseSensitivity) |
-| When marshaling a Go struct, a struct field marked as `omitempty` is omitted if **the field value is an empty Go value**, which is defined as false, 0, a nil pointer, a nil interface value, and any empty array, slice, map, or string. | When marshaling a Go struct, a struct field marked as `omitempty` is omitted if **the field value would encode as an empty JSON value**, which is defined as a JSON null, or an empty JSON string, object, or array. | [OmitEmptyOption](/diff_test.go#:~:text=TestOmitEmptyOption) |
-| The `string` option **does affect** Go bools. | The `string` option **does not affect** Go bools. | [StringOption](/diff_test.go#:~:text=TestStringOption) |
-| The `string` option **does not recursively affect** sub-values of the Go field value. | The `string` option **does recursively affect** sub-values of the Go field value. | [StringOption](/diff_test.go#:~:text=TestStringOption) |
-| The `string` option **sometimes accepts** a JSON null escaped within a JSON string. | The `string` option **never accepts** a JSON null escaped within a JSON string. | [StringOption](/diff_test.go#:~:text=TestStringOption) |
-| A nil Go slice is marshaled as a **JSON null**. | A nil Go slice is marshaled as an **empty JSON array**. | [NilSlicesAndMaps](/diff_test.go#:~:text=TestNilSlicesAndMaps) |
-| A nil Go map is marshaled as a **JSON null**. | A nil Go map is marshaled as an **empty JSON object**. | [NilSlicesAndMaps](/diff_test.go#:~:text=TestNilSlicesAndMaps) |
-| A Go array may be unmarshaled from a **JSON array of any length**. | A Go array must be unmarshaled from a **JSON array of the same length**. | [Arrays](/diff_test.go#:~:text=Arrays) |
-| A Go byte array is represented as a **JSON array of JSON numbers**. | A Go byte array is represented as a **Base64-encoded JSON string**. | [ByteArrays](/diff_test.go#:~:text=TestByteArrays) |
-| `MarshalJSON` and `UnmarshalJSON` methods declared on a pointer receiver are **inconsistently called**. | `MarshalJSON` and `UnmarshalJSON` methods declared on a pointer receiver are **consistently called**. | [PointerReceiver](/diff_test.go#:~:text=TestPointerReceiver) |
-| A Go map is marshaled in a **deterministic order**. | A Go map is marshaled in a **non-deterministic order**. | [MapDeterminism](/diff_test.go#:~:text=TestMapDeterminism) |
-| JSON strings are encoded **with HTML-specific characters being escaped**. | JSON strings are encoded **without any characters being escaped** (unless necessary). | [EscapeHTML](/diff_test.go#:~:text=TestEscapeHTML) |
-| When marshaling, invalid UTF-8 within a Go string **are silently replaced**. | When marshaling, invalid UTF-8 within a Go string **results in an error**. | [InvalidUTF8](/diff_test.go#:~:text=TestInvalidUTF8) |
-| When unmarshaling, invalid UTF-8 within a JSON string **are silently replaced**. | When unmarshaling, invalid UTF-8 within a JSON string **results in an error**. | [InvalidUTF8](/diff_test.go#:~:text=TestInvalidUTF8) |
-| When marshaling, **an error does not occur** if the output JSON value contains objects with duplicate names. | When marshaling, **an error does occur** if the output JSON value contains objects with duplicate names. | [DuplicateNames](/diff_test.go#:~:text=TestDuplicateNames) |
-| When unmarshaling, **an error does not occur** if the input JSON value contains objects with duplicate names. | When unmarshaling, **an error does occur** if the input JSON value contains objects with duplicate names. | [DuplicateNames](/diff_test.go#:~:text=TestDuplicateNames) |
-| Unmarshaling a JSON null into a non-empty Go value **inconsistently clears the value or does nothing**. | Unmarshaling a JSON null into a non-empty Go value **always clears the value**. | [MergeNull](/diff_test.go#:~:text=TestMergeNull) |
-| Unmarshaling a JSON value into a non-empty Go value **follows inconsistent and bizarre behavior**. | Unmarshaling a JSON value into a non-empty Go value **always merges if the input is an object, and otherwise replaces**. | [MergeComposite](/diff_test.go#:~:text=TestMergeComposite) |
-| A `time.Duration` is represented as a **JSON number containing the decimal number of nanoseconds**. | A `time.Duration` is represented as a **JSON string containing the formatted duration (e.g., "1h2m3.456s")**. | [TimeDurations](/diff_test.go#:~:text=TestTimeDurations) |
-| Unmarshaling a JSON number into a Go float beyond its representation **results in an error**. | Unmarshaling a JSON number into a Go float beyond its representation **uses the closest representable value (e.g., ±`math.MaxFloat`)**. | [MaxFloats](/diff_test.go#:~:text=TestMaxFloats) |
-| A Go struct with only unexported fields **can be serialized**. | A Go struct with only unexported fields **cannot be serialized**. | [EmptyStructs](/diff_test.go#:~:text=TestEmptyStructs) |
-| A Go struct that embeds an unexported struct type **can sometimes be serialized**. | A Go struct that embeds an unexported struct type **cannot be serialized**. | [EmbedUnexported](/diff_test.go#:~:text=TestEmbedUnexported) |
-
-See [diff_test.go](/diff_test.go) for details about every change.
+| JSON object members are unmarshaled into a Go struct using a **case-insensitive name match**. | JSON object members are unmarshaled into a Go struct using a **case-sensitive name match**. | [CaseSensitivity](/v1/diff_test.go#:~:text=TestCaseSensitivity) |
+| When marshaling a Go struct, a struct field marked as `omitempty` is omitted if **the field value is an empty Go value**, which is defined as false, 0, a nil pointer, a nil interface value, and any empty array, slice, map, or string. | When marshaling a Go struct, a struct field marked as `omitempty` is omitted if **the field value would encode as an empty JSON value**, which is defined as a JSON null, or an empty JSON string, object, or array. | [OmitEmptyOption](/v1/diff_test.go#:~:text=TestOmitEmptyOption) |
+| The `string` option **does affect** Go strings and bools. | The `string` option **does not affect** Go strings or bools. | [StringOption](/v1/diff_test.go#:~:text=TestStringOption) |
+| The `string` option **does not recursively affect** sub-values of the Go field value. | The `string` option **does recursively affect** sub-values of the Go field value. | [StringOption](/v1/diff_test.go#:~:text=TestStringOption) |
+| The `string` option **sometimes accepts** a JSON null escaped within a JSON string. | The `string` option **never accepts** a JSON null escaped within a JSON string. | [StringOption](/v1/diff_test.go#:~:text=TestStringOption) |
+| A nil Go slice is marshaled as a **JSON null**. | A nil Go slice is marshaled as an **empty JSON array**. | [NilSlicesAndMaps](/v1/diff_test.go#:~:text=TestNilSlicesAndMaps) |
+| A nil Go map is marshaled as a **JSON null**. | A nil Go map is marshaled as an **empty JSON object**. | [NilSlicesAndMaps](/v1/diff_test.go#:~:text=TestNilSlicesAndMaps) |
+| A Go array may be unmarshaled from a **JSON array of any length**. | A Go array must be unmarshaled from a **JSON array of the same length**. | [Arrays](/v1/diff_test.go#:~:text=Arrays) |
+| A Go byte array is represented as a **JSON array of JSON numbers**. | A Go byte array is represented as a **Base64-encoded JSON string**. | [ByteArrays](/v1/diff_test.go#:~:text=TestByteArrays) |
+| `MarshalJSON` and `UnmarshalJSON` methods declared on a pointer receiver are **inconsistently called**. | `MarshalJSON` and `UnmarshalJSON` methods declared on a pointer receiver are **consistently called**. | [PointerReceiver](/v1/diff_test.go#:~:text=TestPointerReceiver) |
+| A Go map is marshaled in a **deterministic order**. | A Go map is marshaled in a **non-deterministic order**. | [MapDeterminism](/v1/diff_test.go#:~:text=TestMapDeterminism) |
+| JSON strings are encoded **with HTML-specific characters being escaped**. | JSON strings are encoded **without any characters being escaped** (unless necessary). | [EscapeHTML](/v1/diff_test.go#:~:text=TestEscapeHTML) |
+| When marshaling, invalid UTF-8 within a Go string **are silently replaced**. | When marshaling, invalid UTF-8 within a Go string **results in an error**. | [InvalidUTF8](/v1/diff_test.go#:~:text=TestInvalidUTF8) |
+| When unmarshaling, invalid UTF-8 within a JSON string **are silently replaced**. | When unmarshaling, invalid UTF-8 within a JSON string **results in an error**. | [InvalidUTF8](/v1/diff_test.go#:~:text=TestInvalidUTF8) |
+| When marshaling, **an error does not occur** if the output JSON value contains objects with duplicate names. | When marshaling, **an error does occur** if the output JSON value contains objects with duplicate names. | [DuplicateNames](/v1/diff_test.go#:~:text=TestDuplicateNames) |
+| When unmarshaling, **an error does not occur** if the input JSON value contains objects with duplicate names. | When unmarshaling, **an error does occur** if the input JSON value contains objects with duplicate names. | [DuplicateNames](/v1/diff_test.go#:~:text=TestDuplicateNames) |
+| Unmarshaling a JSON null into a non-empty Go value **inconsistently clears the value or does nothing**. | Unmarshaling a JSON null into a non-empty Go value **always clears the value**. | [MergeNull](/v1/diff_test.go#:~:text=TestMergeNull) |
+| Unmarshaling a JSON value into a non-empty Go value **follows inconsistent and bizarre behavior**. | Unmarshaling a JSON value into a non-empty Go value **always merges if the input is an object, and otherwise replaces**. | [MergeComposite](/v1/diff_test.go#:~:text=TestMergeComposite) |
+| A `time.Duration` is represented as a **JSON number containing the decimal number of nanoseconds**. | A `time.Duration` has no default representation in v2 (see [#71631](https://golang.org/issue/71631)) and results in an error. | |
+| A Go struct with only unexported fields **can be serialized**. | A Go struct with only unexported fields **cannot be serialized**. | [EmptyStructs](/v1/diff_test.go#:~:text=TestEmptyStructs) |
+
+See [diff_test.go](/v1/diff_test.go) for details about every change.
## Performance
-One of the goals of the v2 module is to be more performant than v1.
-
-Each of the charts below show the performance across
-several different JSON implementations:
-
-* `JSONv1` is `encoding/json` at `v1.18.2`
-* `JSONv2` is `github.com/go-json-experiment/json` at `v0.0.0-20220524042235-dd8be80fc4a7`
-* `JSONIterator` is `github.com/json-iterator/go` at `v1.1.12`
-* `SegmentJSON` is `github.com/segmentio/encoding/json` at `v0.3.5`
-* `GoJSON` is `github.com/goccy/go-json` at `v0.9.7`
-* `SonicJSON` is `github.com/bytedance/sonic` at `v1.3.0`
-
-Benchmarks were run across various datasets:
-
-* `CanadaGeometry` is a GeoJSON (RFC 7946) representation of Canada.
- It contains many JSON arrays of arrays of two-element arrays of numbers.
-* `CITMCatalog` contains many JSON objects using numeric names.
-* `SyntheaFHIR` is sample JSON data from the healthcare industry.
- It contains many nested JSON objects with mostly string values,
- where the set of unique string values is relatively small.
-* `TwitterStatus` is the JSON response from the Twitter API.
- It contains a mix of all different JSON kinds, where string values
- are a mix of both single-byte ASCII and multi-byte Unicode.
-* `GolangSource` is a simple tree representing the Go source code.
- It contains many nested JSON objects, each with the same schema.
-* `StringUnicode` contains many strings with multi-byte Unicode runes.
-
-All of the implementations other than `JSONv1` and `JSONv2` make
-extensive use of `unsafe`. As such, we expect those to generally be faster,
-but at the cost of memory and type safety. `SonicJSON` goes a step even further
-and uses just-in-time compilation to generate machine code specialized
-for the Go type being marshaled or unmarshaled.
-Also, `SonicJSON` does not validate JSON strings for valid UTF-8,
-and so gains a notable performance boost on datasets with multi-byte Unicode.
-Benchmarks are performed based on the default marshal and unmarshal behavior
-of each package. Note that `JSONv2` aims to be safe and correct by default,
-which may not be the most performant strategy.
-
-`JSONv2` has several semantic changes relative to `JSONv1` that
-impacts performance:
-
-1. When marshaling, `JSONv2` no longer sorts the keys of a Go map.
- This will improve performance.
-2. When marshaling or unmarshaling, `JSONv2` always checks
- to make sure JSON object names are unique.
- This will hurt performance, but is more correct.
-3. When marshaling or unmarshaling, `JSONv2` always
- shallow copies the underlying value for a Go interface and
- shallow copies the key and value for entries in a Go map.
- This is done to keep the value as addressable so that `JSONv2` can
- call methods and functions that operate on a pointer receiver.
- This will hurt performance, but is more correct.
-
-All of the charts are unit-less since the values are normalized
-relative to `JSONv1`, which is why `JSONv1` always has a value of 1.
-A lower value is better (i.e., runs faster).
-
-Benchmarks were performed on an AMD Ryzen 9 5900X.
-
-The code for the benchmarks is located at
-https://github.com/go-json-experiment/jsonbench.
-
-### Marshal Performance
-
-#### Concrete types
-
-
-
-* This compares marshal performance when serializing
- [from concrete types](/testdata_test.go).
-* The `JSONv1` implementation is close to optimal (without the use of `unsafe`).
-* Relative to `JSONv1`, `JSONv2` is generally as fast or slightly faster.
-* Relative to `JSONIterator`, `JSONv2` is up to 1.3x faster.
-* Relative to `SegmentJSON`, `JSONv2` is up to 1.8x slower.
-* Relative to `GoJSON`, `JSONv2` is up to 2.0x slower.
-* Relative to `SonicJSON`, `JSONv2` is about 1.8x to 3.2x slower
- (ignoring `StringUnicode` since `SonicJSON` does not validate UTF-8).
-* For `JSONv1` and `JSONv2`, marshaling from concrete types is
- mostly limited by the performance of Go reflection.
-
-#### Interface types
-
-
-
-* This compares marshal performance when serializing from
- `any`, `map[string]any`, and `[]any` types.
-* Relative to `JSONv1`, `JSONv2` is about 1.5x to 4.2x faster.
-* Relative to `JSONIterator`, `JSONv2` is about 1.1x to 2.4x faster.
-* Relative to `SegmentJSON`, `JSONv2` is about 1.2x to 1.8x faster.
-* Relative to `GoJSON`, `JSONv2` is about 1.1x to 2.5x faster.
-* Relative to `SonicJSON`, `JSONv2` is up to 1.5x slower
- (ignoring `StringUnicode` since `SonicJSON` does not validate UTF-8).
-* `JSONv2` is faster than the alternatives.
- One advantange is because it does not sort the keys for a `map[string]any`,
- while alternatives (except `SonicJSON` and `JSONIterator`) do sort the keys.
-
-#### RawValue types
-
-
-
-* This compares performance when marshaling from a `json.RawValue`.
- This mostly exercises the underlying encoder and
- hides the cost of Go reflection.
-* Relative to `JSONv1`, `JSONv2` is about 3.5x to 7.8x faster.
-* `JSONIterator` is blazingly fast because
- [it does not validate whether the raw value is valid](https://go.dev/play/p/bun9IXQCKRe)
- and simply copies it to the output.
-* Relative to `SegmentJSON`, `JSONv2` is about 1.5x to 2.7x faster.
-* Relative to `GoJSON`, `JSONv2` is up to 2.2x faster.
-* Relative to `SonicJSON`, `JSONv2` is up to 1.5x faster.
-* Aside from `JSONIterator`, `JSONv2` is generally the fastest.
-
-### Unmarshal Performance
-
-#### Concrete types
-
-
-
-* This compares unmarshal performance when deserializing
- [into concrete types](/testdata_test.go).
-* Relative to `JSONv1`, `JSONv2` is about 1.8x to 5.7x faster.
-* Relative to `JSONIterator`, `JSONv2` is about 1.1x to 1.6x slower.
-* Relative to `SegmentJSON`, `JSONv2` is up to 2.5x slower.
-* Relative to `GoJSON`, `JSONv2` is about 1.4x to 2.1x slower.
-* Relative to `SonicJSON`, `JSONv2` is up to 4.0x slower
- (ignoring `StringUnicode` since `SonicJSON` does not validate UTF-8).
-* For `JSONv1` and `JSONv2`, unmarshaling into concrete types is
- mostly limited by the performance of Go reflection.
-
-#### Interface types
-
-
-
-* This compares unmarshal performance when deserializing into
- `any`, `map[string]any`, and `[]any` types.
-* Relative to `JSONv1`, `JSONv2` is about 1.tx to 4.3x faster.
-* Relative to `JSONIterator`, `JSONv2` is up to 1.5x faster.
-* Relative to `SegmentJSON`, `JSONv2` is about 1.5 to 3.7x faster.
-* Relative to `GoJSON`, `JSONv2` is up to 1.3x faster.
-* Relative to `SonicJSON`, `JSONv2` is up to 1.5x slower
- (ignoring `StringUnicode` since `SonicJSON` does not validate UTF-8).
-* Aside from `SonicJSON`, `JSONv2` is generally just as fast
- or faster than all the alternatives.
-
-#### RawValue types
-
-
-
-* This compares performance when unmarshaling into a `json.RawValue`.
- This mostly exercises the underlying decoder and
- hides away most of the cost of Go reflection.
-* Relative to `JSONv1`, `JSONv2` is about 8.3x to 17.0x faster.
-* Relative to `JSONIterator`, `JSONv2` is up to 2.0x faster.
-* Relative to `SegmentJSON`, `JSONv2` is up to 1.6x faster or 1.7x slower.
-* Relative to `GoJSON`, `JSONv2` is up to 1.9x faster or 2.1x slower.
-* Relative to `SonicJSON`, `JSONv2` is up to 2.0x faster
- (ignoring `StringUnicode` since `SonicJSON` does not validate UTF-8).
-* `JSONv1` takes a
- [lexical scanning approach](https://talks.golang.org/2011/lex.slide#1),
- which performs a virtual function call for every byte of input.
- In contrast, `JSONv2` makes heavy use of iterative and linear parsing logic
- (with extra complexity to resume parsing when encountering segmented buffers).
-* `JSONv2` is comparable to the alternatives that use `unsafe`.
- Generally it is faster, but sometimes it is slower.
+One of the goals of the v2 module is to be more performant than v1,
+but not at the expense of correctness.
+In general, v2 is at performance parity with v1 for marshaling,
+but dramatically faster for unmarshaling.
+
+See https://github.com/go-json-experiment/jsonbench for benchmarks
+comparing v2 with v1 and a number of other popular JSON implementations.
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/alias.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/alias.go
new file mode 100644
index 000000000..fbf256d52
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/alias.go
@@ -0,0 +1,967 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Code generated by alias_gen.go; DO NOT EDIT.
+
+//go:build goexperiment.jsonv2 && go1.25
+
+// Package json implements semantic processing of JSON as specified in RFC 8259.
+// JSON is a simple data interchange format that can represent
+// primitive data types such as booleans, strings, and numbers,
+// in addition to structured data types such as objects and arrays.
+//
+// [Marshal] and [Unmarshal] encode and decode Go values
+// to/from JSON text contained within a []byte.
+// [MarshalWrite] and [UnmarshalRead] operate on JSON text
+// by writing to or reading from an [io.Writer] or [io.Reader].
+// [MarshalEncode] and [UnmarshalDecode] operate on JSON text
+// by encoding to or decoding from a [jsontext.Encoder] or [jsontext.Decoder].
+// [Options] may be passed to each of the marshal or unmarshal functions
+// to configure the semantic behavior of marshaling and unmarshaling
+// (i.e., alter how JSON data is understood as Go data and vice versa).
+// [jsontext.Options] may also be passed to the marshal or unmarshal functions
+// to configure the syntactic behavior of encoding or decoding.
+//
+// The data types of JSON are mapped to/from the data types of Go based on
+// the closest logical equivalent between the two type systems. For example,
+// a JSON boolean corresponds with a Go bool,
+// a JSON string corresponds with a Go string,
+// a JSON number corresponds with a Go int, uint or float,
+// a JSON array corresponds with a Go slice or array, and
+// a JSON object corresponds with a Go struct or map.
+// See the documentation on [Marshal] and [Unmarshal] for a comprehensive list
+// of how the JSON and Go type systems correspond.
+//
+// Arbitrary Go types can customize their JSON representation by implementing
+// [Marshaler], [MarshalerTo], [Unmarshaler], or [UnmarshalerFrom].
+// This provides authors of Go types with control over how their types are
+// serialized as JSON. Alternatively, users can implement functions that match
+// [MarshalFunc], [MarshalToFunc], [UnmarshalFunc], or [UnmarshalFromFunc]
+// to specify the JSON representation for arbitrary types.
+// This provides callers of JSON functionality with control over
+// how any arbitrary type is serialized as JSON.
+//
+// # JSON Representation of Go structs
+//
+// A Go struct is naturally represented as a JSON object,
+// where each Go struct field corresponds with a JSON object member.
+// When marshaling, all Go struct fields are recursively encoded in depth-first
+// order as JSON object members except those that are ignored or omitted.
+// When unmarshaling, JSON object members are recursively decoded
+// into the corresponding Go struct fields.
+// Object members that do not match any struct fields,
+// also known as “unknown members”, are ignored by default or rejected
+// if [RejectUnknownMembers] is specified.
+//
+// The representation of each struct field can be customized in the
+// "json" struct field tag, where the tag is a comma separated list of options.
+// As a special case, if the entire tag is `json:"-"`,
+// then the field is ignored with regard to its JSON representation.
+// Some options also have equivalent behavior controlled by a caller-specified [Options].
+// Field-specified options take precedence over caller-specified options.
+//
+// The first option is the JSON object name override for the Go struct field.
+// If the name is not specified, then the Go struct field name
+// is used as the JSON object name. JSON names containing commas or quotes,
+// or names identical to "" or "-", can be specified using
+// a single-quoted string literal, where the syntax is identical to
+// the Go grammar for a double-quoted string literal,
+// but instead uses single quotes as the delimiters.
+// By default, unmarshaling uses case-sensitive matching to identify
+// the Go struct field associated with a JSON object name.
+//
+// After the name, the following tag options are supported:
+//
+// - omitzero: When marshaling, the "omitzero" option specifies that
+// the struct field should be omitted if the field value is zero
+// as determined by the "IsZero() bool" method if present,
+// otherwise based on whether the field is the zero Go value.
+// This option has no effect when unmarshaling.
+//
+// - omitempty: When marshaling, the "omitempty" option specifies that
+// the struct field should be omitted if the field value would have been
+// encoded as a JSON null, empty string, empty object, or empty array.
+// This option has no effect when unmarshaling.
+//
+// - string: The "string" option specifies that [StringifyNumbers]
+// be set when marshaling or unmarshaling a struct field value.
+// This causes numeric types to be encoded as a JSON number
+// within a JSON string, and to be decoded from a JSON string
+// containing the JSON number without any surrounding whitespace.
+// This extra level of encoding is often necessary since
+// many JSON parsers cannot precisely represent 64-bit integers.
+//
+// - case: When unmarshaling, the "case" option specifies how
+// JSON object names are matched with the JSON name for Go struct fields.
+// The option is a key-value pair specified as "case:value" where
+// the value must either be 'ignore' or 'strict'.
+// The 'ignore' value specifies that matching is case-insensitive
+// where dashes and underscores are also ignored. If multiple fields match,
+// the first declared field in breadth-first order takes precedence.
+// The 'strict' value specifies that matching is case-sensitive.
+// This takes precedence over the [MatchCaseInsensitiveNames] option.
+//
+// - inline: The "inline" option specifies that
+// the JSON representable content of this field type is to be promoted
+// as if they were specified in the parent struct.
+// It is the JSON equivalent of Go struct embedding.
+// A Go embedded field is implicitly inlined unless an explicit JSON name
+// is specified. The inlined field must be a Go struct
+// (that does not implement any JSON methods), [jsontext.Value],
+// map[~string]T, or an unnamed pointer to such types. When marshaling,
+// inlined fields from a pointer type are omitted if it is nil.
+// Inlined fields of type [jsontext.Value] and map[~string]T are called
+// “inlined fallbacks” as they can represent all possible
+// JSON object members not directly handled by the parent struct.
+// Only one inlined fallback field may be specified in a struct,
+// while many non-fallback fields may be specified. This option
+// must not be specified with any other option (including the JSON name).
+//
+// - unknown: The "unknown" option is a specialized variant
+// of the inlined fallback to indicate that this Go struct field
+// contains any number of unknown JSON object members. The field type must
+// be a [jsontext.Value], map[~string]T, or an unnamed pointer to such types.
+// If [DiscardUnknownMembers] is specified when marshaling,
+// the contents of this field are ignored.
+// If [RejectUnknownMembers] is specified when unmarshaling,
+// any unknown object members are rejected regardless of whether
+// an inlined fallback with the "unknown" option exists. This option
+// must not be specified with any other option (including the JSON name).
+//
+// - format: The "format" option specifies a format flag
+// used to specialize the formatting of the field value.
+// The option is a key-value pair specified as "format:value" where
+// the value must be either a literal consisting of letters and numbers
+// (e.g., "format:RFC3339") or a single-quoted string literal
+// (e.g., "format:'2006-01-02'"). The interpretation of the format flag
+// is determined by the struct field type.
+//
+// The "omitzero" and "omitempty" options are mostly semantically identical.
+// The former is defined in terms of the Go type system,
+// while the latter in terms of the JSON type system.
+// Consequently they behave differently in some circumstances.
+// For example, only a nil slice or map is omitted under "omitzero", while
+// an empty slice or map is omitted under "omitempty" regardless of nilness.
+// The "omitzero" option is useful for types with a well-defined zero value
+// (e.g., [net/netip.Addr]) or have an IsZero method (e.g., [time.Time.IsZero]).
+//
+// Every Go struct corresponds to a list of JSON representable fields
+// which is constructed by performing a breadth-first search over
+// all struct fields (excluding unexported or ignored fields),
+// where the search recursively descends into inlined structs.
+// The set of non-inlined fields in a struct must have unique JSON names.
+// If multiple fields all have the same JSON name, then the one
+// at shallowest depth takes precedence and the other fields at deeper depths
+// are excluded from the list of JSON representable fields.
+// If multiple fields at the shallowest depth have the same JSON name,
+// but exactly one is explicitly tagged with a JSON name,
+// then that field takes precedence and all others are excluded from the list.
+// This is analogous to Go visibility rules for struct field selection
+// with embedded struct types.
+//
+// Marshaling or unmarshaling a non-empty struct
+// without any JSON representable fields results in a [SemanticError].
+// Unexported fields must not have any `json` tags except for `json:"-"`.
+//
+// # Security Considerations
+//
+// JSON is frequently used as a data interchange format to communicate
+// between different systems, possibly implemented in different languages.
+// For interoperability and security reasons, it is important that
+// all implementations agree upon the semantic meaning of the data.
+//
+// [For example, suppose we have two micro-services.]
+// The first service is responsible for authenticating a JSON request,
+// while the second service is responsible for executing the request
+// (having assumed that the prior service authenticated the request).
+// If an attacker were able to maliciously craft a JSON request such that
+// both services believe that the same request is from different users,
+// it could bypass the authenticator with valid credentials for one user,
+// but maliciously perform an action on behalf of a different user.
+//
+// According to RFC 8259, there unfortunately exist many JSON texts
+// that are syntactically valid but semantically ambiguous.
+// For example, the standard does not define how to interpret duplicate
+// names within an object.
+//
+// The v1 [encoding/json] and [encoding/json/v2] packages
+// interpret some inputs in different ways. In particular:
+//
+// - The standard specifies that JSON must be encoded using UTF-8.
+// By default, v1 replaces invalid bytes of UTF-8 in JSON strings
+// with the Unicode replacement character,
+// while v2 rejects inputs with invalid UTF-8.
+// To change the default, specify the [jsontext.AllowInvalidUTF8] option.
+// The replacement of invalid UTF-8 is a form of data corruption
+// that alters the precise meaning of strings.
+//
+// - The standard does not specify a particular behavior when
+// duplicate names are encountered within a JSON object,
+// which means that different implementations may behave differently.
+// By default, v1 allows for the presence of duplicate names,
+// while v2 rejects duplicate names.
+// To change the default, specify the [jsontext.AllowDuplicateNames] option.
+// If allowed, object members are processed in the order they are observed,
+// meaning that later values will replace or be merged into prior values,
+// depending on the Go value type.
+//
+// - The standard defines a JSON object as an unordered collection of name/value pairs.
+// While ordering can be observed through the underlying [jsontext] API,
+// both v1 and v2 generally avoid exposing the ordering.
+// No application should semantically depend on the order of object members.
+// Allowing duplicate names is a vector through which ordering of members
+// can accidentally be observed and depended upon.
+//
+// - The standard suggests that JSON object names are typically compared
+// based on equality of the sequence of Unicode code points,
+// which implies that comparing names is often case-sensitive.
+// When unmarshaling a JSON object into a Go struct,
+// by default, v1 uses a (loose) case-insensitive match on the name,
+// while v2 uses a (strict) case-sensitive match on the name.
+// To change the default, specify the [MatchCaseInsensitiveNames] option.
+// The use of case-insensitive matching provides another vector through
+// which duplicate names can occur. Allowing case-insensitive matching
+// means that v1 or v2 might interpret JSON objects differently from most
+// other JSON implementations (which typically use a case-sensitive match).
+//
+// - The standard does not specify a particular behavior when
+// an unknown name in a JSON object is encountered.
+// When unmarshaling a JSON object into a Go struct, by default
+// both v1 and v2 ignore unknown names and their corresponding values.
+// To change the default, specify the [RejectUnknownMembers] option.
+//
+// - The standard suggests that implementations may use a float64
+// to represent a JSON number. Consequently, large JSON integers
+// may lose precision when stored as a floating-point type.
+// Both v1 and v2 correctly preserve precision when marshaling and
+// unmarshaling a concrete integer type. However, even if v1 and v2
+// preserve precision for concrete types, other JSON implementations
+// may not be able to preserve precision for outputs produced by v1 or v2.
+// The `string` tag option can be used to specify that an integer type
+// is to be quoted within a JSON string to avoid loss of precision.
+// Furthermore, v1 and v2 may still lose precision when unmarshaling
+// into an any interface value, where unmarshal uses a float64
+// by default to represent a JSON number.
+// To change the default, specify the [WithUnmarshalers] option
+// with a custom unmarshaler that pre-populates the interface value
+// with a concrete Go type that can preserve precision.
+//
+// RFC 8785 specifies a canonical form for any JSON text,
+// which explicitly defines specific behaviors that RFC 8259 leaves undefined.
+// In theory, if a text can successfully [jsontext.Value.Canonicalize]
+// without changing the semantic meaning of the data, then it provides a
+// greater degree of confidence that the data is more secure and interoperable.
+//
+// The v2 API generally chooses more secure defaults than v1,
+// but care should still be taken with large integers or unknown members.
+//
+// [For example, suppose we have two micro-services.]: https://www.youtube.com/watch?v=avilmOcHKHE&t=1057s
+package json
+
+import (
+ "encoding/json/jsontext"
+ "encoding/json/v2"
+ "io"
+)
+
+// Marshal serializes a Go value as a []byte according to the provided
+// marshal and encode options (while ignoring unmarshal or decode options).
+// It does not terminate the output with a newline.
+//
+// Type-specific marshal functions and methods take precedence
+// over the default representation of a value.
+// Functions or methods that operate on *T are only called when encoding
+// a value of type T (by taking its address) or a non-nil value of *T.
+// Marshal ensures that a value is always addressable
+// (by boxing it on the heap if necessary) so that
+// these functions and methods can be consistently called. For performance,
+// it is recommended that Marshal be passed a non-nil pointer to the value.
+//
+// The input value is encoded as JSON according the following rules:
+//
+// - If any type-specific functions in a [WithMarshalers] option match
+// the value type, then those functions are called to encode the value.
+// If all applicable functions return [SkipFunc],
+// then the value is encoded according to subsequent rules.
+//
+// - If the value type implements [MarshalerTo],
+// then the MarshalJSONTo method is called to encode the value.
+//
+// - If the value type implements [Marshaler],
+// then the MarshalJSON method is called to encode the value.
+//
+// - If the value type implements [encoding.TextAppender],
+// then the AppendText method is called to encode the value and
+// subsequently encode its result as a JSON string.
+//
+// - If the value type implements [encoding.TextMarshaler],
+// then the MarshalText method is called to encode the value and
+// subsequently encode its result as a JSON string.
+//
+// - Otherwise, the value is encoded according to the value's type
+// as described in detail below.
+//
+// Most Go types have a default JSON representation.
+// Certain types support specialized formatting according to
+// a format flag optionally specified in the Go struct tag
+// for the struct field that contains the current value
+// (see the “JSON Representation of Go structs” section for more details).
+//
+// The representation of each type is as follows:
+//
+// - A Go boolean is encoded as a JSON boolean (e.g., true or false).
+// It does not support any custom format flags.
+//
+// - A Go string is encoded as a JSON string.
+// It does not support any custom format flags.
+//
+// - A Go []byte or [N]byte is encoded as a JSON string containing
+// the binary value encoded using RFC 4648.
+// If the format is "base64" or unspecified, then this uses RFC 4648, section 4.
+// If the format is "base64url", then this uses RFC 4648, section 5.
+// If the format is "base32", then this uses RFC 4648, section 6.
+// If the format is "base32hex", then this uses RFC 4648, section 7.
+// If the format is "base16" or "hex", then this uses RFC 4648, section 8.
+// If the format is "array", then the bytes value is encoded as a JSON array
+// where each byte is recursively JSON-encoded as each JSON array element.
+//
+// - A Go integer is encoded as a JSON number without fractions or exponents.
+// If [StringifyNumbers] is specified or encoding a JSON object name,
+// then the JSON number is encoded within a JSON string.
+// It does not support any custom format flags.
+//
+// - A Go float is encoded as a JSON number.
+// If [StringifyNumbers] is specified or encoding a JSON object name,
+// then the JSON number is encoded within a JSON string.
+// If the format is "nonfinite", then NaN, +Inf, and -Inf are encoded as
+// the JSON strings "NaN", "Infinity", and "-Infinity", respectively.
+// Otherwise, the presence of non-finite numbers results in a [SemanticError].
+//
+// - A Go map is encoded as a JSON object, where each Go map key and value
+// is recursively encoded as a name and value pair in the JSON object.
+// The Go map key must encode as a JSON string, otherwise this results
+// in a [SemanticError]. The Go map is traversed in a non-deterministic order.
+// For deterministic encoding, consider using the [Deterministic] option.
+// If the format is "emitnull", then a nil map is encoded as a JSON null.
+// If the format is "emitempty", then a nil map is encoded as an empty JSON object,
+// regardless of whether [FormatNilMapAsNull] is specified.
+// Otherwise by default, a nil map is encoded as an empty JSON object.
+//
+// - A Go struct is encoded as a JSON object.
+// See the “JSON Representation of Go structs” section
+// in the package-level documentation for more details.
+//
+// - A Go slice is encoded as a JSON array, where each Go slice element
+// is recursively JSON-encoded as the elements of the JSON array.
+// If the format is "emitnull", then a nil slice is encoded as a JSON null.
+// If the format is "emitempty", then a nil slice is encoded as an empty JSON array,
+// regardless of whether [FormatNilSliceAsNull] is specified.
+// Otherwise by default, a nil slice is encoded as an empty JSON array.
+//
+// - A Go array is encoded as a JSON array, where each Go array element
+// is recursively JSON-encoded as the elements of the JSON array.
+// The JSON array length is always identical to the Go array length.
+// It does not support any custom format flags.
+//
+// - A Go pointer is encoded as a JSON null if nil, otherwise it is
+// the recursively JSON-encoded representation of the underlying value.
+// Format flags are forwarded to the encoding of the underlying value.
+//
+// - A Go interface is encoded as a JSON null if nil, otherwise it is
+// the recursively JSON-encoded representation of the underlying value.
+// It does not support any custom format flags.
+//
+// - A Go [time.Time] is encoded as a JSON string containing the timestamp
+// formatted in RFC 3339 with nanosecond precision.
+// If the format matches one of the format constants declared
+// in the time package (e.g., RFC1123), then that format is used.
+// If the format is "unix", "unixmilli", "unixmicro", or "unixnano",
+// then the timestamp is encoded as a possibly fractional JSON number
+// of the number of seconds (or milliseconds, microseconds, or nanoseconds)
+// since the Unix epoch, which is January 1st, 1970 at 00:00:00 UTC.
+// To avoid a fractional component, round the timestamp to the relevant unit.
+// Otherwise, the format is used as-is with [time.Time.Format] if non-empty.
+//
+// - A Go [time.Duration] currently has no default representation and
+// requires an explicit format to be specified.
+// If the format is "sec", "milli", "micro", or "nano",
+// then the duration is encoded as a possibly fractional JSON number
+// of the number of seconds (or milliseconds, microseconds, or nanoseconds).
+// To avoid a fractional component, round the duration to the relevant unit.
+// If the format is "units", it is encoded as a JSON string formatted using
+// [time.Duration.String] (e.g., "1h30m" for 1 hour 30 minutes).
+// If the format is "iso8601", it is encoded as a JSON string using the
+// ISO 8601 standard for durations (e.g., "PT1H30M" for 1 hour 30 minutes)
+// using only accurate units of hours, minutes, and seconds.
+//
+// - All other Go types (e.g., complex numbers, channels, and functions)
+// have no default representation and result in a [SemanticError].
+//
+// JSON cannot represent cyclic data structures and Marshal does not handle them.
+// Passing cyclic structures will result in an error.
+func Marshal(in any, opts ...Options) (out []byte, err error) {
+ return json.Marshal(in, opts...)
+}
+
+// MarshalWrite serializes a Go value into an [io.Writer] according to the provided
+// marshal and encode options (while ignoring unmarshal or decode options).
+// It does not terminate the output with a newline.
+// See [Marshal] for details about the conversion of a Go value into JSON.
+func MarshalWrite(out io.Writer, in any, opts ...Options) (err error) {
+ return json.MarshalWrite(out, in, opts...)
+}
+
+// MarshalEncode serializes a Go value into an [jsontext.Encoder] according to
+// the provided marshal options (while ignoring unmarshal, encode, or decode options).
+// Any marshal-relevant options already specified on the [jsontext.Encoder]
+// take lower precedence than the set of options provided by the caller.
+// Unlike [Marshal] and [MarshalWrite], encode options are ignored because
+// they must have already been specified on the provided [jsontext.Encoder].
+//
+// See [Marshal] for details about the conversion of a Go value into JSON.
+func MarshalEncode(out *jsontext.Encoder, in any, opts ...Options) (err error) {
+ return json.MarshalEncode(out, in, opts...)
+}
+
+// Unmarshal decodes a []byte input into a Go value according to the provided
+// unmarshal and decode options (while ignoring marshal or encode options).
+// The input must be a single JSON value with optional whitespace interspersed.
+// The output must be a non-nil pointer.
+//
+// Type-specific unmarshal functions and methods take precedence
+// over the default representation of a value.
+// Functions or methods that operate on *T are only called when decoding
+// a value of type T (by taking its address) or a non-nil value of *T.
+// Unmarshal ensures that a value is always addressable
+// (by boxing it on the heap if necessary) so that
+// these functions and methods can be consistently called.
+//
+// The input is decoded into the output according the following rules:
+//
+// - If any type-specific functions in a [WithUnmarshalers] option match
+// the value type, then those functions are called to decode the JSON
+// value. If all applicable functions return [SkipFunc],
+// then the input is decoded according to subsequent rules.
+//
+// - If the value type implements [UnmarshalerFrom],
+// then the UnmarshalJSONFrom method is called to decode the JSON value.
+//
+// - If the value type implements [Unmarshaler],
+// then the UnmarshalJSON method is called to decode the JSON value.
+//
+// - If the value type implements [encoding.TextUnmarshaler],
+// then the input is decoded as a JSON string and
+// the UnmarshalText method is called with the decoded string value.
+// This fails with a [SemanticError] if the input is not a JSON string.
+//
+// - Otherwise, the JSON value is decoded according to the value's type
+// as described in detail below.
+//
+// Most Go types have a default JSON representation.
+// Certain types support specialized formatting according to
+// a format flag optionally specified in the Go struct tag
+// for the struct field that contains the current value
+// (see the “JSON Representation of Go structs” section for more details).
+// A JSON null may be decoded into every supported Go value where
+// it is equivalent to storing the zero value of the Go value.
+// If the input JSON kind is not handled by the current Go value type,
+// then this fails with a [SemanticError]. Unless otherwise specified,
+// the decoded value replaces any pre-existing value.
+//
+// The representation of each type is as follows:
+//
+// - A Go boolean is decoded from a JSON boolean (e.g., true or false).
+// It does not support any custom format flags.
+//
+// - A Go string is decoded from a JSON string.
+// It does not support any custom format flags.
+//
+// - A Go []byte or [N]byte is decoded from a JSON string
+// containing the binary value encoded using RFC 4648.
+// If the format is "base64" or unspecified, then this uses RFC 4648, section 4.
+// If the format is "base64url", then this uses RFC 4648, section 5.
+// If the format is "base32", then this uses RFC 4648, section 6.
+// If the format is "base32hex", then this uses RFC 4648, section 7.
+// If the format is "base16" or "hex", then this uses RFC 4648, section 8.
+// If the format is "array", then the Go slice or array is decoded from a
+// JSON array where each JSON element is recursively decoded for each byte.
+// When decoding into a non-nil []byte, the slice length is reset to zero
+// and the decoded input is appended to it.
+// When decoding into a [N]byte, the input must decode to exactly N bytes,
+// otherwise it fails with a [SemanticError].
+//
+// - A Go integer is decoded from a JSON number.
+// It must be decoded from a JSON string containing a JSON number
+// if [StringifyNumbers] is specified or decoding a JSON object name.
+// It fails with a [SemanticError] if the JSON number
+// has a fractional or exponent component.
+// It also fails if it overflows the representation of the Go integer type.
+// It does not support any custom format flags.
+//
+// - A Go float is decoded from a JSON number.
+// It must be decoded from a JSON string containing a JSON number
+// if [StringifyNumbers] is specified or decoding a JSON object name.
+// It fails if it overflows the representation of the Go float type.
+// If the format is "nonfinite", then the JSON strings
+// "NaN", "Infinity", and "-Infinity" are decoded as NaN, +Inf, and -Inf.
+// Otherwise, the presence of such strings results in a [SemanticError].
+//
+// - A Go map is decoded from a JSON object,
+// where each JSON object name and value pair is recursively decoded
+// as the Go map key and value. Maps are not cleared.
+// If the Go map is nil, then a new map is allocated to decode into.
+// If the decoded key matches an existing Go map entry, the entry value
+// is reused by decoding the JSON object value into it.
+// The formats "emitnull" and "emitempty" have no effect when decoding.
+//
+// - A Go struct is decoded from a JSON object.
+// See the “JSON Representation of Go structs” section
+// in the package-level documentation for more details.
+//
+// - A Go slice is decoded from a JSON array, where each JSON element
+// is recursively decoded and appended to the Go slice.
+// Before appending into a Go slice, a new slice is allocated if it is nil,
+// otherwise the slice length is reset to zero.
+// The formats "emitnull" and "emitempty" have no effect when decoding.
+//
+// - A Go array is decoded from a JSON array, where each JSON array element
+// is recursively decoded as each corresponding Go array element.
+// Each Go array element is zeroed before decoding into it.
+// It fails with a [SemanticError] if the JSON array does not contain
+// the exact same number of elements as the Go array.
+// It does not support any custom format flags.
+//
+// - A Go pointer is decoded based on the JSON kind and underlying Go type.
+// If the input is a JSON null, then this stores a nil pointer.
+// Otherwise, it allocates a new underlying value if the pointer is nil,
+// and recursively JSON decodes into the underlying value.
+// Format flags are forwarded to the decoding of the underlying type.
+//
+// - A Go interface is decoded based on the JSON kind and underlying Go type.
+// If the input is a JSON null, then this stores a nil interface value.
+// Otherwise, a nil interface value of an empty interface type is initialized
+// with a zero Go bool, string, float64, map[string]any, or []any if the
+// input is a JSON boolean, string, number, object, or array, respectively.
+// If the interface value is still nil, then this fails with a [SemanticError]
+// since decoding could not determine an appropriate Go type to decode into.
+// For example, unmarshaling into a nil io.Reader fails since
+// there is no concrete type to populate the interface value with.
+// Otherwise an underlying value exists and it recursively decodes
+// the JSON input into it. It does not support any custom format flags.
+//
+// - A Go [time.Time] is decoded from a JSON string containing the time
+// formatted in RFC 3339 with nanosecond precision.
+// If the format matches one of the format constants declared in
+// the time package (e.g., RFC1123), then that format is used for parsing.
+// If the format is "unix", "unixmilli", "unixmicro", or "unixnano",
+// then the timestamp is decoded from an optionally fractional JSON number
+// of the number of seconds (or milliseconds, microseconds, or nanoseconds)
+// since the Unix epoch, which is January 1st, 1970 at 00:00:00 UTC.
+// Otherwise, the format is used as-is with [time.Time.Parse] if non-empty.
+//
+// - A Go [time.Duration] currently has no default representation and
+// requires an explicit format to be specified.
+// If the format is "sec", "milli", "micro", or "nano",
+// then the duration is decoded from an optionally fractional JSON number
+// of the number of seconds (or milliseconds, microseconds, or nanoseconds).
+// If the format is "units", it is decoded from a JSON string parsed using
+// [time.ParseDuration] (e.g., "1h30m" for 1 hour 30 minutes).
+// If the format is "iso8601", it is decoded from a JSON string using the
+// ISO 8601 standard for durations (e.g., "PT1H30M" for 1 hour 30 minutes)
+// accepting only accurate units of hours, minutes, or seconds.
+//
+// - All other Go types (e.g., complex numbers, channels, and functions)
+// have no default representation and result in a [SemanticError].
+//
+// In general, unmarshaling follows merge semantics (similar to RFC 7396)
+// where the decoded Go value replaces the destination value
+// for any JSON kind other than an object.
+// For JSON objects, the input object is merged into the destination value
+// where matching object members recursively apply merge semantics.
+func Unmarshal(in []byte, out any, opts ...Options) (err error) {
+ return json.Unmarshal(in, out, opts...)
+}
+
+// UnmarshalRead deserializes a Go value from an [io.Reader] according to the
+// provided unmarshal and decode options (while ignoring marshal or encode options).
+// The input must be a single JSON value with optional whitespace interspersed.
+// It consumes the entirety of [io.Reader] until [io.EOF] is encountered,
+// without reporting an error for EOF. The output must be a non-nil pointer.
+// See [Unmarshal] for details about the conversion of JSON into a Go value.
+func UnmarshalRead(in io.Reader, out any, opts ...Options) (err error) {
+ return json.UnmarshalRead(in, out, opts...)
+}
+
+// UnmarshalDecode deserializes a Go value from a [jsontext.Decoder] according to
+// the provided unmarshal options (while ignoring marshal, encode, or decode options).
+// Any unmarshal options already specified on the [jsontext.Decoder]
+// take lower precedence than the set of options provided by the caller.
+// Unlike [Unmarshal] and [UnmarshalRead], decode options are ignored because
+// they must have already been specified on the provided [jsontext.Decoder].
+//
+// The input may be a stream of one or more JSON values,
+// where this only unmarshals the next JSON value in the stream.
+// The output must be a non-nil pointer.
+// See [Unmarshal] for details about the conversion of JSON into a Go value.
+func UnmarshalDecode(in *jsontext.Decoder, out any, opts ...Options) (err error) {
+ return json.UnmarshalDecode(in, out, opts...)
+}
+
+// Marshalers is a list of functions that may override the marshal behavior
+// of specific types. Populate [WithMarshalers] to use it with
+// [Marshal], [MarshalWrite], or [MarshalEncode].
+// A nil *Marshalers is equivalent to an empty list.
+// There are no exported fields or methods on Marshalers.
+type Marshalers = json.Marshalers
+
+// JoinMarshalers constructs a flattened list of marshal functions.
+// If multiple functions in the list are applicable for a value of a given type,
+// then those earlier in the list take precedence over those that come later.
+// If a function returns [SkipFunc], then the next applicable function is called,
+// otherwise the default marshaling behavior is used.
+//
+// For example:
+//
+// m1 := JoinMarshalers(f1, f2)
+// m2 := JoinMarshalers(f0, m1, f3) // equivalent to m3
+// m3 := JoinMarshalers(f0, f1, f2, f3) // equivalent to m2
+func JoinMarshalers(ms ...*Marshalers) *Marshalers {
+ return json.JoinMarshalers(ms...)
+}
+
+// Unmarshalers is a list of functions that may override the unmarshal behavior
+// of specific types. Populate [WithUnmarshalers] to use it with
+// [Unmarshal], [UnmarshalRead], or [UnmarshalDecode].
+// A nil *Unmarshalers is equivalent to an empty list.
+// There are no exported fields or methods on Unmarshalers.
+type Unmarshalers = json.Unmarshalers
+
+// JoinUnmarshalers constructs a flattened list of unmarshal functions.
+// If multiple functions in the list are applicable for a value of a given type,
+// then those earlier in the list take precedence over those that come later.
+// If a function returns [SkipFunc], then the next applicable function is called,
+// otherwise the default unmarshaling behavior is used.
+//
+// For example:
+//
+// u1 := JoinUnmarshalers(f1, f2)
+// u2 := JoinUnmarshalers(f0, u1, f3) // equivalent to u3
+// u3 := JoinUnmarshalers(f0, f1, f2, f3) // equivalent to u2
+func JoinUnmarshalers(us ...*Unmarshalers) *Unmarshalers {
+ return json.JoinUnmarshalers(us...)
+}
+
+// MarshalFunc constructs a type-specific marshaler that
+// specifies how to marshal values of type T.
+// T can be any type except a named pointer.
+// The function is always provided with a non-nil pointer value
+// if T is an interface or pointer type.
+//
+// The function must marshal exactly one JSON value.
+// The value of T must not be retained outside the function call.
+// It may not return [SkipFunc].
+func MarshalFunc[T any](fn func(T) ([]byte, error)) *Marshalers {
+ return json.MarshalFunc[T](fn)
+}
+
+// MarshalToFunc constructs a type-specific marshaler that
+// specifies how to marshal values of type T.
+// T can be any type except a named pointer.
+// The function is always provided with a non-nil pointer value
+// if T is an interface or pointer type.
+//
+// The function must marshal exactly one JSON value by calling write methods
+// on the provided encoder. It may return [SkipFunc] such that marshaling can
+// move on to the next marshal function. However, no mutable method calls may
+// be called on the encoder if [SkipFunc] is returned.
+// The pointer to [jsontext.Encoder] and the value of T
+// must not be retained outside the function call.
+func MarshalToFunc[T any](fn func(*jsontext.Encoder, T) error) *Marshalers {
+ return json.MarshalToFunc[T](fn)
+}
+
+// UnmarshalFunc constructs a type-specific unmarshaler that
+// specifies how to unmarshal values of type T.
+// T must be an unnamed pointer or an interface type.
+// The function is always provided with a non-nil pointer value.
+//
+// The function must unmarshal exactly one JSON value.
+// The input []byte must not be mutated.
+// The input []byte and value T must not be retained outside the function call.
+// It may not return [SkipFunc].
+func UnmarshalFunc[T any](fn func([]byte, T) error) *Unmarshalers {
+ return json.UnmarshalFunc[T](fn)
+}
+
+// UnmarshalFromFunc constructs a type-specific unmarshaler that
+// specifies how to unmarshal values of type T.
+// T must be an unnamed pointer or an interface type.
+// The function is always provided with a non-nil pointer value.
+//
+// The function must unmarshal exactly one JSON value by calling read methods
+// on the provided decoder. It may return [SkipFunc] such that unmarshaling can
+// move on to the next unmarshal function. However, no mutable method calls may
+// be called on the decoder if [SkipFunc] is returned.
+// The pointer to [jsontext.Decoder] and the value of T
+// must not be retained outside the function call.
+func UnmarshalFromFunc[T any](fn func(*jsontext.Decoder, T) error) *Unmarshalers {
+ return json.UnmarshalFromFunc[T](fn)
+}
+
+// Marshaler is implemented by types that can marshal themselves.
+// It is recommended that types implement [MarshalerTo] unless the implementation
+// is trying to avoid a hard dependency on the "jsontext" package.
+//
+// It is recommended that implementations return a buffer that is safe
+// for the caller to retain and potentially mutate.
+type Marshaler = json.Marshaler
+
+// MarshalerTo is implemented by types that can marshal themselves.
+// It is recommended that types implement MarshalerTo instead of [Marshaler]
+// since this is both more performant and flexible.
+// If a type implements both Marshaler and MarshalerTo,
+// then MarshalerTo takes precedence. In such a case, both implementations
+// should aim to have equivalent behavior for the default marshal options.
+//
+// The implementation must write only one JSON value to the Encoder and
+// must not retain the pointer to [jsontext.Encoder].
+type MarshalerTo = json.MarshalerTo
+
+// Unmarshaler is implemented by types that can unmarshal themselves.
+// It is recommended that types implement [UnmarshalerFrom] unless the implementation
+// is trying to avoid a hard dependency on the "jsontext" package.
+//
+// The input can be assumed to be a valid encoding of a JSON value
+// if called from unmarshal functionality in this package.
+// UnmarshalJSON must copy the JSON data if it is retained after returning.
+// It is recommended that UnmarshalJSON implement merge semantics when
+// unmarshaling into a pre-populated value.
+//
+// Implementations must not retain or mutate the input []byte.
+type Unmarshaler = json.Unmarshaler
+
+// UnmarshalerFrom is implemented by types that can unmarshal themselves.
+// It is recommended that types implement UnmarshalerFrom instead of [Unmarshaler]
+// since this is both more performant and flexible.
+// If a type implements both Unmarshaler and UnmarshalerFrom,
+// then UnmarshalerFrom takes precedence. In such a case, both implementations
+// should aim to have equivalent behavior for the default unmarshal options.
+//
+// The implementation must read only one JSON value from the Decoder.
+// It is recommended that UnmarshalJSONFrom implement merge semantics when
+// unmarshaling into a pre-populated value.
+//
+// Implementations must not retain the pointer to [jsontext.Decoder].
+type UnmarshalerFrom = json.UnmarshalerFrom
+
+// ErrUnknownName indicates that a JSON object member could not be
+// unmarshaled because the name is not known to the target Go struct.
+// This error is directly wrapped within a [SemanticError] when produced.
+//
+// The name of an unknown JSON object member can be extracted as:
+//
+// err := ...
+// var serr json.SemanticError
+// if errors.As(err, &serr) && serr.Err == json.ErrUnknownName {
+// ptr := serr.JSONPointer // JSON pointer to unknown name
+// name := ptr.LastToken() // unknown name itself
+// ...
+// }
+//
+// This error is only returned if [RejectUnknownMembers] is true.
+var ErrUnknownName = json.ErrUnknownName
+
+// SemanticError describes an error determining the meaning
+// of JSON data as Go data or vice-versa.
+//
+// The contents of this error as produced by this package may change over time.
+type SemanticError = json.SemanticError
+
+// Options configure [Marshal], [MarshalWrite], [MarshalEncode],
+// [Unmarshal], [UnmarshalRead], and [UnmarshalDecode] with specific features.
+// Each function takes in a variadic list of options, where properties
+// set in later options override the value of previously set properties.
+//
+// The Options type is identical to [encoding/json.Options] and
+// [encoding/json/jsontext.Options]. Options from the other packages can
+// be used interchangeably with functionality in this package.
+//
+// Options represent either a singular option or a set of options.
+// It can be functionally thought of as a Go map of option properties
+// (even though the underlying implementation avoids Go maps for performance).
+//
+// The constructors (e.g., [Deterministic]) return a singular option value:
+//
+// opt := Deterministic(true)
+//
+// which is analogous to creating a single entry map:
+//
+// opt := Options{"Deterministic": true}
+//
+// [JoinOptions] composes multiple options values to together:
+//
+// out := JoinOptions(opts...)
+//
+// which is analogous to making a new map and copying the options over:
+//
+// out := make(Options)
+// for _, m := range opts {
+// for k, v := range m {
+// out[k] = v
+// }
+// }
+//
+// [GetOption] looks up the value of options parameter:
+//
+// v, ok := GetOption(opts, Deterministic)
+//
+// which is analogous to a Go map lookup:
+//
+// v, ok := Options["Deterministic"]
+//
+// There is a single Options type, which is used with both marshal and unmarshal.
+// Some options affect both operations, while others only affect one operation:
+//
+// - [StringifyNumbers] affects marshaling and unmarshaling
+// - [Deterministic] affects marshaling only
+// - [FormatNilSliceAsNull] affects marshaling only
+// - [FormatNilMapAsNull] affects marshaling only
+// - [OmitZeroStructFields] affects marshaling only
+// - [MatchCaseInsensitiveNames] affects marshaling and unmarshaling
+// - [DiscardUnknownMembers] affects marshaling only
+// - [RejectUnknownMembers] affects unmarshaling only
+// - [WithMarshalers] affects marshaling only
+// - [WithUnmarshalers] affects unmarshaling only
+//
+// Options that do not affect a particular operation are ignored.
+type Options = json.Options
+
+// JoinOptions coalesces the provided list of options into a single Options.
+// Properties set in later options override the value of previously set properties.
+func JoinOptions(srcs ...Options) Options {
+ return json.JoinOptions(srcs...)
+}
+
+// GetOption returns the value stored in opts with the provided setter,
+// reporting whether the value is present.
+//
+// Example usage:
+//
+// v, ok := json.GetOption(opts, json.Deterministic)
+//
+// Options are most commonly introspected to alter the JSON representation of
+// [MarshalerTo.MarshalJSONTo] and [UnmarshalerFrom.UnmarshalJSONFrom] methods, and
+// [MarshalToFunc] and [UnmarshalFromFunc] functions.
+// In such cases, the presence bit should generally be ignored.
+func GetOption[T any](opts Options, setter func(T) Options) (T, bool) {
+ return json.GetOption[T](opts, setter)
+}
+
+// DefaultOptionsV2 is the full set of all options that define v2 semantics.
+// It is equivalent to all options under [Options], [encoding/json.Options],
+// and [encoding/json/jsontext.Options] being set to false or the zero value,
+// except for the options related to whitespace formatting.
+func DefaultOptionsV2() Options {
+ return json.DefaultOptionsV2()
+}
+
+// StringifyNumbers specifies that numeric Go types should be marshaled
+// as a JSON string containing the equivalent JSON number value.
+// When unmarshaling, numeric Go types are parsed from a JSON string
+// containing the JSON number without any surrounding whitespace.
+//
+// According to RFC 8259, section 6, a JSON implementation may choose to
+// limit the representation of a JSON number to an IEEE 754 binary64 value.
+// This may cause decoders to lose precision for int64 and uint64 types.
+// Quoting JSON numbers as a JSON string preserves the exact precision.
+//
+// This affects either marshaling or unmarshaling.
+func StringifyNumbers(v bool) Options {
+ return json.StringifyNumbers(v)
+}
+
+// Deterministic specifies that the same input value will be serialized
+// as the exact same output bytes. Different processes of
+// the same program will serialize equal values to the same bytes,
+// but different versions of the same program are not guaranteed
+// to produce the exact same sequence of bytes.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func Deterministic(v bool) Options {
+ return json.Deterministic(v)
+}
+
+// FormatNilSliceAsNull specifies that a nil Go slice should marshal as a
+// JSON null instead of the default representation as an empty JSON array
+// (or an empty JSON string in the case of ~[]byte).
+// Slice fields explicitly marked with `format:emitempty` still marshal
+// as an empty JSON array.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func FormatNilSliceAsNull(v bool) Options {
+ return json.FormatNilSliceAsNull(v)
+}
+
+// FormatNilMapAsNull specifies that a nil Go map should marshal as a
+// JSON null instead of the default representation as an empty JSON object.
+// Map fields explicitly marked with `format:emitempty` still marshal
+// as an empty JSON object.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func FormatNilMapAsNull(v bool) Options {
+ return json.FormatNilMapAsNull(v)
+}
+
+// OmitZeroStructFields specifies that a Go struct should marshal in such a way
+// that all struct fields that are zero are omitted from the marshaled output
+// if the value is zero as determined by the "IsZero() bool" method if present,
+// otherwise based on whether the field is the zero Go value.
+// This is semantically equivalent to specifying the `omitzero` tag option
+// on every field in a Go struct.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func OmitZeroStructFields(v bool) Options {
+ return json.OmitZeroStructFields(v)
+}
+
+// MatchCaseInsensitiveNames specifies that JSON object members are matched
+// against Go struct fields using a case-insensitive match of the name.
+// Go struct fields explicitly marked with `case:strict` or `case:ignore`
+// always use case-sensitive (or case-insensitive) name matching,
+// regardless of the value of this option.
+//
+// This affects either marshaling or unmarshaling.
+// For marshaling, this option may alter the detection of duplicate names
+// (assuming [jsontext.AllowDuplicateNames] is false) from inlined fields
+// if it matches one of the declared fields in the Go struct.
+func MatchCaseInsensitiveNames(v bool) Options {
+ return json.MatchCaseInsensitiveNames(v)
+}
+
+// RejectUnknownMembers specifies that unknown members should be rejected
+// when unmarshaling a JSON object, regardless of whether there is a field
+// to store unknown members.
+//
+// This only affects unmarshaling and is ignored when marshaling.
+func RejectUnknownMembers(v bool) Options {
+ return json.RejectUnknownMembers(v)
+}
+
+// WithMarshalers specifies a list of type-specific marshalers to use,
+// which can be used to override the default marshal behavior for values
+// of particular types.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func WithMarshalers(v *Marshalers) Options {
+ return json.WithMarshalers(v)
+}
+
+// WithUnmarshalers specifies a list of type-specific unmarshalers to use,
+// which can be used to override the default unmarshal behavior for values
+// of particular types.
+//
+// This only affects unmarshaling and is ignored when marshaling.
+func WithUnmarshalers(v *Unmarshalers) Options {
+ return json.WithUnmarshalers(v)
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal.go
index e6c6216ff..85d530389 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal.go
@@ -2,112 +2,70 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
import (
- "errors"
+ "bytes"
+ "encoding"
"io"
"reflect"
+ "slices"
+ "strings"
"sync"
-)
+ "time"
-// MarshalOptions configures how Go data is serialized as JSON data.
-// The zero value is equivalent to the default marshal settings.
-type MarshalOptions struct {
- requireKeyedLiterals
- nonComparable
-
- // Marshalers is a list of type-specific marshalers to use.
- Marshalers *Marshalers
-
- // StringifyNumbers specifies that numeric Go types should be serialized
- // as a JSON string containing the equivalent JSON number value.
- //
- // According to RFC 8259, section 6, a JSON implementation may choose to
- // limit the representation of a JSON number to an IEEE 754 binary64 value.
- // This may cause decoders to lose precision for int64 and uint64 types.
- // Escaping JSON numbers as a JSON string preserves the exact precision.
- StringifyNumbers bool
-
- // DiscardUnknownMembers specifies that marshaling should ignore any
- // JSON object members stored in Go struct fields dedicated to storing
- // unknown JSON object members.
- DiscardUnknownMembers bool
-
- // Deterministic specifies that the same input value will be serialized
- // as the exact same output bytes. Different processes of
- // the same program will serialize equal values to the same bytes,
- // but different versions of the same program are not guaranteed
- // to produce the exact same sequence of bytes.
- Deterministic bool
-
- // formatDepth is the depth at which we respect the format flag.
- formatDepth int
- // format is custom formatting for the value at the specified depth.
- format string
-}
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
+)
-// Marshal serializes a Go value as a []byte with default options.
-// It is a thin wrapper over MarshalOptions.Marshal.
-func Marshal(in any) (out []byte, err error) {
- return MarshalOptions{}.Marshal(EncodeOptions{}, in)
-}
+// Reference encoding and time packages to assist pkgsite
+// in being able to hotlink references to those packages.
+var (
+ _ encoding.TextMarshaler
+ _ encoding.TextAppender
+ _ encoding.TextUnmarshaler
+ _ time.Time
+ _ time.Duration
+)
-// MarshalFull serializes a Go value into an io.Writer with default options.
-// It is a thin wrapper over MarshalOptions.MarshalFull.
-func MarshalFull(out io.Writer, in any) error {
- return MarshalOptions{}.MarshalFull(EncodeOptions{}, out, in)
-}
+// export exposes internal functionality of the "jsontext" package.
+var export = jsontext.Internal.Export(&internal.AllowInternalUse)
// Marshal serializes a Go value as a []byte according to the provided
-// marshal and encode options. It does not terminate the output with a newline.
-// See MarshalNext for details about the conversion of a Go value into JSON.
-func (mo MarshalOptions) Marshal(eo EncodeOptions, in any) (out []byte, err error) {
- enc := getBufferedEncoder(eo)
- defer putBufferedEncoder(enc)
- enc.options.omitTopLevelNewline = true
- err = mo.MarshalNext(enc, in)
- // TODO(https://go.dev/issue/45038): Use bytes.Clone.
- return append([]byte(nil), enc.buf...), err
-}
-
-// MarshalFull serializes a Go value into an io.Writer according to the provided
-// marshal and encode options. It does not terminate the output with a newline.
-// See MarshalNext for details about the conversion of a Go value into JSON.
-func (mo MarshalOptions) MarshalFull(eo EncodeOptions, out io.Writer, in any) error {
- enc := getStreamingEncoder(out, eo)
- defer putStreamingEncoder(enc)
- enc.options.omitTopLevelNewline = true
- err := mo.MarshalNext(enc, in)
- return err
-}
-
-// MarshalNext encodes a Go value as the next JSON value according to
-// the provided marshal options.
+// marshal and encode options (while ignoring unmarshal or decode options).
+// It does not terminate the output with a newline.
//
// Type-specific marshal functions and methods take precedence
// over the default representation of a value.
// Functions or methods that operate on *T are only called when encoding
// a value of type T (by taking its address) or a non-nil value of *T.
-// MarshalNext ensures that a value is always addressable
+// Marshal ensures that a value is always addressable
// (by boxing it on the heap if necessary) so that
// these functions and methods can be consistently called. For performance,
-// it is recommended that MarshalNext be passed a non-nil pointer to the value.
+// it is recommended that Marshal be passed a non-nil pointer to the value.
//
// The input value is encoded as JSON according the following rules:
//
-// - If any type-specific functions in MarshalOptions.Marshalers match
+// - If any type-specific functions in a [WithMarshalers] option match
// the value type, then those functions are called to encode the value.
-// If all applicable functions return SkipFunc,
+// If all applicable functions return [SkipFunc],
// then the value is encoded according to subsequent rules.
//
-// - If the value type implements MarshalerV2,
-// then the MarshalNextJSON method is called to encode the value.
+// - If the value type implements [MarshalerTo],
+// then the MarshalJSONTo method is called to encode the value.
//
-// - If the value type implements MarshalerV1,
+// - If the value type implements [Marshaler],
// then the MarshalJSON method is called to encode the value.
//
-// - If the value type implements encoding.TextMarshaler,
+// - If the value type implements [encoding.TextAppender],
+// then the AppendText method is called to encode the value and
+// subsequently encode its result as a JSON string.
+//
+// - If the value type implements [encoding.TextMarshaler],
// then the MarshalText method is called to encode the value and
// subsequently encode its result as a JSON string.
//
@@ -139,25 +97,25 @@ func (mo MarshalOptions) MarshalFull(eo EncodeOptions, out io.Writer, in any) er
// where each byte is recursively JSON-encoded as each JSON array element.
//
// - A Go integer is encoded as a JSON number without fractions or exponents.
-// If MarshalOptions.StringifyNumbers is specified, then the JSON number is
-// encoded within a JSON string. It does not support any custom format
-// flags.
+// If [StringifyNumbers] is specified or encoding a JSON object name,
+// then the JSON number is encoded within a JSON string.
+// It does not support any custom format flags.
//
// - A Go float is encoded as a JSON number.
-// If MarshalOptions.StringifyNumbers is specified,
+// If [StringifyNumbers] is specified or encoding a JSON object name,
// then the JSON number is encoded within a JSON string.
// If the format is "nonfinite", then NaN, +Inf, and -Inf are encoded as
// the JSON strings "NaN", "Infinity", and "-Infinity", respectively.
-// Otherwise, the presence of non-finite numbers results in a SemanticError.
+// Otherwise, the presence of non-finite numbers results in a [SemanticError].
//
// - A Go map is encoded as a JSON object, where each Go map key and value
// is recursively encoded as a name and value pair in the JSON object.
// The Go map key must encode as a JSON string, otherwise this results
-// in a SemanticError. When encoding keys, MarshalOptions.StringifyNumbers
-// is automatically applied so that numeric keys encode as JSON strings.
-// The Go map is traversed in a non-deterministic order.
-// For deterministic encoding, consider using RawValue.Canonicalize.
+// in a [SemanticError]. The Go map is traversed in a non-deterministic order.
+// For deterministic encoding, consider using the [Deterministic] option.
// If the format is "emitnull", then a nil map is encoded as a JSON null.
+// If the format is "emitempty", then a nil map is encoded as an empty JSON object,
+// regardless of whether [FormatNilMapAsNull] is specified.
// Otherwise by default, a nil map is encoded as an empty JSON object.
//
// - A Go struct is encoded as a JSON object.
@@ -167,6 +125,8 @@ func (mo MarshalOptions) MarshalFull(eo EncodeOptions, out io.Writer, in any) er
// - A Go slice is encoded as a JSON array, where each Go slice element
// is recursively JSON-encoded as the elements of the JSON array.
// If the format is "emitnull", then a nil slice is encoded as a JSON null.
+// If the format is "emitempty", then a nil slice is encoded as an empty JSON array,
+// regardless of whether [FormatNilSliceAsNull] is specified.
// Otherwise by default, a nil slice is encoded as an empty JSON array.
//
// - A Go array is encoded as a JSON array, where each Go array element
@@ -182,148 +142,144 @@ func (mo MarshalOptions) MarshalFull(eo EncodeOptions, out io.Writer, in any) er
// the recursively JSON-encoded representation of the underlying value.
// It does not support any custom format flags.
//
-// - A Go time.Time is encoded as a JSON string containing the timestamp
-// formatted in RFC 3339 with nanosecond resolution.
+// - A Go [time.Time] is encoded as a JSON string containing the timestamp
+// formatted in RFC 3339 with nanosecond precision.
// If the format matches one of the format constants declared
// in the time package (e.g., RFC1123), then that format is used.
-// Otherwise, the format is used as-is with time.Time.Format if non-empty.
-//
-// - A Go time.Duration is encoded as a JSON string containing the duration
-// formatted according to time.Duration.String.
-// If the format is "nanos", it is encoded as a JSON number
-// containing the number of nanoseconds in the duration.
+// If the format is "unix", "unixmilli", "unixmicro", or "unixnano",
+// then the timestamp is encoded as a possibly fractional JSON number
+// of the number of seconds (or milliseconds, microseconds, or nanoseconds)
+// since the Unix epoch, which is January 1st, 1970 at 00:00:00 UTC.
+// To avoid a fractional component, round the timestamp to the relevant unit.
+// Otherwise, the format is used as-is with [time.Time.Format] if non-empty.
+//
+// - A Go [time.Duration] currently has no default representation and
+// requires an explicit format to be specified.
+// If the format is "sec", "milli", "micro", or "nano",
+// then the duration is encoded as a possibly fractional JSON number
+// of the number of seconds (or milliseconds, microseconds, or nanoseconds).
+// To avoid a fractional component, round the duration to the relevant unit.
+// If the format is "units", it is encoded as a JSON string formatted using
+// [time.Duration.String] (e.g., "1h30m" for 1 hour 30 minutes).
+// If the format is "iso8601", it is encoded as a JSON string using the
+// ISO 8601 standard for durations (e.g., "PT1H30M" for 1 hour 30 minutes)
+// using only accurate units of hours, minutes, and seconds.
//
// - All other Go types (e.g., complex numbers, channels, and functions)
-// have no default representation and result in a SemanticError.
+// have no default representation and result in a [SemanticError].
//
-// JSON cannot represent cyclic data structures and
-// MarshalNext does not handle them.
+// JSON cannot represent cyclic data structures and Marshal does not handle them.
// Passing cyclic structures will result in an error.
-func (mo MarshalOptions) MarshalNext(out *Encoder, in any) error {
+func Marshal(in any, opts ...Options) (out []byte, err error) {
+ enc := export.GetBufferedEncoder(opts...)
+ defer export.PutBufferedEncoder(enc)
+ xe := export.Encoder(enc)
+ xe.Flags.Set(jsonflags.OmitTopLevelNewline | 1)
+ err = marshalEncode(enc, in, &xe.Struct)
+ if err != nil && xe.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return nil, internal.TransformMarshalError(in, err)
+ }
+ return bytes.Clone(xe.Buf), err
+}
+
+// MarshalWrite serializes a Go value into an [io.Writer] according to the provided
+// marshal and encode options (while ignoring unmarshal or decode options).
+// It does not terminate the output with a newline.
+// See [Marshal] for details about the conversion of a Go value into JSON.
+func MarshalWrite(out io.Writer, in any, opts ...Options) (err error) {
+ enc := export.GetStreamingEncoder(out, opts...)
+ defer export.PutStreamingEncoder(enc)
+ xe := export.Encoder(enc)
+ xe.Flags.Set(jsonflags.OmitTopLevelNewline | 1)
+ err = marshalEncode(enc, in, &xe.Struct)
+ if err != nil && xe.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.TransformMarshalError(in, err)
+ }
+ return err
+}
+
+// MarshalEncode serializes a Go value into an [jsontext.Encoder] according to
+// the provided marshal options (while ignoring unmarshal, encode, or decode options).
+// Any marshal-relevant options already specified on the [jsontext.Encoder]
+// take lower precedence than the set of options provided by the caller.
+// Unlike [Marshal] and [MarshalWrite], encode options are ignored because
+// they must have already been specified on the provided [jsontext.Encoder].
+//
+// See [Marshal] for details about the conversion of a Go value into JSON.
+func MarshalEncode(out *jsontext.Encoder, in any, opts ...Options) (err error) {
+ xe := export.Encoder(out)
+ if len(opts) > 0 {
+ optsOriginal := xe.Struct
+ defer func() { xe.Struct = optsOriginal }()
+ xe.Struct.JoinWithoutCoderOptions(opts...)
+ }
+ err = marshalEncode(out, in, &xe.Struct)
+ if err != nil && xe.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.TransformMarshalError(in, err)
+ }
+ return err
+}
+
+func marshalEncode(out *jsontext.Encoder, in any, mo *jsonopts.Struct) (err error) {
v := reflect.ValueOf(in)
if !v.IsValid() || (v.Kind() == reflect.Pointer && v.IsNil()) {
- return out.WriteToken(Null)
+ return out.WriteToken(jsontext.Null)
}
// Shallow copy non-pointer values to obtain an addressable value.
// It is beneficial to performance to always pass pointers to avoid this.
- if v.Kind() != reflect.Pointer {
+ forceAddr := v.Kind() != reflect.Pointer
+ if forceAddr {
v2 := reflect.New(v.Type())
v2.Elem().Set(v)
v = v2
}
- va := addressableValue{v.Elem()} // dereferenced pointer is always addressable
+ va := addressableValue{v.Elem(), forceAddr} // dereferenced pointer is always addressable
t := va.Type()
// Lookup and call the marshal function for this type.
marshal := lookupArshaler(t).marshal
if mo.Marshalers != nil {
- marshal, _ = mo.Marshalers.lookup(marshal, t)
+ marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, t)
}
- if err := marshal(mo, out, va); err != nil {
- if !out.options.AllowDuplicateNames {
- out.tokens.invalidateDisabledNamespaces()
+ if err := marshal(out, va, mo); err != nil {
+ if !mo.Flags.Get(jsonflags.AllowDuplicateNames) {
+ export.Encoder(out).Tokens.InvalidateDisabledNamespaces()
}
return err
}
return nil
}
-// UnmarshalOptions configures how JSON data is deserialized as Go data.
-// The zero value is equivalent to the default unmarshal settings.
-type UnmarshalOptions struct {
- requireKeyedLiterals
- nonComparable
-
- // Unmarshalers is a list of type-specific unmarshalers to use.
- Unmarshalers *Unmarshalers
-
- // StringifyNumbers specifies that numeric Go types can be deserialized
- // from either a JSON number or a JSON string containing a JSON number
- // without any surrounding whitespace.
- StringifyNumbers bool
-
- // RejectUnknownMembers specifies that unknown members should be rejected
- // when unmarshaling a JSON object, regardless of whether there is a field
- // to store unknown members.
- RejectUnknownMembers bool
-
- // formatDepth is the depth at which we respect the format flag.
- formatDepth int
- // format is custom formatting for the value at the specified depth.
- format string
-}
-
-// Unmarshal deserializes a Go value from a []byte with default options.
-// It is a thin wrapper over UnmarshalOptions.Unmarshal.
-func Unmarshal(in []byte, out any) error {
- return UnmarshalOptions{}.Unmarshal(DecodeOptions{}, in, out)
-}
-
-// UnmarshalFull deserializes a Go value from an io.Reader with default options.
-// It is a thin wrapper over UnmarshalOptions.UnmarshalFull.
-func UnmarshalFull(in io.Reader, out any) error {
- return UnmarshalOptions{}.UnmarshalFull(DecodeOptions{}, in, out)
-}
-
-// Unmarshal deserializes a Go value from a []byte according to the
-// provided unmarshal and decode options. The output must be a non-nil pointer.
+// Unmarshal decodes a []byte input into a Go value according to the provided
+// unmarshal and decode options (while ignoring marshal or encode options).
// The input must be a single JSON value with optional whitespace interspersed.
-// See UnmarshalNext for details about the conversion of JSON into a Go value.
-func (uo UnmarshalOptions) Unmarshal(do DecodeOptions, in []byte, out any) error {
- dec := getBufferedDecoder(in, do)
- defer putBufferedDecoder(dec)
- return uo.unmarshalFull(dec, out)
-}
-
-// UnmarshalFull deserializes a Go value from an io.Reader according to the
-// provided unmarshal and decode options. The output must be a non-nil pointer.
-// The input must be a single JSON value with optional whitespace interspersed.
-// It consumes the entirety of io.Reader until io.EOF is encountered.
-// See UnmarshalNext for details about the conversion of JSON into a Go value.
-func (uo UnmarshalOptions) UnmarshalFull(do DecodeOptions, in io.Reader, out any) error {
- dec := getStreamingDecoder(in, do)
- defer putStreamingDecoder(dec)
- return uo.unmarshalFull(dec, out)
-}
-func (uo UnmarshalOptions) unmarshalFull(in *Decoder, out any) error {
- switch err := uo.UnmarshalNext(in, out); err {
- case nil:
- return in.checkEOF()
- case io.EOF:
- return io.ErrUnexpectedEOF
- default:
- return err
- }
-}
-
-// UnmarshalNext decodes the next JSON value into a Go value according to
-// the provided unmarshal options. The output must be a non-nil pointer.
+// The output must be a non-nil pointer.
//
// Type-specific unmarshal functions and methods take precedence
// over the default representation of a value.
// Functions or methods that operate on *T are only called when decoding
// a value of type T (by taking its address) or a non-nil value of *T.
-// UnmarshalNext ensures that a value is always addressable
+// Unmarshal ensures that a value is always addressable
// (by boxing it on the heap if necessary) so that
// these functions and methods can be consistently called.
//
// The input is decoded into the output according the following rules:
//
-// - If any type-specific functions in UnmarshalOptions.Unmarshalers match
+// - If any type-specific functions in a [WithUnmarshalers] option match
// the value type, then those functions are called to decode the JSON
-// value. If all applicable functions return SkipFunc,
+// value. If all applicable functions return [SkipFunc],
// then the input is decoded according to subsequent rules.
//
-// - If the value type implements UnmarshalerV2,
-// then the UnmarshalNextJSON method is called to decode the JSON value.
+// - If the value type implements [UnmarshalerFrom],
+// then the UnmarshalJSONFrom method is called to decode the JSON value.
//
-// - If the value type implements UnmarshalerV1,
+// - If the value type implements [Unmarshaler],
// then the UnmarshalJSON method is called to decode the JSON value.
//
-// - If the value type implements encoding.TextUnmarshaler,
+// - If the value type implements [encoding.TextUnmarshaler],
// then the input is decoded as a JSON string and
// the UnmarshalText method is called with the decoded string value.
-// This fails with a SemanticError if the input is not a JSON string.
+// This fails with a [SemanticError] if the input is not a JSON string.
//
// - Otherwise, the JSON value is decoded according to the value's type
// as described in detail below.
@@ -336,7 +292,7 @@ func (uo UnmarshalOptions) unmarshalFull(in *Decoder, out any) error {
// A JSON null may be decoded into every supported Go value where
// it is equivalent to storing the zero value of the Go value.
// If the input JSON kind is not handled by the current Go value type,
-// then this fails with a SemanticError. Unless otherwise specified,
+// then this fails with a [SemanticError]. Unless otherwise specified,
// the decoded value replaces any pre-existing value.
//
// The representation of each type is as follows:
@@ -359,33 +315,31 @@ func (uo UnmarshalOptions) unmarshalFull(in *Decoder, out any) error {
// When decoding into a non-nil []byte, the slice length is reset to zero
// and the decoded input is appended to it.
// When decoding into a [N]byte, the input must decode to exactly N bytes,
-// otherwise it fails with a SemanticError.
+// otherwise it fails with a [SemanticError].
//
// - A Go integer is decoded from a JSON number.
-// It may also be decoded from a JSON string containing a JSON number
-// if UnmarshalOptions.StringifyNumbers is specified.
-// It fails with a SemanticError if the JSON number
+// It must be decoded from a JSON string containing a JSON number
+// if [StringifyNumbers] is specified or decoding a JSON object name.
+// It fails with a [SemanticError] if the JSON number
// has a fractional or exponent component.
// It also fails if it overflows the representation of the Go integer type.
// It does not support any custom format flags.
//
// - A Go float is decoded from a JSON number.
-// It may also be decoded from a JSON string containing a JSON number
-// if UnmarshalOptions.StringifyNumbers is specified.
-// The JSON number is parsed as the closest representable Go float value.
+// It must be decoded from a JSON string containing a JSON number
+// if [StringifyNumbers] is specified or decoding a JSON object name.
+// It fails if it overflows the representation of the Go float type.
// If the format is "nonfinite", then the JSON strings
// "NaN", "Infinity", and "-Infinity" are decoded as NaN, +Inf, and -Inf.
-// Otherwise, the presence of such strings results in a SemanticError.
+// Otherwise, the presence of such strings results in a [SemanticError].
//
// - A Go map is decoded from a JSON object,
// where each JSON object name and value pair is recursively decoded
-// as the Go map key and value. When decoding keys,
-// UnmarshalOptions.StringifyNumbers is automatically applied so that
-// numeric keys can decode from JSON strings. Maps are not cleared.
+// as the Go map key and value. Maps are not cleared.
// If the Go map is nil, then a new map is allocated to decode into.
// If the decoded key matches an existing Go map entry, the entry value
// is reused by decoding the JSON object value into it.
-// The only supported format is "emitnull" and has no effect when decoding.
+// The formats "emitnull" and "emitempty" have no effect when decoding.
//
// - A Go struct is decoded from a JSON object.
// See the “JSON Representation of Go structs” section
@@ -395,12 +349,12 @@ func (uo UnmarshalOptions) unmarshalFull(in *Decoder, out any) error {
// is recursively decoded and appended to the Go slice.
// Before appending into a Go slice, a new slice is allocated if it is nil,
// otherwise the slice length is reset to zero.
-// The only supported format is "emitnull" and has no effect when decoding.
+// The formats "emitnull" and "emitempty" have no effect when decoding.
//
// - A Go array is decoded from a JSON array, where each JSON array element
// is recursively decoded as each corresponding Go array element.
// Each Go array element is zeroed before decoding into it.
-// It fails with a SemanticError if the JSON array does not contain
+// It fails with a [SemanticError] if the JSON array does not contain
// the exact same number of elements as the Go array.
// It does not support any custom format flags.
//
@@ -415,59 +369,133 @@ func (uo UnmarshalOptions) unmarshalFull(in *Decoder, out any) error {
// Otherwise, a nil interface value of an empty interface type is initialized
// with a zero Go bool, string, float64, map[string]any, or []any if the
// input is a JSON boolean, string, number, object, or array, respectively.
-// If the interface value is still nil, then this fails with a SemanticError
+// If the interface value is still nil, then this fails with a [SemanticError]
// since decoding could not determine an appropriate Go type to decode into.
// For example, unmarshaling into a nil io.Reader fails since
// there is no concrete type to populate the interface value with.
// Otherwise an underlying value exists and it recursively decodes
// the JSON input into it. It does not support any custom format flags.
//
-// - A Go time.Time is decoded from a JSON string containing the time
-// formatted in RFC 3339 with nanosecond resolution.
+// - A Go [time.Time] is decoded from a JSON string containing the time
+// formatted in RFC 3339 with nanosecond precision.
// If the format matches one of the format constants declared in
// the time package (e.g., RFC1123), then that format is used for parsing.
-// Otherwise, the format is used as-is with time.Time.Parse if non-empty.
-//
-// - A Go time.Duration is decoded from a JSON string by
-// passing the decoded string to time.ParseDuration.
-// If the format is "nanos", it is instead decoded from a JSON number
-// containing the number of nanoseconds in the duration.
+// If the format is "unix", "unixmilli", "unixmicro", or "unixnano",
+// then the timestamp is decoded from an optionally fractional JSON number
+// of the number of seconds (or milliseconds, microseconds, or nanoseconds)
+// since the Unix epoch, which is January 1st, 1970 at 00:00:00 UTC.
+// Otherwise, the format is used as-is with [time.Time.Parse] if non-empty.
+//
+// - A Go [time.Duration] currently has no default representation and
+// requires an explicit format to be specified.
+// If the format is "sec", "milli", "micro", or "nano",
+// then the duration is decoded from an optionally fractional JSON number
+// of the number of seconds (or milliseconds, microseconds, or nanoseconds).
+// If the format is "units", it is decoded from a JSON string parsed using
+// [time.ParseDuration] (e.g., "1h30m" for 1 hour 30 minutes).
+// If the format is "iso8601", it is decoded from a JSON string using the
+// ISO 8601 standard for durations (e.g., "PT1H30M" for 1 hour 30 minutes)
+// accepting only accurate units of hours, minutes, or seconds.
//
// - All other Go types (e.g., complex numbers, channels, and functions)
-// have no default representation and result in a SemanticError.
+// have no default representation and result in a [SemanticError].
//
// In general, unmarshaling follows merge semantics (similar to RFC 7396)
// where the decoded Go value replaces the destination value
// for any JSON kind other than an object.
// For JSON objects, the input object is merged into the destination value
// where matching object members recursively apply merge semantics.
-func (uo UnmarshalOptions) UnmarshalNext(in *Decoder, out any) error {
+func Unmarshal(in []byte, out any, opts ...Options) (err error) {
+ dec := export.GetBufferedDecoder(in, opts...)
+ defer export.PutBufferedDecoder(dec)
+ xd := export.Decoder(dec)
+ err = unmarshalDecode(dec, out, &xd.Struct, true)
+ if err != nil && xd.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.TransformUnmarshalError(out, err)
+ }
+ return err
+}
+
+// UnmarshalRead deserializes a Go value from an [io.Reader] according to the
+// provided unmarshal and decode options (while ignoring marshal or encode options).
+// The input must be a single JSON value with optional whitespace interspersed.
+// It consumes the entirety of [io.Reader] until [io.EOF] is encountered,
+// without reporting an error for EOF. The output must be a non-nil pointer.
+// See [Unmarshal] for details about the conversion of JSON into a Go value.
+func UnmarshalRead(in io.Reader, out any, opts ...Options) (err error) {
+ dec := export.GetStreamingDecoder(in, opts...)
+ defer export.PutStreamingDecoder(dec)
+ xd := export.Decoder(dec)
+ err = unmarshalDecode(dec, out, &xd.Struct, true)
+ if err != nil && xd.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.TransformUnmarshalError(out, err)
+ }
+ return err
+}
+
+// UnmarshalDecode deserializes a Go value from a [jsontext.Decoder] according to
+// the provided unmarshal options (while ignoring marshal, encode, or decode options).
+// Any unmarshal options already specified on the [jsontext.Decoder]
+// take lower precedence than the set of options provided by the caller.
+// Unlike [Unmarshal] and [UnmarshalRead], decode options are ignored because
+// they must have already been specified on the provided [jsontext.Decoder].
+//
+// The input may be a stream of one or more JSON values,
+// where this only unmarshals the next JSON value in the stream.
+// The output must be a non-nil pointer.
+// See [Unmarshal] for details about the conversion of JSON into a Go value.
+func UnmarshalDecode(in *jsontext.Decoder, out any, opts ...Options) (err error) {
+ xd := export.Decoder(in)
+ if len(opts) > 0 {
+ optsOriginal := xd.Struct
+ defer func() { xd.Struct = optsOriginal }()
+ xd.Struct.JoinWithoutCoderOptions(opts...)
+ }
+ err = unmarshalDecode(in, out, &xd.Struct, false)
+ if err != nil && xd.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.TransformUnmarshalError(out, err)
+ }
+ return err
+}
+
+func unmarshalDecode(in *jsontext.Decoder, out any, uo *jsonopts.Struct, last bool) (err error) {
v := reflect.ValueOf(out)
- if !v.IsValid() || v.Kind() != reflect.Pointer || v.IsNil() {
- var t reflect.Type
- if v.IsValid() {
- t = v.Type()
- if t.Kind() == reflect.Pointer {
- t = t.Elem()
+ if v.Kind() != reflect.Pointer || v.IsNil() {
+ return &SemanticError{action: "unmarshal", GoType: reflect.TypeOf(out), Err: internal.ErrNonNilReference}
+ }
+ va := addressableValue{v.Elem(), false} // dereferenced pointer is always addressable
+ t := va.Type()
+
+ // In legacy semantics, the entirety of the next JSON value
+ // was validated before attempting to unmarshal it.
+ if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ if err := export.Decoder(in).CheckNextValue(last); err != nil {
+ if err == io.EOF && last {
+ offset := in.InputOffset() + int64(len(in.UnreadBuffer()))
+ return &jsontext.SyntacticError{ByteOffset: offset, Err: io.ErrUnexpectedEOF}
}
+ return err
}
- err := errors.New("value must be passed as a non-nil pointer reference")
- return &SemanticError{action: "unmarshal", GoType: t, Err: err}
}
- va := addressableValue{v.Elem()} // dereferenced pointer is always addressable
- t := va.Type()
// Lookup and call the unmarshal function for this type.
unmarshal := lookupArshaler(t).unmarshal
if uo.Unmarshalers != nil {
- unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, t)
+ unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, t)
}
- if err := unmarshal(uo, in, va); err != nil {
- if !in.options.AllowDuplicateNames {
- in.tokens.invalidateDisabledNamespaces()
+ if err := unmarshal(in, va, uo); err != nil {
+ if !uo.Flags.Get(jsonflags.AllowDuplicateNames) {
+ export.Decoder(in).Tokens.InvalidateDisabledNamespaces()
+ }
+ if err == io.EOF && last {
+ offset := in.InputOffset() + int64(len(in.UnreadBuffer()))
+ return &jsontext.SyntacticError{ByteOffset: offset, Err: io.ErrUnexpectedEOF}
}
return err
}
+ if last {
+ return export.Decoder(in).CheckEOF()
+ }
return nil
}
@@ -477,17 +505,31 @@ func (uo UnmarshalOptions) UnmarshalNext(in *Decoder, out any) error {
// There is no compile magic that enforces this property,
// but rather the need to construct this type makes it easier to examine each
// construction site to ensure that this property is upheld.
-type addressableValue struct{ reflect.Value }
+type addressableValue struct {
+ reflect.Value
+
+ // forcedAddr reports whether this value is addressable
+ // only through the use of [newAddressableValue].
+ // This is only used for [jsonflags.CallMethodsWithLegacySemantics].
+ forcedAddr bool
+}
// newAddressableValue constructs a new addressable value of type t.
func newAddressableValue(t reflect.Type) addressableValue {
- return addressableValue{reflect.New(t).Elem()}
+ return addressableValue{reflect.New(t).Elem(), true}
}
+// TODO: Remove *jsonopts.Struct argument from [marshaler] and [unmarshaler].
+// This can be directly accessed on the encoder or decoder.
+
// All marshal and unmarshal behavior is implemented using these signatures.
+// The *jsonopts.Struct argument is guaranteed to identical to or at least
+// a strict super-set of the options in Encoder.Struct or Decoder.Struct.
+// It is identical for Marshal, Unmarshal, MarshalWrite, and UnmarshalRead.
+// It is a super-set for MarshalEncode and UnmarshalDecode.
type (
- marshaler = func(MarshalOptions, *Encoder, addressableValue) error
- unmarshaler = func(UnmarshalOptions, *Decoder, addressableValue) error
+ marshaler = func(*jsontext.Encoder, addressableValue, *jsonopts.Struct) error
+ unmarshaler = func(*jsontext.Decoder, addressableValue, *jsonopts.Struct) error
)
type arshaler struct {
@@ -511,3 +553,28 @@ func lookupArshaler(t reflect.Type) *arshaler {
v, _ := lookupArshalerCache.LoadOrStore(t, fncs)
return v.(*arshaler)
}
+
+var stringsPools = &sync.Pool{New: func() any { return new(stringSlice) }}
+
+type stringSlice []string
+
+// getStrings returns a non-nil pointer to a slice with length n.
+func getStrings(n int) *stringSlice {
+ s := stringsPools.Get().(*stringSlice)
+ if cap(*s) < n {
+ *s = make([]string, n)
+ }
+ *s = (*s)[:n]
+ return s
+}
+
+func putStrings(s *stringSlice) {
+ if cap(*s) > 1<<10 {
+ *s = nil // avoid pinning arbitrarily large amounts of memory
+ }
+ stringsPools.Put(s)
+}
+
+func (ss *stringSlice) Sort() {
+ slices.SortFunc(*ss, func(x, y string) int { return strings.Compare(x, y) })
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_any.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_any.go
index c62b1f320..22ed430fb 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_any.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_any.go
@@ -2,49 +2,73 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
-import "reflect"
+import (
+ "cmp"
+ "math"
+ "reflect"
+ "strconv"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
+)
-// This files contains an optimized marshal and unmarshal implementation
+// This file contains an optimized marshal and unmarshal implementation
// for the any type. This type is often used when the Go program has
// no knowledge of the JSON schema. This is a common enough occurrence
// to justify the complexity of adding logic for this.
-func marshalValueAny(mo MarshalOptions, enc *Encoder, val any) error {
+// marshalValueAny marshals a Go any as a JSON value.
+// This assumes that there are no special formatting directives
+// for any possible nested value.
+func marshalValueAny(enc *jsontext.Encoder, val any, mo *jsonopts.Struct) error {
switch val := val.(type) {
case nil:
- return enc.WriteToken(Null)
+ return enc.WriteToken(jsontext.Null)
case bool:
- return enc.WriteToken(Bool(val))
+ return enc.WriteToken(jsontext.Bool(val))
case string:
- return enc.WriteToken(String(val))
+ return enc.WriteToken(jsontext.String(val))
case float64:
- return enc.WriteToken(Float(val))
+ if math.IsNaN(val) || math.IsInf(val, 0) {
+ break // use default logic below
+ }
+ return enc.WriteToken(jsontext.Float(val))
case map[string]any:
- return marshalObjectAny(mo, enc, val)
+ return marshalObjectAny(enc, val, mo)
case []any:
- return marshalArrayAny(mo, enc, val)
- default:
- v := newAddressableValue(reflect.TypeOf(val))
- v.Set(reflect.ValueOf(val))
- marshal := lookupArshaler(v.Type()).marshal
- if mo.Marshalers != nil {
- marshal, _ = mo.Marshalers.lookup(marshal, v.Type())
- }
- return marshal(mo, enc, v)
+ return marshalArrayAny(enc, val, mo)
}
+
+ v := newAddressableValue(reflect.TypeOf(val))
+ v.Set(reflect.ValueOf(val))
+ marshal := lookupArshaler(v.Type()).marshal
+ if mo.Marshalers != nil {
+ marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, v.Type())
+ }
+ return marshal(enc, v, mo)
}
-func unmarshalValueAny(uo UnmarshalOptions, dec *Decoder) (any, error) {
+// unmarshalValueAny unmarshals a JSON value as a Go any.
+// This assumes that there are no special formatting directives
+// for any possible nested value.
+// Duplicate names must be rejected since this does not implement merging.
+func unmarshalValueAny(dec *jsontext.Decoder, uo *jsonopts.Struct) (any, error) {
switch k := dec.PeekKind(); k {
case '{':
- return unmarshalObjectAny(uo, dec)
+ return unmarshalObjectAny(dec, uo)
case '[':
- return unmarshalArrayAny(uo, dec)
+ return unmarshalArrayAny(dec, uo)
default:
- var flags valueFlags
- val, err := dec.readValue(&flags)
+ xd := export.Decoder(dec)
+ var flags jsonwire.ValueFlags
+ val, err := xd.ReadValue(&flags)
if err != nil {
return nil, err
}
@@ -56,13 +80,19 @@ func unmarshalValueAny(uo UnmarshalOptions, dec *Decoder) (any, error) {
case 't':
return true, nil
case '"':
- val = unescapeStringMayCopy(val, flags.isVerbatim())
- if dec.stringCache == nil {
- dec.stringCache = new(stringCache)
+ val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
+ if xd.StringCache == nil {
+ xd.StringCache = new(stringCache)
}
- return dec.stringCache.make(val), nil
+ return makeString(xd.StringCache, val), nil
case '0':
- fv, _ := parseFloat(val, 64) // ignore error since readValue guarantees val is valid
+ if uo.Flags.Get(jsonflags.UnmarshalAnyWithRawNumber) {
+ return internal.RawNumberOf(val), nil
+ }
+ fv, ok := jsonwire.ParseFloat(val, 64)
+ if !ok {
+ return fv, newUnmarshalErrorAfterWithValue(dec, float64Type, strconv.ErrRange)
+ }
return fv, nil
default:
panic("BUG: invalid kind: " + k.String())
@@ -70,41 +100,49 @@ func unmarshalValueAny(uo UnmarshalOptions, dec *Decoder) (any, error) {
}
}
-func marshalObjectAny(mo MarshalOptions, enc *Encoder, obj map[string]any) error {
+// marshalObjectAny marshals a Go map[string]any as a JSON object
+// (or as a JSON null if nil and [jsonflags.FormatNilMapAsNull]).
+func marshalObjectAny(enc *jsontext.Encoder, obj map[string]any, mo *jsonopts.Struct) error {
// Check for cycles.
- if enc.tokens.depth() > startDetectingCyclesAfter {
+ xe := export.Encoder(enc)
+ if xe.Tokens.Depth() > startDetectingCyclesAfter {
v := reflect.ValueOf(obj)
- if err := enc.seenPointers.visit(v); err != nil {
- return err
+ if err := visitPointer(&xe.SeenPointers, v); err != nil {
+ return newMarshalErrorBefore(enc, mapStringAnyType, err)
}
- defer enc.seenPointers.leave(v)
+ defer leavePointer(&xe.SeenPointers, v)
}
- // Optimize for marshaling an empty map without any preceding whitespace.
- if len(obj) == 0 && !enc.options.multiline && !enc.tokens.last.needObjectName() {
- enc.buf = enc.tokens.mayAppendDelim(enc.buf, '{')
- enc.buf = append(enc.buf, "{}"...)
- enc.tokens.last.increment()
- if enc.needFlush() {
- return enc.flush()
+ // Handle empty maps.
+ if len(obj) == 0 {
+ if mo.Flags.Get(jsonflags.FormatNilMapAsNull) && obj == nil {
+ return enc.WriteToken(jsontext.Null)
+ }
+ // Optimize for marshaling an empty map without any preceding whitespace.
+ if !mo.Flags.Get(jsonflags.AnyWhitespace) && !xe.Tokens.Last.NeedObjectName() {
+ xe.Buf = append(xe.Tokens.MayAppendDelim(xe.Buf, '{'), "{}"...)
+ xe.Tokens.Last.Increment()
+ if xe.NeedFlush() {
+ return xe.Flush()
+ }
+ return nil
}
- return nil
}
- if err := enc.WriteToken(ObjectStart); err != nil {
+ if err := enc.WriteToken(jsontext.BeginObject); err != nil {
return err
}
// A Go map guarantees that each entry has a unique key
// The only possibility of duplicates is due to invalid UTF-8.
- if !enc.options.AllowInvalidUTF8 {
- enc.tokens.last.disableNamespace()
+ if !mo.Flags.Get(jsonflags.AllowInvalidUTF8) {
+ xe.Tokens.Last.DisableNamespace()
}
- if !mo.Deterministic || len(obj) <= 1 {
+ if !mo.Flags.Get(jsonflags.Deterministic) || len(obj) <= 1 {
for name, val := range obj {
- if err := enc.WriteToken(String(name)); err != nil {
+ if err := enc.WriteToken(jsontext.String(name)); err != nil {
return err
}
- if err := marshalValueAny(mo, enc, val); err != nil {
+ if err := marshalValueAny(enc, val, mo); err != nil {
return err
}
}
@@ -117,122 +155,133 @@ func marshalObjectAny(mo MarshalOptions, enc *Encoder, obj map[string]any) error
}
names.Sort()
for _, name := range *names {
- if err := enc.WriteToken(String(name)); err != nil {
+ if err := enc.WriteToken(jsontext.String(name)); err != nil {
return err
}
- if err := marshalValueAny(mo, enc, obj[name]); err != nil {
+ if err := marshalValueAny(enc, obj[name], mo); err != nil {
return err
}
}
putStrings(names)
}
- if err := enc.WriteToken(ObjectEnd); err != nil {
+ if err := enc.WriteToken(jsontext.EndObject); err != nil {
return err
}
return nil
}
-func unmarshalObjectAny(uo UnmarshalOptions, dec *Decoder) (map[string]any, error) {
- tok, err := dec.ReadToken()
- if err != nil {
+// unmarshalObjectAny unmarshals a JSON object as a Go map[string]any.
+// It panics if not decoding a JSON object.
+func unmarshalObjectAny(dec *jsontext.Decoder, uo *jsonopts.Struct) (map[string]any, error) {
+ switch tok, err := dec.ReadToken(); {
+ case err != nil:
return nil, err
+ case tok.Kind() != '{':
+ panic("BUG: invalid kind: " + tok.Kind().String())
}
- k := tok.Kind()
- switch k {
- case 'n':
- return nil, nil
- case '{':
- obj := make(map[string]any)
- // A Go map guarantees that each entry has a unique key
- // The only possibility of duplicates is due to invalid UTF-8.
- if !dec.options.AllowInvalidUTF8 {
- dec.tokens.last.disableNamespace()
- }
- for dec.PeekKind() != '}' {
- tok, err := dec.ReadToken()
- if err != nil {
- return obj, err
- }
- name := tok.String()
+ obj := make(map[string]any)
+ // A Go map guarantees that each entry has a unique key
+ // The only possibility of duplicates is due to invalid UTF-8.
+ if !uo.Flags.Get(jsonflags.AllowInvalidUTF8) {
+ export.Decoder(dec).Tokens.Last.DisableNamespace()
+ }
+ var errUnmarshal error
+ for dec.PeekKind() != '}' {
+ tok, err := dec.ReadToken()
+ if err != nil {
+ return obj, err
+ }
+ name := tok.String()
- // Manually check for duplicate names.
- if _, ok := obj[name]; ok {
- name := dec.previousBuffer()
- err := &SyntacticError{str: "duplicate name " + string(name) + " in object"}
- return obj, err.withOffset(dec.InputOffset() - int64(len(name)))
- }
+ // Manually check for duplicate names.
+ if _, ok := obj[name]; ok {
+ // TODO: Unread the object name.
+ name := export.Decoder(dec).PreviousTokenOrValue()
+ err := newDuplicateNameError(dec.StackPointer(), nil, dec.InputOffset()-len64(name))
+ return obj, err
+ }
- val, err := unmarshalValueAny(uo, dec)
- obj[name] = val
- if err != nil {
+ val, err := unmarshalValueAny(dec, uo)
+ obj[name] = val
+ if err != nil {
+ if isFatalError(err, uo.Flags) {
return obj, err
}
+ errUnmarshal = cmp.Or(err, errUnmarshal)
}
- if _, err := dec.ReadToken(); err != nil {
- return obj, err
- }
- return obj, nil
}
- return nil, &SemanticError{action: "unmarshal", JSONKind: k, GoType: mapStringAnyType}
+ if _, err := dec.ReadToken(); err != nil {
+ return obj, err
+ }
+ return obj, errUnmarshal
}
-func marshalArrayAny(mo MarshalOptions, enc *Encoder, arr []any) error {
+// marshalArrayAny marshals a Go []any as a JSON array
+// (or as a JSON null if nil and [jsonflags.FormatNilSliceAsNull]).
+func marshalArrayAny(enc *jsontext.Encoder, arr []any, mo *jsonopts.Struct) error {
// Check for cycles.
- if enc.tokens.depth() > startDetectingCyclesAfter {
+ xe := export.Encoder(enc)
+ if xe.Tokens.Depth() > startDetectingCyclesAfter {
v := reflect.ValueOf(arr)
- if err := enc.seenPointers.visit(v); err != nil {
- return err
+ if err := visitPointer(&xe.SeenPointers, v); err != nil {
+ return newMarshalErrorBefore(enc, sliceAnyType, err)
}
- defer enc.seenPointers.leave(v)
+ defer leavePointer(&xe.SeenPointers, v)
}
- // Optimize for marshaling an empty slice without any preceding whitespace.
- if len(arr) == 0 && !enc.options.multiline && !enc.tokens.last.needObjectName() {
- enc.buf = enc.tokens.mayAppendDelim(enc.buf, '[')
- enc.buf = append(enc.buf, "[]"...)
- enc.tokens.last.increment()
- if enc.needFlush() {
- return enc.flush()
+ // Handle empty slices.
+ if len(arr) == 0 {
+ if mo.Flags.Get(jsonflags.FormatNilSliceAsNull) && arr == nil {
+ return enc.WriteToken(jsontext.Null)
+ }
+ // Optimize for marshaling an empty slice without any preceding whitespace.
+ if !mo.Flags.Get(jsonflags.AnyWhitespace) && !xe.Tokens.Last.NeedObjectName() {
+ xe.Buf = append(xe.Tokens.MayAppendDelim(xe.Buf, '['), "[]"...)
+ xe.Tokens.Last.Increment()
+ if xe.NeedFlush() {
+ return xe.Flush()
+ }
+ return nil
}
- return nil
}
- if err := enc.WriteToken(ArrayStart); err != nil {
+ if err := enc.WriteToken(jsontext.BeginArray); err != nil {
return err
}
for _, val := range arr {
- if err := marshalValueAny(mo, enc, val); err != nil {
+ if err := marshalValueAny(enc, val, mo); err != nil {
return err
}
}
- if err := enc.WriteToken(ArrayEnd); err != nil {
+ if err := enc.WriteToken(jsontext.EndArray); err != nil {
return err
}
return nil
}
-func unmarshalArrayAny(uo UnmarshalOptions, dec *Decoder) ([]any, error) {
- tok, err := dec.ReadToken()
- if err != nil {
+// unmarshalArrayAny unmarshals a JSON array as a Go []any.
+// It panics if not decoding a JSON array.
+func unmarshalArrayAny(dec *jsontext.Decoder, uo *jsonopts.Struct) ([]any, error) {
+ switch tok, err := dec.ReadToken(); {
+ case err != nil:
return nil, err
+ case tok.Kind() != '[':
+ panic("BUG: invalid kind: " + tok.Kind().String())
}
- k := tok.Kind()
- switch k {
- case 'n':
- return nil, nil
- case '[':
- arr := []any{}
- for dec.PeekKind() != ']' {
- val, err := unmarshalValueAny(uo, dec)
- arr = append(arr, val)
- if err != nil {
+ arr := []any{}
+ var errUnmarshal error
+ for dec.PeekKind() != ']' {
+ val, err := unmarshalValueAny(dec, uo)
+ arr = append(arr, val)
+ if err != nil {
+ if isFatalError(err, uo.Flags) {
return arr, err
}
+ errUnmarshal = cmp.Or(errUnmarshal, err)
}
- if _, err := dec.ReadToken(); err != nil {
- return arr, err
- }
- return arr, nil
}
- return nil, &SemanticError{action: "unmarshal", JSONKind: k, GoType: sliceAnyType}
+ if _, err := dec.ReadToken(); err != nil {
+ return arr, err
+ }
+ return arr, errUnmarshal
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_default.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_default.go
index fd26eba35..64d2b7a9b 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_default.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_default.go
@@ -2,10 +2,14 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
import (
"bytes"
+ "cmp"
+ "encoding"
"encoding/base32"
"encoding/base64"
"encoding/hex"
@@ -13,9 +17,16 @@ import (
"fmt"
"math"
"reflect"
- "sort"
+ "slices"
"strconv"
+ "strings"
"sync"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// optimizeCommon specifies whether to use optimizations targeted for certain
@@ -25,44 +36,56 @@ const optimizeCommon = true
var (
// Most natural Go type that correspond with each JSON type.
- anyType = reflect.TypeOf((*any)(nil)).Elem() // JSON value
- boolType = reflect.TypeOf((*bool)(nil)).Elem() // JSON bool
- stringType = reflect.TypeOf((*string)(nil)).Elem() // JSON string
- float64Type = reflect.TypeOf((*float64)(nil)).Elem() // JSON number
- mapStringAnyType = reflect.TypeOf((*map[string]any)(nil)).Elem() // JSON object
- sliceAnyType = reflect.TypeOf((*[]any)(nil)).Elem() // JSON array
-
- bytesType = reflect.TypeOf((*[]byte)(nil)).Elem()
- emptyStructType = reflect.TypeOf((*struct{})(nil)).Elem()
+ anyType = reflect.TypeFor[any]() // JSON value
+ boolType = reflect.TypeFor[bool]() // JSON bool
+ stringType = reflect.TypeFor[string]() // JSON string
+ float64Type = reflect.TypeFor[float64]() // JSON number
+ mapStringAnyType = reflect.TypeFor[map[string]any]() // JSON object
+ sliceAnyType = reflect.TypeFor[[]any]() // JSON array
+
+ bytesType = reflect.TypeFor[[]byte]()
+ emptyStructType = reflect.TypeFor[struct{}]()
)
const startDetectingCyclesAfter = 1000
-type seenPointers map[typedPointer]struct{}
+type seenPointers = map[any]struct{}
type typedPointer struct {
typ reflect.Type
ptr any // always stores unsafe.Pointer, but avoids depending on unsafe
+ len int // remember slice length to avoid false positives
}
-// visit visits pointer p of type t, reporting an error if seen before.
+// visitPointer visits pointer p of type t, reporting an error if seen before.
// If successfully visited, then the caller must eventually call leave.
-func (m *seenPointers) visit(v reflect.Value) error {
- p := typedPointer{v.Type(), v.UnsafePointer()}
+func visitPointer(m *seenPointers, v reflect.Value) error {
+ p := typedPointer{v.Type(), v.UnsafePointer(), sliceLen(v)}
if _, ok := (*m)[p]; ok {
- return &SemanticError{action: "marshal", GoType: p.typ, Err: errors.New("encountered a cycle")}
+ return internal.ErrCycle
}
if *m == nil {
- *m = make(map[typedPointer]struct{})
+ *m = make(seenPointers)
}
(*m)[p] = struct{}{}
return nil
}
-func (m *seenPointers) leave(v reflect.Value) {
- p := typedPointer{v.Type(), v.UnsafePointer()}
+func leavePointer(m *seenPointers, v reflect.Value) {
+ p := typedPointer{v.Type(), v.UnsafePointer(), sliceLen(v)}
delete(*m, p)
}
+func sliceLen(v reflect.Value) int {
+ if v.Kind() == reflect.Slice {
+ return v.Len()
+ }
+ return 0
+}
+
+func len64[Bytes ~[]byte | ~string](in Bytes) int64 {
+ return int64(len(in))
+}
+
func makeDefaultArshaler(t reflect.Type) *arshaler {
switch t.Kind() {
case reflect.Bool:
@@ -71,7 +94,7 @@ func makeDefaultArshaler(t reflect.Type) *arshaler {
return makeStringArshaler(t)
case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
return makeIntArshaler(t)
- case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+ case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
return makeUintArshaler(t)
case reflect.Float32, reflect.Float64:
return makeFloatArshaler(t)
@@ -81,13 +104,13 @@ func makeDefaultArshaler(t reflect.Type) *arshaler {
return makeStructArshaler(t)
case reflect.Slice:
fncs := makeSliceArshaler(t)
- if t.AssignableTo(bytesType) {
+ if t.Elem().Kind() == reflect.Uint8 {
return makeBytesArshaler(t, fncs)
}
return fncs
case reflect.Array:
fncs := makeArrayArshaler(t)
- if reflect.SliceOf(t.Elem()).AssignableTo(bytesType) {
+ if t.Elem().Kind() == reflect.Uint8 {
return makeBytesArshaler(t, fncs)
}
return fncs
@@ -102,31 +125,35 @@ func makeDefaultArshaler(t reflect.Type) *arshaler {
func makeBoolArshaler(t reflect.Type) *arshaler {
var fncs arshaler
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- return newInvalidFormatError("marshal", t, mo.format)
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ xe := export.Encoder(enc)
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ return newInvalidFormatError(enc, t)
}
// Optimize for marshaling without preceding whitespace.
- if optimizeCommon && !enc.options.multiline && !enc.tokens.last.needObjectName() {
- enc.buf = enc.tokens.mayAppendDelim(enc.buf, 't')
- if va.Bool() {
- enc.buf = append(enc.buf, "true"...)
- } else {
- enc.buf = append(enc.buf, "false"...)
- }
- enc.tokens.last.increment()
- if enc.needFlush() {
- return enc.flush()
+ if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace|jsonflags.StringifyBoolsAndStrings) && !xe.Tokens.Last.NeedObjectName() {
+ xe.Buf = strconv.AppendBool(xe.Tokens.MayAppendDelim(xe.Buf, 't'), va.Bool())
+ xe.Tokens.Last.Increment()
+ if xe.NeedFlush() {
+ return xe.Flush()
}
return nil
}
- return enc.WriteToken(Bool(va.Bool()))
+ if mo.Flags.Get(jsonflags.StringifyBoolsAndStrings) {
+ if va.Bool() {
+ return enc.WriteToken(jsontext.String("true"))
+ } else {
+ return enc.WriteToken(jsontext.String("false"))
+ }
+ }
+ return enc.WriteToken(jsontext.Bool(va.Bool()))
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- return newInvalidFormatError("unmarshal", t, uo.format)
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ return newInvalidFormatError(dec, t)
}
tok, err := dec.ReadToken()
if err != nil {
@@ -135,187 +162,267 @@ func makeBoolArshaler(t reflect.Type) *arshaler {
k := tok.Kind()
switch k {
case 'n':
- va.SetBool(false)
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetBool(false)
+ }
return nil
case 't', 'f':
- va.SetBool(tok.Bool())
- return nil
+ if !uo.Flags.Get(jsonflags.StringifyBoolsAndStrings) {
+ va.SetBool(tok.Bool())
+ return nil
+ }
+ case '"':
+ if uo.Flags.Get(jsonflags.StringifyBoolsAndStrings) {
+ switch tok.String() {
+ case "true":
+ va.SetBool(true)
+ case "false":
+ va.SetBool(false)
+ default:
+ if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && tok.String() == "null" {
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetBool(false)
+ }
+ return nil
+ }
+ return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrSyntax)
+ }
+ return nil
+ }
}
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
+ return newUnmarshalErrorAfterWithSkipping(dec, t, nil)
}
return &fncs
}
func makeStringArshaler(t reflect.Type) *arshaler {
var fncs arshaler
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- return newInvalidFormatError("marshal", t, mo.format)
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ xe := export.Encoder(enc)
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ return newInvalidFormatError(enc, t)
}
- return enc.WriteToken(String(va.String()))
+
+ // Optimize for marshaling without preceding whitespace.
+ s := va.String()
+ if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace|jsonflags.StringifyBoolsAndStrings) && !xe.Tokens.Last.NeedObjectName() {
+ b := xe.Buf
+ b = xe.Tokens.MayAppendDelim(b, '"')
+ b, err := jsonwire.AppendQuote(b, s, &mo.Flags)
+ if err == nil {
+ xe.Buf = b
+ xe.Tokens.Last.Increment()
+ if xe.NeedFlush() {
+ return xe.Flush()
+ }
+ return nil
+ }
+ // Otherwise, the string contains invalid UTF-8,
+ // so let the logic below construct the proper error.
+ }
+
+ if mo.Flags.Get(jsonflags.StringifyBoolsAndStrings) {
+ b, err := jsonwire.AppendQuote(nil, s, &mo.Flags)
+ if err != nil {
+ return newMarshalErrorBefore(enc, t, &jsontext.SyntacticError{Err: err})
+ }
+ q, err := jsontext.AppendQuote(nil, b)
+ if err != nil {
+ panic("BUG: second AppendQuote should never fail: " + err.Error())
+ }
+ return enc.WriteValue(q)
+ }
+ return enc.WriteToken(jsontext.String(s))
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- return newInvalidFormatError("unmarshal", t, uo.format)
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ return newInvalidFormatError(dec, t)
}
- var flags valueFlags
- val, err := dec.readValue(&flags)
+ var flags jsonwire.ValueFlags
+ val, err := xd.ReadValue(&flags)
if err != nil {
return err
}
k := val.Kind()
switch k {
case 'n':
- va.SetString("")
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetString("")
+ }
return nil
case '"':
- val = unescapeStringMayCopy(val, flags.isVerbatim())
- if dec.stringCache == nil {
- dec.stringCache = new(stringCache)
+ val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
+ if uo.Flags.Get(jsonflags.StringifyBoolsAndStrings) {
+ val, err = jsontext.AppendUnquote(nil, val)
+ if err != nil {
+ return newUnmarshalErrorAfter(dec, t, err)
+ }
+ if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && string(val) == "null" {
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetString("")
+ }
+ return nil
+ }
}
- str := dec.stringCache.make(val)
+ if xd.StringCache == nil {
+ xd.StringCache = new(stringCache)
+ }
+ str := makeString(xd.StringCache, val)
va.SetString(str)
return nil
}
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
+ return newUnmarshalErrorAfter(dec, t, nil)
}
return &fncs
}
var (
- encodeBase16 = func(dst, src []byte) { hex.Encode(dst, src) }
- encodeBase32 = base32.StdEncoding.Encode
- encodeBase32Hex = base32.HexEncoding.Encode
- encodeBase64 = base64.StdEncoding.Encode
- encodeBase64URL = base64.URLEncoding.Encode
- encodedLenBase16 = hex.EncodedLen
- encodedLenBase32 = base32.StdEncoding.EncodedLen
- encodedLenBase32Hex = base32.HexEncoding.EncodedLen
- encodedLenBase64 = base64.StdEncoding.EncodedLen
- encodedLenBase64URL = base64.URLEncoding.EncodedLen
- decodeBase16 = hex.Decode
- decodeBase32 = base32.StdEncoding.Decode
- decodeBase32Hex = base32.HexEncoding.Decode
- decodeBase64 = base64.StdEncoding.Decode
- decodeBase64URL = base64.URLEncoding.Decode
- decodedLenBase16 = hex.DecodedLen
- decodedLenBase32 = base32.StdEncoding.WithPadding(base32.NoPadding).DecodedLen
- decodedLenBase32Hex = base32.HexEncoding.WithPadding(base32.NoPadding).DecodedLen
- decodedLenBase64 = base64.StdEncoding.WithPadding(base64.NoPadding).DecodedLen
- decodedLenBase64URL = base64.URLEncoding.WithPadding(base64.NoPadding).DecodedLen
+ appendEncodeBase16 = hex.AppendEncode
+ appendEncodeBase32 = base32.StdEncoding.AppendEncode
+ appendEncodeBase32Hex = base32.HexEncoding.AppendEncode
+ appendEncodeBase64 = base64.StdEncoding.AppendEncode
+ appendEncodeBase64URL = base64.URLEncoding.AppendEncode
+ encodedLenBase16 = hex.EncodedLen
+ encodedLenBase32 = base32.StdEncoding.EncodedLen
+ encodedLenBase32Hex = base32.HexEncoding.EncodedLen
+ encodedLenBase64 = base64.StdEncoding.EncodedLen
+ encodedLenBase64URL = base64.URLEncoding.EncodedLen
+ appendDecodeBase16 = hex.AppendDecode
+ appendDecodeBase32 = base32.StdEncoding.AppendDecode
+ appendDecodeBase32Hex = base32.HexEncoding.AppendDecode
+ appendDecodeBase64 = base64.StdEncoding.AppendDecode
+ appendDecodeBase64URL = base64.URLEncoding.AppendDecode
)
func makeBytesArshaler(t reflect.Type, fncs *arshaler) *arshaler {
- // NOTE: This handles both []byte and [N]byte.
- marshalDefault := fncs.marshal
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- encode, encodedLen := encodeBase64, encodedLenBase64
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- switch mo.format {
+ // NOTE: This handles both []~byte and [N]~byte.
+ // The v2 default is to treat a []namedByte as equivalent to []T
+ // since being able to convert []namedByte to []byte relies on
+ // dubious Go reflection behavior (see https://go.dev/issue/24746).
+ // For v1 emulation, we use jsonflags.FormatBytesWithLegacySemantics
+ // to forcibly treat []namedByte as a []byte.
+ marshalArray := fncs.marshal
+ isNamedByte := t.Elem().PkgPath() != ""
+ hasMarshaler := implementsAny(t.Elem(), allMarshalerTypes...)
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ if !mo.Flags.Get(jsonflags.FormatBytesWithLegacySemantics) && isNamedByte {
+ return marshalArray(enc, va, mo) // treat as []T or [N]T
+ }
+ xe := export.Encoder(enc)
+ appendEncode := appendEncodeBase64
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ switch mo.Format {
case "base64":
- encode, encodedLen = encodeBase64, encodedLenBase64
+ appendEncode = appendEncodeBase64
case "base64url":
- encode, encodedLen = encodeBase64URL, encodedLenBase64URL
+ appendEncode = appendEncodeBase64URL
case "base32":
- encode, encodedLen = encodeBase32, encodedLenBase32
+ appendEncode = appendEncodeBase32
case "base32hex":
- encode, encodedLen = encodeBase32Hex, encodedLenBase32Hex
+ appendEncode = appendEncodeBase32Hex
case "base16", "hex":
- encode, encodedLen = encodeBase16, encodedLenBase16
+ appendEncode = appendEncodeBase16
case "array":
- mo.format = ""
- return marshalDefault(mo, enc, va)
+ mo.Format = ""
+ return marshalArray(enc, va, mo)
default:
- return newInvalidFormatError("marshal", t, mo.format)
+ return newInvalidFormatError(enc, t)
}
+ } else if mo.Flags.Get(jsonflags.FormatByteArrayAsArray) && va.Kind() == reflect.Array {
+ return marshalArray(enc, va, mo)
+ } else if mo.Flags.Get(jsonflags.FormatBytesWithLegacySemantics) && hasMarshaler {
+ return marshalArray(enc, va, mo)
}
- val := enc.UnusedBuffer()
- b := va.Bytes()
- n := len(`"`) + encodedLen(len(b)) + len(`"`)
- if cap(val) < n {
- val = make([]byte, n)
- } else {
- val = val[:n]
+ if mo.Flags.Get(jsonflags.FormatNilSliceAsNull) && va.Kind() == reflect.Slice && va.IsNil() {
+ // TODO: Provide a "emitempty" format override?
+ return enc.WriteToken(jsontext.Null)
}
- val[0] = '"'
- encode(val[len(`"`):len(val)-len(`"`)], b)
- val[len(val)-1] = '"'
- return enc.WriteValue(val)
+ return xe.AppendRaw('"', true, func(b []byte) ([]byte, error) {
+ return appendEncode(b, va.Bytes()), nil
+ })
}
- unmarshalDefault := fncs.unmarshal
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- decode, decodedLen, encodedLen := decodeBase64, decodedLenBase64, encodedLenBase64
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- switch uo.format {
+ unmarshalArray := fncs.unmarshal
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ if !uo.Flags.Get(jsonflags.FormatBytesWithLegacySemantics) && isNamedByte {
+ return unmarshalArray(dec, va, uo) // treat as []T or [N]T
+ }
+ xd := export.Decoder(dec)
+ appendDecode, encodedLen := appendDecodeBase64, encodedLenBase64
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ switch uo.Format {
case "base64":
- decode, decodedLen, encodedLen = decodeBase64, decodedLenBase64, encodedLenBase64
+ appendDecode, encodedLen = appendDecodeBase64, encodedLenBase64
case "base64url":
- decode, decodedLen, encodedLen = decodeBase64URL, decodedLenBase64URL, encodedLenBase64URL
+ appendDecode, encodedLen = appendDecodeBase64URL, encodedLenBase64URL
case "base32":
- decode, decodedLen, encodedLen = decodeBase32, decodedLenBase32, encodedLenBase32
+ appendDecode, encodedLen = appendDecodeBase32, encodedLenBase32
case "base32hex":
- decode, decodedLen, encodedLen = decodeBase32Hex, decodedLenBase32Hex, encodedLenBase32Hex
+ appendDecode, encodedLen = appendDecodeBase32Hex, encodedLenBase32Hex
case "base16", "hex":
- decode, decodedLen, encodedLen = decodeBase16, decodedLenBase16, encodedLenBase16
+ appendDecode, encodedLen = appendDecodeBase16, encodedLenBase16
case "array":
- uo.format = ""
- return unmarshalDefault(uo, dec, va)
+ uo.Format = ""
+ return unmarshalArray(dec, va, uo)
default:
- return newInvalidFormatError("unmarshal", t, uo.format)
+ return newInvalidFormatError(dec, t)
}
+ } else if uo.Flags.Get(jsonflags.FormatByteArrayAsArray) && va.Kind() == reflect.Array {
+ return unmarshalArray(dec, va, uo)
+ } else if uo.Flags.Get(jsonflags.FormatBytesWithLegacySemantics) && dec.PeekKind() == '[' {
+ return unmarshalArray(dec, va, uo)
}
- var flags valueFlags
- val, err := dec.readValue(&flags)
+ var flags jsonwire.ValueFlags
+ val, err := xd.ReadValue(&flags)
if err != nil {
return err
}
k := val.Kind()
switch k {
case 'n':
- va.Set(reflect.Zero(t))
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) || va.Kind() != reflect.Array {
+ va.SetZero()
+ }
return nil
case '"':
- val = unescapeStringMayCopy(val, flags.isVerbatim())
-
- // For base64 and base32, decodedLen computes the maximum output size
- // when given the original input size. To compute the exact size,
- // adjust the input size by excluding trailing padding characters.
- // This is unnecessary for base16, but also harmless.
- n := len(val)
- for n > 0 && val[n-1] == '=' {
- n--
- }
- n = decodedLen(n)
- b := va.Bytes()
- if va.Kind() == reflect.Array {
- if n != len(b) {
- err := fmt.Errorf("decoded base64 length of %d mismatches array length of %d", n, len(b))
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err}
- }
- } else {
- if b == nil || cap(b) < n {
- b = make([]byte, n)
- } else {
- b = b[:n]
- }
+ // NOTE: The v2 default is to strictly comply with RFC 4648.
+ // Section 3.2 specifies that padding is required.
+ // Section 3.3 specifies that non-alphabet characters
+ // (e.g., '\r' or '\n') must be rejected.
+ // Section 3.5 specifies that unnecessary non-zero bits in
+ // the last quantum may be rejected. Since this is optional,
+ // we do not reject such inputs.
+ val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
+ b, err := appendDecode(va.Bytes()[:0], val)
+ if err != nil {
+ return newUnmarshalErrorAfter(dec, t, err)
}
- n2, err := decode(b, val)
- if err == nil && len(val) != encodedLen(n2) {
+ if len(val) != encodedLen(len(b)) && !uo.Flags.Get(jsonflags.ParseBytesWithLooseRFC4648) {
// TODO(https://go.dev/issue/53845): RFC 4648, section 3.3,
// specifies that non-alphabet characters must be rejected.
// Unfortunately, the "base32" and "base64" packages allow
// '\r' and '\n' characters by default.
- err = errors.New("illegal data at input byte " + strconv.Itoa(bytes.IndexAny(val, "\r\n")))
+ i := bytes.IndexAny(val, "\r\n")
+ err := fmt.Errorf("illegal character %s at offset %d", jsonwire.QuoteRune(val[i:]), i)
+ return newUnmarshalErrorAfter(dec, t, err)
}
- if err != nil {
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err}
- }
- if va.Kind() == reflect.Slice {
+
+ if va.Kind() == reflect.Array {
+ dst := va.Bytes()
+ clear(dst[copy(dst, b):]) // noop if len(b) <= len(dst)
+ if len(b) != len(dst) && !uo.Flags.Get(jsonflags.UnmarshalArrayFromAnyLength) {
+ err := fmt.Errorf("decoded length of %d mismatches array length of %d", len(b), len(dst))
+ return newUnmarshalErrorAfter(dec, t, err)
+ }
+ } else {
+ if b == nil {
+ b = []byte{}
+ }
va.SetBytes(b)
}
return nil
}
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
+ return newUnmarshalErrorAfter(dec, t, nil)
}
return fncs
}
@@ -323,64 +430,77 @@ func makeBytesArshaler(t reflect.Type, fncs *arshaler) *arshaler {
func makeIntArshaler(t reflect.Type) *arshaler {
var fncs arshaler
bits := t.Bits()
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- return newInvalidFormatError("marshal", t, mo.format)
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ xe := export.Encoder(enc)
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ return newInvalidFormatError(enc, t)
}
// Optimize for marshaling without preceding whitespace or string escaping.
- if optimizeCommon && !enc.options.multiline && !mo.StringifyNumbers && !enc.tokens.last.needObjectName() {
- enc.buf = enc.tokens.mayAppendDelim(enc.buf, '0')
- enc.buf = strconv.AppendInt(enc.buf, va.Int(), 10)
- enc.tokens.last.increment()
- if enc.needFlush() {
- return enc.flush()
+ if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace|jsonflags.StringifyNumbers) && !xe.Tokens.Last.NeedObjectName() {
+ xe.Buf = strconv.AppendInt(xe.Tokens.MayAppendDelim(xe.Buf, '0'), va.Int(), 10)
+ xe.Tokens.Last.Increment()
+ if xe.NeedFlush() {
+ return xe.Flush()
}
return nil
}
- x := math.Float64frombits(uint64(va.Int()))
- return enc.writeNumber(x, rawIntNumber, mo.StringifyNumbers)
+ k := stringOrNumberKind(xe.Tokens.Last.NeedObjectName() || mo.Flags.Get(jsonflags.StringifyNumbers))
+ return xe.AppendRaw(k, true, func(b []byte) ([]byte, error) {
+ return strconv.AppendInt(b, va.Int(), 10), nil
+ })
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- return newInvalidFormatError("unmarshal", t, uo.format)
- }
- var flags valueFlags
- val, err := dec.readValue(&flags)
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ return newInvalidFormatError(dec, t)
+ }
+ stringify := xd.Tokens.Last.NeedObjectName() || uo.Flags.Get(jsonflags.StringifyNumbers)
+ var flags jsonwire.ValueFlags
+ val, err := xd.ReadValue(&flags)
if err != nil {
return err
}
k := val.Kind()
switch k {
case 'n':
- va.SetInt(0)
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetInt(0)
+ }
return nil
case '"':
- if !uo.StringifyNumbers {
+ if !stringify {
break
}
- val = unescapeStringMayCopy(val, flags.isVerbatim())
+ val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
+ if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && string(val) == "null" {
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetInt(0)
+ }
+ return nil
+ }
fallthrough
case '0':
+ if stringify && k == '0' {
+ break
+ }
var negOffset int
- neg := val[0] == '-'
+ neg := len(val) > 0 && val[0] == '-'
if neg {
negOffset = 1
}
- n, ok := parseDecUint(val[negOffset:])
+ n, ok := jsonwire.ParseUint(val[negOffset:])
maxInt := uint64(1) << (bits - 1)
overflow := (neg && n > maxInt) || (!neg && n > maxInt-1)
if !ok {
if n != math.MaxUint64 {
- err := fmt.Errorf("cannot parse %q as signed integer: %w", val, strconv.ErrSyntax)
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err}
+ return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrSyntax)
}
overflow = true
}
if overflow {
- err := fmt.Errorf("cannot parse %q as signed integer: %w", val, strconv.ErrRange)
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err}
+ return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrRange)
}
if neg {
va.SetInt(int64(-n))
@@ -389,7 +509,7 @@ func makeIntArshaler(t reflect.Type) *arshaler {
}
return nil
}
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
+ return newUnmarshalErrorAfter(dec, t, nil)
}
return &fncs
}
@@ -397,64 +517,77 @@ func makeIntArshaler(t reflect.Type) *arshaler {
func makeUintArshaler(t reflect.Type) *arshaler {
var fncs arshaler
bits := t.Bits()
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- return newInvalidFormatError("marshal", t, mo.format)
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ xe := export.Encoder(enc)
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ return newInvalidFormatError(enc, t)
}
// Optimize for marshaling without preceding whitespace or string escaping.
- if optimizeCommon && !enc.options.multiline && !mo.StringifyNumbers && !enc.tokens.last.needObjectName() {
- enc.buf = enc.tokens.mayAppendDelim(enc.buf, '0')
- enc.buf = strconv.AppendUint(enc.buf, va.Uint(), 10)
- enc.tokens.last.increment()
- if enc.needFlush() {
- return enc.flush()
+ if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace|jsonflags.StringifyNumbers) && !xe.Tokens.Last.NeedObjectName() {
+ xe.Buf = strconv.AppendUint(xe.Tokens.MayAppendDelim(xe.Buf, '0'), va.Uint(), 10)
+ xe.Tokens.Last.Increment()
+ if xe.NeedFlush() {
+ return xe.Flush()
}
return nil
}
- x := math.Float64frombits(va.Uint())
- return enc.writeNumber(x, rawUintNumber, mo.StringifyNumbers)
+ k := stringOrNumberKind(xe.Tokens.Last.NeedObjectName() || mo.Flags.Get(jsonflags.StringifyNumbers))
+ return xe.AppendRaw(k, true, func(b []byte) ([]byte, error) {
+ return strconv.AppendUint(b, va.Uint(), 10), nil
+ })
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- return newInvalidFormatError("unmarshal", t, uo.format)
- }
- var flags valueFlags
- val, err := dec.readValue(&flags)
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ return newInvalidFormatError(dec, t)
+ }
+ stringify := xd.Tokens.Last.NeedObjectName() || uo.Flags.Get(jsonflags.StringifyNumbers)
+ var flags jsonwire.ValueFlags
+ val, err := xd.ReadValue(&flags)
if err != nil {
return err
}
k := val.Kind()
switch k {
case 'n':
- va.SetUint(0)
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetUint(0)
+ }
return nil
case '"':
- if !uo.StringifyNumbers {
+ if !stringify {
break
}
- val = unescapeStringMayCopy(val, flags.isVerbatim())
+ val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
+ if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && string(val) == "null" {
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetUint(0)
+ }
+ return nil
+ }
fallthrough
case '0':
- n, ok := parseDecUint(val)
+ if stringify && k == '0' {
+ break
+ }
+ n, ok := jsonwire.ParseUint(val)
maxUint := uint64(1) << bits
overflow := n > maxUint-1
if !ok {
if n != math.MaxUint64 {
- err := fmt.Errorf("cannot parse %q as unsigned integer: %w", val, strconv.ErrSyntax)
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err}
+ return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrSyntax)
}
overflow = true
}
if overflow {
- err := fmt.Errorf("cannot parse %q as unsigned integer: %w", val, strconv.ErrRange)
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err}
+ return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrRange)
}
va.SetUint(n)
return nil
}
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
+ return newUnmarshalErrorAfter(dec, t, nil)
}
return &fncs
}
@@ -462,59 +595,66 @@ func makeUintArshaler(t reflect.Type) *arshaler {
func makeFloatArshaler(t reflect.Type) *arshaler {
var fncs arshaler
bits := t.Bits()
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ xe := export.Encoder(enc)
var allowNonFinite bool
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- if mo.format == "nonfinite" {
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ if mo.Format == "nonfinite" {
allowNonFinite = true
} else {
- return newInvalidFormatError("marshal", t, mo.format)
+ return newInvalidFormatError(enc, t)
}
}
fv := va.Float()
if math.IsNaN(fv) || math.IsInf(fv, 0) {
if !allowNonFinite {
- err := fmt.Errorf("invalid value: %v", fv)
- return &SemanticError{action: "marshal", GoType: t, Err: err}
+ err := fmt.Errorf("unsupported value: %v", fv)
+ return newMarshalErrorBefore(enc, t, err)
}
- return enc.WriteToken(Float(fv))
+ return enc.WriteToken(jsontext.Float(fv))
}
// Optimize for marshaling without preceding whitespace or string escaping.
- if optimizeCommon && !enc.options.multiline && !mo.StringifyNumbers && !enc.tokens.last.needObjectName() {
- enc.buf = enc.tokens.mayAppendDelim(enc.buf, '0')
- enc.buf = appendNumber(enc.buf, fv, bits)
- enc.tokens.last.increment()
- if enc.needFlush() {
- return enc.flush()
+ if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace|jsonflags.StringifyNumbers) && !xe.Tokens.Last.NeedObjectName() {
+ xe.Buf = jsonwire.AppendFloat(xe.Tokens.MayAppendDelim(xe.Buf, '0'), fv, bits)
+ xe.Tokens.Last.Increment()
+ if xe.NeedFlush() {
+ return xe.Flush()
}
return nil
}
- return enc.writeNumber(fv, bits, mo.StringifyNumbers)
+ k := stringOrNumberKind(xe.Tokens.Last.NeedObjectName() || mo.Flags.Get(jsonflags.StringifyNumbers))
+ return xe.AppendRaw(k, true, func(b []byte) ([]byte, error) {
+ return jsonwire.AppendFloat(b, va.Float(), bits), nil
+ })
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
var allowNonFinite bool
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- if uo.format == "nonfinite" {
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ if uo.Format == "nonfinite" {
allowNonFinite = true
} else {
- return newInvalidFormatError("unmarshal", t, uo.format)
+ return newInvalidFormatError(dec, t)
}
}
- var flags valueFlags
- val, err := dec.readValue(&flags)
+ stringify := xd.Tokens.Last.NeedObjectName() || uo.Flags.Get(jsonflags.StringifyNumbers)
+ var flags jsonwire.ValueFlags
+ val, err := xd.ReadValue(&flags)
if err != nil {
return err
}
k := val.Kind()
switch k {
case 'n':
- va.SetFloat(0)
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetFloat(0)
+ }
return nil
case '"':
- val = unescapeStringMayCopy(val, flags.isVerbatim())
+ val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
if allowNonFinite {
switch string(val) {
case "NaN":
@@ -528,24 +668,31 @@ func makeFloatArshaler(t reflect.Type) *arshaler {
return nil
}
}
- if !uo.StringifyNumbers {
+ if !stringify {
break
}
- if n, err := consumeNumber(val); n != len(val) || err != nil {
- err := fmt.Errorf("cannot parse %q as JSON number: %w", val, strconv.ErrSyntax)
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err}
+ if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && string(val) == "null" {
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetFloat(0)
+ }
+ return nil
+ }
+ if n, err := jsonwire.ConsumeNumber(val); n != len(val) || err != nil {
+ return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrSyntax)
}
fallthrough
case '0':
- // NOTE: Floating-point parsing is by nature a lossy operation.
- // We never report an overflow condition since we can always
- // round the input to the closest representable finite value.
- // For extremely large numbers, the closest value is ±MaxFloat.
- fv, _ := parseFloat(val, bits)
+ if stringify && k == '0' {
+ break
+ }
+ fv, ok := jsonwire.ParseFloat(val, bits)
va.SetFloat(fv)
+ if !ok {
+ return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrRange)
+ }
return nil
}
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
+ return newUnmarshalErrorAfter(dec, t, nil)
}
return &fncs
}
@@ -568,54 +715,61 @@ func makeMapArshaler(t reflect.Type) *arshaler {
keyFncs = lookupArshaler(t.Key())
valFncs = lookupArshaler(t.Elem())
}
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
+ nillableLegacyKey := t.Key().Kind() == reflect.Pointer &&
+ implementsAny(t.Key(), textMarshalerType, textAppenderType)
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
// Check for cycles.
- if enc.tokens.depth() > startDetectingCyclesAfter {
- if err := enc.seenPointers.visit(va.Value); err != nil {
- return err
- }
- defer enc.seenPointers.leave(va.Value)
- }
-
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- if mo.format == "emitnull" {
- if va.IsNil() {
- return enc.WriteToken(Null)
- }
- mo.format = ""
- } else {
- return newInvalidFormatError("marshal", t, mo.format)
+ xe := export.Encoder(enc)
+ if xe.Tokens.Depth() > startDetectingCyclesAfter {
+ if err := visitPointer(&xe.SeenPointers, va.Value); err != nil {
+ return newMarshalErrorBefore(enc, t, err)
+ }
+ defer leavePointer(&xe.SeenPointers, va.Value)
+ }
+
+ emitNull := mo.Flags.Get(jsonflags.FormatNilMapAsNull)
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ switch mo.Format {
+ case "emitnull":
+ emitNull = true
+ mo.Format = ""
+ case "emitempty":
+ emitNull = false
+ mo.Format = ""
+ default:
+ return newInvalidFormatError(enc, t)
}
}
- // Optimize for marshaling an empty map without any preceding whitespace.
+ // Handle empty maps.
n := va.Len()
- if optimizeCommon && n == 0 && !enc.options.multiline && !enc.tokens.last.needObjectName() {
- enc.buf = enc.tokens.mayAppendDelim(enc.buf, '{')
- enc.buf = append(enc.buf, "{}"...)
- enc.tokens.last.increment()
- if enc.needFlush() {
- return enc.flush()
+ if n == 0 {
+ if emitNull && va.IsNil() {
+ return enc.WriteToken(jsontext.Null)
+ }
+ // Optimize for marshaling an empty map without any preceding whitespace.
+ if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace) && !xe.Tokens.Last.NeedObjectName() {
+ xe.Buf = append(xe.Tokens.MayAppendDelim(xe.Buf, '{'), "{}"...)
+ xe.Tokens.Last.Increment()
+ if xe.NeedFlush() {
+ return xe.Flush()
+ }
+ return nil
}
- return nil
}
once.Do(init)
- if err := enc.WriteToken(ObjectStart); err != nil {
+ if err := enc.WriteToken(jsontext.BeginObject); err != nil {
return err
}
if n > 0 {
- // Handle maps with numeric key types by stringifying them.
- mko := mo
- mko.StringifyNumbers = true
-
nonDefaultKey := keyFncs.nonDefault
marshalKey := keyFncs.marshal
marshalVal := valFncs.marshal
if mo.Marshalers != nil {
var ok bool
- marshalKey, ok = mo.Marshalers.lookup(marshalKey, t.Key())
- marshalVal, _ = mo.Marshalers.lookup(marshalVal, t.Elem())
+ marshalKey, ok = mo.Marshalers.(*Marshalers).lookup(marshalKey, t.Key())
+ marshalVal, _ = mo.Marshalers.(*Marshalers).lookup(marshalVal, t.Elem())
nonDefaultKey = nonDefaultKey || ok
}
k := newAddressableValue(t.Key())
@@ -624,22 +778,29 @@ func makeMapArshaler(t reflect.Type) *arshaler {
// A Go map guarantees that each entry has a unique key.
// As such, disable the expensive duplicate name check if we know
// that every Go key will serialize as a unique JSON string.
- if !nonDefaultKey && mapKeyWithUniqueRepresentation(k.Kind(), enc.options.AllowInvalidUTF8) {
- enc.tokens.last.disableNamespace()
+ if !nonDefaultKey && mapKeyWithUniqueRepresentation(k.Kind(), mo.Flags.Get(jsonflags.AllowInvalidUTF8)) {
+ xe.Tokens.Last.DisableNamespace()
}
switch {
- case !mo.Deterministic || n <= 1:
+ case !mo.Flags.Get(jsonflags.Deterministic) || n <= 1:
for iter := va.Value.MapRange(); iter.Next(); {
k.SetIterKey(iter)
- if err := marshalKey(mko, enc, k); err != nil {
- // TODO: If err is errMissingName, then wrap it as a
- // SemanticError since this key type cannot be serialized
- // as a JSON string.
- return err
+ err := marshalKey(enc, k, mo)
+ if err != nil {
+ if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) &&
+ errors.Is(err, jsontext.ErrNonStringName) && nillableLegacyKey && k.IsNil() {
+ err = enc.WriteToken(jsontext.String(""))
+ }
+ if err != nil {
+ if serr, ok := err.(*jsontext.SyntacticError); ok && serr.Err == jsontext.ErrNonStringName {
+ err = newMarshalErrorBefore(enc, k.Type(), err)
+ }
+ return err
+ }
}
v.SetIterValue(iter)
- if err := marshalVal(mo, enc, v); err != nil {
+ if err := marshalVal(enc, v, mo); err != nil {
return err
}
}
@@ -651,13 +812,13 @@ func makeMapArshaler(t reflect.Type) *arshaler {
}
names.Sort()
for _, name := range *names {
- if err := enc.WriteToken(String(name)); err != nil {
+ if err := enc.WriteToken(jsontext.String(name)); err != nil {
return err
}
// TODO(https://go.dev/issue/57061): Use v.SetMapIndexOf.
k.SetString(name)
v.Set(va.MapIndex(k.Value))
- if err := marshalVal(mo, enc, v); err != nil {
+ if err := marshalVal(enc, v, mo); err != nil {
return err
}
}
@@ -666,52 +827,62 @@ func makeMapArshaler(t reflect.Type) *arshaler {
type member struct {
name string // unquoted name
key addressableValue
+ val addressableValue
}
members := make([]member, n)
keys := reflect.MakeSlice(reflect.SliceOf(t.Key()), n, n)
+ vals := reflect.MakeSlice(reflect.SliceOf(t.Elem()), n, n)
for i, iter := 0, va.Value.MapRange(); i < n && iter.Next(); i++ {
// Marshal the member name.
- k := addressableValue{keys.Index(i)} // indexed slice element is always addressable
+ k := addressableValue{keys.Index(i), true} // indexed slice element is always addressable
k.SetIterKey(iter)
- if err := marshalKey(mko, enc, k); err != nil {
- // TODO: If err is errMissingName, then wrap it as a
- // SemanticError since this key type cannot be serialized
- // as a JSON string.
- return err
+ v := addressableValue{vals.Index(i), true} // indexed slice element is always addressable
+ v.SetIterValue(iter)
+ err := marshalKey(enc, k, mo)
+ if err != nil {
+ if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) &&
+ errors.Is(err, jsontext.ErrNonStringName) && nillableLegacyKey && k.IsNil() {
+ err = enc.WriteToken(jsontext.String(""))
+ }
+ if err != nil {
+ if serr, ok := err.(*jsontext.SyntacticError); ok && serr.Err == jsontext.ErrNonStringName {
+ err = newMarshalErrorBefore(enc, k.Type(), err)
+ }
+ return err
+ }
}
- name := enc.unwriteOnlyObjectMemberName()
- members[i] = member{name, k}
+ name := xe.UnwriteOnlyObjectMemberName()
+ members[i] = member{name, k, v}
}
// TODO: If AllowDuplicateNames is enabled, then sort according
// to reflect.Value as well if the names are equal.
// See internal/fmtsort.
- // TODO(https://go.dev/issue/47619): Use slices.SortFunc instead.
- sort.Slice(members, func(i, j int) bool {
- return lessUTF16(members[i].name, members[j].name)
+ slices.SortFunc(members, func(x, y member) int {
+ return strings.Compare(x.name, y.name)
})
for _, member := range members {
- if err := enc.WriteToken(String(member.name)); err != nil {
+ if err := enc.WriteToken(jsontext.String(member.name)); err != nil {
return err
}
- // TODO(https://go.dev/issue/57061): Use v.SetMapIndexOf.
- v.Set(va.MapIndex(member.key.Value))
- if err := marshalVal(mo, enc, v); err != nil {
+ if err := marshalVal(enc, member.val, mo); err != nil {
return err
}
}
}
}
- if err := enc.WriteToken(ObjectEnd); err != nil {
+ if err := enc.WriteToken(jsontext.EndObject); err != nil {
return err
}
return nil
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- if uo.format == "emitnull" {
- uo.format = "" // only relevant for marshaling
- } else {
- return newInvalidFormatError("unmarshal", t, uo.format)
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ switch uo.Format {
+ case "emitnull", "emitempty":
+ uo.Format = "" // only relevant for marshaling
+ default:
+ return newInvalidFormatError(dec, t)
}
}
tok, err := dec.ReadToken()
@@ -721,7 +892,7 @@ func makeMapArshaler(t reflect.Type) *arshaler {
k := tok.Kind()
switch k {
case 'n':
- va.Set(reflect.Zero(t))
+ va.SetZero()
return nil
case '{':
once.Do(init)
@@ -729,17 +900,13 @@ func makeMapArshaler(t reflect.Type) *arshaler {
va.Set(reflect.MakeMap(t))
}
- // Handle maps with numeric key types by stringifying them.
- uko := uo
- uko.StringifyNumbers = true
-
nonDefaultKey := keyFncs.nonDefault
unmarshalKey := keyFncs.unmarshal
unmarshalVal := valFncs.unmarshal
if uo.Unmarshalers != nil {
var ok bool
- unmarshalKey, ok = uo.Unmarshalers.lookup(unmarshalKey, t.Key())
- unmarshalVal, _ = uo.Unmarshalers.lookup(unmarshalVal, t.Elem())
+ unmarshalKey, ok = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshalKey, t.Key())
+ unmarshalVal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshalVal, t.Elem())
nonDefaultKey = nonDefaultKey || ok
}
k := newAddressableValue(t.Key())
@@ -751,8 +918,8 @@ func makeMapArshaler(t reflect.Type) *arshaler {
// will be rejected as duplicates since they semantically refer
// to the same Go value. This is an unusual interaction
// between syntax and semantics, but is more correct.
- if !nonDefaultKey && mapKeyWithUniqueRepresentation(k.Kind(), dec.options.AllowInvalidUTF8) {
- dec.tokens.last.disableNamespace()
+ if !nonDefaultKey && mapKeyWithUniqueRepresentation(k.Kind(), uo.Flags.Get(jsonflags.AllowInvalidUTF8)) {
+ xd.Tokens.Last.DisableNamespace()
}
// In the rare case where the map is not already empty,
@@ -760,46 +927,72 @@ func makeMapArshaler(t reflect.Type) *arshaler {
// since existing presence alone is insufficient to indicate
// whether the input had a duplicate name.
var seen reflect.Value
- if !dec.options.AllowDuplicateNames && va.Len() > 0 {
+ if !uo.Flags.Get(jsonflags.AllowDuplicateNames) && va.Len() > 0 {
seen = reflect.MakeMap(reflect.MapOf(k.Type(), emptyStructType))
}
+ var errUnmarshal error
for dec.PeekKind() != '}' {
- k.Set(reflect.Zero(t.Key()))
- if err := unmarshalKey(uko, dec, k); err != nil {
- return err
+ // Unmarshal the map entry key.
+ k.SetZero()
+ err := unmarshalKey(dec, k, uo)
+ if err != nil {
+ if isFatalError(err, uo.Flags) {
+ return err
+ }
+ if err := dec.SkipValue(); err != nil {
+ return err
+ }
+ errUnmarshal = cmp.Or(errUnmarshal, err)
+ continue
}
if k.Kind() == reflect.Interface && !k.IsNil() && !k.Elem().Type().Comparable() {
- err := fmt.Errorf("invalid incomparable key type %v", k.Elem().Type())
- return &SemanticError{action: "unmarshal", GoType: t, Err: err}
+ err := newUnmarshalErrorAfter(dec, t, fmt.Errorf("invalid incomparable key type %v", k.Elem().Type()))
+ if !uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return err
+ }
+ if err2 := dec.SkipValue(); err2 != nil {
+ return err2
+ }
+ errUnmarshal = cmp.Or(errUnmarshal, err)
+ continue
}
+ // Check if a pre-existing map entry value exists for this key.
if v2 := va.MapIndex(k.Value); v2.IsValid() {
- if !dec.options.AllowDuplicateNames && (!seen.IsValid() || seen.MapIndex(k.Value).IsValid()) {
+ if !uo.Flags.Get(jsonflags.AllowDuplicateNames) && (!seen.IsValid() || seen.MapIndex(k.Value).IsValid()) {
// TODO: Unread the object name.
- name := dec.previousBuffer()
- err := &SyntacticError{str: "duplicate name " + string(name) + " in object"}
- return err.withOffset(dec.InputOffset() - int64(len(name)))
+ name := xd.PreviousTokenOrValue()
+ return newDuplicateNameError(dec.StackPointer(), nil, dec.InputOffset()-len64(name))
+ }
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ v.Set(v2)
+ } else {
+ v.SetZero()
}
- v.Set(v2)
} else {
- v.Set(reflect.Zero(v.Type()))
+ v.SetZero()
}
- err := unmarshalVal(uo, dec, v)
+
+ // Unmarshal the map entry value.
+ err = unmarshalVal(dec, v, uo)
va.SetMapIndex(k.Value, v.Value)
if seen.IsValid() {
seen.SetMapIndex(k.Value, reflect.Zero(emptyStructType))
}
if err != nil {
- return err
+ if isFatalError(err, uo.Flags) {
+ return err
+ }
+ errUnmarshal = cmp.Or(errUnmarshal, err)
}
}
if _, err := dec.ReadToken(); err != nil {
return err
}
- return nil
+ return errUnmarshal
}
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
+ return newUnmarshalErrorAfterWithSkipping(dec, t, nil)
}
return &fncs
}
@@ -812,7 +1005,7 @@ func mapKeyWithUniqueRepresentation(k reflect.Kind, allowInvalidUTF8 bool) bool
switch k {
case reflect.Bool,
reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
- reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+ reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
return true
case reflect.String:
// For strings, we have to be careful since names with invalid UTF-8
@@ -825,6 +1018,8 @@ func mapKeyWithUniqueRepresentation(k reflect.Kind, allowInvalidUTF8 bool) bool
}
}
+var errNilField = errors.New("cannot set embedded pointer to unexported struct type")
+
func makeStructArshaler(t reflect.Type) *arshaler {
// NOTE: The logic below disables namespaces for tracking duplicate names
// and does the tracking locally with an efficient bit-set based on which
@@ -839,27 +1034,26 @@ func makeStructArshaler(t reflect.Type) *arshaler {
init := func() {
fields, errInit = makeStructFields(t)
}
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- return newInvalidFormatError("marshal", t, mo.format)
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ xe := export.Encoder(enc)
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ return newInvalidFormatError(enc, t)
}
once.Do(init)
- if errInit != nil {
- err := *errInit // shallow copy SemanticError
- err.action = "marshal"
- return &err
+ if errInit != nil && !mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return newMarshalErrorBefore(enc, errInit.GoType, errInit.Err)
}
- if err := enc.WriteToken(ObjectStart); err != nil {
+ if err := enc.WriteToken(jsontext.BeginObject); err != nil {
return err
}
var seenIdxs uintSet
prevIdx := -1
- enc.tokens.last.disableNamespace() // we manually ensure unique names below
+ xe.Tokens.Last.DisableNamespace() // we manually ensure unique names below
for i := range fields.flattened {
f := &fields.flattened[i]
- v := addressableValue{va.Field(f.index[0])} // addressable if struct value is addressable
- if len(f.index) > 1 {
- v = v.fieldByIndex(f.index[1:], false)
+ v := addressableValue{va.Field(f.index0), va.forcedAddr} // addressable if struct value is addressable
+ if len(f.index) > 0 {
+ v = v.fieldByIndex(f.index, false)
if !v.IsValid() {
continue // implies a nil inlined field
}
@@ -867,7 +1061,13 @@ func makeStructArshaler(t reflect.Type) *arshaler {
// OmitZero skips the field if the Go value is zero,
// which we can determine up front without calling the marshaler.
- if f.omitzero && ((f.isZero == nil && v.IsZero()) || (f.isZero != nil && f.isZero(v))) {
+ if (f.omitzero || mo.Flags.Get(jsonflags.OmitZeroStructFields)) &&
+ ((f.isZero == nil && v.IsZero()) || (f.isZero != nil && f.isZero(v))) {
+ continue
+ }
+
+ // Check for the legacy definition of omitempty.
+ if f.omitempty && mo.Flags.Get(jsonflags.OmitEmptyWithLegacySemantics) && isLegacyEmpty(v) {
continue
}
@@ -875,14 +1075,15 @@ func makeStructArshaler(t reflect.Type) *arshaler {
nonDefault := f.fncs.nonDefault
if mo.Marshalers != nil {
var ok bool
- marshal, ok = mo.Marshalers.lookup(marshal, f.typ)
+ marshal, ok = mo.Marshalers.(*Marshalers).lookup(marshal, f.typ)
nonDefault = nonDefault || ok
}
// OmitEmpty skips the field if the marshaled JSON value is empty,
// which we can know up front if there are no custom marshalers,
// otherwise we must marshal the value and unwrite it if empty.
- if f.omitempty && !nonDefault && f.isEmpty != nil && f.isEmpty(v) {
+ if f.omitempty && !mo.Flags.Get(jsonflags.OmitEmptyWithLegacySemantics) &&
+ !nonDefault && f.isEmpty != nil && f.isEmpty(v) {
continue // fast path for omitempty
}
@@ -898,50 +1099,60 @@ func makeStructArshaler(t reflect.Type) *arshaler {
// 5. There is no possibility of an error occurring.
if optimizeCommon {
// Append any delimiters or optional whitespace.
- if enc.tokens.last.length() > 0 {
- enc.buf = append(enc.buf, ',')
+ b := xe.Buf
+ if xe.Tokens.Last.Length() > 0 {
+ b = append(b, ',')
+ if mo.Flags.Get(jsonflags.SpaceAfterComma) {
+ b = append(b, ' ')
+ }
}
- if enc.options.multiline {
- enc.buf = enc.appendIndent(enc.buf, enc.tokens.needIndent('"'))
+ if mo.Flags.Get(jsonflags.Multiline) {
+ b = xe.AppendIndent(b, xe.Tokens.NeedIndent('"'))
}
// Append the token to the output and to the state machine.
- n0 := len(enc.buf) // offset before calling appendString
- if enc.options.EscapeRune == nil {
- enc.buf = append(enc.buf, f.quotedName...)
+ n0 := len(b) // offset before calling AppendQuote
+ if !f.nameNeedEscape {
+ b = append(b, f.quotedName...)
} else {
- enc.buf, _ = appendString(enc.buf, f.name, false, enc.options.EscapeRune)
+ b, _ = jsonwire.AppendQuote(b, f.name, &mo.Flags)
}
- if !enc.options.AllowDuplicateNames {
- enc.names.replaceLastQuotedOffset(n0)
- }
- enc.tokens.last.increment()
+ xe.Buf = b
+ xe.Names.ReplaceLastQuotedOffset(n0)
+ xe.Tokens.Last.Increment()
} else {
- if err := enc.WriteToken(String(f.name)); err != nil {
+ if err := enc.WriteToken(jsontext.String(f.name)); err != nil {
return err
}
}
// Write the object member value.
- mo2 := mo
+ flagsOriginal := mo.Flags
if f.string {
- mo2.StringifyNumbers = true
+ if !mo.Flags.Get(jsonflags.StringifyWithLegacySemantics) {
+ mo.Flags.Set(jsonflags.StringifyNumbers | 1)
+ } else if canLegacyStringify(f.typ) {
+ mo.Flags.Set(jsonflags.StringifyNumbers | jsonflags.StringifyBoolsAndStrings | 1)
+ }
}
if f.format != "" {
- mo2.formatDepth = enc.tokens.depth()
- mo2.format = f.format
+ mo.FormatDepth = xe.Tokens.Depth()
+ mo.Format = f.format
}
- if err := marshal(mo2, enc, v); err != nil {
+ err := marshal(enc, v, mo)
+ mo.Flags = flagsOriginal
+ mo.Format = ""
+ if err != nil {
return err
}
// Try unwriting the member if empty (slow path for omitempty).
- if f.omitempty {
+ if f.omitempty && !mo.Flags.Get(jsonflags.OmitEmptyWithLegacySemantics) {
var prevName *string
if prevIdx >= 0 {
prevName = &fields.flattened[prevIdx].name
}
- if enc.unwriteEmptyObjectMember(prevName) {
+ if xe.UnwriteEmptyObjectMember(prevName) {
continue
}
}
@@ -949,23 +1160,23 @@ func makeStructArshaler(t reflect.Type) *arshaler {
// Remember the previous written object member.
// The set of seen fields only needs to be updated to detect
// duplicate names with those from the inlined fallback.
- if !enc.options.AllowDuplicateNames && fields.inlinedFallback != nil {
+ if !mo.Flags.Get(jsonflags.AllowDuplicateNames) && fields.inlinedFallback != nil {
seenIdxs.insert(uint(f.id))
}
prevIdx = f.id
}
- if fields.inlinedFallback != nil && !(mo.DiscardUnknownMembers && fields.inlinedFallback.unknown) {
+ if fields.inlinedFallback != nil && !(mo.Flags.Get(jsonflags.DiscardUnknownMembers) && fields.inlinedFallback.unknown) {
var insertUnquotedName func([]byte) bool
- if !enc.options.AllowDuplicateNames {
+ if !mo.Flags.Get(jsonflags.AllowDuplicateNames) {
insertUnquotedName = func(name []byte) bool {
// Check that the name from inlined fallback does not match
// one of the previously marshaled names from known fields.
- if foldedFields := fields.byFoldedName[string(foldName(name))]; len(foldedFields) > 0 {
+ if foldedFields := fields.lookupByFoldedName(name); len(foldedFields) > 0 {
if f := fields.byActualName[string(name)]; f != nil {
return seenIdxs.insert(uint(f.id))
}
for _, f := range foldedFields {
- if f.nocase {
+ if f.matchFoldedName(name, &mo.Flags) {
return seenIdxs.insert(uint(f.id))
}
}
@@ -973,21 +1184,22 @@ func makeStructArshaler(t reflect.Type) *arshaler {
// Check that the name does not match any other name
// previously marshaled from the inlined fallback.
- return enc.namespaces.last().insertUnquoted(name)
+ return xe.Namespaces.Last().InsertUnquoted(name)
}
}
- if err := marshalInlinedFallbackAll(mo, enc, va, fields.inlinedFallback, insertUnquotedName); err != nil {
+ if err := marshalInlinedFallbackAll(enc, va, mo, fields.inlinedFallback, insertUnquotedName); err != nil {
return err
}
}
- if err := enc.WriteToken(ObjectEnd); err != nil {
+ if err := enc.WriteToken(jsontext.EndObject); err != nil {
return err
}
return nil
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- return newInvalidFormatError("unmarshal", t, uo.format)
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ return newInvalidFormatError(dec, t)
}
tok, err := dec.ReadToken()
if err != nil {
@@ -996,41 +1208,45 @@ func makeStructArshaler(t reflect.Type) *arshaler {
k := tok.Kind()
switch k {
case 'n':
- va.Set(reflect.Zero(t))
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetZero()
+ }
return nil
case '{':
once.Do(init)
- if errInit != nil {
- err := *errInit // shallow copy SemanticError
- err.action = "unmarshal"
- return &err
+ if errInit != nil && !uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return newUnmarshalErrorAfter(dec, errInit.GoType, errInit.Err)
}
var seenIdxs uintSet
- dec.tokens.last.disableNamespace()
+ xd.Tokens.Last.DisableNamespace()
+ var errUnmarshal error
for dec.PeekKind() != '}' {
// Process the object member name.
- var flags valueFlags
- val, err := dec.readValue(&flags)
+ var flags jsonwire.ValueFlags
+ val, err := xd.ReadValue(&flags)
if err != nil {
return err
}
- name := unescapeStringMayCopy(val, flags.isVerbatim())
+ name := jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
f := fields.byActualName[string(name)]
if f == nil {
- for _, f2 := range fields.byFoldedName[string(foldName(name))] {
- if f2.nocase {
+ for _, f2 := range fields.lookupByFoldedName(name) {
+ if f2.matchFoldedName(name, &uo.Flags) {
f = f2
break
}
}
if f == nil {
- if uo.RejectUnknownMembers && (fields.inlinedFallback == nil || fields.inlinedFallback.unknown) {
- return &SemanticError{action: "unmarshal", GoType: t, Err: fmt.Errorf("unknown name %s", val)}
+ if uo.Flags.Get(jsonflags.RejectUnknownMembers) && (fields.inlinedFallback == nil || fields.inlinedFallback.unknown) {
+ err := newUnmarshalErrorAfter(dec, t, ErrUnknownName)
+ if !uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return err
+ }
+ errUnmarshal = cmp.Or(errUnmarshal, err)
}
- if !dec.options.AllowDuplicateNames && !dec.namespaces.last().insertUnquoted(name) {
+ if !uo.Flags.Get(jsonflags.AllowDuplicateNames) && !xd.Namespaces.Last().InsertUnquoted(name) {
// TODO: Unread the object name.
- err := &SyntacticError{str: "duplicate name " + string(val) + " in object"}
- return err.withOffset(dec.InputOffset() - int64(len(val)))
+ return newDuplicateNameError(dec.StackPointer(), nil, dec.InputOffset()-len64(val))
}
if fields.inlinedFallback == nil {
@@ -1040,46 +1256,68 @@ func makeStructArshaler(t reflect.Type) *arshaler {
}
} else {
// Marshal into value capable of storing arbitrary object members.
- if err := unmarshalInlinedFallbackNext(uo, dec, va, fields.inlinedFallback, val, name); err != nil {
- return err
+ if err := unmarshalInlinedFallbackNext(dec, va, uo, fields.inlinedFallback, val, name); err != nil {
+ if isFatalError(err, uo.Flags) {
+ return err
+ }
+ errUnmarshal = cmp.Or(errUnmarshal, err)
}
}
continue
}
}
- if !dec.options.AllowDuplicateNames && !seenIdxs.insert(uint(f.id)) {
+ if !uo.Flags.Get(jsonflags.AllowDuplicateNames) && !seenIdxs.insert(uint(f.id)) {
// TODO: Unread the object name.
- err := &SyntacticError{str: "duplicate name " + string(val) + " in object"}
- return err.withOffset(dec.InputOffset() - int64(len(val)))
+ return newDuplicateNameError(dec.StackPointer(), nil, dec.InputOffset()-len64(val))
}
// Process the object member value.
unmarshal := f.fncs.unmarshal
if uo.Unmarshalers != nil {
- unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, f.typ)
+ unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, f.typ)
}
- uo2 := uo
+ flagsOriginal := uo.Flags
if f.string {
- uo2.StringifyNumbers = true
+ if !uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) {
+ uo.Flags.Set(jsonflags.StringifyNumbers | 1)
+ } else if canLegacyStringify(f.typ) {
+ uo.Flags.Set(jsonflags.StringifyNumbers | jsonflags.StringifyBoolsAndStrings | 1)
+ }
}
if f.format != "" {
- uo2.formatDepth = dec.tokens.depth()
- uo2.format = f.format
+ uo.FormatDepth = xd.Tokens.Depth()
+ uo.Format = f.format
}
- v := addressableValue{va.Field(f.index[0])} // addressable if struct value is addressable
- if len(f.index) > 1 {
- v = v.fieldByIndex(f.index[1:], true)
+ v := addressableValue{va.Field(f.index0), va.forcedAddr} // addressable if struct value is addressable
+ if len(f.index) > 0 {
+ v = v.fieldByIndex(f.index, true)
+ if !v.IsValid() {
+ err := newUnmarshalErrorBefore(dec, t, errNilField)
+ if !uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return err
+ }
+ errUnmarshal = cmp.Or(errUnmarshal, err)
+ unmarshal = func(dec *jsontext.Decoder, _ addressableValue, _ *jsonopts.Struct) error {
+ return dec.SkipValue()
+ }
+ }
}
- if err := unmarshal(uo2, dec, v); err != nil {
- return err
+ err = unmarshal(dec, v, uo)
+ uo.Flags = flagsOriginal
+ uo.Format = ""
+ if err != nil {
+ if isFatalError(err, uo.Flags) {
+ return err
+ }
+ errUnmarshal = cmp.Or(errUnmarshal, err)
}
}
if _, err := dec.ReadToken(); err != nil {
return err
}
- return nil
+ return errUnmarshal
}
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
+ return newUnmarshalErrorAfterWithSkipping(dec, t, nil)
}
return &fncs
}
@@ -1090,7 +1328,7 @@ func (va addressableValue) fieldByIndex(index []int, mayAlloc bool) addressableV
if !va.IsValid() {
return va
}
- va = addressableValue{va.Field(i)} // addressable if struct value is addressable
+ va = addressableValue{va.Field(i), va.forcedAddr} // addressable if struct value is addressable
}
return va
}
@@ -1098,16 +1336,55 @@ func (va addressableValue) fieldByIndex(index []int, mayAlloc bool) addressableV
func (va addressableValue) indirect(mayAlloc bool) addressableValue {
if va.Kind() == reflect.Pointer {
if va.IsNil() {
- if !mayAlloc {
+ if !mayAlloc || !va.CanSet() {
return addressableValue{}
}
va.Set(reflect.New(va.Type().Elem()))
}
- va = addressableValue{va.Elem()} // dereferenced pointer is always addressable
+ va = addressableValue{va.Elem(), false} // dereferenced pointer is always addressable
}
return va
}
+// isLegacyEmpty reports whether a value is empty according to the v1 definition.
+func isLegacyEmpty(v addressableValue) bool {
+ // Equivalent to encoding/json.isEmptyValue@v1.21.0.
+ switch v.Kind() {
+ case reflect.Bool:
+ return v.Bool() == false
+ case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+ return v.Int() == 0
+ case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+ return v.Uint() == 0
+ case reflect.Float32, reflect.Float64:
+ return v.Float() == 0
+ case reflect.String, reflect.Map, reflect.Slice, reflect.Array:
+ return v.Len() == 0
+ case reflect.Pointer, reflect.Interface:
+ return v.IsNil()
+ }
+ return false
+}
+
+// canLegacyStringify reports whether t can be stringified according to v1,
+// where t is a bool, string, or number (or unnamed pointer to such).
+// In v1, the `string` option does not apply recursively to nested types within
+// a composite Go type (e.g., an array, slice, struct, map, or interface).
+func canLegacyStringify(t reflect.Type) bool {
+ // Based on encoding/json.typeFields#L1126-L1143@v1.23.0
+ if t.Name() == "" && t.Kind() == reflect.Ptr {
+ t = t.Elem()
+ }
+ switch t.Kind() {
+ case reflect.Bool, reflect.String,
+ reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+ reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr,
+ reflect.Float32, reflect.Float64:
+ return true
+ }
+ return false
+}
+
func makeSliceArshaler(t reflect.Type) *arshaler {
var fncs arshaler
var (
@@ -1117,64 +1394,75 @@ func makeSliceArshaler(t reflect.Type) *arshaler {
init := func() {
valFncs = lookupArshaler(t.Elem())
}
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
// Check for cycles.
- if enc.tokens.depth() > startDetectingCyclesAfter {
- if err := enc.seenPointers.visit(va.Value); err != nil {
- return err
- }
- defer enc.seenPointers.leave(va.Value)
- }
-
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- if mo.format == "emitnull" {
- if va.IsNil() {
- return enc.WriteToken(Null)
- }
- mo.format = ""
- } else {
- return newInvalidFormatError("marshal", t, mo.format)
+ xe := export.Encoder(enc)
+ if xe.Tokens.Depth() > startDetectingCyclesAfter {
+ if err := visitPointer(&xe.SeenPointers, va.Value); err != nil {
+ return newMarshalErrorBefore(enc, t, err)
+ }
+ defer leavePointer(&xe.SeenPointers, va.Value)
+ }
+
+ emitNull := mo.Flags.Get(jsonflags.FormatNilSliceAsNull)
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ switch mo.Format {
+ case "emitnull":
+ emitNull = true
+ mo.Format = ""
+ case "emitempty":
+ emitNull = false
+ mo.Format = ""
+ default:
+ return newInvalidFormatError(enc, t)
}
}
- // Optimize for marshaling an empty slice without any preceding whitespace.
+ // Handle empty slices.
n := va.Len()
- if optimizeCommon && n == 0 && !enc.options.multiline && !enc.tokens.last.needObjectName() {
- enc.buf = enc.tokens.mayAppendDelim(enc.buf, '[')
- enc.buf = append(enc.buf, "[]"...)
- enc.tokens.last.increment()
- if enc.needFlush() {
- return enc.flush()
+ if n == 0 {
+ if emitNull && va.IsNil() {
+ return enc.WriteToken(jsontext.Null)
+ }
+ // Optimize for marshaling an empty slice without any preceding whitespace.
+ if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace) && !xe.Tokens.Last.NeedObjectName() {
+ xe.Buf = append(xe.Tokens.MayAppendDelim(xe.Buf, '['), "[]"...)
+ xe.Tokens.Last.Increment()
+ if xe.NeedFlush() {
+ return xe.Flush()
+ }
+ return nil
}
- return nil
}
once.Do(init)
- if err := enc.WriteToken(ArrayStart); err != nil {
+ if err := enc.WriteToken(jsontext.BeginArray); err != nil {
return err
}
marshal := valFncs.marshal
if mo.Marshalers != nil {
- marshal, _ = mo.Marshalers.lookup(marshal, t.Elem())
+ marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, t.Elem())
}
- for i := 0; i < n; i++ {
- v := addressableValue{va.Index(i)} // indexed slice element is always addressable
- if err := marshal(mo, enc, v); err != nil {
+ for i := range n {
+ v := addressableValue{va.Index(i), false} // indexed slice element is always addressable
+ if err := marshal(enc, v, mo); err != nil {
return err
}
}
- if err := enc.WriteToken(ArrayEnd); err != nil {
+ if err := enc.WriteToken(jsontext.EndArray); err != nil {
return err
}
return nil
}
emptySlice := reflect.MakeSlice(t, 0, 0)
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- if uo.format == "emitnull" {
- uo.format = "" // only relevant for marshaling
- } else {
- return newInvalidFormatError("unmarshal", t, uo.format)
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ switch uo.Format {
+ case "emitnull", "emitempty":
+ uo.Format = "" // only relevant for marshaling
+ default:
+ return newInvalidFormatError(dec, t)
}
}
@@ -1185,13 +1473,13 @@ func makeSliceArshaler(t reflect.Type) *arshaler {
k := tok.Kind()
switch k {
case 'n':
- va.Set(reflect.Zero(t))
+ va.SetZero()
return nil
case '[':
once.Do(init)
unmarshal := valFncs.unmarshal
if uo.Unmarshalers != nil {
- unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, t.Elem())
+ unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, t.Elem())
}
mustZero := true // we do not know the cleanliness of unused capacity
cap := va.Cap()
@@ -1199,22 +1487,25 @@ func makeSliceArshaler(t reflect.Type) *arshaler {
va.SetLen(cap)
}
var i int
+ var errUnmarshal error
for dec.PeekKind() != ']' {
if i == cap {
- // TODO(https://go.dev/issue/48000): Use reflect.Value.Append.
- va.Set(reflect.Append(va.Value, reflect.Zero(t.Elem())))
+ va.Value.Grow(1)
cap = va.Cap()
va.SetLen(cap)
- mustZero = false // append guarantees that unused capacity is zero-initialized
+ mustZero = false // reflect.Value.Grow ensures new capacity is zero-initialized
}
- v := addressableValue{va.Index(i)} // indexed slice element is always addressable
+ v := addressableValue{va.Index(i), false} // indexed slice element is always addressable
i++
- if mustZero {
- v.Set(reflect.Zero(t.Elem()))
+ if mustZero && !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ v.SetZero()
}
- if err := unmarshal(uo, dec, v); err != nil {
- va.SetLen(i)
- return err
+ if err := unmarshal(dec, v, uo); err != nil {
+ if isFatalError(err, uo.Flags) {
+ va.SetLen(i)
+ return err
+ }
+ errUnmarshal = cmp.Or(errUnmarshal, err)
}
}
if i == 0 {
@@ -1225,13 +1516,16 @@ func makeSliceArshaler(t reflect.Type) *arshaler {
if _, err := dec.ReadToken(); err != nil {
return err
}
- return nil
+ return errUnmarshal
}
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
+ return newUnmarshalErrorAfterWithSkipping(dec, t, nil)
}
return &fncs
}
+var errArrayUnderflow = errors.New("too few array elements")
+var errArrayOverflow = errors.New("too many array elements")
+
func makeArrayArshaler(t reflect.Type) *arshaler {
var fncs arshaler
var (
@@ -1242,32 +1536,34 @@ func makeArrayArshaler(t reflect.Type) *arshaler {
valFncs = lookupArshaler(t.Elem())
}
n := t.Len()
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- return newInvalidFormatError("marshal", t, mo.format)
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ xe := export.Encoder(enc)
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ return newInvalidFormatError(enc, t)
}
once.Do(init)
- if err := enc.WriteToken(ArrayStart); err != nil {
+ if err := enc.WriteToken(jsontext.BeginArray); err != nil {
return err
}
marshal := valFncs.marshal
if mo.Marshalers != nil {
- marshal, _ = mo.Marshalers.lookup(marshal, t.Elem())
+ marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, t.Elem())
}
- for i := 0; i < n; i++ {
- v := addressableValue{va.Index(i)} // indexed array element is addressable if array is addressable
- if err := marshal(mo, enc, v); err != nil {
+ for i := range n {
+ v := addressableValue{va.Index(i), va.forcedAddr} // indexed array element is addressable if array is addressable
+ if err := marshal(enc, v, mo); err != nil {
return err
}
}
- if err := enc.WriteToken(ArrayEnd); err != nil {
+ if err := enc.WriteToken(jsontext.EndArray); err != nil {
return err
}
return nil
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- return newInvalidFormatError("unmarshal", t, uo.format)
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ return newInvalidFormatError(dec, t)
}
tok, err := dec.ReadToken()
if err != nil {
@@ -1276,37 +1572,51 @@ func makeArrayArshaler(t reflect.Type) *arshaler {
k := tok.Kind()
switch k {
case 'n':
- va.Set(reflect.Zero(t))
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetZero()
+ }
return nil
case '[':
once.Do(init)
unmarshal := valFncs.unmarshal
if uo.Unmarshalers != nil {
- unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, t.Elem())
+ unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, t.Elem())
}
var i int
+ var errUnmarshal error
for dec.PeekKind() != ']' {
if i >= n {
- err := errors.New("too many array elements")
- return &SemanticError{action: "unmarshal", GoType: t, Err: err}
+ if err := dec.SkipValue(); err != nil {
+ return err
+ }
+ err = errArrayOverflow
+ continue
}
- v := addressableValue{va.Index(i)} // indexed array element is addressable if array is addressable
- v.Set(reflect.Zero(v.Type()))
- if err := unmarshal(uo, dec, v); err != nil {
- return err
+ v := addressableValue{va.Index(i), va.forcedAddr} // indexed array element is addressable if array is addressable
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ v.SetZero()
+ }
+ if err := unmarshal(dec, v, uo); err != nil {
+ if isFatalError(err, uo.Flags) {
+ return err
+ }
+ errUnmarshal = cmp.Or(errUnmarshal, err)
}
i++
}
+ for ; i < n; i++ {
+ va.Index(i).SetZero()
+ err = errArrayUnderflow
+ }
if _, err := dec.ReadToken(); err != nil {
return err
}
- if i < n {
- err := errors.New("too few array elements")
- return &SemanticError{action: "unmarshal", GoType: t, Err: err}
+ if err != nil && !uo.Flags.Get(jsonflags.UnmarshalArrayFromAnyLength) {
+ return newUnmarshalErrorAfter(dec, t, err)
}
- return nil
+ return errUnmarshal
}
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
+ return newUnmarshalErrorAfterWithSkipping(dec, t, nil)
}
return &fncs
}
@@ -1320,46 +1630,62 @@ func makePointerArshaler(t reflect.Type) *arshaler {
init := func() {
valFncs = lookupArshaler(t.Elem())
}
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
// Check for cycles.
- if enc.tokens.depth() > startDetectingCyclesAfter {
- if err := enc.seenPointers.visit(va.Value); err != nil {
- return err
+ xe := export.Encoder(enc)
+ if xe.Tokens.Depth() > startDetectingCyclesAfter {
+ if err := visitPointer(&xe.SeenPointers, va.Value); err != nil {
+ return newMarshalErrorBefore(enc, t, err)
}
- defer enc.seenPointers.leave(va.Value)
+ defer leavePointer(&xe.SeenPointers, va.Value)
}
- // NOTE: MarshalOptions.format is forwarded to underlying marshal.
+ // NOTE: Struct.Format is forwarded to underlying marshal.
if va.IsNil() {
- return enc.WriteToken(Null)
+ return enc.WriteToken(jsontext.Null)
}
once.Do(init)
marshal := valFncs.marshal
if mo.Marshalers != nil {
- marshal, _ = mo.Marshalers.lookup(marshal, t.Elem())
+ marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, t.Elem())
}
- v := addressableValue{va.Elem()} // dereferenced pointer is always addressable
- return marshal(mo, enc, v)
+ v := addressableValue{va.Elem(), false} // dereferenced pointer is always addressable
+ return marshal(enc, v, mo)
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- // NOTE: UnmarshalOptions.format is forwarded to underlying unmarshal.
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ // NOTE: Struct.Format is forwarded to underlying unmarshal.
if dec.PeekKind() == 'n' {
if _, err := dec.ReadToken(); err != nil {
return err
}
- va.Set(reflect.Zero(t))
+ va.SetZero()
return nil
}
once.Do(init)
unmarshal := valFncs.unmarshal
if uo.Unmarshalers != nil {
- unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, t.Elem())
+ unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, t.Elem())
}
if va.IsNil() {
va.Set(reflect.New(t.Elem()))
}
- v := addressableValue{va.Elem()} // dereferenced pointer is always addressable
- return unmarshal(uo, dec, v)
+ v := addressableValue{va.Elem(), false} // dereferenced pointer is always addressable
+ if err := unmarshal(dec, v, uo); err != nil {
+ return err
+ }
+ if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) &&
+ uo.Flags.Get(jsonflags.StringifyNumbers|jsonflags.StringifyBoolsAndStrings) {
+ // A JSON null quoted within a JSON string should take effect
+ // within the pointer value, rather than the indirect value.
+ //
+ // TODO: This does not correctly handle escaped nulls
+ // (e.g., "\u006e\u0075\u006c\u006c"), but is good enough
+ // for such an esoteric use case of the `string` option.
+ if string(export.Decoder(dec).PreviousTokenOrValue()) == `"null"` {
+ va.SetZero()
+ }
+ }
+ return nil
}
return &fncs
}
@@ -1370,34 +1696,82 @@ func makeInterfaceArshaler(t reflect.Type) *arshaler {
// store them back into the interface afterwards.
var fncs arshaler
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- return newInvalidFormatError("marshal", t, mo.format)
+ var whichMarshaler reflect.Type
+ for _, iface := range allMarshalerTypes {
+ if t.Implements(iface) {
+ whichMarshaler = t
+ break
+ }
+ }
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ xe := export.Encoder(enc)
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ return newInvalidFormatError(enc, t)
}
if va.IsNil() {
- return enc.WriteToken(Null)
+ return enc.WriteToken(jsontext.Null)
+ } else if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) && whichMarshaler != nil {
+ // The marshaler for a pointer never calls the method on a nil receiver.
+ // Wrap the nil pointer within a struct type so that marshal
+ // instead appears on a value receiver and may be called.
+ if va.Elem().Kind() == reflect.Pointer && va.Elem().IsNil() {
+ v2 := newAddressableValue(whichMarshaler)
+ switch whichMarshaler {
+ case jsonMarshalerToType:
+ v2.Set(reflect.ValueOf(struct{ MarshalerTo }{va.Elem().Interface().(MarshalerTo)}))
+ case jsonMarshalerType:
+ v2.Set(reflect.ValueOf(struct{ Marshaler }{va.Elem().Interface().(Marshaler)}))
+ case textAppenderType:
+ v2.Set(reflect.ValueOf(struct{ encoding.TextAppender }{va.Elem().Interface().(encoding.TextAppender)}))
+ case textMarshalerType:
+ v2.Set(reflect.ValueOf(struct{ encoding.TextMarshaler }{va.Elem().Interface().(encoding.TextMarshaler)}))
+ }
+ va = v2
+ }
}
v := newAddressableValue(va.Elem().Type())
v.Set(va.Elem())
marshal := lookupArshaler(v.Type()).marshal
if mo.Marshalers != nil {
- marshal, _ = mo.Marshalers.lookup(marshal, v.Type())
+ marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, v.Type())
}
// Optimize for the any type if there are no special options.
- if optimizeCommon && t == anyType && !mo.StringifyNumbers && mo.format == "" && (mo.Marshalers == nil || !mo.Marshalers.fromAny) {
- return marshalValueAny(mo, enc, va.Elem().Interface())
+ if optimizeCommon &&
+ t == anyType && !mo.Flags.Get(jsonflags.StringifyNumbers|jsonflags.StringifyBoolsAndStrings) && mo.Format == "" &&
+ (mo.Marshalers == nil || !mo.Marshalers.(*Marshalers).fromAny) {
+ return marshalValueAny(enc, va.Elem().Interface(), mo)
}
- return marshal(mo, enc, v)
+ return marshal(enc, v, mo)
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- return newInvalidFormatError("unmarshal", t, uo.format)
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ return newInvalidFormatError(dec, t)
+ }
+ if uo.Flags.Get(jsonflags.MergeWithLegacySemantics) && !va.IsNil() {
+ // Legacy merge behavior is difficult to explain.
+ // In general, it only merges for non-nil pointer kinds.
+ // As a special case, unmarshaling a JSON null into a pointer
+ // sets a concrete nil pointer of the underlying type
+ // (rather than setting the interface value itself to nil).
+ e := va.Elem()
+ if e.Kind() == reflect.Pointer && !e.IsNil() {
+ if dec.PeekKind() == 'n' && e.Elem().Kind() == reflect.Pointer {
+ if _, err := dec.ReadToken(); err != nil {
+ return err
+ }
+ va.Elem().Elem().SetZero()
+ return nil
+ }
+ } else {
+ va.SetZero()
+ }
}
if dec.PeekKind() == 'n' {
if _, err := dec.ReadToken(); err != nil {
return err
}
- va.Set(reflect.Zero(t))
+ va.SetZero()
return nil
}
var v addressableValue
@@ -1407,8 +1781,10 @@ func makeInterfaceArshaler(t reflect.Type) *arshaler {
// are always unmarshaled into an any value as Go strings.
// Duplicate name check must be enforced since unmarshalValueAny
// does not implement merge semantics.
- if optimizeCommon && t == anyType && uo.format == "" && (uo.Unmarshalers == nil || !uo.Unmarshalers.fromAny) && !dec.options.AllowDuplicateNames {
- v, err := unmarshalValueAny(uo, dec)
+ if optimizeCommon &&
+ t == anyType && !uo.Flags.Get(jsonflags.AllowDuplicateNames) && uo.Format == "" &&
+ (uo.Unmarshalers == nil || !uo.Unmarshalers.(*Unmarshalers).fromAny) {
+ v, err := unmarshalValueAny(dec, uo)
// We must check for nil interface values up front.
// See https://go.dev/issue/52310.
if v != nil {
@@ -1419,8 +1795,7 @@ func makeInterfaceArshaler(t reflect.Type) *arshaler {
k := dec.PeekKind()
if !isAnyType(t) {
- err := errors.New("cannot derive concrete type for non-empty interface")
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err}
+ return newUnmarshalErrorBeforeWithSkipping(dec, t, internal.ErrNilInterface)
}
switch k {
case 'f', 't':
@@ -1428,7 +1803,11 @@ func makeInterfaceArshaler(t reflect.Type) *arshaler {
case '"':
v = newAddressableValue(stringType)
case '0':
- v = newAddressableValue(float64Type)
+ if uo.Flags.Get(jsonflags.UnmarshalAnyWithRawNumber) {
+ v = addressableValue{reflect.ValueOf(internal.NewRawNumber()).Elem(), true}
+ } else {
+ v = newAddressableValue(float64Type)
+ }
case '{':
v = newAddressableValue(mapStringAnyType)
case '[':
@@ -1450,9 +1829,9 @@ func makeInterfaceArshaler(t reflect.Type) *arshaler {
}
unmarshal := lookupArshaler(v.Type()).unmarshal
if uo.Unmarshalers != nil {
- unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, v.Type())
+ unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, v.Type())
}
- err := unmarshal(uo, dec, v)
+ err := unmarshal(dec, v, uo)
va.Set(v.Value)
return err
}
@@ -1470,16 +1849,62 @@ func isAnyType(t reflect.Type) bool {
func makeInvalidArshaler(t reflect.Type) *arshaler {
var fncs arshaler
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- return &SemanticError{action: "marshal", GoType: t}
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ return newMarshalErrorBefore(enc, t, nil)
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- return &SemanticError{action: "unmarshal", GoType: t}
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ return newUnmarshalErrorBefore(dec, t, nil)
}
return &fncs
}
-func newInvalidFormatError(action string, t reflect.Type, format string) error {
- err := fmt.Errorf("invalid format flag: %q", format)
- return &SemanticError{action: action, GoType: t, Err: err}
+func stringOrNumberKind(isString bool) jsontext.Kind {
+ if isString {
+ return '"'
+ } else {
+ return '0'
+ }
+}
+
+type uintSet64 uint64
+
+func (s uintSet64) has(i uint) bool { return s&(1< 0 }
+func (s *uintSet64) set(i uint) { *s |= 1 << i }
+
+// uintSet is a set of unsigned integers.
+// It is optimized for most integers being close to zero.
+type uintSet struct {
+ lo uintSet64
+ hi []uintSet64
+}
+
+// has reports whether i is in the set.
+func (s *uintSet) has(i uint) bool {
+ if i < 64 {
+ return s.lo.has(i)
+ } else {
+ i -= 64
+ iHi, iLo := int(i/64), i%64
+ return iHi < len(s.hi) && s.hi[iHi].has(iLo)
+ }
+}
+
+// insert inserts i into the set and reports whether it was the first insertion.
+func (s *uintSet) insert(i uint) bool {
+ // TODO: Make this inlinable at least for the lower 64-bit case.
+ if i < 64 {
+ has := s.lo.has(i)
+ s.lo.set(i)
+ return !has
+ } else {
+ i -= 64
+ iHi, iLo := int(i/64), i%64
+ if iHi >= len(s.hi) {
+ s.hi = append(s.hi, make([]uintSet64, iHi+1-len(s.hi))...)
+ s.hi = s.hi[:cap(s.hi)]
+ }
+ has := s.hi[iHi].has(iLo)
+ s.hi[iHi].set(iLo)
+ return !has
+ }
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_funcs.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_funcs.go
index 8a4e70083..1f5d01868 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_funcs.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_funcs.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
import (
@@ -9,62 +11,75 @@ import (
"fmt"
"reflect"
"sync"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
-// SkipFunc may be returned by MarshalFuncV2 and UnmarshalFuncV2 functions.
+// SkipFunc may be returned by [MarshalToFunc] and [UnmarshalFromFunc] functions.
//
// Any function that returns SkipFunc must not cause observable side effects
-// on the provided Encoder or Decoder. For example, it is permissible to call
-// Decoder.PeekKind, but not permissible to call Decoder.ReadToken or
-// Encoder.WriteToken since such methods mutate the state.
-const SkipFunc = jsonError("skip function")
+// on the provided [jsontext.Encoder] or [jsontext.Decoder].
+// For example, it is permissible to call [jsontext.Decoder.PeekKind],
+// but not permissible to call [jsontext.Decoder.ReadToken] or
+// [jsontext.Encoder.WriteToken] since such methods mutate the state.
+var SkipFunc = errors.New("json: skip function")
+
+var errSkipMutation = errors.New("must not read or write any tokens when skipping")
+var errNonSingularValue = errors.New("must read or write exactly one value")
// Marshalers is a list of functions that may override the marshal behavior
-// of specific types. Populate MarshalOptions.Marshalers to use it.
+// of specific types. Populate [WithMarshalers] to use it with
+// [Marshal], [MarshalWrite], or [MarshalEncode].
// A nil *Marshalers is equivalent to an empty list.
+// There are no exported fields or methods on Marshalers.
type Marshalers = typedMarshalers
-// NewMarshalers constructs a flattened list of marshal functions.
+// JoinMarshalers constructs a flattened list of marshal functions.
// If multiple functions in the list are applicable for a value of a given type,
// then those earlier in the list take precedence over those that come later.
-// If a function returns SkipFunc, then the next applicable function is called,
+// If a function returns [SkipFunc], then the next applicable function is called,
// otherwise the default marshaling behavior is used.
//
// For example:
//
-// m1 := NewMarshalers(f1, f2)
-// m2 := NewMarshalers(f0, m1, f3) // equivalent to m3
-// m3 := NewMarshalers(f0, f1, f2, f3) // equivalent to m2
-func NewMarshalers(ms ...*Marshalers) *Marshalers {
+// m1 := JoinMarshalers(f1, f2)
+// m2 := JoinMarshalers(f0, m1, f3) // equivalent to m3
+// m3 := JoinMarshalers(f0, f1, f2, f3) // equivalent to m2
+func JoinMarshalers(ms ...*Marshalers) *Marshalers {
return newMarshalers(ms...)
}
// Unmarshalers is a list of functions that may override the unmarshal behavior
-// of specific types. Populate UnmarshalOptions.Unmarshalers to use it.
+// of specific types. Populate [WithUnmarshalers] to use it with
+// [Unmarshal], [UnmarshalRead], or [UnmarshalDecode].
// A nil *Unmarshalers is equivalent to an empty list.
+// There are no exported fields or methods on Unmarshalers.
type Unmarshalers = typedUnmarshalers
-// NewUnmarshalers constructs a flattened list of unmarshal functions.
+// JoinUnmarshalers constructs a flattened list of unmarshal functions.
// If multiple functions in the list are applicable for a value of a given type,
// then those earlier in the list take precedence over those that come later.
-// If a function returns SkipFunc, then the next applicable function is called,
+// If a function returns [SkipFunc], then the next applicable function is called,
// otherwise the default unmarshaling behavior is used.
//
// For example:
//
-// u1 := NewUnmarshalers(f1, f2)
-// u2 := NewUnmarshalers(f0, u1, f3) // equivalent to u3
-// u3 := NewUnmarshalers(f0, f1, f2, f3) // equivalent to u2
-func NewUnmarshalers(us ...*Unmarshalers) *Unmarshalers {
+// u1 := JoinUnmarshalers(f1, f2)
+// u2 := JoinUnmarshalers(f0, u1, f3) // equivalent to u3
+// u3 := JoinUnmarshalers(f0, f1, f2, f3) // equivalent to u2
+func JoinUnmarshalers(us ...*Unmarshalers) *Unmarshalers {
return newUnmarshalers(us...)
}
-type typedMarshalers = typedArshalers[MarshalOptions, Encoder]
-type typedUnmarshalers = typedArshalers[UnmarshalOptions, Decoder]
-type typedArshalers[Options, Coder any] struct {
+type typedMarshalers = typedArshalers[jsontext.Encoder]
+type typedUnmarshalers = typedArshalers[jsontext.Decoder]
+type typedArshalers[Coder any] struct {
nonComparable
- fncVals []typedArshaler[Options, Coder]
+ fncVals []typedArshaler[Coder]
fncCache sync.Map // map[reflect.Type]arshaler
// fromAny reports whether any of Go types used to represent arbitrary JSON
@@ -78,18 +93,18 @@ type typedArshalers[Options, Coder any] struct {
// if this is true.
fromAny bool
}
-type typedMarshaler = typedArshaler[MarshalOptions, Encoder]
-type typedUnmarshaler = typedArshaler[UnmarshalOptions, Decoder]
-type typedArshaler[Options, Coder any] struct {
+type typedMarshaler = typedArshaler[jsontext.Encoder]
+type typedUnmarshaler = typedArshaler[jsontext.Decoder]
+type typedArshaler[Coder any] struct {
typ reflect.Type
- fnc func(Options, *Coder, addressableValue) error
+ fnc func(*Coder, addressableValue, *jsonopts.Struct) error
maySkip bool
}
func newMarshalers(ms ...*Marshalers) *Marshalers { return newTypedArshalers(ms...) }
func newUnmarshalers(us ...*Unmarshalers) *Unmarshalers { return newTypedArshalers(us...) }
-func newTypedArshalers[Options, Coder any](as ...*typedArshalers[Options, Coder]) *typedArshalers[Options, Coder] {
- var a typedArshalers[Options, Coder]
+func newTypedArshalers[Coder any](as ...*typedArshalers[Coder]) *typedArshalers[Coder] {
+ var a typedArshalers[Coder]
for _, a2 := range as {
if a2 != nil {
a.fncVals = append(a.fncVals, a2.fncVals...)
@@ -102,7 +117,7 @@ func newTypedArshalers[Options, Coder any](as ...*typedArshalers[Options, Coder]
return &a
}
-func (a *typedArshalers[Options, Coder]) lookup(fnc func(Options, *Coder, addressableValue) error, t reflect.Type) (func(Options, *Coder, addressableValue) error, bool) {
+func (a *typedArshalers[Coder]) lookup(fnc func(*Coder, addressableValue, *jsonopts.Struct) error, t reflect.Type) (func(*Coder, addressableValue, *jsonopts.Struct) error, bool) {
if a == nil {
return fnc, false
}
@@ -110,12 +125,12 @@ func (a *typedArshalers[Options, Coder]) lookup(fnc func(Options, *Coder, addres
if v == nil {
return fnc, false
}
- return v.(func(Options, *Coder, addressableValue) error), true
+ return v.(func(*Coder, addressableValue, *jsonopts.Struct) error), true
}
// Collect a list of arshalers that can be called for this type.
// This list may be longer than 1 since some arshalers can be skipped.
- var fncs []func(Options, *Coder, addressableValue) error
+ var fncs []func(*Coder, addressableValue, *jsonopts.Struct) error
for _, fncVal := range a.fncVals {
if !castableTo(t, fncVal.typ) {
continue
@@ -133,21 +148,21 @@ func (a *typedArshalers[Options, Coder]) lookup(fnc func(Options, *Coder, addres
// Construct an arshaler that may call every applicable arshaler.
fncDefault := fnc
- fnc = func(o Options, c *Coder, v addressableValue) error {
+ fnc = func(c *Coder, v addressableValue, o *jsonopts.Struct) error {
for _, fnc := range fncs {
- if err := fnc(o, c, v); err != SkipFunc {
+ if err := fnc(c, v, o); err != SkipFunc {
return err // may be nil or non-nil
}
}
- return fncDefault(o, c, v)
+ return fncDefault(c, v, o)
}
// Use the first stored so duplicate work can be garbage collected.
v, _ := a.fncCache.LoadOrStore(t, fnc)
- return v.(func(Options, *Coder, addressableValue) error), true
+ return v.(func(*Coder, addressableValue, *jsonopts.Struct) error), true
}
-// MarshalFuncV1 constructs a type-specific marshaler that
+// MarshalFunc constructs a type-specific marshaler that
// specifies how to marshal values of type T.
// T can be any type except a named pointer.
// The function is always provided with a non-nil pointer value
@@ -155,22 +170,30 @@ func (a *typedArshalers[Options, Coder]) lookup(fnc func(Options, *Coder, addres
//
// The function must marshal exactly one JSON value.
// The value of T must not be retained outside the function call.
-// It may not return SkipFunc.
-func MarshalFuncV1[T any](fn func(T) ([]byte, error)) *Marshalers {
- t := reflect.TypeOf((*T)(nil)).Elem()
+// It may not return [SkipFunc].
+func MarshalFunc[T any](fn func(T) ([]byte, error)) *Marshalers {
+ t := reflect.TypeFor[T]()
assertCastableTo(t, true)
typFnc := typedMarshaler{
typ: t,
- fnc: func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
+ fnc: func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
val, err := fn(va.castTo(t).Interface().(T))
if err != nil {
err = wrapSkipFunc(err, "marshal function of type func(T) ([]byte, error)")
- // TODO: Avoid wrapping semantic errors.
- return &SemanticError{action: "marshal", GoType: t, Err: err}
+ if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalFunc") // unlike unmarshal, always wrapped
+ }
+ err = newMarshalErrorBefore(enc, t, err)
+ return collapseSemanticErrors(err)
}
if err := enc.WriteValue(val); err != nil {
- // TODO: Avoid wrapping semantic or I/O errors.
- return &SemanticError{action: "marshal", JSONKind: RawValue(val).Kind(), GoType: t, Err: err}
+ if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalFunc") // unlike unmarshal, always wrapped
+ }
+ if isSyntacticError(err) {
+ err = newMarshalErrorBefore(enc, t, err)
+ }
+ return err
}
return nil
},
@@ -178,39 +201,47 @@ func MarshalFuncV1[T any](fn func(T) ([]byte, error)) *Marshalers {
return &Marshalers{fncVals: []typedMarshaler{typFnc}, fromAny: castableToFromAny(t)}
}
-// MarshalFuncV2 constructs a type-specific marshaler that
+// MarshalToFunc constructs a type-specific marshaler that
// specifies how to marshal values of type T.
// T can be any type except a named pointer.
// The function is always provided with a non-nil pointer value
// if T is an interface or pointer type.
//
// The function must marshal exactly one JSON value by calling write methods
-// on the provided encoder. It may return SkipFunc such that marshaling can
+// on the provided encoder. It may return [SkipFunc] such that marshaling can
// move on to the next marshal function. However, no mutable method calls may
-// be called on the encoder if SkipFunc is returned.
-// The pointer to Encoder and the value of T must not be retained
-// outside the function call.
-func MarshalFuncV2[T any](fn func(MarshalOptions, *Encoder, T) error) *Marshalers {
- t := reflect.TypeOf((*T)(nil)).Elem()
+// be called on the encoder if [SkipFunc] is returned.
+// The pointer to [jsontext.Encoder] and the value of T
+// must not be retained outside the function call.
+func MarshalToFunc[T any](fn func(*jsontext.Encoder, T) error) *Marshalers {
+ t := reflect.TypeFor[T]()
assertCastableTo(t, true)
typFnc := typedMarshaler{
typ: t,
- fnc: func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- prevDepth, prevLength := enc.tokens.depthLength()
- err := fn(mo, enc, va.castTo(t).Interface().(T))
- currDepth, currLength := enc.tokens.depthLength()
+ fnc: func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ xe := export.Encoder(enc)
+ prevDepth, prevLength := xe.Tokens.DepthLength()
+ xe.Flags.Set(jsonflags.WithinArshalCall | 1)
+ err := fn(enc, va.castTo(t).Interface().(T))
+ xe.Flags.Set(jsonflags.WithinArshalCall | 0)
+ currDepth, currLength := xe.Tokens.DepthLength()
if err == nil && (prevDepth != currDepth || prevLength+1 != currLength) {
- err = errors.New("must write exactly one JSON value")
+ err = errNonSingularValue
}
if err != nil {
if err == SkipFunc {
if prevDepth == currDepth && prevLength == currLength {
return SkipFunc
}
- err = errors.New("must not write any JSON tokens when skipping")
+ err = errSkipMutation
}
- // TODO: Avoid wrapping semantic or I/O errors.
- return &SemanticError{action: "marshal", GoType: t, Err: err}
+ if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalToFunc") // unlike unmarshal, always wrapped
+ }
+ if !export.IsIOError(err) {
+ err = newSemanticErrorWithPosition(enc, t, prevDepth, prevLength, err)
+ }
+ return err
}
return nil
},
@@ -219,7 +250,7 @@ func MarshalFuncV2[T any](fn func(MarshalOptions, *Encoder, T) error) *Marshaler
return &Marshalers{fncVals: []typedMarshaler{typFnc}, fromAny: castableToFromAny(t)}
}
-// UnmarshalFuncV1 constructs a type-specific unmarshaler that
+// UnmarshalFunc constructs a type-specific unmarshaler that
// specifies how to unmarshal values of type T.
// T must be an unnamed pointer or an interface type.
// The function is always provided with a non-nil pointer value.
@@ -227,13 +258,13 @@ func MarshalFuncV2[T any](fn func(MarshalOptions, *Encoder, T) error) *Marshaler
// The function must unmarshal exactly one JSON value.
// The input []byte must not be mutated.
// The input []byte and value T must not be retained outside the function call.
-// It may not return SkipFunc.
-func UnmarshalFuncV1[T any](fn func([]byte, T) error) *Unmarshalers {
- t := reflect.TypeOf((*T)(nil)).Elem()
+// It may not return [SkipFunc].
+func UnmarshalFunc[T any](fn func([]byte, T) error) *Unmarshalers {
+ t := reflect.TypeFor[T]()
assertCastableTo(t, false)
typFnc := typedUnmarshaler{
typ: t,
- fnc: func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
+ fnc: func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
val, err := dec.ReadValue()
if err != nil {
return err // must be a syntactic or I/O error
@@ -241,8 +272,11 @@ func UnmarshalFuncV1[T any](fn func([]byte, T) error) *Unmarshalers {
err = fn(val, va.castTo(t).Interface().(T))
if err != nil {
err = wrapSkipFunc(err, "unmarshal function of type func([]byte, T) error")
- // TODO: Avoid wrapping semantic, syntactic, or I/O errors.
- return &SemanticError{action: "unmarshal", JSONKind: val.Kind(), GoType: t, Err: err}
+ if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return err // unlike marshal, never wrapped
+ }
+ err = newUnmarshalErrorAfter(dec, t, err)
+ return collapseSemanticErrors(err)
}
return nil
},
@@ -250,38 +284,49 @@ func UnmarshalFuncV1[T any](fn func([]byte, T) error) *Unmarshalers {
return &Unmarshalers{fncVals: []typedUnmarshaler{typFnc}, fromAny: castableToFromAny(t)}
}
-// UnmarshalFuncV2 constructs a type-specific unmarshaler that
+// UnmarshalFromFunc constructs a type-specific unmarshaler that
// specifies how to unmarshal values of type T.
// T must be an unnamed pointer or an interface type.
// The function is always provided with a non-nil pointer value.
//
// The function must unmarshal exactly one JSON value by calling read methods
-// on the provided decoder. It may return SkipFunc such that unmarshaling can
+// on the provided decoder. It may return [SkipFunc] such that unmarshaling can
// move on to the next unmarshal function. However, no mutable method calls may
-// be called on the decoder if SkipFunc is returned.
-// The pointer to Decoder and the value of T must not be retained
-// outside the function call.
-func UnmarshalFuncV2[T any](fn func(UnmarshalOptions, *Decoder, T) error) *Unmarshalers {
- t := reflect.TypeOf((*T)(nil)).Elem()
+// be called on the decoder if [SkipFunc] is returned.
+// The pointer to [jsontext.Decoder] and the value of T
+// must not be retained outside the function call.
+func UnmarshalFromFunc[T any](fn func(*jsontext.Decoder, T) error) *Unmarshalers {
+ t := reflect.TypeFor[T]()
assertCastableTo(t, false)
typFnc := typedUnmarshaler{
typ: t,
- fnc: func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- prevDepth, prevLength := dec.tokens.depthLength()
- err := fn(uo, dec, va.castTo(t).Interface().(T))
- currDepth, currLength := dec.tokens.depthLength()
+ fnc: func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ prevDepth, prevLength := xd.Tokens.DepthLength()
+ xd.Flags.Set(jsonflags.WithinArshalCall | 1)
+ err := fn(dec, va.castTo(t).Interface().(T))
+ xd.Flags.Set(jsonflags.WithinArshalCall | 0)
+ currDepth, currLength := xd.Tokens.DepthLength()
if err == nil && (prevDepth != currDepth || prevLength+1 != currLength) {
- err = errors.New("must read exactly one JSON value")
+ err = errNonSingularValue
}
if err != nil {
if err == SkipFunc {
if prevDepth == currDepth && prevLength == currLength {
return SkipFunc
}
- err = errors.New("must not read any JSON tokens when skipping")
+ err = errSkipMutation
+ }
+ if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ if err2 := xd.SkipUntil(prevDepth, prevLength+1); err2 != nil {
+ return err2
+ }
+ return err // unlike marshal, never wrapped
+ }
+ if !isSyntacticError(err) && !export.IsIOError(err) {
+ err = newSemanticErrorWithPosition(dec, t, prevDepth, prevLength, err)
}
- // TODO: Avoid wrapping semantic, syntactic, or I/O errors.
- return &SemanticError{action: "unmarshal", GoType: t, Err: err}
+ return err
}
return nil
},
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_inlined.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_inlined.go
index 258a98247..f73ed3240 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_inlined.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_inlined.go
@@ -2,12 +2,20 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
import (
"bytes"
"errors"
+ "io"
"reflect"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// This package supports "inlining" a Go struct field, where the contents
@@ -18,18 +26,20 @@ import (
// nested struct are virtually hoisted up to the parent struct using rules
// similar to how Go embedding works (but operating within the JSON namespace).
//
-// However, inlined fields may also be of a Go map type with a string key
-// or a RawValue. Such inlined fields are called "fallback" fields since they
+// However, inlined fields may also be of a Go map type with a string key or
+// a jsontext.Value. Such inlined fields are called "fallback" fields since they
// represent any arbitrary JSON object member. Explicitly named fields take
// precedence over the inlined fallback. Only one inlined fallback is allowed.
-var rawValueType = reflect.TypeOf((*RawValue)(nil)).Elem()
+var errRawInlinedNotObject = errors.New("inlined raw value must be a JSON object")
+
+var jsontextValueType = reflect.TypeFor[jsontext.Value]()
// marshalInlinedFallbackAll marshals all the members in an inlined fallback.
-func marshalInlinedFallbackAll(mo MarshalOptions, enc *Encoder, va addressableValue, f *structField, insertUnquotedName func([]byte) bool) error {
- v := addressableValue{va.Field(f.index[0])} // addressable if struct value is addressable
- if len(f.index) > 1 {
- v = v.fieldByIndex(f.index[1:], false)
+func marshalInlinedFallbackAll(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct, f *structField, insertUnquotedName func([]byte) bool) error {
+ v := addressableValue{va.Field(f.index0), va.forcedAddr} // addressable if struct value is addressable
+ if len(f.index) > 0 {
+ v = v.fieldByIndex(f.index, false)
if !v.IsValid() {
return nil // implies a nil inlined field
}
@@ -39,34 +49,39 @@ func marshalInlinedFallbackAll(mo MarshalOptions, enc *Encoder, va addressableVa
return nil
}
- if v.Type() == rawValueType {
- b := v.Interface().(RawValue)
+ if v.Type() == jsontextValueType {
+ // TODO(https://go.dev/issue/62121): Use reflect.Value.AssertTo.
+ b := *v.Addr().Interface().(*jsontext.Value)
if len(b) == 0 { // TODO: Should this be nil? What if it were all whitespace?
return nil
}
- dec := getBufferedDecoder(b, DecodeOptions{AllowDuplicateNames: true, AllowInvalidUTF8: true})
- defer putBufferedDecoder(dec)
+ dec := export.GetBufferedDecoder(b)
+ defer export.PutBufferedDecoder(dec)
+ xd := export.Decoder(dec)
+ xd.Flags.Set(jsonflags.AllowDuplicateNames | jsonflags.AllowInvalidUTF8 | 1)
tok, err := dec.ReadToken()
if err != nil {
- return &SemanticError{action: "marshal", GoType: rawValueType, Err: err}
+ if err == io.EOF {
+ err = io.ErrUnexpectedEOF
+ }
+ return newMarshalErrorBefore(enc, v.Type(), err)
}
if tok.Kind() != '{' {
- err := errors.New("inlined raw value must be a JSON object")
- return &SemanticError{action: "marshal", JSONKind: tok.Kind(), GoType: rawValueType, Err: err}
+ return newMarshalErrorBefore(enc, v.Type(), errRawInlinedNotObject)
}
for dec.PeekKind() != '}' {
// Parse the JSON object name.
- var flags valueFlags
- val, err := dec.readValue(&flags)
+ var flags jsonwire.ValueFlags
+ val, err := xd.ReadValue(&flags)
if err != nil {
- return &SemanticError{action: "marshal", GoType: rawValueType, Err: err}
+ return newMarshalErrorBefore(enc, v.Type(), err)
}
if insertUnquotedName != nil {
- name := unescapeStringMayCopy(val, flags.isVerbatim())
+ name := jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
if !insertUnquotedName(name) {
- return &SyntacticError{str: "duplicate name " + string(val) + " in object"}
+ return newDuplicateNameError(enc.StackPointer().Parent(), val, enc.OutputOffset())
}
}
if err := enc.WriteValue(val); err != nil {
@@ -74,55 +89,55 @@ func marshalInlinedFallbackAll(mo MarshalOptions, enc *Encoder, va addressableVa
}
// Parse the JSON object value.
- val, err = dec.readValue(&flags)
+ val, err = xd.ReadValue(&flags)
if err != nil {
- return &SemanticError{action: "marshal", GoType: rawValueType, Err: err}
+ return newMarshalErrorBefore(enc, v.Type(), err)
}
if err := enc.WriteValue(val); err != nil {
return err
}
}
if _, err := dec.ReadToken(); err != nil {
- return &SemanticError{action: "marshal", GoType: rawValueType, Err: err}
+ return newMarshalErrorBefore(enc, v.Type(), err)
}
- if err := dec.checkEOF(); err != nil {
- return &SemanticError{action: "marshal", GoType: rawValueType, Err: err}
+ if err := xd.CheckEOF(); err != nil {
+ return newMarshalErrorBefore(enc, v.Type(), err)
}
return nil
} else {
- m := v // must be a map[string]V
+ m := v // must be a map[~string]V
n := m.Len()
if n == 0 {
return nil
}
- mk := newAddressableValue(stringType)
+ mk := newAddressableValue(m.Type().Key())
mv := newAddressableValue(m.Type().Elem())
marshalKey := func(mk addressableValue) error {
- b, err := appendString(enc.UnusedBuffer(), mk.String(), !enc.options.AllowInvalidUTF8, nil)
+ b, err := jsonwire.AppendQuote(enc.AvailableBuffer(), mk.String(), &mo.Flags)
if err != nil {
- return err
+ return newMarshalErrorBefore(enc, m.Type().Key(), err)
}
if insertUnquotedName != nil {
isVerbatim := bytes.IndexByte(b, '\\') < 0
- name := unescapeStringMayCopy(b, isVerbatim)
+ name := jsonwire.UnquoteMayCopy(b, isVerbatim)
if !insertUnquotedName(name) {
- return &SyntacticError{str: "duplicate name " + string(b) + " in object"}
+ return newDuplicateNameError(enc.StackPointer().Parent(), b, enc.OutputOffset())
}
}
return enc.WriteValue(b)
}
marshalVal := f.fncs.marshal
if mo.Marshalers != nil {
- marshalVal, _ = mo.Marshalers.lookup(marshalVal, mv.Type())
+ marshalVal, _ = mo.Marshalers.(*Marshalers).lookup(marshalVal, mv.Type())
}
- if !mo.Deterministic || n <= 1 {
+ if !mo.Flags.Get(jsonflags.Deterministic) || n <= 1 {
for iter := m.MapRange(); iter.Next(); {
mk.SetIterKey(iter)
if err := marshalKey(mk); err != nil {
return err
}
mv.Set(iter.Value())
- if err := marshalVal(mo, enc, mv); err != nil {
+ if err := marshalVal(enc, mv, mo); err != nil {
return err
}
}
@@ -140,7 +155,7 @@ func marshalInlinedFallbackAll(mo MarshalOptions, enc *Encoder, va addressableVa
}
// TODO(https://go.dev/issue/57061): Use mv.SetMapIndexOf.
mv.Set(m.MapIndex(mk.Value))
- if err := marshalVal(mo, enc, mv); err != nil {
+ if err := marshalVal(enc, mv, mo); err != nil {
return err
}
}
@@ -151,59 +166,61 @@ func marshalInlinedFallbackAll(mo MarshalOptions, enc *Encoder, va addressableVa
}
// unmarshalInlinedFallbackNext unmarshals only the next member in an inlined fallback.
-func unmarshalInlinedFallbackNext(uo UnmarshalOptions, dec *Decoder, va addressableValue, f *structField, quotedName, unquotedName []byte) error {
- v := addressableValue{va.Field(f.index[0])} // addressable if struct value is addressable
- if len(f.index) > 1 {
- v = v.fieldByIndex(f.index[1:], true)
+func unmarshalInlinedFallbackNext(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct, f *structField, quotedName, unquotedName []byte) error {
+ v := addressableValue{va.Field(f.index0), va.forcedAddr} // addressable if struct value is addressable
+ if len(f.index) > 0 {
+ v = v.fieldByIndex(f.index, true)
}
v = v.indirect(true)
- if v.Type() == rawValueType {
- b := v.Addr().Interface().(*RawValue)
+ if v.Type() == jsontextValueType {
+ b := v.Addr().Interface().(*jsontext.Value)
if len(*b) == 0 { // TODO: Should this be nil? What if it were all whitespace?
*b = append(*b, '{')
} else {
- *b = trimSuffixWhitespace(*b)
- if hasSuffixByte(*b, '}') {
+ *b = jsonwire.TrimSuffixWhitespace(*b)
+ if jsonwire.HasSuffixByte(*b, '}') {
// TODO: When merging into an object for the first time,
// should we verify that it is valid?
- *b = trimSuffixByte(*b, '}')
- *b = trimSuffixWhitespace(*b)
- if !hasSuffixByte(*b, ',') && !hasSuffixByte(*b, '{') {
+ *b = jsonwire.TrimSuffixByte(*b, '}')
+ *b = jsonwire.TrimSuffixWhitespace(*b)
+ if !jsonwire.HasSuffixByte(*b, ',') && !jsonwire.HasSuffixByte(*b, '{') {
*b = append(*b, ',')
}
} else {
- err := errors.New("inlined raw value must be a JSON object")
- return &SemanticError{action: "unmarshal", GoType: rawValueType, Err: err}
+ return newUnmarshalErrorAfterWithSkipping(dec, v.Type(), errRawInlinedNotObject)
}
}
*b = append(*b, quotedName...)
*b = append(*b, ':')
- rawValue, err := dec.ReadValue()
+ val, err := dec.ReadValue()
if err != nil {
return err
}
- *b = append(*b, rawValue...)
+ *b = append(*b, val...)
*b = append(*b, '}')
return nil
} else {
name := string(unquotedName) // TODO: Intern this?
- m := v // must be a map[string]V
+ m := v // must be a map[~string]V
if m.IsNil() {
m.Set(reflect.MakeMap(m.Type()))
}
mk := reflect.ValueOf(name)
- mv := newAddressableValue(v.Type().Elem()) // TODO: Cache across calls?
+ if mkt := m.Type().Key(); mkt != stringType {
+ mk = mk.Convert(mkt)
+ }
+ mv := newAddressableValue(m.Type().Elem()) // TODO: Cache across calls?
if v2 := m.MapIndex(mk); v2.IsValid() {
mv.Set(v2)
}
unmarshal := f.fncs.unmarshal
if uo.Unmarshalers != nil {
- unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, mv.Type())
+ unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, mv.Type())
}
- err := unmarshal(uo, dec, mv)
+ err := unmarshal(dec, mv, uo)
m.SetMapIndex(mk, mv.Value)
if err != nil {
return err
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_methods.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_methods.go
index 20899c868..d6736342b 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_methods.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_methods.go
@@ -2,53 +2,68 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
import (
"encoding"
"errors"
"reflect"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
+var errNonStringValue = errors.New("JSON value must be string type")
+
// Interfaces for custom serialization.
var (
- jsonMarshalerV1Type = reflect.TypeOf((*MarshalerV1)(nil)).Elem()
- jsonMarshalerV2Type = reflect.TypeOf((*MarshalerV2)(nil)).Elem()
- jsonUnmarshalerV1Type = reflect.TypeOf((*UnmarshalerV1)(nil)).Elem()
- jsonUnmarshalerV2Type = reflect.TypeOf((*UnmarshalerV2)(nil)).Elem()
- textMarshalerType = reflect.TypeOf((*encoding.TextMarshaler)(nil)).Elem()
- textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
+ jsonMarshalerType = reflect.TypeFor[Marshaler]()
+ jsonMarshalerToType = reflect.TypeFor[MarshalerTo]()
+ jsonUnmarshalerType = reflect.TypeFor[Unmarshaler]()
+ jsonUnmarshalerFromType = reflect.TypeFor[UnmarshalerFrom]()
+ textAppenderType = reflect.TypeFor[encoding.TextAppender]()
+ textMarshalerType = reflect.TypeFor[encoding.TextMarshaler]()
+ textUnmarshalerType = reflect.TypeFor[encoding.TextUnmarshaler]()
+
+ allMarshalerTypes = []reflect.Type{jsonMarshalerToType, jsonMarshalerType, textAppenderType, textMarshalerType}
+ allUnmarshalerTypes = []reflect.Type{jsonUnmarshalerFromType, jsonUnmarshalerType, textUnmarshalerType}
+ allMethodTypes = append(allMarshalerTypes, allUnmarshalerTypes...)
)
-// MarshalerV1 is implemented by types that can marshal themselves.
-// It is recommended that types implement MarshalerV2 unless the implementation
+// Marshaler is implemented by types that can marshal themselves.
+// It is recommended that types implement [MarshalerTo] unless the implementation
// is trying to avoid a hard dependency on the "jsontext" package.
//
// It is recommended that implementations return a buffer that is safe
// for the caller to retain and potentially mutate.
-type MarshalerV1 interface {
+type Marshaler interface {
MarshalJSON() ([]byte, error)
}
-// MarshalerV2 is implemented by types that can marshal themselves.
-// It is recommended that types implement MarshalerV2 instead of MarshalerV1
+// MarshalerTo is implemented by types that can marshal themselves.
+// It is recommended that types implement MarshalerTo instead of [Marshaler]
// since this is both more performant and flexible.
-// If a type implements both MarshalerV1 and MarshalerV2,
-// then MarshalerV2 takes precedence. In such a case, both implementations
+// If a type implements both Marshaler and MarshalerTo,
+// then MarshalerTo takes precedence. In such a case, both implementations
// should aim to have equivalent behavior for the default marshal options.
//
// The implementation must write only one JSON value to the Encoder and
-// must not retain the pointer to Encoder.
-type MarshalerV2 interface {
- MarshalNextJSON(MarshalOptions, *Encoder) error
+// must not retain the pointer to [jsontext.Encoder].
+type MarshalerTo interface {
+ MarshalJSONTo(*jsontext.Encoder) error
- // TODO: Should users call the MarshalOptions.MarshalNext method or
+ // TODO: Should users call the MarshalEncode function or
// should/can they call this method directly? Does it matter?
}
-// UnmarshalerV1 is implemented by types that can unmarshal themselves.
-// It is recommended that types implement UnmarshalerV2 unless
-// the implementation is trying to avoid a hard dependency on this package.
+// Unmarshaler is implemented by types that can unmarshal themselves.
+// It is recommended that types implement [UnmarshalerFrom] unless the implementation
+// is trying to avoid a hard dependency on the "jsontext" package.
//
// The input can be assumed to be a valid encoding of a JSON value
// if called from unmarshal functionality in this package.
@@ -57,26 +72,26 @@ type MarshalerV2 interface {
// unmarshaling into a pre-populated value.
//
// Implementations must not retain or mutate the input []byte.
-type UnmarshalerV1 interface {
+type Unmarshaler interface {
UnmarshalJSON([]byte) error
}
-// UnmarshalerV2 is implemented by types that can unmarshal themselves.
-// It is recommended that types implement UnmarshalerV2 instead of UnmarshalerV1
+// UnmarshalerFrom is implemented by types that can unmarshal themselves.
+// It is recommended that types implement UnmarshalerFrom instead of [Unmarshaler]
// since this is both more performant and flexible.
-// If a type implements both UnmarshalerV1 and UnmarshalerV2,
-// then UnmarshalerV2 takes precedence. In such a case, both implementations
+// If a type implements both Unmarshaler and UnmarshalerFrom,
+// then UnmarshalerFrom takes precedence. In such a case, both implementations
// should aim to have equivalent behavior for the default unmarshal options.
//
// The implementation must read only one JSON value from the Decoder.
-// It is recommended that UnmarshalNextJSON implement merge semantics when
+// It is recommended that UnmarshalJSONFrom implement merge semantics when
// unmarshaling into a pre-populated value.
//
-// Implementations must not retain the pointer to Decoder.
-type UnmarshalerV2 interface {
- UnmarshalNextJSON(UnmarshalOptions, *Decoder) error
+// Implementations must not retain the pointer to [jsontext.Decoder].
+type UnmarshalerFrom interface {
+ UnmarshalJSONFrom(*jsontext.Decoder) error
- // TODO: Should users call the UnmarshalOptions.UnmarshalNext method or
+ // TODO: Should users call the UnmarshalDecode function or
// should/can they call this method directly? Does it matter?
}
@@ -88,114 +103,205 @@ func makeMethodArshaler(fncs *arshaler, t reflect.Type) *arshaler {
return fncs
}
- // Handle custom marshaler.
- switch which, needAddr := implementsWhich(t, jsonMarshalerV2Type, jsonMarshalerV1Type, textMarshalerType); which {
- case jsonMarshalerV2Type:
+ if needAddr, ok := implements(t, textMarshalerType); ok {
fncs.nonDefault = true
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- prevDepth, prevLength := enc.tokens.depthLength()
- err := va.addrWhen(needAddr).Interface().(MarshalerV2).MarshalNextJSON(mo, enc)
- currDepth, currLength := enc.tokens.depthLength()
- if (prevDepth != currDepth || prevLength+1 != currLength) && err == nil {
- err = errors.New("must write exactly one JSON value")
+ prevMarshal := fncs.marshal
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) &&
+ (needAddr && va.forcedAddr) {
+ return prevMarshal(enc, va, mo)
}
- if err != nil {
+ marshaler := va.Addr().Interface().(encoding.TextMarshaler)
+ if err := export.Encoder(enc).AppendRaw('"', false, func(b []byte) ([]byte, error) {
+ b2, err := marshaler.MarshalText()
+ return append(b, b2...), err
+ }); err != nil {
err = wrapSkipFunc(err, "marshal method")
- // TODO: Avoid wrapping semantic or I/O errors.
- return &SemanticError{action: "marshal", GoType: t, Err: err}
+ if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalText") // unlike unmarshal, always wrapped
+ }
+ if !isSemanticError(err) && !export.IsIOError(err) {
+ err = newMarshalErrorBefore(enc, t, err)
+ }
+ return err
}
return nil
}
- case jsonMarshalerV1Type:
+ }
+
+ if needAddr, ok := implements(t, textAppenderType); ok {
fncs.nonDefault = true
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- marshaler := va.addrWhen(needAddr).Interface().(MarshalerV1)
- val, err := marshaler.MarshalJSON()
- if err != nil {
- err = wrapSkipFunc(err, "marshal method")
- // TODO: Avoid wrapping semantic errors.
- return &SemanticError{action: "marshal", GoType: t, Err: err}
+ prevMarshal := fncs.marshal
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) (err error) {
+ if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) &&
+ (needAddr && va.forcedAddr) {
+ return prevMarshal(enc, va, mo)
}
- if err := enc.WriteValue(val); err != nil {
- // TODO: Avoid wrapping semantic or I/O errors.
- return &SemanticError{action: "marshal", JSONKind: RawValue(val).Kind(), GoType: t, Err: err}
+ appender := va.Addr().Interface().(encoding.TextAppender)
+ if err := export.Encoder(enc).AppendRaw('"', false, appender.AppendText); err != nil {
+ err = wrapSkipFunc(err, "append method")
+ if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.NewMarshalerError(va.Addr().Interface(), err, "AppendText") // unlike unmarshal, always wrapped
+ }
+ if !isSemanticError(err) && !export.IsIOError(err) {
+ err = newMarshalErrorBefore(enc, t, err)
+ }
+ return err
}
return nil
}
- case textMarshalerType:
+ }
+
+ if needAddr, ok := implements(t, jsonMarshalerType); ok {
fncs.nonDefault = true
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- marshaler := va.addrWhen(needAddr).Interface().(encoding.TextMarshaler)
- s, err := marshaler.MarshalText()
- if err != nil {
- err = wrapSkipFunc(err, "marshal method")
- // TODO: Avoid wrapping semantic errors.
- return &SemanticError{action: "marshal", JSONKind: '"', GoType: t, Err: err}
+ prevMarshal := fncs.marshal
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) &&
+ ((needAddr && va.forcedAddr) || export.Encoder(enc).Tokens.Last.NeedObjectName()) {
+ return prevMarshal(enc, va, mo)
}
- val := enc.UnusedBuffer()
- val, err = appendString(val, string(s), true, nil)
+ marshaler := va.Addr().Interface().(Marshaler)
+ val, err := marshaler.MarshalJSON()
if err != nil {
- return &SemanticError{action: "marshal", JSONKind: '"', GoType: t, Err: err}
+ err = wrapSkipFunc(err, "marshal method")
+ if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalJSON") // unlike unmarshal, always wrapped
+ }
+ err = newMarshalErrorBefore(enc, t, err)
+ return collapseSemanticErrors(err)
}
if err := enc.WriteValue(val); err != nil {
- // TODO: Avoid wrapping syntactic or I/O errors.
- return &SemanticError{action: "marshal", JSONKind: '"', GoType: t, Err: err}
+ if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalJSON") // unlike unmarshal, always wrapped
+ }
+ if isSyntacticError(err) {
+ err = newMarshalErrorBefore(enc, t, err)
+ }
+ return err
}
return nil
}
}
- // Handle custom unmarshaler.
- switch which, needAddr := implementsWhich(t, jsonUnmarshalerV2Type, jsonUnmarshalerV1Type, textUnmarshalerType); which {
- case jsonUnmarshalerV2Type:
+ if needAddr, ok := implements(t, jsonMarshalerToType); ok {
fncs.nonDefault = true
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- prevDepth, prevLength := dec.tokens.depthLength()
- err := va.addrWhen(needAddr).Interface().(UnmarshalerV2).UnmarshalNextJSON(uo, dec)
- currDepth, currLength := dec.tokens.depthLength()
+ prevMarshal := fncs.marshal
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) &&
+ ((needAddr && va.forcedAddr) || export.Encoder(enc).Tokens.Last.NeedObjectName()) {
+ return prevMarshal(enc, va, mo)
+ }
+ xe := export.Encoder(enc)
+ prevDepth, prevLength := xe.Tokens.DepthLength()
+ xe.Flags.Set(jsonflags.WithinArshalCall | 1)
+ err := va.Addr().Interface().(MarshalerTo).MarshalJSONTo(enc)
+ xe.Flags.Set(jsonflags.WithinArshalCall | 0)
+ currDepth, currLength := xe.Tokens.DepthLength()
if (prevDepth != currDepth || prevLength+1 != currLength) && err == nil {
- err = errors.New("must read exactly one JSON value")
+ err = errNonSingularValue
}
if err != nil {
+ err = wrapSkipFunc(err, "marshal method")
+ if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalJSONTo") // unlike unmarshal, always wrapped
+ }
+ if !export.IsIOError(err) {
+ err = newSemanticErrorWithPosition(enc, t, prevDepth, prevLength, err)
+ }
+ return err
+ }
+ return nil
+ }
+ }
+
+ if _, ok := implements(t, textUnmarshalerType); ok {
+ fncs.nonDefault = true
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ var flags jsonwire.ValueFlags
+ val, err := xd.ReadValue(&flags)
+ if err != nil {
+ return err // must be a syntactic or I/O error
+ }
+ if val.Kind() == 'n' {
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ va.SetZero()
+ }
+ return nil
+ }
+ if val.Kind() != '"' {
+ return newUnmarshalErrorAfter(dec, t, errNonStringValue)
+ }
+ s := jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
+ unmarshaler := va.Addr().Interface().(encoding.TextUnmarshaler)
+ if err := unmarshaler.UnmarshalText(s); err != nil {
err = wrapSkipFunc(err, "unmarshal method")
- // TODO: Avoid wrapping semantic, syntactic, or I/O errors.
- return &SemanticError{action: "unmarshal", GoType: t, Err: err}
+ if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return err // unlike marshal, never wrapped
+ }
+ if !isSemanticError(err) && !isSyntacticError(err) && !export.IsIOError(err) {
+ err = newUnmarshalErrorAfter(dec, t, err)
+ }
+ return err
}
return nil
}
- case jsonUnmarshalerV1Type:
+ }
+
+ if _, ok := implements(t, jsonUnmarshalerType); ok {
fncs.nonDefault = true
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
+ prevUnmarshal := fncs.unmarshal
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ if uo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) &&
+ export.Decoder(dec).Tokens.Last.NeedObjectName() {
+ return prevUnmarshal(dec, va, uo)
+ }
val, err := dec.ReadValue()
if err != nil {
return err // must be a syntactic or I/O error
}
- unmarshaler := va.addrWhen(needAddr).Interface().(UnmarshalerV1)
+ unmarshaler := va.Addr().Interface().(Unmarshaler)
if err := unmarshaler.UnmarshalJSON(val); err != nil {
err = wrapSkipFunc(err, "unmarshal method")
- // TODO: Avoid wrapping semantic, syntactic, or I/O errors.
- return &SemanticError{action: "unmarshal", JSONKind: val.Kind(), GoType: t, Err: err}
+ if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return err // unlike marshal, never wrapped
+ }
+ err = newUnmarshalErrorAfter(dec, t, err)
+ return collapseSemanticErrors(err)
}
return nil
}
- case textUnmarshalerType:
+ }
+
+ if _, ok := implements(t, jsonUnmarshalerFromType); ok {
fncs.nonDefault = true
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- var flags valueFlags
- val, err := dec.readValue(&flags)
- if err != nil {
- return err // must be a syntactic or I/O error
+ prevUnmarshal := fncs.unmarshal
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ if uo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) &&
+ export.Decoder(dec).Tokens.Last.NeedObjectName() {
+ return prevUnmarshal(dec, va, uo)
}
- if val.Kind() != '"' {
- err = errors.New("JSON value must be string type")
- return &SemanticError{action: "unmarshal", JSONKind: val.Kind(), GoType: t, Err: err}
+ xd := export.Decoder(dec)
+ prevDepth, prevLength := xd.Tokens.DepthLength()
+ xd.Flags.Set(jsonflags.WithinArshalCall | 1)
+ err := va.Addr().Interface().(UnmarshalerFrom).UnmarshalJSONFrom(dec)
+ xd.Flags.Set(jsonflags.WithinArshalCall | 0)
+ currDepth, currLength := xd.Tokens.DepthLength()
+ if (prevDepth != currDepth || prevLength+1 != currLength) && err == nil {
+ err = errNonSingularValue
}
- s := unescapeStringMayCopy(val, flags.isVerbatim())
- unmarshaler := va.addrWhen(needAddr).Interface().(encoding.TextUnmarshaler)
- if err := unmarshaler.UnmarshalText(s); err != nil {
+ if err != nil {
err = wrapSkipFunc(err, "unmarshal method")
- // TODO: Avoid wrapping semantic, syntactic, or I/O errors.
- return &SemanticError{action: "unmarshal", JSONKind: val.Kind(), GoType: t, Err: err}
+ if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ if err2 := xd.SkipUntil(prevDepth, prevLength+1); err2 != nil {
+ return err2
+ }
+ return err // unlike marshal, never wrapped
+ }
+ if !isSyntacticError(err) && !export.IsIOError(err) {
+ err = newSemanticErrorWithPosition(dec, t, prevDepth, prevLength, err)
+ }
+ return err
}
return nil
}
@@ -204,26 +310,28 @@ func makeMethodArshaler(fncs *arshaler, t reflect.Type) *arshaler {
return fncs
}
-// implementsWhich is like t.Implements(ifaceType) for a list of interfaces,
+// implementsAny is like t.Implements(ifaceType) for a list of interfaces,
// but checks whether either t or reflect.PointerTo(t) implements the interface.
-// It returns the first interface type that matches and whether a value of t
-// needs to be addressed first before it implements the interface.
-func implementsWhich(t reflect.Type, ifaceTypes ...reflect.Type) (which reflect.Type, needAddr bool) {
+func implementsAny(t reflect.Type, ifaceTypes ...reflect.Type) bool {
for _, ifaceType := range ifaceTypes {
- switch {
- case t.Implements(ifaceType):
- return ifaceType, false
- case reflect.PointerTo(t).Implements(ifaceType):
- return ifaceType, true
+ if _, ok := implements(t, ifaceType); ok {
+ return true
}
}
- return nil, false
+ return false
}
-// addrWhen returns va.Addr if addr is specified, otherwise it returns itself.
-func (va addressableValue) addrWhen(addr bool) reflect.Value {
- if addr {
- return va.Addr()
+// implements is like t.Implements(ifaceType) but checks whether
+// either t or reflect.PointerTo(t) implements the interface.
+// It also reports whether the value needs to be addressed
+// in order to satisfy the interface.
+func implements(t, ifaceType reflect.Type) (needAddr, ok bool) {
+ switch {
+ case t.Implements(ifaceType):
+ return false, true
+ case reflect.PointerTo(t).Implements(ifaceType):
+ return true, true
+ default:
+ return false, false
}
- return va.Value
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_time.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_time.go
index fc8d5b007..4d328ebee 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_time.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_time.go
@@ -2,23 +2,36 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
import (
+ "bytes"
+ "cmp"
"errors"
"fmt"
+ "math"
+ "math/bits"
"reflect"
+ "strconv"
"strings"
"time"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
var (
- timeDurationType = reflect.TypeOf((*time.Duration)(nil)).Elem()
- timeTimeType = reflect.TypeOf((*time.Time)(nil)).Elem()
+ timeDurationType = reflect.TypeFor[time.Duration]()
+ timeTimeType = reflect.TypeFor[time.Time]()
)
func makeTimeArshaler(fncs *arshaler, t reflect.Type) *arshaler {
- // Ideally, time types would implement MarshalerV2 and UnmarshalerV2,
+ // Ideally, time types would implement MarshalerTo and UnmarshalerFrom,
// but that would incur a dependency on package json from package time.
// Given how widely used time is, it is more acceptable that we incur a
// dependency on time from json.
@@ -29,213 +42,736 @@ func makeTimeArshaler(fncs *arshaler, t reflect.Type) *arshaler {
switch t {
case timeDurationType:
fncs.nonDefault = true
- marshalNanos := fncs.marshal
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- if mo.format == "nanos" {
- mo.format = ""
- return marshalNanos(mo, enc, va)
- } else {
- return newInvalidFormatError("marshal", t, mo.format)
+ marshalNano := fncs.marshal
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error {
+ xe := export.Encoder(enc)
+ var m durationArshaler
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ if !m.initFormat(mo.Format) {
+ return newInvalidFormatError(enc, t)
}
+ } else if mo.Flags.Get(jsonflags.FormatDurationAsNano) {
+ return marshalNano(enc, va, mo)
+ } else {
+ // TODO(https://go.dev/issue/71631): Decide on default duration representation.
+ return newMarshalErrorBefore(enc, t, errors.New("no default representation (see https://go.dev/issue/71631); specify an explicit format"))
}
- td := va.Interface().(time.Duration)
- b := enc.UnusedBuffer()
- b = append(b, '"')
- b = append(b, td.String()...) // never contains special characters
- b = append(b, '"')
- return enc.WriteValue(b)
- }
- unmarshalNanos := fncs.unmarshal
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- // TODO: Should there be a flag that specifies that we can unmarshal
- // from either form since there would be no ambiguity?
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- if uo.format == "nanos" {
- uo.format = ""
- return unmarshalNanos(uo, dec, va)
- } else {
- return newInvalidFormatError("unmarshal", t, uo.format)
+ // TODO(https://go.dev/issue/62121): Use reflect.Value.AssertTo.
+ m.td = *va.Addr().Interface().(*time.Duration)
+ k := stringOrNumberKind(!m.isNumeric() || xe.Tokens.Last.NeedObjectName() || mo.Flags.Get(jsonflags.StringifyNumbers))
+ if err := xe.AppendRaw(k, true, m.appendMarshal); err != nil {
+ if !isSyntacticError(err) && !export.IsIOError(err) {
+ err = newMarshalErrorBefore(enc, t, err)
+ }
+ return err
+ }
+ return nil
+ }
+ unmarshalNano := fncs.unmarshal
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error {
+ xd := export.Decoder(dec)
+ var u durationArshaler
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ if !u.initFormat(uo.Format) {
+ return newInvalidFormatError(dec, t)
}
+ } else if uo.Flags.Get(jsonflags.FormatDurationAsNano) {
+ return unmarshalNano(dec, va, uo)
+ } else {
+ // TODO(https://go.dev/issue/71631): Decide on default duration representation.
+ return newUnmarshalErrorBeforeWithSkipping(dec, t, errors.New("no default representation (see https://go.dev/issue/71631); specify an explicit format"))
}
- var flags valueFlags
+ stringify := !u.isNumeric() || xd.Tokens.Last.NeedObjectName() || uo.Flags.Get(jsonflags.StringifyNumbers)
+ var flags jsonwire.ValueFlags
td := va.Addr().Interface().(*time.Duration)
- val, err := dec.readValue(&flags)
+ val, err := xd.ReadValue(&flags)
if err != nil {
return err
}
switch k := val.Kind(); k {
case 'n':
- *td = time.Duration(0)
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ *td = time.Duration(0)
+ }
return nil
case '"':
- val = unescapeStringMayCopy(val, flags.isVerbatim())
- td2, err := time.ParseDuration(string(val))
- if err != nil {
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err}
+ if !stringify {
+ break
+ }
+ val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
+ if err := u.unmarshal(val); err != nil {
+ return newUnmarshalErrorAfter(dec, t, err)
}
- *td = td2
+ *td = u.td
+ return nil
+ case '0':
+ if stringify {
+ break
+ }
+ if err := u.unmarshal(val); err != nil {
+ return newUnmarshalErrorAfter(dec, t, err)
+ }
+ *td = u.td
return nil
- default:
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
}
+ return newUnmarshalErrorAfter(dec, t, nil)
}
case timeTimeType:
fncs.nonDefault = true
- fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error {
- format := time.RFC3339Nano
- isRFC3339 := true
- if mo.format != "" && mo.formatDepth == enc.tokens.depth() {
- var err error
- format, isRFC3339, err = checkTimeFormat(mo.format)
- if err != nil {
- return &SemanticError{action: "marshal", GoType: t, Err: err}
+ fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) (err error) {
+ xe := export.Encoder(enc)
+ var m timeArshaler
+ if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() {
+ if !m.initFormat(mo.Format) {
+ return newInvalidFormatError(enc, t)
}
}
- tt := va.Interface().(time.Time)
- b := enc.UnusedBuffer()
- b = append(b, '"')
- b = tt.AppendFormat(b, format)
- b = append(b, '"')
- if isRFC3339 {
- // Not all Go timestamps can be represented as valid RFC 3339.
- // Explicitly check for these edge cases.
- // See https://go.dev/issue/4556 and https://go.dev/issue/54580.
- var err error
- switch b := b[len(`"`) : len(b)-len(`"`)]; {
- case b[len("9999")] != '-': // year must be exactly 4 digits wide
- err = errors.New("year outside of range [0,9999]")
- case b[len(b)-1] != 'Z':
- c := b[len(b)-len("Z07:00")]
- if ('0' <= c && c <= '9') || parseDec2(b[len(b)-len("07:00"):]) >= 24 {
- err = errors.New("timezone hour outside of range [0,23]")
- }
+ // TODO(https://go.dev/issue/62121): Use reflect.Value.AssertTo.
+ m.tt = *va.Addr().Interface().(*time.Time)
+ k := stringOrNumberKind(!m.isNumeric() || xe.Tokens.Last.NeedObjectName() || mo.Flags.Get(jsonflags.StringifyNumbers))
+ if err := xe.AppendRaw(k, !m.hasCustomFormat(), m.appendMarshal); err != nil {
+ if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalJSON") // unlike unmarshal, always wrapped
}
- if err != nil {
- return &SemanticError{action: "marshal", GoType: t, Err: err}
+ if !isSyntacticError(err) && !export.IsIOError(err) {
+ err = newMarshalErrorBefore(enc, t, err)
}
- return enc.WriteValue(b) // RFC 3339 never needs JSON escaping
- }
- // The format may contain special characters that need escaping.
- // Verify that the result is a valid JSON string (common case),
- // otherwise escape the string correctly (slower case).
- if consumeSimpleString(b) != len(b) {
- b, _ = appendString(nil, string(b[len(`"`):len(b)-len(`"`)]), true, nil)
+ return err
}
- return enc.WriteValue(b)
+ return nil
}
- fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error {
- format := time.RFC3339
- isRFC3339 := true
- if uo.format != "" && uo.formatDepth == dec.tokens.depth() {
- var err error
- format, isRFC3339, err = checkTimeFormat(uo.format)
- if err != nil {
- return &SemanticError{action: "unmarshal", GoType: t, Err: err}
+ fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) (err error) {
+ xd := export.Decoder(dec)
+ var u timeArshaler
+ if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() {
+ if !u.initFormat(uo.Format) {
+ return newInvalidFormatError(dec, t)
}
+ } else if uo.Flags.Get(jsonflags.ParseTimeWithLooseRFC3339) {
+ u.looseRFC3339 = true
}
- var flags valueFlags
+ stringify := !u.isNumeric() || xd.Tokens.Last.NeedObjectName() || uo.Flags.Get(jsonflags.StringifyNumbers)
+ var flags jsonwire.ValueFlags
tt := va.Addr().Interface().(*time.Time)
- val, err := dec.readValue(&flags)
+ val, err := xd.ReadValue(&flags)
if err != nil {
return err
}
- k := val.Kind()
- switch k {
+ switch k := val.Kind(); k {
case 'n':
- *tt = time.Time{}
+ if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) {
+ *tt = time.Time{}
+ }
return nil
case '"':
- val = unescapeStringMayCopy(val, flags.isVerbatim())
- tt2, err := time.Parse(format, string(val))
- if isRFC3339 && err == nil {
- // TODO(https://go.dev/issue/54580): RFC 3339 specifies
- // the exact grammar of a valid timestamp. However,
- // the parsing functionality in "time" is too loose and
- // incorrectly accepts invalid timestamps as valid.
- // Remove these manual checks when "time" checks it for us.
- newParseError := func(layout, value, layoutElem, valueElem, message string) error {
- return &time.ParseError{Layout: layout, Value: value, LayoutElem: layoutElem, ValueElem: valueElem, Message: message}
- }
- switch {
- case val[len("2006-01-02T")+1] == ':': // hour must be two digits
- err = newParseError(format, string(val), "15", string(val[len("2006-01-02T"):][:1]), "")
- case val[len("2006-01-02T15:04:05")] == ',': // sub-second separator must be a period
- err = newParseError(format, string(val), ".", ",", "")
- case val[len(val)-1] != 'Z':
- switch {
- case parseDec2(val[len(val)-len("07:00"):]) >= 24: // timezone hour must be in range
- err = newParseError(format, string(val), "Z07:00", string(val[len(val)-len("Z07:00"):]), ": timezone hour out of range")
- case parseDec2(val[len(val)-len("00"):]) >= 60: // timezone minute must be in range
- err = newParseError(format, string(val), "Z07:00", string(val[len(val)-len("Z07:00"):]), ": timezone minute out of range")
- }
+ if !stringify {
+ break
+ }
+ val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim())
+ if err := u.unmarshal(val); err != nil {
+ if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return err // unlike marshal, never wrapped
}
+ return newUnmarshalErrorAfter(dec, t, err)
+ }
+ *tt = u.tt
+ return nil
+ case '0':
+ if stringify {
+ break
}
- if err != nil {
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err}
+ if err := u.unmarshal(val); err != nil {
+ if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ return err // unlike marshal, never wrapped
+ }
+ return newUnmarshalErrorAfter(dec, t, err)
}
- *tt = tt2
+ *tt = u.tt
return nil
- default:
- return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t}
}
+ return newUnmarshalErrorAfter(dec, t, nil)
}
}
return fncs
}
-func checkTimeFormat(format string) (string, bool, error) {
+type durationArshaler struct {
+ td time.Duration
+
+ // base records the representation where:
+ // - 0 uses time.Duration.String
+ // - 1e0, 1e3, 1e6, or 1e9 use a decimal encoding of the duration as
+ // nanoseconds, microseconds, milliseconds, or seconds.
+ // - 8601 uses ISO 8601
+ base uint64
+}
+
+func (a *durationArshaler) initFormat(format string) (ok bool) {
+ switch format {
+ case "units":
+ a.base = 0
+ case "sec":
+ a.base = 1e9
+ case "milli":
+ a.base = 1e6
+ case "micro":
+ a.base = 1e3
+ case "nano":
+ a.base = 1e0
+ case "iso8601":
+ a.base = 8601
+ default:
+ return false
+ }
+ return true
+}
+
+func (a *durationArshaler) isNumeric() bool {
+ return a.base != 0 && a.base != 8601
+}
+
+func (a *durationArshaler) appendMarshal(b []byte) ([]byte, error) {
+ switch a.base {
+ case 0:
+ return append(b, a.td.String()...), nil
+ case 8601:
+ return appendDurationISO8601(b, a.td), nil
+ default:
+ return appendDurationBase10(b, a.td, a.base), nil
+ }
+}
+
+func (a *durationArshaler) unmarshal(b []byte) (err error) {
+ switch a.base {
+ case 0:
+ a.td, err = time.ParseDuration(string(b))
+ case 8601:
+ a.td, err = parseDurationISO8601(b)
+ default:
+ a.td, err = parseDurationBase10(b, a.base)
+ }
+ return err
+}
+
+type timeArshaler struct {
+ tt time.Time
+
+ // base records the representation where:
+ // - 0 uses RFC 3339 encoding of the timestamp
+ // - 1e0, 1e3, 1e6, or 1e9 use a decimal encoding of the timestamp as
+ // seconds, milliseconds, microseconds, or nanoseconds since Unix epoch.
+ // - math.MaxUint uses time.Time.Format to encode the timestamp
+ base uint64
+ format string // time format passed to time.Parse
+
+ looseRFC3339 bool
+}
+
+func (a *timeArshaler) initFormat(format string) bool {
// We assume that an exported constant in the time package will
// always start with an uppercase ASCII letter.
- if len(format) > 0 && 'A' <= format[0] && format[0] <= 'Z' {
- switch format {
- case "ANSIC":
- return time.ANSIC, false, nil
- case "UnixDate":
- return time.UnixDate, false, nil
- case "RubyDate":
- return time.RubyDate, false, nil
- case "RFC822":
- return time.RFC822, false, nil
- case "RFC822Z":
- return time.RFC822Z, false, nil
- case "RFC850":
- return time.RFC850, false, nil
- case "RFC1123":
- return time.RFC1123, false, nil
- case "RFC1123Z":
- return time.RFC1123Z, false, nil
- case "RFC3339":
- return time.RFC3339, true, nil
- case "RFC3339Nano":
- return time.RFC3339Nano, true, nil
- case "Kitchen":
- return time.Kitchen, false, nil
- case "Stamp":
- return time.Stamp, false, nil
- case "StampMilli":
- return time.StampMilli, false, nil
- case "StampMicro":
- return time.StampMicro, false, nil
- case "StampNano":
- return time.StampNano, false, nil
- default:
- // Reject any format that is an exported Go identifier in case
- // new format constants are added to the time package.
- if strings.TrimFunc(format, isLetterOrDigit) == "" {
- return "", false, fmt.Errorf("undefined format layout: %v", format)
+ if len(format) == 0 {
+ return false
+ }
+ a.base = math.MaxUint // implies custom format
+ if c := format[0]; !('a' <= c && c <= 'z') && !('A' <= c && c <= 'Z') {
+ a.format = format
+ return true
+ }
+ switch format {
+ case "ANSIC":
+ a.format = time.ANSIC
+ case "UnixDate":
+ a.format = time.UnixDate
+ case "RubyDate":
+ a.format = time.RubyDate
+ case "RFC822":
+ a.format = time.RFC822
+ case "RFC822Z":
+ a.format = time.RFC822Z
+ case "RFC850":
+ a.format = time.RFC850
+ case "RFC1123":
+ a.format = time.RFC1123
+ case "RFC1123Z":
+ a.format = time.RFC1123Z
+ case "RFC3339":
+ a.base = 0
+ a.format = time.RFC3339
+ case "RFC3339Nano":
+ a.base = 0
+ a.format = time.RFC3339Nano
+ case "Kitchen":
+ a.format = time.Kitchen
+ case "Stamp":
+ a.format = time.Stamp
+ case "StampMilli":
+ a.format = time.StampMilli
+ case "StampMicro":
+ a.format = time.StampMicro
+ case "StampNano":
+ a.format = time.StampNano
+ case "DateTime":
+ a.format = time.DateTime
+ case "DateOnly":
+ a.format = time.DateOnly
+ case "TimeOnly":
+ a.format = time.TimeOnly
+ case "unix":
+ a.base = 1e0
+ case "unixmilli":
+ a.base = 1e3
+ case "unixmicro":
+ a.base = 1e6
+ case "unixnano":
+ a.base = 1e9
+ default:
+ // Reject any Go identifier in case new constants are supported.
+ if strings.TrimFunc(format, isLetterOrDigit) == "" {
+ return false
+ }
+ a.format = format
+ }
+ return true
+}
+
+func (a *timeArshaler) isNumeric() bool {
+ return int(a.base) > 0
+}
+
+func (a *timeArshaler) hasCustomFormat() bool {
+ return a.base == math.MaxUint
+}
+
+func (a *timeArshaler) appendMarshal(b []byte) ([]byte, error) {
+ switch a.base {
+ case 0:
+ format := cmp.Or(a.format, time.RFC3339Nano)
+ n0 := len(b)
+ b = a.tt.AppendFormat(b, format)
+ // Not all Go timestamps can be represented as valid RFC 3339.
+ // Explicitly check for these edge cases.
+ // See https://go.dev/issue/4556 and https://go.dev/issue/54580.
+ switch b := b[n0:]; {
+ case b[len("9999")] != '-': // year must be exactly 4 digits wide
+ return b, errors.New("year outside of range [0,9999]")
+ case b[len(b)-1] != 'Z':
+ c := b[len(b)-len("Z07:00")]
+ if ('0' <= c && c <= '9') || parseDec2(b[len(b)-len("07:00"):]) >= 24 {
+ return b, errors.New("timezone hour outside of range [0,23]")
+ }
+ }
+ return b, nil
+ case math.MaxUint:
+ return a.tt.AppendFormat(b, a.format), nil
+ default:
+ return appendTimeUnix(b, a.tt, a.base), nil
+ }
+}
+
+func (a *timeArshaler) unmarshal(b []byte) (err error) {
+ switch a.base {
+ case 0:
+ // Use time.Time.UnmarshalText to avoid possible string allocation.
+ if err := a.tt.UnmarshalText(b); err != nil {
+ return err
+ }
+ // TODO(https://go.dev/issue/57912):
+ // RFC 3339 specifies the grammar for a valid timestamp.
+ // However, the parsing functionality in "time" is too loose and
+ // incorrectly accepts invalid timestamps as valid.
+ // Remove these manual checks when "time" checks it for us.
+ newParseError := func(layout, value, layoutElem, valueElem, message string) error {
+ return &time.ParseError{Layout: layout, Value: value, LayoutElem: layoutElem, ValueElem: valueElem, Message: message}
+ }
+ switch {
+ case a.looseRFC3339:
+ return nil
+ case b[len("2006-01-02T")+1] == ':': // hour must be two digits
+ return newParseError(time.RFC3339, string(b), "15", string(b[len("2006-01-02T"):][:1]), "")
+ case b[len("2006-01-02T15:04:05")] == ',': // sub-second separator must be a period
+ return newParseError(time.RFC3339, string(b), ".", ",", "")
+ case b[len(b)-1] != 'Z':
+ switch {
+ case parseDec2(b[len(b)-len("07:00"):]) >= 24: // timezone hour must be in range
+ return newParseError(time.RFC3339, string(b), "Z07:00", string(b[len(b)-len("Z07:00"):]), ": timezone hour out of range")
+ case parseDec2(b[len(b)-len("00"):]) >= 60: // timezone minute must be in range
+ return newParseError(time.RFC3339, string(b), "Z07:00", string(b[len(b)-len("Z07:00"):]), ": timezone minute out of range")
+ }
+ }
+ return nil
+ case math.MaxUint:
+ a.tt, err = time.Parse(a.format, string(b))
+ return err
+ default:
+ a.tt, err = parseTimeUnix(b, a.base)
+ return err
+ }
+}
+
+// appendDurationBase10 appends d formatted as a decimal fractional number,
+// where pow10 is a power-of-10 used to scale down the number.
+func appendDurationBase10(b []byte, d time.Duration, pow10 uint64) []byte {
+ b, n := mayAppendDurationSign(b, d) // append sign
+ whole, frac := bits.Div64(0, n, uint64(pow10)) // compute whole and frac fields
+ b = strconv.AppendUint(b, whole, 10) // append whole field
+ return appendFracBase10(b, frac, pow10) // append frac field
+}
+
+// parseDurationBase10 parses d from a decimal fractional number,
+// where pow10 is a power-of-10 used to scale up the number.
+func parseDurationBase10(b []byte, pow10 uint64) (time.Duration, error) {
+ suffix, neg := consumeSign(b, false) // consume sign
+ wholeBytes, fracBytes := bytesCutByte(suffix, '.', true) // consume whole and frac fields
+ whole, okWhole := jsonwire.ParseUint(wholeBytes) // parse whole field; may overflow
+ frac, okFrac := parseFracBase10(fracBytes, pow10) // parse frac field
+ hi, lo := bits.Mul64(whole, uint64(pow10)) // overflow if hi > 0
+ sum, co := bits.Add64(lo, uint64(frac), 0) // overflow if co > 0
+ switch d := mayApplyDurationSign(sum, neg); { // overflow if neg != (d < 0)
+ case (!okWhole && whole != math.MaxUint64) || !okFrac:
+ return 0, fmt.Errorf("invalid duration %q: %w", b, strconv.ErrSyntax)
+ case !okWhole || hi > 0 || co > 0 || neg != (d < 0):
+ return 0, fmt.Errorf("invalid duration %q: %w", b, strconv.ErrRange)
+ default:
+ return d, nil
+ }
+}
+
+// appendDurationISO8601 appends an ISO 8601 duration with a restricted grammar,
+// where leading and trailing zeroes and zero-value designators are omitted.
+// It only uses hour, minute, and second designators since ISO 8601 defines
+// those as being "accurate", while year, month, week, and day are "nominal".
+func appendDurationISO8601(b []byte, d time.Duration) []byte {
+ if d == 0 {
+ return append(b, "PT0S"...)
+ }
+ b, n := mayAppendDurationSign(b, d)
+ b = append(b, "PT"...)
+ n, nsec := bits.Div64(0, n, 1e9) // compute nsec field
+ n, sec := bits.Div64(0, n, 60) // compute sec field
+ hour, min := bits.Div64(0, n, 60) // compute hour and min fields
+ if hour > 0 {
+ b = append(strconv.AppendUint(b, hour, 10), 'H')
+ }
+ if min > 0 {
+ b = append(strconv.AppendUint(b, min, 10), 'M')
+ }
+ if sec > 0 || nsec > 0 {
+ b = append(appendFracBase10(strconv.AppendUint(b, sec, 10), nsec, 1e9), 'S')
+ }
+ return b
+}
+
+// daysPerYear is the exact average number of days in a year according to
+// the Gregorian calender, which has an extra day each year that is
+// a multiple of 4, unless it is evenly divisible by 100 but not by 400.
+// This does not take into account leap seconds, which are not deterministic.
+const daysPerYear = 365.2425
+
+var errInaccurateDateUnits = errors.New("inaccurate year, month, week, or day units")
+
+// parseDurationISO8601 parses a duration according to ISO 8601-1:2019,
+// section 5.5.2.2 and 5.5.2.3 with the following restrictions or extensions:
+//
+// - A leading minus sign is permitted for negative duration according
+// to ISO 8601-2:2019, section 4.4.1.9. We do not permit negative values
+// for each "time scale component", which is permitted by section 4.4.1.1,
+// but rarely supported by parsers.
+//
+// - A leading plus sign is permitted (and ignored).
+// This is not required by ISO 8601, but not forbidden either.
+// There is some precedent for this as it is supported by the principle of
+// duration arithmetic as specified in ISO 8601-2-2019, section 14.1.
+// Of note, the JavaScript grammar for ISO 8601 permits a leading plus sign.
+//
+// - A fractional value is only permitted for accurate units
+// (i.e., hour, minute, and seconds) in the last time component,
+// which is permissible by ISO 8601-1:2019, section 5.5.2.3.
+//
+// - Both periods ('.') and commas (',') are supported as the separator
+// between the integer part and fraction part of a number,
+// as specified in ISO 8601-1:2019, section 3.2.6.
+// While ISO 8601 recommends comma as the default separator,
+// most formatters uses a period.
+//
+// - Leading zeros are ignored. This is not required by ISO 8601,
+// but also not forbidden by the standard. Many parsers support this.
+//
+// - Lowercase designators are supported. This is not required by ISO 8601,
+// but also not forbidden by the standard. Many parsers support this.
+//
+// If the nominal units of year, month, week, or day are present,
+// this produces a best-effort value and also reports [errInaccurateDateUnits].
+//
+// The accepted grammar is identical to JavaScript's Duration:
+//
+// https://tc39.es/proposal-temporal/#prod-Duration
+//
+// We follow JavaScript's grammar as JSON itself is derived from JavaScript.
+// The Temporal.Duration.toJSON method is guaranteed to produce an output
+// that can be parsed by this function so long as arithmetic in JavaScript
+// do not use a largestUnit value higher than "hours" (which is the default).
+// Even if it does, this will do a best-effort parsing with inaccurate units,
+// but report [errInaccurateDateUnits].
+func parseDurationISO8601(b []byte) (time.Duration, error) {
+ var invalid, overflow, inaccurate, sawFrac bool
+ var sumNanos, n, co uint64
+
+ // cutBytes is like [bytes.Cut], but uses either c0 or c1 as the separator.
+ cutBytes := func(b []byte, c0, c1 byte) (prefix, suffix []byte, ok bool) {
+ for i, c := range b {
+ if c == c0 || c == c1 {
+ return b[:i], b[i+1:], true
+ }
+ }
+ return b, nil, false
+ }
+
+ // mayParseUnit attempts to parse another date or time number
+ // identified by the desHi and desLo unit characters.
+ // If the part is absent for current unit, it returns b as is.
+ mayParseUnit := func(b []byte, desHi, desLo byte, unit time.Duration) []byte {
+ number, suffix, ok := cutBytes(b, desHi, desLo)
+ if !ok || sawFrac {
+ return b // designator is not present or already saw fraction, which can only be in the last component
+ }
+
+ // Parse the number.
+ // A fraction allowed for the accurate units in the last part.
+ whole, frac, ok := cutBytes(number, '.', ',')
+ if ok {
+ sawFrac = true
+ invalid = invalid || len(frac) == len("") || unit > time.Hour
+ if unit == time.Second {
+ n, ok = parsePaddedBase10(frac, uint64(time.Second))
+ invalid = invalid || !ok
+ } else {
+ f, err := strconv.ParseFloat("0."+string(frac), 64)
+ invalid = invalid || err != nil || len(bytes.Trim(frac[len("."):], "0123456789")) > 0
+ n = uint64(math.Round(f * float64(unit))) // never overflows since f is within [0..1]
+ }
+ sumNanos, co = bits.Add64(sumNanos, n, 0) // overflow if co > 0
+ overflow = overflow || co > 0
+ }
+ for len(whole) > 1 && whole[0] == '0' {
+ whole = whole[len("0"):] // trim leading zeros
+ }
+ n, ok := jsonwire.ParseUint(whole) // overflow if !ok && MaxUint64
+ hi, lo := bits.Mul64(n, uint64(unit)) // overflow if hi > 0
+ sumNanos, co = bits.Add64(sumNanos, lo, 0) // overflow if co > 0
+ invalid = invalid || (!ok && n != math.MaxUint64)
+ overflow = overflow || (!ok && n == math.MaxUint64) || hi > 0 || co > 0
+ inaccurate = inaccurate || unit > time.Hour
+ return suffix
+ }
+
+ suffix, neg := consumeSign(b, true)
+ prefix, suffix, okP := cutBytes(suffix, 'P', 'p')
+ durDate, durTime, okT := cutBytes(suffix, 'T', 't')
+ invalid = invalid || len(prefix) > 0 || !okP || (okT && len(durTime) == 0) || len(durDate)+len(durTime) == 0
+ if len(durDate) > 0 { // nominal portion of the duration
+ durDate = mayParseUnit(durDate, 'Y', 'y', time.Duration(daysPerYear*24*60*60*1e9))
+ durDate = mayParseUnit(durDate, 'M', 'm', time.Duration(daysPerYear/12*24*60*60*1e9))
+ durDate = mayParseUnit(durDate, 'W', 'w', time.Duration(7*24*60*60*1e9))
+ durDate = mayParseUnit(durDate, 'D', 'd', time.Duration(24*60*60*1e9))
+ invalid = invalid || len(durDate) > 0 // unknown elements
+ }
+ if len(durTime) > 0 { // accurate portion of the duration
+ durTime = mayParseUnit(durTime, 'H', 'h', time.Duration(60*60*1e9))
+ durTime = mayParseUnit(durTime, 'M', 'm', time.Duration(60*1e9))
+ durTime = mayParseUnit(durTime, 'S', 's', time.Duration(1e9))
+ invalid = invalid || len(durTime) > 0 // unknown elements
+ }
+ d := mayApplyDurationSign(sumNanos, neg)
+ overflow = overflow || (neg != (d < 0) && d != 0) // overflows signed duration
+
+ switch {
+ case invalid:
+ return 0, fmt.Errorf("invalid ISO 8601 duration %q: %w", b, strconv.ErrSyntax)
+ case overflow:
+ return 0, fmt.Errorf("invalid ISO 8601 duration %q: %w", b, strconv.ErrRange)
+ case inaccurate:
+ return d, fmt.Errorf("invalid ISO 8601 duration %q: %w", b, errInaccurateDateUnits)
+ default:
+ return d, nil
+ }
+}
+
+// mayAppendDurationSign appends a negative sign if n is negative.
+func mayAppendDurationSign(b []byte, d time.Duration) ([]byte, uint64) {
+ if d < 0 {
+ b = append(b, '-')
+ d *= -1
+ }
+ return b, uint64(d)
+}
+
+// mayApplyDurationSign inverts n if neg is specified.
+func mayApplyDurationSign(n uint64, neg bool) time.Duration {
+ if neg {
+ return -1 * time.Duration(n)
+ } else {
+ return +1 * time.Duration(n)
+ }
+}
+
+// appendTimeUnix appends t formatted as a decimal fractional number,
+// where pow10 is a power-of-10 used to scale up the number.
+func appendTimeUnix(b []byte, t time.Time, pow10 uint64) []byte {
+ sec, nsec := t.Unix(), int64(t.Nanosecond())
+ if sec < 0 {
+ b = append(b, '-')
+ sec, nsec = negateSecNano(sec, nsec)
+ }
+ switch {
+ case pow10 == 1e0: // fast case where units is in seconds
+ b = strconv.AppendUint(b, uint64(sec), 10)
+ return appendFracBase10(b, uint64(nsec), 1e9)
+ case uint64(sec) < 1e9: // intermediate case where units is not seconds, but no overflow
+ b = strconv.AppendUint(b, uint64(sec)*uint64(pow10)+uint64(uint64(nsec)/(1e9/pow10)), 10)
+ return appendFracBase10(b, (uint64(nsec)*pow10)%1e9, 1e9)
+ default: // slow case where units is not seconds and overflow would occur
+ b = strconv.AppendUint(b, uint64(sec), 10)
+ b = appendPaddedBase10(b, uint64(nsec)/(1e9/pow10), pow10)
+ return appendFracBase10(b, (uint64(nsec)*pow10)%1e9, 1e9)
+ }
+}
+
+// parseTimeUnix parses t formatted as a decimal fractional number,
+// where pow10 is a power-of-10 used to scale down the number.
+func parseTimeUnix(b []byte, pow10 uint64) (time.Time, error) {
+ suffix, neg := consumeSign(b, false) // consume sign
+ wholeBytes, fracBytes := bytesCutByte(suffix, '.', true) // consume whole and frac fields
+ whole, okWhole := jsonwire.ParseUint(wholeBytes) // parse whole field; may overflow
+ frac, okFrac := parseFracBase10(fracBytes, 1e9/pow10) // parse frac field
+ var sec, nsec int64
+ switch {
+ case pow10 == 1e0: // fast case where units is in seconds
+ sec = int64(whole) // check overflow later after negation
+ nsec = int64(frac) // cannot overflow
+ case okWhole: // intermediate case where units is not seconds, but no overflow
+ sec = int64(whole / pow10) // check overflow later after negation
+ nsec = int64((whole%pow10)*(1e9/pow10) + frac) // cannot overflow
+ case !okWhole && whole == math.MaxUint64: // slow case where units is not seconds and overflow occurred
+ width := int(math.Log10(float64(pow10))) // compute len(strconv.Itoa(pow10-1))
+ whole, okWhole = jsonwire.ParseUint(wholeBytes[:len(wholeBytes)-width]) // parse the upper whole field
+ mid, _ := parsePaddedBase10(wholeBytes[len(wholeBytes)-width:], pow10) // parse the lower whole field
+ sec = int64(whole) // check overflow later after negation
+ nsec = int64(mid*(1e9/pow10) + frac) // cannot overflow
+ }
+ if neg {
+ sec, nsec = negateSecNano(sec, nsec)
+ }
+ switch t := time.Unix(sec, nsec).UTC(); {
+ case (!okWhole && whole != math.MaxUint64) || !okFrac:
+ return time.Time{}, fmt.Errorf("invalid time %q: %w", b, strconv.ErrSyntax)
+ case !okWhole || neg != (t.Unix() < 0):
+ return time.Time{}, fmt.Errorf("invalid time %q: %w", b, strconv.ErrRange)
+ default:
+ return t, nil
+ }
+}
+
+// negateSecNano negates a Unix timestamp, where nsec must be within [0, 1e9).
+func negateSecNano(sec, nsec int64) (int64, int64) {
+ sec = ^sec // twos-complement negation (i.e., -1*sec + 1)
+ nsec = -nsec + 1e9 // negate nsec and add 1e9 (which is the extra +1 from sec negation)
+ sec += int64(nsec / 1e9) // handle possible overflow of nsec if it started as zero
+ nsec %= 1e9 // ensure nsec stays within [0, 1e9)
+ return sec, nsec
+}
+
+// appendFracBase10 appends the fraction of n/max10,
+// where max10 is a power-of-10 that is larger than n.
+func appendFracBase10(b []byte, n, max10 uint64) []byte {
+ if n == 0 {
+ return b
+ }
+ return bytes.TrimRight(appendPaddedBase10(append(b, '.'), n, max10), "0")
+}
+
+// parseFracBase10 parses the fraction of n/max10,
+// where max10 is a power-of-10 that is larger than n.
+func parseFracBase10(b []byte, max10 uint64) (n uint64, ok bool) {
+ switch {
+ case len(b) == 0:
+ return 0, true
+ case len(b) < len(".0") || b[0] != '.':
+ return 0, false
+ }
+ return parsePaddedBase10(b[len("."):], max10)
+}
+
+// appendPaddedBase10 appends a zero-padded encoding of n,
+// where max10 is a power-of-10 that is larger than n.
+func appendPaddedBase10(b []byte, n, max10 uint64) []byte {
+ if n < max10/10 {
+ // Formatting of n is shorter than log10(max10),
+ // so add max10/10 to ensure the length is equal to log10(max10).
+ i := len(b)
+ b = strconv.AppendUint(b, n+max10/10, 10)
+ b[i]-- // subtract the addition of max10/10
+ return b
+ }
+ return strconv.AppendUint(b, n, 10)
+}
+
+// parsePaddedBase10 parses b as the zero-padded encoding of n,
+// where max10 is a power-of-10 that is larger than n.
+// Truncated suffix is treated as implicit zeros.
+// Extended suffix is ignored, but verified to contain only digits.
+func parsePaddedBase10(b []byte, max10 uint64) (n uint64, ok bool) {
+ pow10 := uint64(1)
+ for pow10 < max10 {
+ n *= 10
+ if len(b) > 0 {
+ if b[0] < '0' || '9' < b[0] {
+ return n, false
}
+ n += uint64(b[0] - '0')
+ b = b[1:]
+ }
+ pow10 *= 10
+ }
+ if len(b) > 0 && len(bytes.TrimRight(b, "0123456789")) > 0 {
+ return n, false // trailing characters are not digits
+ }
+ return n, true
+}
+
+// consumeSign consumes an optional leading negative or positive sign.
+func consumeSign(b []byte, allowPlus bool) ([]byte, bool) {
+ if len(b) > 0 {
+ if b[0] == '-' {
+ return b[len("-"):], true
+ } else if b[0] == '+' && allowPlus {
+ return b[len("+"):], false
+ }
+ }
+ return b, false
+}
+
+// bytesCutByte is similar to bytes.Cut(b, []byte{c}),
+// except c may optionally be included as part of the suffix.
+func bytesCutByte(b []byte, c byte, include bool) ([]byte, []byte) {
+ if i := bytes.IndexByte(b, c); i >= 0 {
+ if include {
+ return b[:i], b[i:]
}
+ return b[:i], b[i+1:]
}
- return format, false, nil
+ return b, nil
}
// parseDec2 parses b as an unsigned, base-10, 2-digit number.
-// It panics if len(b) < 2. The result is undefined if digits are not base-10.
+// The result is undefined if digits are not base-10.
func parseDec2(b []byte) byte {
+ if len(b) < 2 {
+ return 0
+ }
return 10*(b[0]-'0') + (b[1] - '0')
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/decode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/decode.go
deleted file mode 100644
index 0d68b3233..000000000
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/decode.go
+++ /dev/null
@@ -1,1655 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package json
-
-import (
- "bytes"
- "errors"
- "io"
- "math"
- "strconv"
- "unicode/utf16"
- "unicode/utf8"
-)
-
-// NOTE: The logic for decoding is complicated by the fact that reading from
-// an io.Reader into a temporary buffer means that the buffer may contain a
-// truncated portion of some valid input, requiring the need to fetch more data.
-//
-// This file is structured in the following way:
-//
-// - consumeXXX functions parse an exact JSON token from a []byte.
-// If the buffer appears truncated, then it returns io.ErrUnexpectedEOF.
-// The consumeSimpleXXX functions are so named because they only handle
-// a subset of the grammar for the JSON token being parsed.
-// They do not handle the full grammar to keep these functions inlineable.
-//
-// - Decoder.consumeXXX methods parse the next JSON token from Decoder.buf,
-// automatically fetching more input if necessary. These methods take
-// a position relative to the start of Decoder.buf as an argument and
-// return the end of the consumed JSON token as a position,
-// also relative to the start of Decoder.buf.
-//
-// - In the event of an I/O errors or state machine violations,
-// the implementation avoids mutating the state of Decoder
-// (aside from the book-keeping needed to implement Decoder.fetch).
-// For this reason, only Decoder.ReadToken and Decoder.ReadValue are
-// responsible for updated Decoder.prevStart and Decoder.prevEnd.
-//
-// - For performance, much of the implementation uses the pattern of calling
-// the inlineable consumeXXX functions first, and if more work is necessary,
-// then it calls the slower Decoder.consumeXXX methods.
-// TODO: Revisit this pattern if the Go compiler provides finer control
-// over exactly which calls are inlined or not.
-
-// DecodeOptions configures how JSON decoding operates.
-// The zero value is equivalent to the default settings,
-// which is compliant with both RFC 7493 and RFC 8259.
-type DecodeOptions struct {
- requireKeyedLiterals
- nonComparable
-
- // AllowDuplicateNames specifies that JSON objects may contain
- // duplicate member names. Disabling the duplicate name check may provide
- // computational and performance benefits, but breaks compliance with
- // RFC 7493, section 2.3. The input will still be compliant with RFC 8259,
- // which leaves the handling of duplicate names as unspecified behavior.
- AllowDuplicateNames bool
-
- // AllowInvalidUTF8 specifies that JSON strings may contain invalid UTF-8,
- // which will be mangled as the Unicode replacement character, U+FFFD.
- // This causes the decoder to break compliance with
- // RFC 7493, section 2.1, and RFC 8259, section 8.1.
- AllowInvalidUTF8 bool
-}
-
-// Decoder is a streaming decoder for raw JSON tokens and values.
-// It is used to read a stream of top-level JSON values,
-// each separated by optional whitespace characters.
-//
-// ReadToken and ReadValue calls may be interleaved.
-// For example, the following JSON value:
-//
-// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}}
-//
-// can be parsed with the following calls (ignoring errors for brevity):
-//
-// d.ReadToken() // {
-// d.ReadToken() // "name"
-// d.ReadToken() // "value"
-// d.ReadValue() // "array"
-// d.ReadToken() // [
-// d.ReadToken() // null
-// d.ReadToken() // false
-// d.ReadValue() // true
-// d.ReadToken() // 3.14159
-// d.ReadToken() // ]
-// d.ReadValue() // "object"
-// d.ReadValue() // {"k":"v"}
-// d.ReadToken() // }
-//
-// The above is one of many possible sequence of calls and
-// may not represent the most sensible method to call for any given token/value.
-// For example, it is probably more common to call ReadToken to obtain a
-// string token for object names.
-type Decoder struct {
- state
- decodeBuffer
- options DecodeOptions
-
- stringCache *stringCache // only used when unmarshaling
-}
-
-// decodeBuffer is a buffer split into 4 segments:
-//
-// - buf[0:prevEnd] // already read portion of the buffer
-// - buf[prevStart:prevEnd] // previously read value
-// - buf[prevEnd:len(buf)] // unread portion of the buffer
-// - buf[len(buf):cap(buf)] // unused portion of the buffer
-//
-// Invariants:
-//
-// 0 ≤ prevStart ≤ prevEnd ≤ len(buf) ≤ cap(buf)
-type decodeBuffer struct {
- peekPos int // non-zero if valid offset into buf for start of next token
- peekErr error // implies peekPos is -1
-
- buf []byte // may alias rd if it is a bytes.Buffer
- prevStart int
- prevEnd int
-
- // baseOffset is added to prevStart and prevEnd to obtain
- // the absolute offset relative to the start of io.Reader stream.
- baseOffset int64
-
- rd io.Reader
-}
-
-// NewDecoder constructs a new streaming decoder reading from r.
-//
-// If r is a bytes.Buffer, then the decoder parses directly from the buffer
-// without first copying the contents to an intermediate buffer.
-// Additional writes to the buffer must not occur while the decoder is in use.
-func NewDecoder(r io.Reader) *Decoder {
- return DecodeOptions{}.NewDecoder(r)
-}
-
-// NewDecoder constructs a new streaming decoder reading from r
-// configured with the provided options.
-func (o DecodeOptions) NewDecoder(r io.Reader) *Decoder {
- d := new(Decoder)
- o.ResetDecoder(d, r)
- return d
-}
-
-// ResetDecoder resets a decoder such that it is reading afresh from r and
-// configured with the provided options.
-func (o DecodeOptions) ResetDecoder(d *Decoder, r io.Reader) {
- if d == nil {
- panic("json: invalid nil Decoder")
- }
- if r == nil {
- panic("json: invalid nil io.Reader")
- }
- d.reset(nil, r, o)
-}
-
-func (d *Decoder) reset(b []byte, r io.Reader, o DecodeOptions) {
- d.state.reset()
- d.decodeBuffer = decodeBuffer{buf: b, rd: r}
- d.options = o
-}
-
-// Reset resets a decoder such that it is reading afresh from r but
-// keep any pre-existing decoder options.
-func (d *Decoder) Reset(r io.Reader) {
- d.options.ResetDecoder(d, r)
-}
-
-var errBufferWriteAfterNext = errors.New("invalid bytes.Buffer.Write call after calling bytes.Buffer.Next")
-
-// fetch reads at least 1 byte from the underlying io.Reader.
-// It returns io.ErrUnexpectedEOF if zero bytes were read and io.EOF was seen.
-func (d *Decoder) fetch() error {
- if d.rd == nil {
- return io.ErrUnexpectedEOF
- }
-
- // Inform objectNameStack that we are about to fetch new buffer content.
- d.names.copyQuotedBuffer(d.buf)
-
- // Specialize bytes.Buffer for better performance.
- if bb, ok := d.rd.(*bytes.Buffer); ok {
- switch {
- case bb.Len() == 0:
- return io.ErrUnexpectedEOF
- case len(d.buf) == 0:
- d.buf = bb.Next(bb.Len()) // "read" all data in the buffer
- return nil
- default:
- // This only occurs if a partially filled bytes.Buffer was provided
- // and more data is written to it while Decoder is reading from it.
- // This practice will lead to data corruption since future writes
- // may overwrite the contents of the current buffer.
- //
- // The user is trying to use a bytes.Buffer as a pipe,
- // but a bytes.Buffer is poor implementation of a pipe,
- // the purpose-built io.Pipe should be used instead.
- return &ioError{action: "read", err: errBufferWriteAfterNext}
- }
- }
-
- // Allocate initial buffer if empty.
- if cap(d.buf) == 0 {
- d.buf = make([]byte, 0, 64)
- }
-
- // Check whether to grow the buffer.
- const maxBufferSize = 4 << 10
- const growthSizeFactor = 2 // higher value is faster
- const growthRateFactor = 2 // higher value is slower
- // By default, grow if below the maximum buffer size.
- grow := cap(d.buf) <= maxBufferSize/growthSizeFactor
- // Growing can be expensive, so only grow
- // if a sufficient number of bytes have been processed.
- grow = grow && int64(cap(d.buf)) < d.previousOffsetEnd()/growthRateFactor
- // If prevStart==0, then fetch was called in order to fetch more data
- // to finish consuming a large JSON value contiguously.
- // Grow if less than 25% of the remaining capacity is available.
- // Note that this may cause the input buffer to exceed maxBufferSize.
- grow = grow || (d.prevStart == 0 && len(d.buf) >= 3*cap(d.buf)/4)
-
- if grow {
- // Allocate a new buffer and copy the contents of the old buffer over.
- // TODO: Provide a hard limit on the maximum internal buffer size?
- buf := make([]byte, 0, cap(d.buf)*growthSizeFactor)
- d.buf = append(buf, d.buf[d.prevStart:]...)
- } else {
- // Move unread portion of the data to the front.
- n := copy(d.buf[:cap(d.buf)], d.buf[d.prevStart:])
- d.buf = d.buf[:n]
- }
- d.baseOffset += int64(d.prevStart)
- d.prevEnd -= d.prevStart
- d.prevStart = 0
-
- // Read more data into the internal buffer.
- for {
- n, err := d.rd.Read(d.buf[len(d.buf):cap(d.buf)])
- switch {
- case n > 0:
- d.buf = d.buf[:len(d.buf)+n]
- return nil // ignore errors if any bytes are read
- case err == io.EOF:
- return io.ErrUnexpectedEOF
- case err != nil:
- return &ioError{action: "read", err: err}
- default:
- continue // Read returned (0, nil)
- }
- }
-}
-
-const invalidateBufferByte = '#' // invalid starting character for JSON grammar
-
-// invalidatePreviousRead invalidates buffers returned by Peek and Read calls
-// so that the first byte is an invalid character.
-// This Hyrum-proofs the API against faulty application code that assumes
-// values returned by ReadValue remain valid past subsequent Read calls.
-func (d *decodeBuffer) invalidatePreviousRead() {
- // Avoid mutating the buffer if d.rd is nil which implies that d.buf
- // is provided by the user code and may not expect mutations.
- isBytesBuffer := func(r io.Reader) bool {
- _, ok := r.(*bytes.Buffer)
- return ok
- }
- if d.rd != nil && !isBytesBuffer(d.rd) && d.prevStart < d.prevEnd && uint(d.prevStart) < uint(len(d.buf)) {
- d.buf[d.prevStart] = invalidateBufferByte
- d.prevStart = d.prevEnd
- }
-}
-
-// needMore reports whether there are no more unread bytes.
-func (d *decodeBuffer) needMore(pos int) bool {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- return pos == len(d.buf)
-}
-
-// injectSyntacticErrorWithPosition wraps a SyntacticError with the position,
-// otherwise it returns the error as is.
-// It takes a position relative to the start of the start of d.buf.
-func (d *decodeBuffer) injectSyntacticErrorWithPosition(err error, pos int) error {
- if serr, ok := err.(*SyntacticError); ok {
- return serr.withOffset(d.baseOffset + int64(pos))
- }
- return err
-}
-
-func (d *decodeBuffer) previousOffsetStart() int64 { return d.baseOffset + int64(d.prevStart) }
-func (d *decodeBuffer) previousOffsetEnd() int64 { return d.baseOffset + int64(d.prevEnd) }
-func (d *decodeBuffer) previousBuffer() []byte { return d.buf[d.prevStart:d.prevEnd] }
-func (d *decodeBuffer) unreadBuffer() []byte { return d.buf[d.prevEnd:len(d.buf)] }
-
-// PeekKind retrieves the next token kind, but does not advance the read offset.
-// It returns 0 if there are no more tokens.
-func (d *Decoder) PeekKind() Kind {
- // Check whether we have a cached peek result.
- if d.peekPos > 0 {
- return Kind(d.buf[d.peekPos]).normalize()
- }
-
- var err error
- d.invalidatePreviousRead()
- pos := d.prevEnd
-
- // Consume leading whitespace.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- if err == io.ErrUnexpectedEOF && d.tokens.depth() == 1 {
- err = io.EOF // EOF possibly if no Tokens present after top-level value
- }
- d.peekPos, d.peekErr = -1, err
- return invalidKind
- }
- }
-
- // Consume colon or comma.
- var delim byte
- if c := d.buf[pos]; c == ':' || c == ',' {
- delim = c
- pos += 1
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- d.peekPos, d.peekErr = -1, err
- return invalidKind
- }
- }
- }
- next := Kind(d.buf[pos]).normalize()
- if d.tokens.needDelim(next) != delim {
- pos = d.prevEnd // restore position to right after leading whitespace
- pos += consumeWhitespace(d.buf[pos:])
- err = d.tokens.checkDelim(delim, next)
- err = d.injectSyntacticErrorWithPosition(err, pos)
- d.peekPos, d.peekErr = -1, err
- return invalidKind
- }
-
- // This may set peekPos to zero, which is indistinguishable from
- // the uninitialized state. While a small hit to performance, it is correct
- // since ReadValue and ReadToken will disregard the cached result and
- // recompute the next kind.
- d.peekPos, d.peekErr = pos, nil
- return next
-}
-
-// SkipValue is semantically equivalent to calling ReadValue and discarding
-// the result except that memory is not wasted trying to hold the entire result.
-func (d *Decoder) SkipValue() error {
- switch d.PeekKind() {
- case '{', '[':
- // For JSON objects and arrays, keep skipping all tokens
- // until the depth matches the starting depth.
- depth := d.tokens.depth()
- for {
- if _, err := d.ReadToken(); err != nil {
- return err
- }
- if depth >= d.tokens.depth() {
- return nil
- }
- }
- default:
- // Trying to skip a value when the next token is a '}' or ']'
- // will result in an error being returned here.
- if _, err := d.ReadValue(); err != nil {
- return err
- }
- return nil
- }
-}
-
-// ReadToken reads the next Token, advancing the read offset.
-// The returned token is only valid until the next Peek, Read, or Skip call.
-// It returns io.EOF if there are no more tokens.
-func (d *Decoder) ReadToken() (Token, error) {
- // Determine the next kind.
- var err error
- var next Kind
- pos := d.peekPos
- if pos != 0 {
- // Use cached peek result.
- if d.peekErr != nil {
- err := d.peekErr
- d.peekPos, d.peekErr = 0, nil // possibly a transient I/O error
- return Token{}, err
- }
- next = Kind(d.buf[pos]).normalize()
- d.peekPos = 0 // reset cache
- } else {
- d.invalidatePreviousRead()
- pos = d.prevEnd
-
- // Consume leading whitespace.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- if err == io.ErrUnexpectedEOF && d.tokens.depth() == 1 {
- err = io.EOF // EOF possibly if no Tokens present after top-level value
- }
- return Token{}, err
- }
- }
-
- // Consume colon or comma.
- var delim byte
- if c := d.buf[pos]; c == ':' || c == ',' {
- delim = c
- pos += 1
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- return Token{}, err
- }
- }
- }
- next = Kind(d.buf[pos]).normalize()
- if d.tokens.needDelim(next) != delim {
- pos = d.prevEnd // restore position to right after leading whitespace
- pos += consumeWhitespace(d.buf[pos:])
- err = d.tokens.checkDelim(delim, next)
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
- }
-
- // Handle the next token.
- var n int
- switch next {
- case 'n':
- if consumeNull(d.buf[pos:]) == 0 {
- pos, err = d.consumeLiteral(pos, "null")
- if err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
- } else {
- pos += len("null")
- }
- if err = d.tokens.appendLiteral(); err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos-len("null")) // report position at start of literal
- }
- d.prevStart, d.prevEnd = pos, pos
- return Null, nil
-
- case 'f':
- if consumeFalse(d.buf[pos:]) == 0 {
- pos, err = d.consumeLiteral(pos, "false")
- if err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
- } else {
- pos += len("false")
- }
- if err = d.tokens.appendLiteral(); err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos-len("false")) // report position at start of literal
- }
- d.prevStart, d.prevEnd = pos, pos
- return False, nil
-
- case 't':
- if consumeTrue(d.buf[pos:]) == 0 {
- pos, err = d.consumeLiteral(pos, "true")
- if err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
- } else {
- pos += len("true")
- }
- if err = d.tokens.appendLiteral(); err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos-len("true")) // report position at start of literal
- }
- d.prevStart, d.prevEnd = pos, pos
- return True, nil
-
- case '"':
- var flags valueFlags // TODO: Preserve this in Token?
- if n = consumeSimpleString(d.buf[pos:]); n == 0 {
- oldAbsPos := d.baseOffset + int64(pos)
- pos, err = d.consumeString(&flags, pos)
- newAbsPos := d.baseOffset + int64(pos)
- n = int(newAbsPos - oldAbsPos)
- if err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
- } else {
- pos += n
- }
- if !d.options.AllowDuplicateNames && d.tokens.last.needObjectName() {
- if !d.tokens.last.isValidNamespace() {
- return Token{}, errInvalidNamespace
- }
- if d.tokens.last.isActiveNamespace() && !d.namespaces.last().insertQuoted(d.buf[pos-n:pos], flags.isVerbatim()) {
- err = &SyntacticError{str: "duplicate name " + string(d.buf[pos-n:pos]) + " in object"}
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos-n) // report position at start of string
- }
- d.names.replaceLastQuotedOffset(pos - n) // only replace if insertQuoted succeeds
- }
- if err = d.tokens.appendString(); err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos-n) // report position at start of string
- }
- d.prevStart, d.prevEnd = pos-n, pos
- return Token{raw: &d.decodeBuffer, num: uint64(d.previousOffsetStart())}, nil
-
- case '0':
- // NOTE: Since JSON numbers are not self-terminating,
- // we need to make sure that the next byte is not part of a number.
- if n = consumeSimpleNumber(d.buf[pos:]); n == 0 || d.needMore(pos+n) {
- oldAbsPos := d.baseOffset + int64(pos)
- pos, err = d.consumeNumber(pos)
- newAbsPos := d.baseOffset + int64(pos)
- n = int(newAbsPos - oldAbsPos)
- if err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
- } else {
- pos += n
- }
- if err = d.tokens.appendNumber(); err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos-n) // report position at start of number
- }
- d.prevStart, d.prevEnd = pos-n, pos
- return Token{raw: &d.decodeBuffer, num: uint64(d.previousOffsetStart())}, nil
-
- case '{':
- if err = d.tokens.pushObject(); err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
- if !d.options.AllowDuplicateNames {
- d.names.push()
- d.namespaces.push()
- }
- pos += 1
- d.prevStart, d.prevEnd = pos, pos
- return ObjectStart, nil
-
- case '}':
- if err = d.tokens.popObject(); err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
- if !d.options.AllowDuplicateNames {
- d.names.pop()
- d.namespaces.pop()
- }
- pos += 1
- d.prevStart, d.prevEnd = pos, pos
- return ObjectEnd, nil
-
- case '[':
- if err = d.tokens.pushArray(); err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
- pos += 1
- d.prevStart, d.prevEnd = pos, pos
- return ArrayStart, nil
-
- case ']':
- if err = d.tokens.popArray(); err != nil {
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
- pos += 1
- d.prevStart, d.prevEnd = pos, pos
- return ArrayEnd, nil
-
- default:
- err = newInvalidCharacterError(d.buf[pos:], "at start of token")
- return Token{}, d.injectSyntacticErrorWithPosition(err, pos)
- }
-}
-
-type valueFlags uint
-
-const (
- _ valueFlags = (1 << iota) / 2 // powers of two starting with zero
-
- stringNonVerbatim // string cannot be naively treated as valid UTF-8
- stringNonCanonical // string not formatted according to RFC 8785, section 3.2.2.2.
- // TODO: Track whether a number is a non-integer?
-)
-
-func (f *valueFlags) set(f2 valueFlags) { *f |= f2 }
-func (f valueFlags) isVerbatim() bool { return f&stringNonVerbatim == 0 }
-func (f valueFlags) isCanonical() bool { return f&stringNonCanonical == 0 }
-
-// ReadValue returns the next raw JSON value, advancing the read offset.
-// The value is stripped of any leading or trailing whitespace.
-// The returned value is only valid until the next Peek, Read, or Skip call and
-// may not be mutated while the Decoder remains in use.
-// If the decoder is currently at the end token for an object or array,
-// then it reports a SyntacticError and the internal state remains unchanged.
-// It returns io.EOF if there are no more values.
-func (d *Decoder) ReadValue() (RawValue, error) {
- var flags valueFlags
- return d.readValue(&flags)
-}
-func (d *Decoder) readValue(flags *valueFlags) (RawValue, error) {
- // Determine the next kind.
- var err error
- var next Kind
- pos := d.peekPos
- if pos != 0 {
- // Use cached peek result.
- if d.peekErr != nil {
- err := d.peekErr
- d.peekPos, d.peekErr = 0, nil // possibly a transient I/O error
- return nil, err
- }
- next = Kind(d.buf[pos]).normalize()
- d.peekPos = 0 // reset cache
- } else {
- d.invalidatePreviousRead()
- pos = d.prevEnd
-
- // Consume leading whitespace.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- if err == io.ErrUnexpectedEOF && d.tokens.depth() == 1 {
- err = io.EOF // EOF possibly if no Tokens present after top-level value
- }
- return nil, err
- }
- }
-
- // Consume colon or comma.
- var delim byte
- if c := d.buf[pos]; c == ':' || c == ',' {
- delim = c
- pos += 1
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- return nil, err
- }
- }
- }
- next = Kind(d.buf[pos]).normalize()
- if d.tokens.needDelim(next) != delim {
- pos = d.prevEnd // restore position to right after leading whitespace
- pos += consumeWhitespace(d.buf[pos:])
- err = d.tokens.checkDelim(delim, next)
- return nil, d.injectSyntacticErrorWithPosition(err, pos)
- }
- }
-
- // Handle the next value.
- oldAbsPos := d.baseOffset + int64(pos)
- pos, err = d.consumeValue(flags, pos)
- newAbsPos := d.baseOffset + int64(pos)
- n := int(newAbsPos - oldAbsPos)
- if err != nil {
- return nil, d.injectSyntacticErrorWithPosition(err, pos)
- }
- switch next {
- case 'n', 't', 'f':
- err = d.tokens.appendLiteral()
- case '"':
- if !d.options.AllowDuplicateNames && d.tokens.last.needObjectName() {
- if !d.tokens.last.isValidNamespace() {
- err = errInvalidNamespace
- break
- }
- if d.tokens.last.isActiveNamespace() && !d.namespaces.last().insertQuoted(d.buf[pos-n:pos], flags.isVerbatim()) {
- err = &SyntacticError{str: "duplicate name " + string(d.buf[pos-n:pos]) + " in object"}
- break
- }
- d.names.replaceLastQuotedOffset(pos - n) // only replace if insertQuoted succeeds
- }
- err = d.tokens.appendString()
- case '0':
- err = d.tokens.appendNumber()
- case '{':
- if err = d.tokens.pushObject(); err != nil {
- break
- }
- if err = d.tokens.popObject(); err != nil {
- panic("BUG: popObject should never fail immediately after pushObject: " + err.Error())
- }
- case '[':
- if err = d.tokens.pushArray(); err != nil {
- break
- }
- if err = d.tokens.popArray(); err != nil {
- panic("BUG: popArray should never fail immediately after pushArray: " + err.Error())
- }
- }
- if err != nil {
- return nil, d.injectSyntacticErrorWithPosition(err, pos-n) // report position at start of value
- }
- d.prevEnd = pos
- d.prevStart = pos - n
- return d.buf[pos-n : pos : pos], nil
-}
-
-// checkEOF verifies that the input has no more data.
-func (d *Decoder) checkEOF() error {
- switch pos, err := d.consumeWhitespace(d.prevEnd); err {
- case nil:
- return newInvalidCharacterError(d.buf[pos:], "after top-level value")
- case io.ErrUnexpectedEOF:
- return nil
- default:
- return err
- }
-}
-
-// consumeWhitespace consumes all whitespace starting at d.buf[pos:].
-// It returns the new position in d.buf immediately after the last whitespace.
-// If it returns nil, there is guaranteed to at least be one unread byte.
-//
-// The following pattern is common in this implementation:
-//
-// pos += consumeWhitespace(d.buf[pos:])
-// if d.needMore(pos) {
-// if pos, err = d.consumeWhitespace(pos); err != nil {
-// return ...
-// }
-// }
-//
-// It is difficult to simplify this without sacrificing performance since
-// consumeWhitespace must be inlined. The body of the if statement is
-// executed only in rare situations where we need to fetch more data.
-// Since fetching may return an error, we also need to check the error.
-func (d *Decoder) consumeWhitespace(pos int) (newPos int, err error) {
- for {
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- absPos := d.baseOffset + int64(pos)
- err = d.fetch() // will mutate d.buf and invalidate pos
- pos = int(absPos - d.baseOffset)
- if err != nil {
- return pos, err
- }
- continue
- }
- return pos, nil
- }
-}
-
-// consumeValue consumes a single JSON value starting at d.buf[pos:].
-// It returns the new position in d.buf immediately after the value.
-func (d *Decoder) consumeValue(flags *valueFlags, pos int) (newPos int, err error) {
- for {
- var n int
- var err error
- switch next := Kind(d.buf[pos]).normalize(); next {
- case 'n':
- if n = consumeNull(d.buf[pos:]); n == 0 {
- n, err = consumeLiteral(d.buf[pos:], "null")
- }
- case 'f':
- if n = consumeFalse(d.buf[pos:]); n == 0 {
- n, err = consumeLiteral(d.buf[pos:], "false")
- }
- case 't':
- if n = consumeTrue(d.buf[pos:]); n == 0 {
- n, err = consumeLiteral(d.buf[pos:], "true")
- }
- case '"':
- if n = consumeSimpleString(d.buf[pos:]); n == 0 {
- return d.consumeString(flags, pos)
- }
- case '0':
- // NOTE: Since JSON numbers are not self-terminating,
- // we need to make sure that the next byte is not part of a number.
- if n = consumeSimpleNumber(d.buf[pos:]); n == 0 || d.needMore(pos+n) {
- return d.consumeNumber(pos)
- }
- case '{':
- return d.consumeObject(flags, pos)
- case '[':
- return d.consumeArray(flags, pos)
- default:
- return pos, newInvalidCharacterError(d.buf[pos:], "at start of value")
- }
- if err == io.ErrUnexpectedEOF {
- absPos := d.baseOffset + int64(pos)
- err = d.fetch() // will mutate d.buf and invalidate pos
- pos = int(absPos - d.baseOffset)
- if err != nil {
- return pos, err
- }
- continue
- }
- return pos + n, err
- }
-}
-
-// consumeLiteral consumes a single JSON literal starting at d.buf[pos:].
-// It returns the new position in d.buf immediately after the literal.
-func (d *Decoder) consumeLiteral(pos int, lit string) (newPos int, err error) {
- for {
- n, err := consumeLiteral(d.buf[pos:], lit)
- if err == io.ErrUnexpectedEOF {
- absPos := d.baseOffset + int64(pos)
- err = d.fetch() // will mutate d.buf and invalidate pos
- pos = int(absPos - d.baseOffset)
- if err != nil {
- return pos, err
- }
- continue
- }
- return pos + n, err
- }
-}
-
-// consumeString consumes a single JSON string starting at d.buf[pos:].
-// It returns the new position in d.buf immediately after the string.
-func (d *Decoder) consumeString(flags *valueFlags, pos int) (newPos int, err error) {
- var n int
- for {
- n, err = consumeStringResumable(flags, d.buf[pos:], n, !d.options.AllowInvalidUTF8)
- if err == io.ErrUnexpectedEOF {
- absPos := d.baseOffset + int64(pos)
- err = d.fetch() // will mutate d.buf and invalidate pos
- pos = int(absPos - d.baseOffset)
- if err != nil {
- return pos, err
- }
- continue
- }
- return pos + n, err
- }
-}
-
-// consumeNumber consumes a single JSON number starting at d.buf[pos:].
-// It returns the new position in d.buf immediately after the number.
-func (d *Decoder) consumeNumber(pos int) (newPos int, err error) {
- var n int
- var state consumeNumberState
- for {
- n, state, err = consumeNumberResumable(d.buf[pos:], n, state)
- // NOTE: Since JSON numbers are not self-terminating,
- // we need to make sure that the next byte is not part of a number.
- if err == io.ErrUnexpectedEOF || d.needMore(pos+n) {
- mayTerminate := err == nil
- absPos := d.baseOffset + int64(pos)
- err = d.fetch() // will mutate d.buf and invalidate pos
- pos = int(absPos - d.baseOffset)
- if err != nil {
- if mayTerminate && err == io.ErrUnexpectedEOF {
- return pos + n, nil
- }
- return pos, err
- }
- continue
- }
- return pos + n, err
- }
-}
-
-// consumeObject consumes a single JSON object starting at d.buf[pos:].
-// It returns the new position in d.buf immediately after the object.
-func (d *Decoder) consumeObject(flags *valueFlags, pos int) (newPos int, err error) {
- var n int
- var names *objectNamespace
- if !d.options.AllowDuplicateNames {
- d.namespaces.push()
- defer d.namespaces.pop()
- names = d.namespaces.last()
- }
-
- // Handle before start.
- if d.buf[pos] != '{' {
- panic("BUG: consumeObject must be called with a buffer that starts with '{'")
- }
- pos++
-
- // Handle after start.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- return pos, err
- }
- }
- if d.buf[pos] == '}' {
- pos++
- return pos, nil
- }
-
- for {
- // Handle before name.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- return pos, err
- }
- }
- var flags2 valueFlags
- if n = consumeSimpleString(d.buf[pos:]); n == 0 {
- oldAbsPos := d.baseOffset + int64(pos)
- pos, err = d.consumeString(&flags2, pos)
- newAbsPos := d.baseOffset + int64(pos)
- n = int(newAbsPos - oldAbsPos)
- flags.set(flags2)
- if err != nil {
- return pos, err
- }
- } else {
- pos += n
- }
- if !d.options.AllowDuplicateNames && !names.insertQuoted(d.buf[pos-n:pos], flags2.isVerbatim()) {
- return pos - n, &SyntacticError{str: "duplicate name " + string(d.buf[pos-n:pos]) + " in object"}
- }
-
- // Handle after name.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- return pos, err
- }
- }
- if d.buf[pos] != ':' {
- return pos, newInvalidCharacterError(d.buf[pos:], "after object name (expecting ':')")
- }
- pos++
-
- // Handle before value.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- return pos, err
- }
- }
- pos, err = d.consumeValue(flags, pos)
- if err != nil {
- return pos, err
- }
-
- // Handle after value.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- return pos, err
- }
- }
- switch d.buf[pos] {
- case ',':
- pos++
- continue
- case '}':
- pos++
- return pos, nil
- default:
- return pos, newInvalidCharacterError(d.buf[pos:], "after object value (expecting ',' or '}')")
- }
- }
-}
-
-// consumeArray consumes a single JSON array starting at d.buf[pos:].
-// It returns the new position in d.buf immediately after the array.
-func (d *Decoder) consumeArray(flags *valueFlags, pos int) (newPos int, err error) {
- // Handle before start.
- if d.buf[pos] != '[' {
- panic("BUG: consumeArray must be called with a buffer that starts with '['")
- }
- pos++
-
- // Handle after start.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- return pos, err
- }
- }
- if d.buf[pos] == ']' {
- pos++
- return pos, nil
- }
-
- for {
- // Handle before value.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- return pos, err
- }
- }
- pos, err = d.consumeValue(flags, pos)
- if err != nil {
- return pos, err
- }
-
- // Handle after value.
- pos += consumeWhitespace(d.buf[pos:])
- if d.needMore(pos) {
- if pos, err = d.consumeWhitespace(pos); err != nil {
- return pos, err
- }
- }
- switch d.buf[pos] {
- case ',':
- pos++
- continue
- case ']':
- pos++
- return pos, nil
- default:
- return pos, newInvalidCharacterError(d.buf[pos:], "after array value (expecting ',' or ']')")
- }
- }
-}
-
-// InputOffset returns the current input byte offset. It gives the location
-// of the next byte immediately after the most recently returned token or value.
-// The number of bytes actually read from the underlying io.Reader may be more
-// than this offset due to internal buffering effects.
-func (d *Decoder) InputOffset() int64 {
- return d.previousOffsetEnd()
-}
-
-// UnreadBuffer returns the data remaining in the unread buffer,
-// which may contain zero or more bytes.
-// The returned buffer must not be mutated while Decoder continues to be used.
-// The buffer contents are valid until the next Peek, Read, or Skip call.
-func (d *Decoder) UnreadBuffer() []byte {
- return d.unreadBuffer()
-}
-
-// StackDepth returns the depth of the state machine for read JSON data.
-// Each level on the stack represents a nested JSON object or array.
-// It is incremented whenever an ObjectStart or ArrayStart token is encountered
-// and decremented whenever an ObjectEnd or ArrayEnd token is encountered.
-// The depth is zero-indexed, where zero represents the top-level JSON value.
-func (d *Decoder) StackDepth() int {
- // NOTE: Keep in sync with Encoder.StackDepth.
- return d.tokens.depth() - 1
-}
-
-// StackIndex returns information about the specified stack level.
-// It must be a number between 0 and StackDepth, inclusive.
-// For each level, it reports the kind:
-//
-// - 0 for a level of zero,
-// - '{' for a level representing a JSON object, and
-// - '[' for a level representing a JSON array.
-//
-// It also reports the length of that JSON object or array.
-// Each name and value in a JSON object is counted separately,
-// so the effective number of members would be half the length.
-// A complete JSON object must have an even length.
-func (d *Decoder) StackIndex(i int) (Kind, int) {
- // NOTE: Keep in sync with Encoder.StackIndex.
- switch s := d.tokens.index(i); {
- case i > 0 && s.isObject():
- return '{', s.length()
- case i > 0 && s.isArray():
- return '[', s.length()
- default:
- return 0, s.length()
- }
-}
-
-// StackPointer returns a JSON Pointer (RFC 6901) to the most recently read value.
-// Object names are only present if AllowDuplicateNames is false, otherwise
-// object members are represented using their index within the object.
-func (d *Decoder) StackPointer() string {
- d.names.copyQuotedBuffer(d.buf)
- return string(d.appendStackPointer(nil))
-}
-
-// consumeWhitespace consumes leading JSON whitespace per RFC 7159, section 2.
-func consumeWhitespace(b []byte) (n int) {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- for len(b) > n && (b[n] == ' ' || b[n] == '\t' || b[n] == '\r' || b[n] == '\n') {
- n++
- }
- return n
-}
-
-// consumeNull consumes the next JSON null literal per RFC 7159, section 3.
-// It returns 0 if it is invalid, in which case consumeLiteral should be used.
-func consumeNull(b []byte) int {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- const literal = "null"
- if len(b) >= len(literal) && string(b[:len(literal)]) == literal {
- return len(literal)
- }
- return 0
-}
-
-// consumeFalse consumes the next JSON false literal per RFC 7159, section 3.
-// It returns 0 if it is invalid, in which case consumeLiteral should be used.
-func consumeFalse(b []byte) int {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- const literal = "false"
- if len(b) >= len(literal) && string(b[:len(literal)]) == literal {
- return len(literal)
- }
- return 0
-}
-
-// consumeTrue consumes the next JSON true literal per RFC 7159, section 3.
-// It returns 0 if it is invalid, in which case consumeLiteral should be used.
-func consumeTrue(b []byte) int {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- const literal = "true"
- if len(b) >= len(literal) && string(b[:len(literal)]) == literal {
- return len(literal)
- }
- return 0
-}
-
-// consumeLiteral consumes the next JSON literal per RFC 7159, section 3.
-// If the input appears truncated, it returns io.ErrUnexpectedEOF.
-func consumeLiteral(b []byte, lit string) (n int, err error) {
- for i := 0; i < len(b) && i < len(lit); i++ {
- if b[i] != lit[i] {
- return i, newInvalidCharacterError(b[i:], "within literal "+lit+" (expecting "+strconv.QuoteRune(rune(lit[i]))+")")
- }
- }
- if len(b) < len(lit) {
- return len(b), io.ErrUnexpectedEOF
- }
- return len(lit), nil
-}
-
-// consumeSimpleString consumes the next JSON string per RFC 7159, section 7
-// but is limited to the grammar for an ASCII string without escape sequences.
-// It returns 0 if it is invalid or more complicated than a simple string,
-// in which case consumeString should be called.
-func consumeSimpleString(b []byte) (n int) {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- if len(b) > 0 && b[0] == '"' {
- n++
- for len(b) > n && (' ' <= b[n] && b[n] != '\\' && b[n] != '"' && b[n] < utf8.RuneSelf) {
- n++
- }
- if len(b) > n && b[n] == '"' {
- n++
- return n
- }
- }
- return 0
-}
-
-// consumeString consumes the next JSON string per RFC 7159, section 7.
-// If validateUTF8 is false, then this allows the presence of invalid UTF-8
-// characters within the string itself.
-// It reports the number of bytes consumed and whether an error was encountered.
-// If the input appears truncated, it returns io.ErrUnexpectedEOF.
-func consumeString(flags *valueFlags, b []byte, validateUTF8 bool) (n int, err error) {
- return consumeStringResumable(flags, b, 0, validateUTF8)
-}
-
-// consumeStringResumable is identical to consumeString but supports resuming
-// from a previous call that returned io.ErrUnexpectedEOF.
-func consumeStringResumable(flags *valueFlags, b []byte, resumeOffset int, validateUTF8 bool) (n int, err error) {
- // Consume the leading double quote.
- switch {
- case resumeOffset > 0:
- n = resumeOffset // already handled the leading quote
- case uint(len(b)) == 0:
- return n, io.ErrUnexpectedEOF
- case b[0] == '"':
- n++
- default:
- return n, newInvalidCharacterError(b[n:], `at start of string (expecting '"')`)
- }
-
- // Consume every character in the string.
- for uint(len(b)) > uint(n) {
- // Optimize for long sequences of unescaped characters.
- noEscape := func(c byte) bool {
- return c < utf8.RuneSelf && ' ' <= c && c != '\\' && c != '"'
- }
- for uint(len(b)) > uint(n) && noEscape(b[n]) {
- n++
- }
- if uint(len(b)) <= uint(n) {
- return n, io.ErrUnexpectedEOF
- }
-
- // Check for terminating double quote.
- if b[n] == '"' {
- n++
- return n, nil
- }
-
- switch r, rn := utf8.DecodeRune(b[n:]); {
- // Handle UTF-8 encoded byte sequence.
- // Due to specialized handling of ASCII above, we know that
- // all normal sequences at this point must be 2 bytes or larger.
- case rn > 1:
- n += rn
- // Handle escape sequence.
- case r == '\\':
- flags.set(stringNonVerbatim)
- resumeOffset = n
- if uint(len(b)) < uint(n+2) {
- return resumeOffset, io.ErrUnexpectedEOF
- }
- switch r := b[n+1]; r {
- case '/':
- // Forward slash is the only character with 3 representations.
- // Per RFC 8785, section 3.2.2.2., this must not be escaped.
- flags.set(stringNonCanonical)
- n += 2
- case '"', '\\', 'b', 'f', 'n', 'r', 't':
- n += 2
- case 'u':
- if uint(len(b)) < uint(n+6) {
- if !hasEscapeSequencePrefix(b[n:]) {
- flags.set(stringNonCanonical)
- return n, &SyntacticError{str: "invalid escape sequence " + strconv.Quote(string(b[n:])) + " within string"}
- }
- return resumeOffset, io.ErrUnexpectedEOF
- }
- v1, ok := parseHexUint16(b[n+2 : n+6])
- if !ok {
- flags.set(stringNonCanonical)
- return n, &SyntacticError{str: "invalid escape sequence " + strconv.Quote(string(b[n:n+6])) + " within string"}
- }
- // Only certain control characters can use the \uFFFF notation
- // for canonical formatting (per RFC 8785, section 3.2.2.2.).
- switch v1 {
- // \uFFFF notation not permitted for these characters.
- case '\b', '\f', '\n', '\r', '\t':
- flags.set(stringNonCanonical)
- default:
- // \uFFFF notation only permitted for control characters.
- if v1 >= ' ' {
- flags.set(stringNonCanonical)
- } else {
- // \uFFFF notation must be lower case.
- for _, c := range b[n+2 : n+6] {
- if 'A' <= c && c <= 'F' {
- flags.set(stringNonCanonical)
- }
- }
- }
- }
- n += 6
-
- if validateUTF8 && utf16.IsSurrogate(rune(v1)) {
- if uint(len(b)) >= uint(n+2) && (b[n] != '\\' || b[n+1] != 'u') {
- return n, &SyntacticError{str: "invalid unpaired surrogate half within string"}
- }
- if uint(len(b)) < uint(n+6) {
- if !hasEscapeSequencePrefix(b[n:]) {
- flags.set(stringNonCanonical)
- return n, &SyntacticError{str: "invalid escape sequence " + strconv.Quote(string(b[n:])) + " within string"}
- }
- return resumeOffset, io.ErrUnexpectedEOF
- }
- v2, ok := parseHexUint16(b[n+2 : n+6])
- if !ok {
- return n, &SyntacticError{str: "invalid escape sequence " + strconv.Quote(string(b[n:n+6])) + " within string"}
- }
- if utf16.DecodeRune(rune(v1), rune(v2)) == utf8.RuneError {
- return n, &SyntacticError{str: "invalid surrogate pair in string"}
- }
- n += 6
- }
- default:
- flags.set(stringNonCanonical)
- return n, &SyntacticError{str: "invalid escape sequence " + strconv.Quote(string(b[n:n+2])) + " within string"}
- }
- // Handle invalid UTF-8.
- case r == utf8.RuneError:
- if !utf8.FullRune(b[n:]) {
- return n, io.ErrUnexpectedEOF
- }
- flags.set(stringNonVerbatim | stringNonCanonical)
- if validateUTF8 {
- return n, &SyntacticError{str: "invalid UTF-8 within string"}
- }
- n++
- // Handle invalid control characters.
- case r < ' ':
- flags.set(stringNonVerbatim | stringNonCanonical)
- return n, newInvalidCharacterError(b[n:], "within string (expecting non-control character)")
- default:
- panic("BUG: unhandled character " + quoteRune(b[n:]))
- }
- }
- return n, io.ErrUnexpectedEOF
-}
-
-// hasEscapeSequencePrefix reports whether b is possibly
-// the truncated prefix of a \uFFFF escape sequence.
-func hasEscapeSequencePrefix(b []byte) bool {
- for i, c := range b {
- switch {
- case i == 0 && c != '\\':
- return false
- case i == 1 && c != 'u':
- return false
- case i >= 2 && i < 6 && !('0' <= c && c <= '9') && !('a' <= c && c <= 'f') && !('A' <= c && c <= 'F'):
- return false
- }
- }
- return true
-}
-
-// unescapeString appends the unescaped form of a JSON string in src to dst.
-// Any invalid UTF-8 within the string will be replaced with utf8.RuneError.
-// The input must be an entire JSON string with no surrounding whitespace.
-func unescapeString(dst, src []byte) (v []byte, ok bool) {
- // Consume leading double quote.
- if uint(len(src)) == 0 || src[0] != '"' {
- return dst, false
- }
- i, n := 1, 1
-
- // Consume every character until completion.
- for uint(len(src)) > uint(n) {
- // Optimize for long sequences of unescaped characters.
- noEscape := func(c byte) bool {
- return c < utf8.RuneSelf && ' ' <= c && c != '\\' && c != '"'
- }
- for uint(len(src)) > uint(n) && noEscape(src[n]) {
- n++
- }
- if uint(len(src)) <= uint(n) {
- break
- }
-
- // Check for terminating double quote.
- if src[n] == '"' {
- dst = append(dst, src[i:n]...)
- n++
- return dst, len(src) == n
- }
-
- switch r, rn := utf8.DecodeRune(src[n:]); {
- // Handle UTF-8 encoded byte sequence.
- // Due to specialized handling of ASCII above, we know that
- // all normal sequences at this point must be 2 bytes or larger.
- case rn > 1:
- n += rn
- // Handle escape sequence.
- case r == '\\':
- dst = append(dst, src[i:n]...)
- if r < ' ' {
- return dst, false // invalid control character or unescaped quote
- }
-
- // Handle escape sequence.
- if uint(len(src)) < uint(n+2) {
- return dst, false // truncated escape sequence
- }
- switch r := src[n+1]; r {
- case '"', '\\', '/':
- dst = append(dst, r)
- n += 2
- case 'b':
- dst = append(dst, '\b')
- n += 2
- case 'f':
- dst = append(dst, '\f')
- n += 2
- case 'n':
- dst = append(dst, '\n')
- n += 2
- case 'r':
- dst = append(dst, '\r')
- n += 2
- case 't':
- dst = append(dst, '\t')
- n += 2
- case 'u':
- if uint(len(src)) < uint(n+6) {
- return dst, false // truncated escape sequence
- }
- v1, ok := parseHexUint16(src[n+2 : n+6])
- if !ok {
- return dst, false // invalid escape sequence
- }
- n += 6
-
- // Check whether this is a surrogate half.
- r := rune(v1)
- if utf16.IsSurrogate(r) {
- r = utf8.RuneError // assume failure unless the following succeeds
- if uint(len(src)) >= uint(n+6) && src[n+0] == '\\' && src[n+1] == 'u' {
- if v2, ok := parseHexUint16(src[n+2 : n+6]); ok {
- if r = utf16.DecodeRune(rune(v1), rune(v2)); r != utf8.RuneError {
- n += 6
- }
- }
- }
- }
-
- dst = utf8.AppendRune(dst, r)
- default:
- return dst, false // invalid escape sequence
- }
- i = n
- // Handle invalid UTF-8.
- case r == utf8.RuneError:
- // NOTE: An unescaped string may be longer than the escaped string
- // because invalid UTF-8 bytes are being replaced.
- dst = append(dst, src[i:n]...)
- dst = append(dst, "\uFFFD"...)
- n += rn
- i = n
- // Handle invalid control characters.
- case r < ' ':
- dst = append(dst, src[i:n]...)
- return dst, false // invalid control character or unescaped quote
- default:
- panic("BUG: unhandled character " + quoteRune(src[n:]))
- }
- }
- dst = append(dst, src[i:n]...)
- return dst, false // truncated input
-}
-
-// unescapeStringMayCopy returns the unescaped form of b.
-// If there are no escaped characters, the output is simply a subslice of
-// the input with the surrounding quotes removed.
-// Otherwise, a new buffer is allocated for the output.
-func unescapeStringMayCopy(b []byte, isVerbatim bool) []byte {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- if isVerbatim {
- return b[len(`"`) : len(b)-len(`"`)]
- }
- b, _ = unescapeString(make([]byte, 0, len(b)), b)
- return b
-}
-
-// consumeSimpleNumber consumes the next JSON number per RFC 7159, section 6
-// but is limited to the grammar for a positive integer.
-// It returns 0 if it is invalid or more complicated than a simple integer,
-// in which case consumeNumber should be called.
-func consumeSimpleNumber(b []byte) (n int) {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- if len(b) > 0 {
- if b[0] == '0' {
- n++
- } else if '1' <= b[0] && b[0] <= '9' {
- n++
- for len(b) > n && ('0' <= b[n] && b[n] <= '9') {
- n++
- }
- } else {
- return 0
- }
- if len(b) == n || !(b[n] == '.' || b[n] == 'e' || b[n] == 'E') {
- return n
- }
- }
- return 0
-}
-
-type consumeNumberState uint
-
-const (
- consumeNumberInit consumeNumberState = iota
- beforeIntegerDigits
- withinIntegerDigits
- beforeFractionalDigits
- withinFractionalDigits
- beforeExponentDigits
- withinExponentDigits
-)
-
-// consumeNumber consumes the next JSON number per RFC 7159, section 6.
-// It reports the number of bytes consumed and whether an error was encountered.
-// If the input appears truncated, it returns io.ErrUnexpectedEOF.
-//
-// Note that JSON numbers are not self-terminating.
-// If the entire input is consumed, then the caller needs to consider whether
-// there may be subsequent unread data that may still be part of this number.
-func consumeNumber(b []byte) (n int, err error) {
- n, _, err = consumeNumberResumable(b, 0, consumeNumberInit)
- return n, err
-}
-
-// consumeNumberResumable is identical to consumeNumber but supports resuming
-// from a previous call that returned io.ErrUnexpectedEOF.
-func consumeNumberResumable(b []byte, resumeOffset int, state consumeNumberState) (n int, _ consumeNumberState, err error) {
- // Jump to the right state when resuming from a partial consumption.
- n = resumeOffset
- if state > consumeNumberInit {
- switch state {
- case withinIntegerDigits, withinFractionalDigits, withinExponentDigits:
- // Consume leading digits.
- for len(b) > n && ('0' <= b[n] && b[n] <= '9') {
- n++
- }
- if len(b) == n {
- return n, state, nil // still within the same state
- }
- state++ // switches "withinX" to "beforeY" where Y is the state after X
- }
- switch state {
- case beforeIntegerDigits:
- goto beforeInteger
- case beforeFractionalDigits:
- goto beforeFractional
- case beforeExponentDigits:
- goto beforeExponent
- default:
- return n, state, nil
- }
- }
-
- // Consume required integer component (with optional minus sign).
-beforeInteger:
- resumeOffset = n
- if len(b) > 0 && b[0] == '-' {
- n++
- }
- switch {
- case len(b) == n:
- return resumeOffset, beforeIntegerDigits, io.ErrUnexpectedEOF
- case b[n] == '0':
- n++
- state = beforeFractionalDigits
- case '1' <= b[n] && b[n] <= '9':
- n++
- for len(b) > n && ('0' <= b[n] && b[n] <= '9') {
- n++
- }
- state = withinIntegerDigits
- default:
- return n, state, newInvalidCharacterError(b[n:], "within number (expecting digit)")
- }
-
- // Consume optional fractional component.
-beforeFractional:
- if len(b) > n && b[n] == '.' {
- resumeOffset = n
- n++
- switch {
- case len(b) == n:
- return resumeOffset, beforeFractionalDigits, io.ErrUnexpectedEOF
- case '0' <= b[n] && b[n] <= '9':
- n++
- default:
- return n, state, newInvalidCharacterError(b[n:], "within number (expecting digit)")
- }
- for len(b) > n && ('0' <= b[n] && b[n] <= '9') {
- n++
- }
- state = withinFractionalDigits
- }
-
- // Consume optional exponent component.
-beforeExponent:
- if len(b) > n && (b[n] == 'e' || b[n] == 'E') {
- resumeOffset = n
- n++
- if len(b) > n && (b[n] == '-' || b[n] == '+') {
- n++
- }
- switch {
- case len(b) == n:
- return resumeOffset, beforeExponentDigits, io.ErrUnexpectedEOF
- case '0' <= b[n] && b[n] <= '9':
- n++
- default:
- return n, state, newInvalidCharacterError(b[n:], "within number (expecting digit)")
- }
- for len(b) > n && ('0' <= b[n] && b[n] <= '9') {
- n++
- }
- state = withinExponentDigits
- }
-
- return n, state, nil
-}
-
-// parseHexUint16 is similar to strconv.ParseUint,
-// but operates directly on []byte and is optimized for base-16.
-// See https://go.dev/issue/42429.
-func parseHexUint16(b []byte) (v uint16, ok bool) {
- if len(b) != 4 {
- return 0, false
- }
- for _, c := range b[:4] {
- switch {
- case '0' <= c && c <= '9':
- c = c - '0'
- case 'a' <= c && c <= 'f':
- c = 10 + c - 'a'
- case 'A' <= c && c <= 'F':
- c = 10 + c - 'A'
- default:
- return 0, false
- }
- v = v*16 + uint16(c)
- }
- return v, true
-}
-
-// parseDecUint is similar to strconv.ParseUint,
-// but operates directly on []byte and is optimized for base-10.
-// If the number is syntactically valid but overflows uint64,
-// then it returns (math.MaxUint64, false).
-// See https://go.dev/issue/42429.
-func parseDecUint(b []byte) (v uint64, ok bool) {
- // Overflow logic is based on strconv/atoi.go:138-149 from Go1.15, where:
- // - cutoff is equal to math.MaxUint64/10+1, and
- // - the n1 > maxVal check is unnecessary
- // since maxVal is equivalent to math.MaxUint64.
- var n int
- var overflow bool
- for len(b) > n && ('0' <= b[n] && b[n] <= '9') {
- overflow = overflow || v >= math.MaxUint64/10+1
- v *= 10
-
- v1 := v + uint64(b[n]-'0')
- overflow = overflow || v1 < v
- v = v1
-
- n++
- }
- if n == 0 || len(b) != n {
- return 0, false
- }
- if overflow {
- return math.MaxUint64, false
- }
- return v, true
-}
-
-// parseFloat parses a floating point number according to the Go float grammar.
-// Note that the JSON number grammar is a strict subset.
-//
-// If the number overflows the finite representation of a float,
-// then we return MaxFloat since any finite value will always be infinitely
-// more accurate at representing another finite value than an infinite value.
-func parseFloat(b []byte, bits int) (v float64, ok bool) {
- // Fast path for exact integer numbers which fit in the
- // 24-bit or 53-bit significand of a float32 or float64.
- var negLen int // either 0 or 1
- if len(b) > 0 && b[0] == '-' {
- negLen = 1
- }
- u, ok := parseDecUint(b[negLen:])
- if ok && ((bits == 32 && u <= 1<<24) || (bits == 64 && u <= 1<<53)) {
- return math.Copysign(float64(u), float64(-1*negLen)), true
- }
-
- // Note that the []byte->string conversion unfortunately allocates.
- // See https://go.dev/issue/42429 for more information.
- fv, err := strconv.ParseFloat(string(b), bits)
- if math.IsInf(fv, 0) {
- switch {
- case bits == 32 && math.IsInf(fv, +1):
- return +math.MaxFloat32, true
- case bits == 64 && math.IsInf(fv, +1):
- return +math.MaxFloat64, true
- case bits == 32 && math.IsInf(fv, -1):
- return -math.MaxFloat32, true
- case bits == 64 && math.IsInf(fv, -1):
- return -math.MaxFloat64, true
- }
- }
- return fv, err == nil
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/doc.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/doc.go
index e4eefa3de..a46316858 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/doc.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/doc.go
@@ -2,61 +2,43 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package json implements serialization of JSON
-// as specified in RFC 4627, RFC 7159, RFC 7493, RFC 8259, and RFC 8785.
+//go:build !goexperiment.jsonv2 || !go1.25
+
+// Package json implements semantic processing of JSON as specified in RFC 8259.
// JSON is a simple data interchange format that can represent
// primitive data types such as booleans, strings, and numbers,
// in addition to structured data types such as objects and arrays.
//
-// # Terminology
-//
-// This package uses the terms "encode" and "decode" for syntactic functionality
-// that is concerned with processing JSON based on its grammar, and
-// uses the terms "marshal" and "unmarshal" for semantic functionality
-// that determines the meaning of JSON values as Go values and vice-versa.
-// It aims to provide a clear distinction between functionality that
-// is purely concerned with encoding versus that of marshaling.
-// For example, one can directly encode a stream of JSON tokens without
-// needing to marshal a concrete Go value representing them.
-// Similarly, one can decode a stream of JSON tokens without
-// needing to unmarshal them into a concrete Go value.
-//
-// This package uses JSON terminology when discussing JSON, which may differ
-// from related concepts in Go or elsewhere in computing literature.
-//
-// - A JSON "object" refers to an unordered collection of name/value members.
-// - A JSON "array" refers to an ordered sequence of elements.
-// - A JSON "value" refers to either a literal (i.e., null, false, or true),
-// string, number, object, or array.
-//
-// See RFC 8259 for more information.
-//
-// # Specifications
-//
-// Relevant specifications include RFC 4627, RFC 7159, RFC 7493, RFC 8259,
-// and RFC 8785. Each RFC is generally a stricter subset of another RFC.
-// In increasing order of strictness:
-//
-// - RFC 4627 and RFC 7159 do not require (but recommend) the use of UTF-8
-// and also do not require (but recommend) that object names be unique.
-// - RFC 8259 requires the use of UTF-8,
-// but does not require (but recommends) that object names be unique.
-// - RFC 7493 requires the use of UTF-8
-// and also requires that object names be unique.
-// - RFC 8785 defines a canonical representation. It requires the use of UTF-8
-// and also requires that object names be unique and in a specific ordering.
-// It specifies exactly how strings and numbers must be formatted.
-//
-// The primary difference between RFC 4627 and RFC 7159 is that the former
-// restricted top-level values to only JSON objects and arrays, while
-// RFC 7159 and subsequent RFCs permit top-level values to additionally be
-// JSON nulls, booleans, strings, or numbers.
-//
-// By default, this package operates on RFC 7493, but can be configured
-// to operate according to the other RFC specifications.
-// RFC 7493 is a stricter subset of RFC 8259 and fully compliant with it.
-// In particular, it makes specific choices about behavior that RFC 8259
-// leaves as undefined in order to ensure greater interoperability.
+// [Marshal] and [Unmarshal] encode and decode Go values
+// to/from JSON text contained within a []byte.
+// [MarshalWrite] and [UnmarshalRead] operate on JSON text
+// by writing to or reading from an [io.Writer] or [io.Reader].
+// [MarshalEncode] and [UnmarshalDecode] operate on JSON text
+// by encoding to or decoding from a [jsontext.Encoder] or [jsontext.Decoder].
+// [Options] may be passed to each of the marshal or unmarshal functions
+// to configure the semantic behavior of marshaling and unmarshaling
+// (i.e., alter how JSON data is understood as Go data and vice versa).
+// [jsontext.Options] may also be passed to the marshal or unmarshal functions
+// to configure the syntactic behavior of encoding or decoding.
+//
+// The data types of JSON are mapped to/from the data types of Go based on
+// the closest logical equivalent between the two type systems. For example,
+// a JSON boolean corresponds with a Go bool,
+// a JSON string corresponds with a Go string,
+// a JSON number corresponds with a Go int, uint or float,
+// a JSON array corresponds with a Go slice or array, and
+// a JSON object corresponds with a Go struct or map.
+// See the documentation on [Marshal] and [Unmarshal] for a comprehensive list
+// of how the JSON and Go type systems correspond.
+//
+// Arbitrary Go types can customize their JSON representation by implementing
+// [Marshaler], [MarshalerTo], [Unmarshaler], or [UnmarshalerFrom].
+// This provides authors of Go types with control over how their types are
+// serialized as JSON. Alternatively, users can implement functions that match
+// [MarshalFunc], [MarshalToFunc], [UnmarshalFunc], or [UnmarshalFromFunc]
+// to specify the JSON representation for arbitrary types.
+// This provides callers of JSON functionality with control over
+// how any arbitrary type is serialized as JSON.
//
// # JSON Representation of Go structs
//
@@ -68,12 +50,14 @@
// into the corresponding Go struct fields.
// Object members that do not match any struct fields,
// also known as “unknown members”, are ignored by default or rejected
-// if UnmarshalOptions.RejectUnknownMembers is specified.
+// if [RejectUnknownMembers] is specified.
//
// The representation of each struct field can be customized in the
// "json" struct field tag, where the tag is a comma separated list of options.
// As a special case, if the entire tag is `json:"-"`,
// then the field is ignored with regard to its JSON representation.
+// Some options also have equivalent behavior controlled by a caller-specified [Options].
+// Field-specified options take precedence over caller-specified options.
//
// The first option is the JSON object name override for the Go struct field.
// If the name is not specified, then the Go struct field name
@@ -98,21 +82,23 @@
// encoded as a JSON null, empty string, empty object, or empty array.
// This option has no effect when unmarshaling.
//
-// - string: The "string" option specifies that
-// MarshalOptions.StringifyNumbers and UnmarshalOptions.StringifyNumbers
+// - string: The "string" option specifies that [StringifyNumbers]
// be set when marshaling or unmarshaling a struct field value.
// This causes numeric types to be encoded as a JSON number
-// within a JSON string, and to be decoded from either a JSON number or
-// a JSON string containing a JSON number.
+// within a JSON string, and to be decoded from a JSON string
+// containing the JSON number without any surrounding whitespace.
// This extra level of encoding is often necessary since
// many JSON parsers cannot precisely represent 64-bit integers.
//
-// - nocase: When unmarshaling, the "nocase" option specifies that
-// if the JSON object name does not exactly match the JSON name
-// for any of the struct fields, then it attempts to match the struct field
-// using a case-insensitive match that also ignores dashes and underscores.
-// If multiple fields match, the first declared field in breadth-first order
-// takes precedence. This option has no effect when marshaling.
+// - case: When unmarshaling, the "case" option specifies how
+// JSON object names are matched with the JSON name for Go struct fields.
+// The option is a key-value pair specified as "case:value" where
+// the value must either be 'ignore' or 'strict'.
+// The 'ignore' value specifies that matching is case-insensitive
+// where dashes and underscores are also ignored. If multiple fields match,
+// the first declared field in breadth-first order takes precedence.
+// The 'strict' value specifies that matching is case-sensitive.
+// This takes precedence over the [MatchCaseInsensitiveNames] option.
//
// - inline: The "inline" option specifies that
// the JSON representable content of this field type is to be promoted
@@ -120,10 +106,10 @@
// It is the JSON equivalent of Go struct embedding.
// A Go embedded field is implicitly inlined unless an explicit JSON name
// is specified. The inlined field must be a Go struct
-// (that does not implement any JSON methods), RawValue, map[string]T,
-// or an unnamed pointer to such types. When marshaling,
+// (that does not implement any JSON methods), [jsontext.Value],
+// map[~string]T, or an unnamed pointer to such types. When marshaling,
// inlined fields from a pointer type are omitted if it is nil.
-// Inlined fields of type RawValue and map[string]T are called
+// Inlined fields of type [jsontext.Value] and map[~string]T are called
// “inlined fallbacks” as they can represent all possible
// JSON object members not directly handled by the parent struct.
// Only one inlined fallback field may be specified in a struct,
@@ -132,11 +118,11 @@
//
// - unknown: The "unknown" option is a specialized variant
// of the inlined fallback to indicate that this Go struct field
-// contains any number of unknown JSON object members. The field type
-// must be a RawValue, map[string]T, or an unnamed pointer to such types.
-// If MarshalOptions.DiscardUnknownMembers is specified when marshaling,
+// contains any number of unknown JSON object members. The field type must
+// be a [jsontext.Value], map[~string]T, or an unnamed pointer to such types.
+// If [DiscardUnknownMembers] is specified when marshaling,
// the contents of this field are ignored.
-// If UnmarshalOptions.RejectUnknownMembers is specified when unmarshaling,
+// If [RejectUnknownMembers] is specified when unmarshaling,
// any unknown object members are rejected regardless of whether
// an inlined fallback with the "unknown" option exists. This option
// must not be specified with any other option (including the JSON name).
@@ -156,7 +142,7 @@
// For example, only a nil slice or map is omitted under "omitzero", while
// an empty slice or map is omitted under "omitempty" regardless of nilness.
// The "omitzero" option is useful for types with a well-defined zero value
-// (e.g., netip.Addr) or have an IsZero method (e.g., time.Time).
+// (e.g., [net/netip.Addr]) or have an IsZero method (e.g., [time.Time.IsZero]).
//
// Every Go struct corresponds to a list of JSON representable fields
// which is constructed by performing a breadth-first search over
@@ -167,12 +153,108 @@
// at shallowest depth takes precedence and the other fields at deeper depths
// are excluded from the list of JSON representable fields.
// If multiple fields at the shallowest depth have the same JSON name,
-// then all of those fields are excluded from the list. This is analogous to
-// Go visibility rules for struct field selection with embedded struct types.
+// but exactly one is explicitly tagged with a JSON name,
+// then that field takes precedence and all others are excluded from the list.
+// This is analogous to Go visibility rules for struct field selection
+// with embedded struct types.
//
// Marshaling or unmarshaling a non-empty struct
-// without any JSON representable fields results in a SemanticError.
+// without any JSON representable fields results in a [SemanticError].
// Unexported fields must not have any `json` tags except for `json:"-"`.
+//
+// # Security Considerations
+//
+// JSON is frequently used as a data interchange format to communicate
+// between different systems, possibly implemented in different languages.
+// For interoperability and security reasons, it is important that
+// all implementations agree upon the semantic meaning of the data.
+//
+// [For example, suppose we have two micro-services.]
+// The first service is responsible for authenticating a JSON request,
+// while the second service is responsible for executing the request
+// (having assumed that the prior service authenticated the request).
+// If an attacker were able to maliciously craft a JSON request such that
+// both services believe that the same request is from different users,
+// it could bypass the authenticator with valid credentials for one user,
+// but maliciously perform an action on behalf of a different user.
+//
+// According to RFC 8259, there unfortunately exist many JSON texts
+// that are syntactically valid but semantically ambiguous.
+// For example, the standard does not define how to interpret duplicate
+// names within an object.
+//
+// The v1 [encoding/json] and [encoding/json/v2] packages
+// interpret some inputs in different ways. In particular:
+//
+// - The standard specifies that JSON must be encoded using UTF-8.
+// By default, v1 replaces invalid bytes of UTF-8 in JSON strings
+// with the Unicode replacement character,
+// while v2 rejects inputs with invalid UTF-8.
+// To change the default, specify the [jsontext.AllowInvalidUTF8] option.
+// The replacement of invalid UTF-8 is a form of data corruption
+// that alters the precise meaning of strings.
+//
+// - The standard does not specify a particular behavior when
+// duplicate names are encountered within a JSON object,
+// which means that different implementations may behave differently.
+// By default, v1 allows for the presence of duplicate names,
+// while v2 rejects duplicate names.
+// To change the default, specify the [jsontext.AllowDuplicateNames] option.
+// If allowed, object members are processed in the order they are observed,
+// meaning that later values will replace or be merged into prior values,
+// depending on the Go value type.
+//
+// - The standard defines a JSON object as an unordered collection of name/value pairs.
+// While ordering can be observed through the underlying [jsontext] API,
+// both v1 and v2 generally avoid exposing the ordering.
+// No application should semantically depend on the order of object members.
+// Allowing duplicate names is a vector through which ordering of members
+// can accidentally be observed and depended upon.
+//
+// - The standard suggests that JSON object names are typically compared
+// based on equality of the sequence of Unicode code points,
+// which implies that comparing names is often case-sensitive.
+// When unmarshaling a JSON object into a Go struct,
+// by default, v1 uses a (loose) case-insensitive match on the name,
+// while v2 uses a (strict) case-sensitive match on the name.
+// To change the default, specify the [MatchCaseInsensitiveNames] option.
+// The use of case-insensitive matching provides another vector through
+// which duplicate names can occur. Allowing case-insensitive matching
+// means that v1 or v2 might interpret JSON objects differently from most
+// other JSON implementations (which typically use a case-sensitive match).
+//
+// - The standard does not specify a particular behavior when
+// an unknown name in a JSON object is encountered.
+// When unmarshaling a JSON object into a Go struct, by default
+// both v1 and v2 ignore unknown names and their corresponding values.
+// To change the default, specify the [RejectUnknownMembers] option.
+//
+// - The standard suggests that implementations may use a float64
+// to represent a JSON number. Consequently, large JSON integers
+// may lose precision when stored as a floating-point type.
+// Both v1 and v2 correctly preserve precision when marshaling and
+// unmarshaling a concrete integer type. However, even if v1 and v2
+// preserve precision for concrete types, other JSON implementations
+// may not be able to preserve precision for outputs produced by v1 or v2.
+// The `string` tag option can be used to specify that an integer type
+// is to be quoted within a JSON string to avoid loss of precision.
+// Furthermore, v1 and v2 may still lose precision when unmarshaling
+// into an any interface value, where unmarshal uses a float64
+// by default to represent a JSON number.
+// To change the default, specify the [WithUnmarshalers] option
+// with a custom unmarshaler that pre-populates the interface value
+// with a concrete Go type that can preserve precision.
+//
+// RFC 8785 specifies a canonical form for any JSON text,
+// which explicitly defines specific behaviors that RFC 8259 leaves undefined.
+// In theory, if a text can successfully [jsontext.Value.Canonicalize]
+// without changing the semantic meaning of the data, then it provides a
+// greater degree of confidence that the data is more secure and interoperable.
+//
+// The v2 API generally chooses more secure defaults than v1,
+// but care should still be taken with large integers or unknown members.
+//
+// [For example, suppose we have two micro-services.]: https://www.youtube.com/watch?v=avilmOcHKHE&t=1057s
package json
// requireKeyedLiterals can be embedded in a struct to require keyed literals.
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/encode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/encode.go
deleted file mode 100644
index 5b81ca15a..000000000
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/encode.go
+++ /dev/null
@@ -1,1170 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package json
-
-import (
- "bytes"
- "io"
- "math"
- "math/bits"
- "strconv"
- "unicode/utf16"
- "unicode/utf8"
-)
-
-// EncodeOptions configures how JSON encoding operates.
-// The zero value is equivalent to the default settings,
-// which is compliant with both RFC 7493 and RFC 8259.
-type EncodeOptions struct {
- requireKeyedLiterals
- nonComparable
-
- // multiline specifies whether the encoder should emit multiline output.
- multiline bool
-
- // omitTopLevelNewline specifies whether to omit the newline
- // that is appended after every top-level JSON value when streaming.
- omitTopLevelNewline bool
-
- // AllowDuplicateNames specifies that JSON objects may contain
- // duplicate member names. Disabling the duplicate name check may provide
- // performance benefits, but breaks compliance with RFC 7493, section 2.3.
- // The output will still be compliant with RFC 8259,
- // which leaves the handling of duplicate names as unspecified behavior.
- AllowDuplicateNames bool
-
- // AllowInvalidUTF8 specifies that JSON strings may contain invalid UTF-8,
- // which will be mangled as the Unicode replacement character, U+FFFD.
- // This causes the encoder to break compliance with
- // RFC 7493, section 2.1, and RFC 8259, section 8.1.
- AllowInvalidUTF8 bool
-
- // preserveRawStrings specifies that WriteToken and WriteValue should not
- // reformat any JSON string, but keep the formatting verbatim.
- preserveRawStrings bool
-
- // canonicalizeNumbers specifies that WriteToken and WriteValue should
- // reformat any JSON numbers according to RFC 8785, section 3.2.2.3.
- canonicalizeNumbers bool
-
- // EscapeRune reports whether the provided character should be escaped
- // as a hexadecimal Unicode codepoint (e.g., \ufffd).
- // If nil, the shortest and simplest encoding will be used,
- // which is also the formatting specified by RFC 8785, section 3.2.2.2.
- EscapeRune func(rune) bool
-
- // Indent (if non-empty) specifies that the encoder should emit multiline
- // output where each element in a JSON object or array begins on a new,
- // indented line beginning with the indent prefix followed by one or more
- // copies of indent according to the indentation nesting.
- // It may only be composed of space or tab characters.
- Indent string
-
- // IndentPrefix is prepended to each line within a JSON object or array.
- // The purpose of the indent prefix is to encode data that can more easily
- // be embedded inside other formatted JSON data.
- // It may only be composed of space or tab characters.
- // It is ignored if Indent is empty.
- IndentPrefix string
-}
-
-// Encoder is a streaming encoder from raw JSON tokens and values.
-// It is used to write a stream of top-level JSON values,
-// each terminated with a newline character.
-//
-// WriteToken and WriteValue calls may be interleaved.
-// For example, the following JSON value:
-//
-// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}}
-//
-// can be composed with the following calls (ignoring errors for brevity):
-//
-// e.WriteToken(ObjectStart) // {
-// e.WriteToken(String("name")) // "name"
-// e.WriteToken(String("value")) // "value"
-// e.WriteValue(RawValue(`"array"`)) // "array"
-// e.WriteToken(ArrayStart) // [
-// e.WriteToken(Null) // null
-// e.WriteToken(False) // false
-// e.WriteValue(RawValue("true")) // true
-// e.WriteToken(Float(3.14159)) // 3.14159
-// e.WriteToken(ArrayEnd) // ]
-// e.WriteValue(RawValue(`"object"`)) // "object"
-// e.WriteValue(RawValue(`{"k":"v"}`)) // {"k":"v"}
-// e.WriteToken(ObjectEnd) // }
-//
-// The above is one of many possible sequence of calls and
-// may not represent the most sensible method to call for any given token/value.
-// For example, it is probably more common to call WriteToken with a string
-// for object names.
-type Encoder struct {
- state
- encodeBuffer
- options EncodeOptions
-
- seenPointers seenPointers // only used when marshaling
-}
-
-// encodeBuffer is a buffer split into 2 segments:
-//
-// - buf[0:len(buf)] // written (but unflushed) portion of the buffer
-// - buf[len(buf):cap(buf)] // unused portion of the buffer
-type encodeBuffer struct {
- buf []byte // may alias wr if it is a bytes.Buffer
-
- // baseOffset is added to len(buf) to obtain the absolute offset
- // relative to the start of io.Writer stream.
- baseOffset int64
-
- wr io.Writer
-
- // maxValue is the approximate maximum RawValue size passed to WriteValue.
- maxValue int
- // unusedCache is the buffer returned by the UnusedBuffer method.
- unusedCache []byte
- // bufStats is statistics about buffer utilization.
- // It is only used with pooled encoders in pools.go.
- bufStats bufferStatistics
-}
-
-// NewEncoder constructs a new streaming encoder writing to w.
-func NewEncoder(w io.Writer) *Encoder {
- return EncodeOptions{}.NewEncoder(w)
-}
-
-// NewEncoder constructs a new streaming encoder writing to w
-// configured with the provided options.
-// It flushes the internal buffer when the buffer is sufficiently full or
-// when a top-level value has been written.
-//
-// If w is a bytes.Buffer, then the encoder appends directly into the buffer
-// without copying the contents from an intermediate buffer.
-func (o EncodeOptions) NewEncoder(w io.Writer) *Encoder {
- e := new(Encoder)
- o.ResetEncoder(e, w)
- return e
-}
-
-// ResetEncoder resets an encoder such that it is writing afresh to w and
-// configured with the provided options.
-func (o EncodeOptions) ResetEncoder(e *Encoder, w io.Writer) {
- if e == nil {
- panic("json: invalid nil Encoder")
- }
- if w == nil {
- panic("json: invalid nil io.Writer")
- }
- e.reset(nil, w, o)
-}
-
-func (e *Encoder) reset(b []byte, w io.Writer, o EncodeOptions) {
- if len(o.Indent) > 0 {
- o.multiline = true
- if s := trimLeftSpaceTab(o.IndentPrefix); len(s) > 0 {
- panic("json: invalid character " + quoteRune([]byte(s)) + " in indent prefix")
- }
- if s := trimLeftSpaceTab(o.Indent); len(s) > 0 {
- panic("json: invalid character " + quoteRune([]byte(s)) + " in indent")
- }
- }
- e.state.reset()
- e.encodeBuffer = encodeBuffer{buf: b, wr: w, bufStats: e.bufStats}
- e.options = o
- if bb, ok := w.(*bytes.Buffer); ok && bb != nil {
- e.buf = bb.Bytes()[bb.Len():] // alias the unused buffer of bb
- }
-}
-
-// Reset resets an encoder such that it is writing afresh to w but
-// keeps any pre-existing encoder options.
-func (e *Encoder) Reset(w io.Writer) {
- e.options.ResetEncoder(e, w)
-}
-
-// needFlush determines whether to flush at this point.
-func (e *Encoder) needFlush() bool {
- // NOTE: This function is carefully written to be inlineable.
-
- // Avoid flushing if e.wr is nil since there is no underlying writer.
- // Flush if less than 25% of the capacity remains.
- // Flushing at some constant fraction ensures that the buffer stops growing
- // so long as the largest Token or Value fits within that unused capacity.
- return e.wr != nil && (e.tokens.depth() == 1 || len(e.buf) > 3*cap(e.buf)/4)
-}
-
-// flush flushes the buffer to the underlying io.Writer.
-// It may append a trailing newline after the top-level value.
-func (e *Encoder) flush() error {
- if e.wr == nil || e.avoidFlush() {
- return nil
- }
-
- // In streaming mode, always emit a newline after the top-level value.
- if e.tokens.depth() == 1 && !e.options.omitTopLevelNewline {
- e.buf = append(e.buf, '\n')
- }
-
- // Inform objectNameStack that we are about to flush the buffer content.
- e.names.copyQuotedBuffer(e.buf)
-
- // Specialize bytes.Buffer for better performance.
- if bb, ok := e.wr.(*bytes.Buffer); ok {
- // If e.buf already aliases the internal buffer of bb,
- // then the Write call simply increments the internal offset,
- // otherwise Write operates as expected.
- // See https://go.dev/issue/42986.
- n, _ := bb.Write(e.buf) // never fails unless bb is nil
- e.baseOffset += int64(n)
-
- // If the internal buffer of bytes.Buffer is too small,
- // append operations elsewhere in the Encoder may grow the buffer.
- // This would be semantically correct, but hurts performance.
- // As such, ensure 25% of the current length is always available
- // to reduce the probability that other appends must allocate.
- if avail := bb.Cap() - bb.Len(); avail < bb.Len()/4 {
- bb.Grow(avail + 1)
- }
-
- e.buf = bb.Bytes()[bb.Len():] // alias the unused buffer of bb
- return nil
- }
-
- // Flush the internal buffer to the underlying io.Writer.
- n, err := e.wr.Write(e.buf)
- e.baseOffset += int64(n)
- if err != nil {
- // In the event of an error, preserve the unflushed portion.
- // Thus, write errors aren't fatal so long as the io.Writer
- // maintains consistent state after errors.
- if n > 0 {
- e.buf = e.buf[:copy(e.buf, e.buf[n:])]
- }
- return &ioError{action: "write", err: err}
- }
- e.buf = e.buf[:0]
-
- // Check whether to grow the buffer.
- // Note that cap(e.buf) may already exceed maxBufferSize since
- // an append elsewhere already grew it to store a large token.
- const maxBufferSize = 4 << 10
- const growthSizeFactor = 2 // higher value is faster
- const growthRateFactor = 2 // higher value is slower
- // By default, grow if below the maximum buffer size.
- grow := cap(e.buf) <= maxBufferSize/growthSizeFactor
- // Growing can be expensive, so only grow
- // if a sufficient number of bytes have been processed.
- grow = grow && int64(cap(e.buf)) < e.previousOffsetEnd()/growthRateFactor
- if grow {
- e.buf = make([]byte, 0, cap(e.buf)*growthSizeFactor)
- }
-
- return nil
-}
-
-func (e *encodeBuffer) previousOffsetEnd() int64 { return e.baseOffset + int64(len(e.buf)) }
-func (e *encodeBuffer) unflushedBuffer() []byte { return e.buf }
-
-// avoidFlush indicates whether to avoid flushing to ensure there is always
-// enough in the buffer to unwrite the last object member if it were empty.
-func (e *Encoder) avoidFlush() bool {
- switch {
- case e.tokens.last.length() == 0:
- // Never flush after ObjectStart or ArrayStart since we don't know yet
- // if the object or array will end up being empty.
- return true
- case e.tokens.last.needObjectValue():
- // Never flush before the object value since we don't know yet
- // if the object value will end up being empty.
- return true
- case e.tokens.last.needObjectName() && len(e.buf) >= 2:
- // Never flush after the object value if it does turn out to be empty.
- switch string(e.buf[len(e.buf)-2:]) {
- case `ll`, `""`, `{}`, `[]`: // last two bytes of every empty value
- return true
- }
- }
- return false
-}
-
-// unwriteEmptyObjectMember unwrites the last object member if it is empty
-// and reports whether it performed an unwrite operation.
-func (e *Encoder) unwriteEmptyObjectMember(prevName *string) bool {
- if last := e.tokens.last; !last.isObject() || !last.needObjectName() || last.length() == 0 {
- panic("BUG: must be called on an object after writing a value")
- }
-
- // The flushing logic is modified to never flush a trailing empty value.
- // The encoder never writes trailing whitespace eagerly.
- b := e.unflushedBuffer()
-
- // Detect whether the last value was empty.
- var n int
- if len(b) >= 3 {
- switch string(b[len(b)-2:]) {
- case "ll": // last two bytes of `null`
- n = len(`null`)
- case `""`:
- // It is possible for a non-empty string to have `""` as a suffix
- // if the second to the last quote was escaped.
- if b[len(b)-3] == '\\' {
- return false // e.g., `"\""` is not empty
- }
- n = len(`""`)
- case `{}`:
- n = len(`{}`)
- case `[]`:
- n = len(`[]`)
- }
- }
- if n == 0 {
- return false
- }
-
- // Unwrite the value, whitespace, colon, name, whitespace, and comma.
- b = b[:len(b)-n]
- b = trimSuffixWhitespace(b)
- b = trimSuffixByte(b, ':')
- b = trimSuffixString(b)
- b = trimSuffixWhitespace(b)
- b = trimSuffixByte(b, ',')
- e.buf = b // store back truncated unflushed buffer
-
- // Undo state changes.
- e.tokens.last.decrement() // for object member value
- e.tokens.last.decrement() // for object member name
- if !e.options.AllowDuplicateNames {
- if e.tokens.last.isActiveNamespace() {
- e.namespaces.last().removeLast()
- }
- e.names.clearLast()
- if prevName != nil {
- e.names.copyQuotedBuffer(e.buf) // required by objectNameStack.replaceLastUnquotedName
- e.names.replaceLastUnquotedName(*prevName)
- }
- }
- return true
-}
-
-// unwriteOnlyObjectMemberName unwrites the only object member name
-// and returns the unquoted name.
-func (e *Encoder) unwriteOnlyObjectMemberName() string {
- if last := e.tokens.last; !last.isObject() || last.length() != 1 {
- panic("BUG: must be called on an object after writing first name")
- }
-
- // Unwrite the name and whitespace.
- b := trimSuffixString(e.buf)
- isVerbatim := bytes.IndexByte(e.buf[len(b):], '\\') < 0
- name := string(unescapeStringMayCopy(e.buf[len(b):], isVerbatim))
- e.buf = trimSuffixWhitespace(b)
-
- // Undo state changes.
- e.tokens.last.decrement()
- if !e.options.AllowDuplicateNames {
- if e.tokens.last.isActiveNamespace() {
- e.namespaces.last().removeLast()
- }
- e.names.clearLast()
- }
- return name
-}
-
-func trimSuffixWhitespace(b []byte) []byte {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- n := len(b) - 1
- for n >= 0 && (b[n] == ' ' || b[n] == '\t' || b[n] == '\r' || b[n] == '\n') {
- n--
- }
- return b[:n+1]
-}
-
-func trimSuffixString(b []byte) []byte {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- if len(b) > 0 && b[len(b)-1] == '"' {
- b = b[:len(b)-1]
- }
- for len(b) >= 2 && !(b[len(b)-1] == '"' && b[len(b)-2] != '\\') {
- b = b[:len(b)-1] // trim all characters except an unescaped quote
- }
- if len(b) > 0 && b[len(b)-1] == '"' {
- b = b[:len(b)-1]
- }
- return b
-}
-
-func hasSuffixByte(b []byte, c byte) bool {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- return len(b) > 0 && b[len(b)-1] == c
-}
-
-func trimSuffixByte(b []byte, c byte) []byte {
- // NOTE: The arguments and logic are kept simple to keep this inlineable.
- if len(b) > 0 && b[len(b)-1] == c {
- return b[:len(b)-1]
- }
- return b
-}
-
-// WriteToken writes the next token and advances the internal write offset.
-//
-// The provided token kind must be consistent with the JSON grammar.
-// For example, it is an error to provide a number when the encoder
-// is expecting an object name (which is always a string), or
-// to provide an end object delimiter when the encoder is finishing an array.
-// If the provided token is invalid, then it reports a SyntacticError and
-// the internal state remains unchanged.
-func (e *Encoder) WriteToken(t Token) error {
- k := t.Kind()
- b := e.buf // use local variable to avoid mutating e in case of error
-
- // Append any delimiters or optional whitespace.
- b = e.tokens.mayAppendDelim(b, k)
- if e.options.multiline {
- b = e.appendWhitespace(b, k)
- }
-
- // Append the token to the output and to the state machine.
- var err error
- switch k {
- case 'n':
- b = append(b, "null"...)
- err = e.tokens.appendLiteral()
- case 'f':
- b = append(b, "false"...)
- err = e.tokens.appendLiteral()
- case 't':
- b = append(b, "true"...)
- err = e.tokens.appendLiteral()
- case '"':
- n0 := len(b) // offset before calling t.appendString
- if b, err = t.appendString(b, !e.options.AllowInvalidUTF8, e.options.preserveRawStrings, e.options.EscapeRune); err != nil {
- break
- }
- if !e.options.AllowDuplicateNames && e.tokens.last.needObjectName() {
- if !e.tokens.last.isValidNamespace() {
- err = errInvalidNamespace
- break
- }
- if e.tokens.last.isActiveNamespace() && !e.namespaces.last().insertQuoted(b[n0:], false) {
- err = &SyntacticError{str: "duplicate name " + string(b[n0:]) + " in object"}
- break
- }
- e.names.replaceLastQuotedOffset(n0) // only replace if insertQuoted succeeds
- }
- err = e.tokens.appendString()
- case '0':
- if b, err = t.appendNumber(b, e.options.canonicalizeNumbers); err != nil {
- break
- }
- err = e.tokens.appendNumber()
- case '{':
- b = append(b, '{')
- if err = e.tokens.pushObject(); err != nil {
- break
- }
- if !e.options.AllowDuplicateNames {
- e.names.push()
- e.namespaces.push()
- }
- case '}':
- b = append(b, '}')
- if err = e.tokens.popObject(); err != nil {
- break
- }
- if !e.options.AllowDuplicateNames {
- e.names.pop()
- e.namespaces.pop()
- }
- case '[':
- b = append(b, '[')
- err = e.tokens.pushArray()
- case ']':
- b = append(b, ']')
- err = e.tokens.popArray()
- default:
- return &SyntacticError{str: "invalid json.Token"}
- }
- if err != nil {
- return err
- }
-
- // Finish off the buffer and store it back into e.
- e.buf = b
- if e.needFlush() {
- return e.flush()
- }
- return nil
-}
-
-const (
- rawIntNumber = -1
- rawUintNumber = -2
-)
-
-// writeNumber is specialized version of WriteToken, but optimized for numbers.
-// As a special-case, if bits is -1 or -2, it will treat v as
-// the raw-encoded bits of an int64 or uint64, respectively.
-// It is only called from arshal_default.go.
-func (e *Encoder) writeNumber(v float64, bits int, quote bool) error {
- b := e.buf // use local variable to avoid mutating e in case of error
-
- // Append any delimiters or optional whitespace.
- b = e.tokens.mayAppendDelim(b, '0')
- if e.options.multiline {
- b = e.appendWhitespace(b, '0')
- }
-
- if quote {
- // Append the value to the output.
- n0 := len(b) // offset before appending the number
- b = append(b, '"')
- switch bits {
- case rawIntNumber:
- b = strconv.AppendInt(b, int64(math.Float64bits(v)), 10)
- case rawUintNumber:
- b = strconv.AppendUint(b, uint64(math.Float64bits(v)), 10)
- default:
- b = appendNumber(b, v, bits)
- }
- b = append(b, '"')
-
- // Escape the string if necessary.
- if e.options.EscapeRune != nil {
- b2 := append(e.unusedCache, b[n0+len(`"`):len(b)-len(`"`)]...)
- b, _ = appendString(b[:n0], string(b2), false, e.options.EscapeRune)
- e.unusedCache = b2[:0]
- }
-
- // Update the state machine.
- if !e.options.AllowDuplicateNames && e.tokens.last.needObjectName() {
- if !e.tokens.last.isValidNamespace() {
- return errInvalidNamespace
- }
- if e.tokens.last.isActiveNamespace() && !e.namespaces.last().insertQuoted(b[n0:], false) {
- return &SyntacticError{str: "duplicate name " + string(b[n0:]) + " in object"}
- }
- e.names.replaceLastQuotedOffset(n0) // only replace if insertQuoted succeeds
- }
- if err := e.tokens.appendString(); err != nil {
- return err
- }
- } else {
- switch bits {
- case rawIntNumber:
- b = strconv.AppendInt(b, int64(math.Float64bits(v)), 10)
- case rawUintNumber:
- b = strconv.AppendUint(b, uint64(math.Float64bits(v)), 10)
- default:
- b = appendNumber(b, v, bits)
- }
- if err := e.tokens.appendNumber(); err != nil {
- return err
- }
- }
-
- // Finish off the buffer and store it back into e.
- e.buf = b
- if e.needFlush() {
- return e.flush()
- }
- return nil
-}
-
-// WriteValue writes the next raw value and advances the internal write offset.
-// The Encoder does not simply copy the provided value verbatim, but
-// parses it to ensure that it is syntactically valid and reformats it
-// according to how the Encoder is configured to format whitespace and strings.
-//
-// The provided value kind must be consistent with the JSON grammar
-// (see examples on Encoder.WriteToken). If the provided value is invalid,
-// then it reports a SyntacticError and the internal state remains unchanged.
-func (e *Encoder) WriteValue(v RawValue) error {
- e.maxValue |= len(v) // bitwise OR is a fast approximation of max
-
- k := v.Kind()
- b := e.buf // use local variable to avoid mutating e in case of error
-
- // Append any delimiters or optional whitespace.
- b = e.tokens.mayAppendDelim(b, k)
- if e.options.multiline {
- b = e.appendWhitespace(b, k)
- }
-
- // Append the value the output.
- var err error
- v = v[consumeWhitespace(v):]
- n0 := len(b) // offset before calling e.reformatValue
- b, v, err = e.reformatValue(b, v, e.tokens.depth())
- if err != nil {
- return err
- }
- v = v[consumeWhitespace(v):]
- if len(v) > 0 {
- return newInvalidCharacterError(v[0:], "after top-level value")
- }
-
- // Append the kind to the state machine.
- switch k {
- case 'n', 'f', 't':
- err = e.tokens.appendLiteral()
- case '"':
- if !e.options.AllowDuplicateNames && e.tokens.last.needObjectName() {
- if !e.tokens.last.isValidNamespace() {
- err = errInvalidNamespace
- break
- }
- if e.tokens.last.isActiveNamespace() && !e.namespaces.last().insertQuoted(b[n0:], false) {
- err = &SyntacticError{str: "duplicate name " + string(b[n0:]) + " in object"}
- break
- }
- e.names.replaceLastQuotedOffset(n0) // only replace if insertQuoted succeeds
- }
- err = e.tokens.appendString()
- case '0':
- err = e.tokens.appendNumber()
- case '{':
- if err = e.tokens.pushObject(); err != nil {
- break
- }
- if err = e.tokens.popObject(); err != nil {
- panic("BUG: popObject should never fail immediately after pushObject: " + err.Error())
- }
- case '[':
- if err = e.tokens.pushArray(); err != nil {
- break
- }
- if err = e.tokens.popArray(); err != nil {
- panic("BUG: popArray should never fail immediately after pushArray: " + err.Error())
- }
- }
- if err != nil {
- return err
- }
-
- // Finish off the buffer and store it back into e.
- e.buf = b
- if e.needFlush() {
- return e.flush()
- }
- return nil
-}
-
-// appendWhitespace appends whitespace that immediately precedes the next token.
-func (e *Encoder) appendWhitespace(b []byte, next Kind) []byte {
- if e.tokens.needDelim(next) == ':' {
- return append(b, ' ')
- } else {
- return e.appendIndent(b, e.tokens.needIndent(next))
- }
-}
-
-// appendIndent appends the appropriate number of indentation characters
-// for the current nested level, n.
-func (e *Encoder) appendIndent(b []byte, n int) []byte {
- if n == 0 {
- return b
- }
- b = append(b, '\n')
- b = append(b, e.options.IndentPrefix...)
- for ; n > 1; n-- {
- b = append(b, e.options.Indent...)
- }
- return b
-}
-
-// reformatValue parses a JSON value from the start of src and
-// appends it to the end of dst, reformatting whitespace and strings as needed.
-// It returns the updated versions of dst and src.
-func (e *Encoder) reformatValue(dst []byte, src RawValue, depth int) ([]byte, RawValue, error) {
- // TODO: Should this update valueFlags as input?
- if len(src) == 0 {
- return dst, src, io.ErrUnexpectedEOF
- }
- var n int
- var err error
- switch k := Kind(src[0]).normalize(); k {
- case 'n':
- if n = consumeNull(src); n == 0 {
- n, err = consumeLiteral(src, "null")
- }
- case 'f':
- if n = consumeFalse(src); n == 0 {
- n, err = consumeLiteral(src, "false")
- }
- case 't':
- if n = consumeTrue(src); n == 0 {
- n, err = consumeLiteral(src, "true")
- }
- case '"':
- if n := consumeSimpleString(src); n > 0 && e.options.EscapeRune == nil {
- dst, src = append(dst, src[:n]...), src[n:] // copy simple strings verbatim
- return dst, src, nil
- }
- return reformatString(dst, src, !e.options.AllowInvalidUTF8, e.options.preserveRawStrings, e.options.EscapeRune)
- case '0':
- if n := consumeSimpleNumber(src); n > 0 && !e.options.canonicalizeNumbers {
- dst, src = append(dst, src[:n]...), src[n:] // copy simple numbers verbatim
- return dst, src, nil
- }
- return reformatNumber(dst, src, e.options.canonicalizeNumbers)
- case '{':
- return e.reformatObject(dst, src, depth)
- case '[':
- return e.reformatArray(dst, src, depth)
- default:
- return dst, src, newInvalidCharacterError(src, "at start of value")
- }
- if err != nil {
- return dst, src, err
- }
- dst, src = append(dst, src[:n]...), src[n:]
- return dst, src, nil
-}
-
-// reformatObject parses a JSON object from the start of src and
-// appends it to the end of src, reformatting whitespace and strings as needed.
-// It returns the updated versions of dst and src.
-func (e *Encoder) reformatObject(dst []byte, src RawValue, depth int) ([]byte, RawValue, error) {
- // Append object start.
- if src[0] != '{' {
- panic("BUG: reformatObject must be called with a buffer that starts with '{'")
- }
- dst, src = append(dst, '{'), src[1:]
-
- // Append (possible) object end.
- src = src[consumeWhitespace(src):]
- if len(src) == 0 {
- return dst, src, io.ErrUnexpectedEOF
- }
- if src[0] == '}' {
- dst, src = append(dst, '}'), src[1:]
- return dst, src, nil
- }
-
- var err error
- var names *objectNamespace
- if !e.options.AllowDuplicateNames {
- e.namespaces.push()
- defer e.namespaces.pop()
- names = e.namespaces.last()
- }
- depth++
- for {
- // Append optional newline and indentation.
- if e.options.multiline {
- dst = e.appendIndent(dst, depth)
- }
-
- // Append object name.
- src = src[consumeWhitespace(src):]
- if len(src) == 0 {
- return dst, src, io.ErrUnexpectedEOF
- }
- n0 := len(dst) // offset before calling reformatString
- n := consumeSimpleString(src)
- if n > 0 && e.options.EscapeRune == nil {
- dst, src = append(dst, src[:n]...), src[n:] // copy simple strings verbatim
- } else {
- dst, src, err = reformatString(dst, src, !e.options.AllowInvalidUTF8, e.options.preserveRawStrings, e.options.EscapeRune)
- }
- if err != nil {
- return dst, src, err
- }
- if !e.options.AllowDuplicateNames && !names.insertQuoted(dst[n0:], false) {
- return dst, src, &SyntacticError{str: "duplicate name " + string(dst[n0:]) + " in object"}
- }
-
- // Append colon.
- src = src[consumeWhitespace(src):]
- if len(src) == 0 {
- return dst, src, io.ErrUnexpectedEOF
- }
- if src[0] != ':' {
- return dst, src, newInvalidCharacterError(src, "after object name (expecting ':')")
- }
- dst, src = append(dst, ':'), src[1:]
- if e.options.multiline {
- dst = append(dst, ' ')
- }
-
- // Append object value.
- src = src[consumeWhitespace(src):]
- if len(src) == 0 {
- return dst, src, io.ErrUnexpectedEOF
- }
- dst, src, err = e.reformatValue(dst, src, depth)
- if err != nil {
- return dst, src, err
- }
-
- // Append comma or object end.
- src = src[consumeWhitespace(src):]
- if len(src) == 0 {
- return dst, src, io.ErrUnexpectedEOF
- }
- switch src[0] {
- case ',':
- dst, src = append(dst, ','), src[1:]
- continue
- case '}':
- if e.options.multiline {
- dst = e.appendIndent(dst, depth-1)
- }
- dst, src = append(dst, '}'), src[1:]
- return dst, src, nil
- default:
- return dst, src, newInvalidCharacterError(src, "after object value (expecting ',' or '}')")
- }
- }
-}
-
-// reformatArray parses a JSON array from the start of src and
-// appends it to the end of dst, reformatting whitespace and strings as needed.
-// It returns the updated versions of dst and src.
-func (e *Encoder) reformatArray(dst []byte, src RawValue, depth int) ([]byte, RawValue, error) {
- // Append array start.
- if src[0] != '[' {
- panic("BUG: reformatArray must be called with a buffer that starts with '['")
- }
- dst, src = append(dst, '['), src[1:]
-
- // Append (possible) array end.
- src = src[consumeWhitespace(src):]
- if len(src) == 0 {
- return dst, src, io.ErrUnexpectedEOF
- }
- if src[0] == ']' {
- dst, src = append(dst, ']'), src[1:]
- return dst, src, nil
- }
-
- var err error
- depth++
- for {
- // Append optional newline and indentation.
- if e.options.multiline {
- dst = e.appendIndent(dst, depth)
- }
-
- // Append array value.
- src = src[consumeWhitespace(src):]
- if len(src) == 0 {
- return dst, src, io.ErrUnexpectedEOF
- }
- dst, src, err = e.reformatValue(dst, src, depth)
- if err != nil {
- return dst, src, err
- }
-
- // Append comma or array end.
- src = src[consumeWhitespace(src):]
- if len(src) == 0 {
- return dst, src, io.ErrUnexpectedEOF
- }
- switch src[0] {
- case ',':
- dst, src = append(dst, ','), src[1:]
- continue
- case ']':
- if e.options.multiline {
- dst = e.appendIndent(dst, depth-1)
- }
- dst, src = append(dst, ']'), src[1:]
- return dst, src, nil
- default:
- return dst, src, newInvalidCharacterError(src, "after array value (expecting ',' or ']')")
- }
- }
-}
-
-// OutputOffset returns the current output byte offset. It gives the location
-// of the next byte immediately after the most recently written token or value.
-// The number of bytes actually written to the underlying io.Writer may be less
-// than this offset due to internal buffering effects.
-func (e *Encoder) OutputOffset() int64 {
- return e.previousOffsetEnd()
-}
-
-// UnusedBuffer returns a zero-length buffer with a possible non-zero capacity.
-// This buffer is intended to be used to populate a RawValue
-// being passed to an immediately succeeding WriteValue call.
-//
-// Example usage:
-//
-// b := d.UnusedBuffer()
-// b = append(b, '"')
-// b = appendString(b, v) // append the string formatting of v
-// b = append(b, '"')
-// ... := d.WriteValue(b)
-//
-// It is the user's responsibility to ensure that the value is valid JSON.
-func (e *Encoder) UnusedBuffer() []byte {
- // NOTE: We don't return e.buf[len(e.buf):cap(e.buf)] since WriteValue would
- // need to take special care to avoid mangling the data while reformatting.
- // WriteValue can't easily identify whether the input RawValue aliases e.buf
- // without using unsafe.Pointer. Thus, we just return a different buffer.
- // Should this ever alias e.buf, we need to consider how it operates with
- // the specialized performance optimization for bytes.Buffer.
- n := 1 << bits.Len(uint(e.maxValue|63)) // fast approximation for max length
- if cap(e.unusedCache) < n {
- e.unusedCache = make([]byte, 0, n)
- }
- return e.unusedCache
-}
-
-// StackDepth returns the depth of the state machine for written JSON data.
-// Each level on the stack represents a nested JSON object or array.
-// It is incremented whenever an ObjectStart or ArrayStart token is encountered
-// and decremented whenever an ObjectEnd or ArrayEnd token is encountered.
-// The depth is zero-indexed, where zero represents the top-level JSON value.
-func (e *Encoder) StackDepth() int {
- // NOTE: Keep in sync with Decoder.StackDepth.
- return e.tokens.depth() - 1
-}
-
-// StackIndex returns information about the specified stack level.
-// It must be a number between 0 and StackDepth, inclusive.
-// For each level, it reports the kind:
-//
-// - 0 for a level of zero,
-// - '{' for a level representing a JSON object, and
-// - '[' for a level representing a JSON array.
-//
-// It also reports the length of that JSON object or array.
-// Each name and value in a JSON object is counted separately,
-// so the effective number of members would be half the length.
-// A complete JSON object must have an even length.
-func (e *Encoder) StackIndex(i int) (Kind, int) {
- // NOTE: Keep in sync with Decoder.StackIndex.
- switch s := e.tokens.index(i); {
- case i > 0 && s.isObject():
- return '{', s.length()
- case i > 0 && s.isArray():
- return '[', s.length()
- default:
- return 0, s.length()
- }
-}
-
-// StackPointer returns a JSON Pointer (RFC 6901) to the most recently written value.
-// Object names are only present if AllowDuplicateNames is false, otherwise
-// object members are represented using their index within the object.
-func (e *Encoder) StackPointer() string {
- e.names.copyQuotedBuffer(e.buf)
- return string(e.appendStackPointer(nil))
-}
-
-// appendString appends src to dst as a JSON string per RFC 7159, section 7.
-//
-// If validateUTF8 is specified, this rejects input that contains invalid UTF-8
-// otherwise invalid bytes are replaced with the Unicode replacement character.
-// If escapeRune is provided, it specifies which runes to escape using
-// hexadecimal sequences. If nil, the shortest representable form is used,
-// which is also the canonical form for strings (RFC 8785, section 3.2.2.2).
-//
-// Note that this API allows full control over the formatting of strings
-// except for whether a forward solidus '/' may be formatted as '\/' and
-// the casing of hexadecimal Unicode escape sequences.
-func appendString(dst []byte, src string, validateUTF8 bool, escapeRune func(rune) bool) ([]byte, error) {
- appendEscapedASCII := func(dst []byte, c byte) []byte {
- switch c {
- case '"', '\\':
- dst = append(dst, '\\', c)
- case '\b':
- dst = append(dst, "\\b"...)
- case '\f':
- dst = append(dst, "\\f"...)
- case '\n':
- dst = append(dst, "\\n"...)
- case '\r':
- dst = append(dst, "\\r"...)
- case '\t':
- dst = append(dst, "\\t"...)
- default:
- dst = append(dst, "\\u"...)
- dst = appendHexUint16(dst, uint16(c))
- }
- return dst
- }
- appendEscapedUnicode := func(dst []byte, r rune) []byte {
- if r1, r2 := utf16.EncodeRune(r); r1 != '\ufffd' && r2 != '\ufffd' {
- dst = append(dst, "\\u"...)
- dst = appendHexUint16(dst, uint16(r1))
- dst = append(dst, "\\u"...)
- dst = appendHexUint16(dst, uint16(r2))
- } else {
- dst = append(dst, "\\u"...)
- dst = appendHexUint16(dst, uint16(r))
- }
- return dst
- }
-
- // Optimize for when escapeRune is nil.
- if escapeRune == nil {
- var i, n int
- dst = append(dst, '"')
- for uint(len(src)) > uint(n) {
- // Handle single-byte ASCII.
- if c := src[n]; c < utf8.RuneSelf {
- n++
- if c < ' ' || c == '"' || c == '\\' {
- dst = append(dst, src[i:n-1]...)
- dst = appendEscapedASCII(dst, c)
- i = n
- }
- continue
- }
-
- // Handle multi-byte Unicode.
- _, rn := utf8.DecodeRuneInString(src[n:])
- n += rn
- if rn == 1 { // must be utf8.RuneError since we already checked for single-byte ASCII
- dst = append(dst, src[i:n-rn]...)
- if validateUTF8 {
- return dst, &SyntacticError{str: "invalid UTF-8 within string"}
- }
- dst = append(dst, "\ufffd"...)
- i = n
- }
- }
- dst = append(dst, src[i:n]...)
- dst = append(dst, '"')
- return dst, nil
- }
-
- // Slower implementation for when escapeRune is non-nil.
- var i, n int
- dst = append(dst, '"')
- for uint(len(src)) > uint(n) {
- switch r, rn := utf8.DecodeRuneInString(src[n:]); {
- case r == utf8.RuneError && rn == 1:
- dst = append(dst, src[i:n]...)
- if validateUTF8 {
- return dst, &SyntacticError{str: "invalid UTF-8 within string"}
- }
- if escapeRune('\ufffd') {
- dst = append(dst, `\ufffd`...)
- } else {
- dst = append(dst, "\ufffd"...)
- }
- n += rn
- i = n
- case escapeRune(r):
- dst = append(dst, src[i:n]...)
- dst = appendEscapedUnicode(dst, r)
- n += rn
- i = n
- case r < ' ' || r == '"' || r == '\\':
- dst = append(dst, src[i:n]...)
- dst = appendEscapedASCII(dst, byte(r))
- n += rn
- i = n
- default:
- n += rn
- }
- }
- dst = append(dst, src[i:n]...)
- dst = append(dst, '"')
- return dst, nil
-}
-
-// reformatString consumes a JSON string from src and appends it to dst,
-// reformatting it if necessary for the given escapeRune parameter.
-// It returns the appended output and the remainder of the input.
-func reformatString(dst, src []byte, validateUTF8, preserveRaw bool, escapeRune func(rune) bool) ([]byte, []byte, error) {
- // TODO: Should this update valueFlags as input?
- var flags valueFlags
- n, err := consumeString(&flags, src, validateUTF8)
- if err != nil {
- return dst, src[n:], err
- }
- if preserveRaw || (escapeRune == nil && flags.isCanonical()) {
- dst = append(dst, src[:n]...) // copy the string verbatim
- return dst, src[n:], nil
- }
-
- // TODO: Implement a direct, raw-to-raw reformat for strings.
- // If the escapeRune option would have resulted in no changes to the output,
- // it would be faster to simply append src to dst without going through
- // an intermediary representation in a separate buffer.
- b, _ := unescapeString(make([]byte, 0, n), src[:n])
- dst, _ = appendString(dst, string(b), validateUTF8, escapeRune)
- return dst, src[n:], nil
-}
-
-// appendNumber appends src to dst as a JSON number per RFC 7159, section 6.
-// It formats numbers similar to the ES6 number-to-string conversion.
-// See https://go.dev/issue/14135.
-//
-// The output is identical to ECMA-262, 6th edition, section 7.1.12.1 and with
-// RFC 8785, section 3.2.2.3 for 64-bit floating-point numbers except for -0,
-// which is formatted as -0 instead of just 0.
-//
-// For 32-bit floating-point numbers,
-// the output is a 32-bit equivalent of the algorithm.
-// Note that ECMA-262 specifies no algorithm for 32-bit numbers.
-func appendNumber(dst []byte, src float64, bits int) []byte {
- if bits == 32 {
- src = float64(float32(src))
- }
-
- abs := math.Abs(src)
- fmt := byte('f')
- if abs != 0 {
- if bits == 64 && (float64(abs) < 1e-6 || float64(abs) >= 1e21) ||
- bits == 32 && (float32(abs) < 1e-6 || float32(abs) >= 1e21) {
- fmt = 'e'
- }
- }
- dst = strconv.AppendFloat(dst, src, fmt, -1, bits)
- if fmt == 'e' {
- // Clean up e-09 to e-9.
- n := len(dst)
- if n >= 4 && dst[n-4] == 'e' && dst[n-3] == '-' && dst[n-2] == '0' {
- dst[n-2] = dst[n-1]
- dst = dst[:n-1]
- }
- }
- return dst
-}
-
-// reformatNumber consumes a JSON string from src and appends it to dst,
-// canonicalizing it if specified.
-// It returns the appended output and the remainder of the input.
-func reformatNumber(dst, src []byte, canonicalize bool) ([]byte, []byte, error) {
- n, err := consumeNumber(src)
- if err != nil {
- return dst, src[n:], err
- }
- if !canonicalize {
- dst = append(dst, src[:n]...) // copy the number verbatim
- return dst, src[n:], nil
- }
-
- // Canonicalize the number per RFC 8785, section 3.2.2.3.
- // As an optimization, we can copy integer numbers below 2⁵³ verbatim.
- const maxExactIntegerDigits = 16 // len(strconv.AppendUint(nil, 1<<53, 10))
- if n < maxExactIntegerDigits && consumeSimpleNumber(src[:n]) == n {
- dst = append(dst, src[:n]...) // copy the number verbatim
- return dst, src[n:], nil
- }
- fv, _ := strconv.ParseFloat(string(src[:n]), 64)
- switch {
- case fv == 0:
- fv = 0 // normalize negative zero as just zero
- case math.IsInf(fv, +1):
- fv = +math.MaxFloat64
- case math.IsInf(fv, -1):
- fv = -math.MaxFloat64
- }
- return appendNumber(dst, fv, 64), src[n:], nil
-}
-
-// appendHexUint16 appends src to dst as a 4-byte hexadecimal number.
-func appendHexUint16(dst []byte, src uint16) []byte {
- dst = append(dst, "0000"[1+(bits.Len16(src)-1)/4:]...)
- dst = strconv.AppendUint(dst, uint64(src), 16)
- return dst
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/errors.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/errors.go
index 35be8601e..5b5d5f93a 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/errors.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/errors.go
@@ -2,43 +2,61 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
import (
+ "cmp"
"errors"
+ "fmt"
"reflect"
"strconv"
"strings"
- "unicode/utf8"
-)
+ "sync"
-const errorPrefix = "json: "
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
+)
-// Error matches errors returned by this package according to errors.Is.
-const Error = jsonError("json error")
+// ErrUnknownName indicates that a JSON object member could not be
+// unmarshaled because the name is not known to the target Go struct.
+// This error is directly wrapped within a [SemanticError] when produced.
+//
+// The name of an unknown JSON object member can be extracted as:
+//
+// err := ...
+// var serr json.SemanticError
+// if errors.As(err, &serr) && serr.Err == json.ErrUnknownName {
+// ptr := serr.JSONPointer // JSON pointer to unknown name
+// name := ptr.LastToken() // unknown name itself
+// ...
+// }
+//
+// This error is only returned if [RejectUnknownMembers] is true.
+var ErrUnknownName = errors.New("unknown object member name")
-type jsonError string
+const errorPrefix = "json: "
-func (e jsonError) Error() string {
- return string(e)
-}
-func (e jsonError) Is(target error) bool {
- return e == target || target == Error
+func isSemanticError(err error) bool {
+ _, ok := err.(*SemanticError)
+ return ok
}
-type ioError struct {
- action string // either "read" or "write"
- err error
+func isSyntacticError(err error) bool {
+ _, ok := err.(*jsontext.SyntacticError)
+ return ok
}
-func (e *ioError) Error() string {
- return errorPrefix + e.action + " error: " + e.err.Error()
-}
-func (e *ioError) Unwrap() error {
- return e.err
-}
-func (e *ioError) Is(target error) bool {
- return e == target || target == Error || errors.Is(e.err, target)
+// isFatalError reports whether this error must terminate asharling.
+// All errors are considered fatal unless operating under
+// [jsonflags.ReportErrorsWithLegacySemantics] in which case only
+// syntactic errors and I/O errors are considered fatal.
+func isFatalError(err error, flags jsonflags.Flags) bool {
+ return !flags.Get(jsonflags.ReportErrorsWithLegacySemantics) ||
+ isSyntacticError(err) || export.IsIOError(err)
}
// SemanticError describes an error determining the meaning
@@ -55,10 +73,13 @@ type SemanticError struct {
ByteOffset int64
// JSONPointer indicates that an error occurred within this JSON value
// as indicated using the JSON Pointer notation (see RFC 6901).
- JSONPointer string
+ JSONPointer jsontext.Pointer
// JSONKind is the JSON kind that could not be handled.
- JSONKind Kind // may be zero if unknown
+ JSONKind jsontext.Kind // may be zero if unknown
+ // JSONValue is the JSON number or string that could not be unmarshaled.
+ // It is not populated during marshaling.
+ JSONValue jsontext.Value // may be nil if irrelevant or unknown
// GoType is the Go type that could not be handled.
GoType reflect.Type // may be nil if unknown
@@ -66,18 +87,228 @@ type SemanticError struct {
Err error // may be nil
}
-func (e *SemanticError) Error() string {
- var sb strings.Builder
- sb.WriteString(errorPrefix)
+// coder is implemented by [jsontext.Encoder] or [jsontext.Decoder].
+type coder interface {
+ StackPointer() jsontext.Pointer
+ Options() Options
+}
+
+// newInvalidFormatError wraps err in a SemanticError because
+// the current type t cannot handle the provided options format.
+// This error must be called before producing or consuming the next value.
+//
+// If [jsonflags.ReportErrorsWithLegacySemantics] is specified,
+// then this automatically skips the next value when unmarshaling
+// to ensure that the value is fully consumed.
+func newInvalidFormatError(c coder, t reflect.Type) error {
+ err := fmt.Errorf("invalid format flag %q", c.Options().(*jsonopts.Struct).Format)
+ switch c := c.(type) {
+ case *jsontext.Encoder:
+ err = newMarshalErrorBefore(c, t, err)
+ case *jsontext.Decoder:
+ err = newUnmarshalErrorBeforeWithSkipping(c, t, err)
+ }
+ return err
+}
+
+// newMarshalErrorBefore wraps err in a SemanticError assuming that e
+// is positioned right before the next token or value, which causes an error.
+func newMarshalErrorBefore(e *jsontext.Encoder, t reflect.Type, err error) error {
+ return &SemanticError{action: "marshal", GoType: t, Err: err,
+ ByteOffset: e.OutputOffset() + int64(export.Encoder(e).CountNextDelimWhitespace()),
+ JSONPointer: jsontext.Pointer(export.Encoder(e).AppendStackPointer(nil, +1))}
+}
+
+// newUnmarshalErrorBefore wraps err in a SemanticError assuming that d
+// is positioned right before the next token or value, which causes an error.
+// It does not record the next JSON kind as this error is used to indicate
+// the receiving Go value is invalid to unmarshal into (and not a JSON error).
+// However, if [jsonflags.ReportErrorsWithLegacySemantics] is specified,
+// then it does record the next JSON kind for historical reporting reasons.
+func newUnmarshalErrorBefore(d *jsontext.Decoder, t reflect.Type, err error) error {
+ var k jsontext.Kind
+ if export.Decoder(d).Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ k = d.PeekKind()
+ }
+ return &SemanticError{action: "unmarshal", GoType: t, Err: err,
+ ByteOffset: d.InputOffset() + int64(export.Decoder(d).CountNextDelimWhitespace()),
+ JSONPointer: jsontext.Pointer(export.Decoder(d).AppendStackPointer(nil, +1)),
+ JSONKind: k}
+}
+
+// newUnmarshalErrorBeforeWithSkipping is like [newUnmarshalErrorBefore],
+// but automatically skips the next value if
+// [jsonflags.ReportErrorsWithLegacySemantics] is specified.
+func newUnmarshalErrorBeforeWithSkipping(d *jsontext.Decoder, t reflect.Type, err error) error {
+ err = newUnmarshalErrorBefore(d, t, err)
+ if export.Decoder(d).Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ if err2 := export.Decoder(d).SkipValue(); err2 != nil {
+ return err2
+ }
+ }
+ return err
+}
+
+// newUnmarshalErrorAfter wraps err in a SemanticError assuming that d
+// is positioned right after the previous token or value, which caused an error.
+func newUnmarshalErrorAfter(d *jsontext.Decoder, t reflect.Type, err error) error {
+ tokOrVal := export.Decoder(d).PreviousTokenOrValue()
+ return &SemanticError{action: "unmarshal", GoType: t, Err: err,
+ ByteOffset: d.InputOffset() - int64(len(tokOrVal)),
+ JSONPointer: jsontext.Pointer(export.Decoder(d).AppendStackPointer(nil, -1)),
+ JSONKind: jsontext.Value(tokOrVal).Kind()}
+}
+
+// newUnmarshalErrorAfter wraps err in a SemanticError assuming that d
+// is positioned right after the previous token or value, which caused an error.
+// It also stores a copy of the last JSON value if it is a string or number.
+func newUnmarshalErrorAfterWithValue(d *jsontext.Decoder, t reflect.Type, err error) error {
+ serr := newUnmarshalErrorAfter(d, t, err).(*SemanticError)
+ if serr.JSONKind == '"' || serr.JSONKind == '0' {
+ serr.JSONValue = jsontext.Value(export.Decoder(d).PreviousTokenOrValue()).Clone()
+ }
+ return serr
+}
+
+// newUnmarshalErrorAfterWithSkipping is like [newUnmarshalErrorAfter],
+// but automatically skips the remainder of the current value if
+// [jsonflags.ReportErrorsWithLegacySemantics] is specified.
+func newUnmarshalErrorAfterWithSkipping(d *jsontext.Decoder, t reflect.Type, err error) error {
+ err = newUnmarshalErrorAfter(d, t, err)
+ if export.Decoder(d).Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) {
+ if err2 := export.Decoder(d).SkipValueRemainder(); err2 != nil {
+ return err2
+ }
+ }
+ return err
+}
+
+// newSemanticErrorWithPosition wraps err in a SemanticError assuming that
+// the error occurred at the provided depth, and length.
+// If err is already a SemanticError, then position information is only
+// injected if it is currently unpopulated.
+//
+// If the position is unpopulated, it is ambiguous where the error occurred
+// in the user code, whether it was before or after the current position.
+// For the byte offset, we assume that the error occurred before the last read
+// token or value when decoding, or before the next value when encoding.
+// For the JSON pointer, we point to the parent object or array unless
+// we can be certain that it happened with an object member.
+//
+// This is used to annotate errors returned by user-provided
+// v2 MarshalJSON or UnmarshalJSON methods or functions.
+func newSemanticErrorWithPosition(c coder, t reflect.Type, prevDepth int, prevLength int64, err error) error {
+ serr, _ := err.(*SemanticError)
+ if serr == nil {
+ serr = &SemanticError{Err: err}
+ }
+ var currDepth int
+ var currLength int64
+ var coderState interface{ AppendStackPointer([]byte, int) []byte }
+ var offset int64
+ switch c := c.(type) {
+ case *jsontext.Encoder:
+ e := export.Encoder(c)
+ serr.action = cmp.Or(serr.action, "marshal")
+ currDepth, currLength = e.Tokens.DepthLength()
+ offset = c.OutputOffset() + int64(export.Encoder(c).CountNextDelimWhitespace())
+ coderState = e
+ case *jsontext.Decoder:
+ d := export.Decoder(c)
+ serr.action = cmp.Or(serr.action, "unmarshal")
+ currDepth, currLength = d.Tokens.DepthLength()
+ tokOrVal := d.PreviousTokenOrValue()
+ offset = c.InputOffset() - int64(len(tokOrVal))
+ if (prevDepth == currDepth && prevLength == currLength) || len(tokOrVal) == 0 {
+ // If no Read method was called in the user-defined method or
+ // if the Peek method was called, then use the offset of the next value.
+ offset = c.InputOffset() + int64(export.Decoder(c).CountNextDelimWhitespace())
+ }
+ coderState = d
+ }
+ serr.ByteOffset = cmp.Or(serr.ByteOffset, offset)
+ if serr.JSONPointer == "" {
+ where := 0 // default to ambiguous positioning
+ switch {
+ case prevDepth == currDepth && prevLength+0 == currLength:
+ where = +1
+ case prevDepth == currDepth && prevLength+1 == currLength:
+ where = -1
+ }
+ serr.JSONPointer = jsontext.Pointer(coderState.AppendStackPointer(nil, where))
+ }
+ serr.GoType = cmp.Or(serr.GoType, t)
+ return serr
+}
+
+// collapseSemanticErrors collapses double SemanticErrors at the outer levels
+// into a single SemanticError by preserving the inner error,
+// but prepending the ByteOffset and JSONPointer with the outer error.
+//
+// For example:
+//
+// collapseSemanticErrors(&SemanticError{
+// ByteOffset: len64(`[0,{"alpha":[0,1,`),
+// JSONPointer: "/1/alpha/2",
+// GoType: reflect.TypeFor[outerType](),
+// Err: &SemanticError{
+// ByteOffset: len64(`{"foo":"bar","fizz":[0,`),
+// JSONPointer: "/fizz/1",
+// GoType: reflect.TypeFor[innerType](),
+// Err: ...,
+// },
+// })
+//
+// results in:
+//
+// &SemanticError{
+// ByteOffset: len64(`[0,{"alpha":[0,1,`) + len64(`{"foo":"bar","fizz":[0,`),
+// JSONPointer: "/1/alpha/2" + "/fizz/1",
+// GoType: reflect.TypeFor[innerType](),
+// Err: ...,
+// }
+//
+// This is used to annotate errors returned by user-provided
+// v1 MarshalJSON or UnmarshalJSON methods with precise position information
+// if they themselves happened to return a SemanticError.
+// Since MarshalJSON and UnmarshalJSON are not operating on the root JSON value,
+// their positioning must be relative to the nested JSON value
+// returned by UnmarshalJSON or passed to MarshalJSON.
+// Therefore, we can construct an absolute position by concatenating
+// the outer with the inner positions.
+//
+// Note that we do not use collapseSemanticErrors with user-provided functions
+// that take in an [jsontext.Encoder] or [jsontext.Decoder] since they contain
+// methods to report position relative to the root JSON value.
+// We assume user-constructed errors are correctly precise about position.
+func collapseSemanticErrors(err error) error {
+ if serr1, ok := err.(*SemanticError); ok {
+ if serr2, ok := serr1.Err.(*SemanticError); ok {
+ serr2.ByteOffset = serr1.ByteOffset + serr2.ByteOffset
+ serr2.JSONPointer = serr1.JSONPointer + serr2.JSONPointer
+ *serr1 = *serr2
+ }
+ }
+ return err
+}
- // Hyrum-proof the error message by deliberately switching between
- // two equivalent renderings of the same error message.
- // The randomization is tied to the Hyrum-proofing already applied
- // on map iteration in Go.
+// errorModalVerb is a modal verb like "cannot" or "unable to".
+//
+// Once per process, Hyrum-proof the error message by deliberately
+// switching between equivalent renderings of the same error message.
+// The randomization is tied to the Hyrum-proofing already applied
+// on map iteration in Go.
+var errorModalVerb = sync.OnceValue(func() string {
for phrase := range map[string]struct{}{"cannot": {}, "unable to": {}} {
- sb.WriteString(phrase)
- break // use whichever phrase we get in the first iteration
+ return phrase // use whichever phrase we get in the first iteration
}
+ return ""
+})
+
+func (e *SemanticError) Error() string {
+ var sb strings.Builder
+ sb.WriteString(errorPrefix)
+ sb.WriteString(errorModalVerb())
// Format action.
var preposition string
@@ -94,7 +325,6 @@ func (e *SemanticError) Error() string {
}
// Format JSON kind.
- var omitPreposition bool
switch e.JSONKind {
case 'n':
sb.WriteString(" JSON null")
@@ -109,75 +339,92 @@ func (e *SemanticError) Error() string {
case '[', ']':
sb.WriteString(" JSON array")
default:
- omitPreposition = true
+ if e.action == "" {
+ preposition = ""
+ }
+ }
+ if len(e.JSONValue) > 0 && len(e.JSONValue) < 100 {
+ sb.WriteByte(' ')
+ sb.Write(e.JSONValue)
}
// Format Go type.
if e.GoType != nil {
- if !omitPreposition {
- sb.WriteString(preposition)
+ typeString := e.GoType.String()
+ if len(typeString) > 100 {
+ // An excessively long type string most likely occurs for
+ // an anonymous struct declaration with many fields.
+ // Reduce the noise by just printing the kind,
+ // and optionally prepending it with the package name
+ // if the struct happens to include an unexported field.
+ typeString = e.GoType.Kind().String()
+ if e.GoType.Kind() == reflect.Struct && e.GoType.Name() == "" {
+ for i := range e.GoType.NumField() {
+ if pkgPath := e.GoType.Field(i).PkgPath; pkgPath != "" {
+ typeString = pkgPath[strings.LastIndexByte(pkgPath, '/')+len("/"):] + ".struct"
+ break
+ }
+ }
+ }
+ }
+ sb.WriteString(preposition)
+ sb.WriteString(" Go ")
+ sb.WriteString(typeString)
+ }
+
+ // Special handling for unknown names.
+ if e.Err == ErrUnknownName {
+ sb.WriteString(": ")
+ sb.WriteString(ErrUnknownName.Error())
+ sb.WriteString(" ")
+ sb.WriteString(strconv.Quote(e.JSONPointer.LastToken()))
+ if parent := e.JSONPointer.Parent(); parent != "" {
+ sb.WriteString(" within ")
+ sb.WriteString(strconv.Quote(jsonwire.TruncatePointer(string(parent), 100)))
}
- sb.WriteString(" Go value of type ")
- sb.WriteString(e.GoType.String())
+ return sb.String()
}
// Format where.
- switch {
+ // Avoid printing if it overlaps with a wrapped SyntacticError.
+ switch serr, _ := e.Err.(*jsontext.SyntacticError); {
case e.JSONPointer != "":
- sb.WriteString(" within JSON value at ")
- sb.WriteString(strconv.Quote(e.JSONPointer))
+ if serr == nil || !e.JSONPointer.Contains(serr.JSONPointer) {
+ sb.WriteString(" within ")
+ sb.WriteString(strconv.Quote(jsonwire.TruncatePointer(string(e.JSONPointer), 100)))
+ }
case e.ByteOffset > 0:
- sb.WriteString(" after byte offset ")
- sb.WriteString(strconv.FormatInt(e.ByteOffset, 10))
+ if serr == nil || !(e.ByteOffset <= serr.ByteOffset) {
+ sb.WriteString(" after offset ")
+ sb.WriteString(strconv.FormatInt(e.ByteOffset, 10))
+ }
}
// Format underlying error.
if e.Err != nil {
+ errString := e.Err.Error()
+ if isSyntacticError(e.Err) {
+ errString = strings.TrimPrefix(errString, "jsontext: ")
+ }
sb.WriteString(": ")
- sb.WriteString(e.Err.Error())
+ sb.WriteString(errString)
}
return sb.String()
}
-func (e *SemanticError) Is(target error) bool {
- return e == target || target == Error || errors.Is(e.Err, target)
-}
+
func (e *SemanticError) Unwrap() error {
return e.Err
}
-// SyntacticError is a description of a syntactic error that occurred when
-// encoding or decoding JSON according to the grammar.
-//
-// The contents of this error as produced by this package may change over time.
-type SyntacticError struct {
- requireKeyedLiterals
- nonComparable
-
- // ByteOffset indicates that an error occurred after this byte offset.
- ByteOffset int64
- str string
-}
-
-func (e *SyntacticError) Error() string {
- return errorPrefix + e.str
-}
-func (e *SyntacticError) Is(target error) bool {
- return e == target || target == Error
-}
-func (e *SyntacticError) withOffset(pos int64) error {
- return &SyntacticError{ByteOffset: pos, str: e.str}
-}
-
-func newInvalidCharacterError(prefix []byte, where string) *SyntacticError {
- what := quoteRune(prefix)
- return &SyntacticError{str: "invalid character " + what + " " + where}
-}
-
-func quoteRune(b []byte) string {
- r, n := utf8.DecodeRune(b)
- if r == utf8.RuneError && n == 1 {
- return `'\x` + strconv.FormatUint(uint64(b[0]), 16) + `'`
+func newDuplicateNameError(ptr jsontext.Pointer, quotedName []byte, offset int64) error {
+ if quotedName != nil {
+ name, _ := jsonwire.AppendUnquote(nil, quotedName)
+ ptr = ptr.AppendToken(string(name))
+ }
+ return &jsontext.SyntacticError{
+ ByteOffset: offset,
+ JSONPointer: ptr,
+ Err: jsontext.ErrDuplicateName,
}
- return strconv.QuoteRune(r)
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fields.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fields.go
index c0ee36166..045c6988a 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fields.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fields.go
@@ -2,27 +2,31 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
import (
+ "cmp"
"errors"
"fmt"
"io"
"reflect"
- "sort"
+ "slices"
"strconv"
"strings"
"unicode"
"unicode/utf8"
-)
-var errIgnoredField = errors.New("ignored field")
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+)
type isZeroer interface {
IsZero() bool
}
-var isZeroerType = reflect.TypeOf((*isZeroer)(nil)).Elem()
+var isZeroerType = reflect.TypeFor[isZeroer]()
type structFields struct {
flattened []structField // listed in depth-first ordering
@@ -31,9 +35,37 @@ type structFields struct {
inlinedFallback *structField
}
+// reindex recomputes index to avoid bounds check during runtime.
+//
+// During the construction of each [structField] in [makeStructFields],
+// the index field is 0-indexed. However, before it returns,
+// the 0th field is stored in index0 and index stores the remainder.
+func (sf *structFields) reindex() {
+ reindex := func(f *structField) {
+ f.index0 = f.index[0]
+ f.index = f.index[1:]
+ if len(f.index) == 0 {
+ f.index = nil // avoid pinning the backing slice
+ }
+ }
+ for i := range sf.flattened {
+ reindex(&sf.flattened[i])
+ }
+ if sf.inlinedFallback != nil {
+ reindex(sf.inlinedFallback)
+ }
+}
+
+// lookupByFoldedName looks up name by a case-insensitive match
+// that also ignores the presence of dashes and underscores.
+func (fs *structFields) lookupByFoldedName(name []byte) []*structField {
+ return fs.byFoldedName[string(foldName(name))]
+}
+
type structField struct {
id int // unique numeric ID in breadth-first ordering
- index []int // index into a struct according to reflect.Type.FieldByIndex
+ index0 int // 0th index into a struct according to [reflect.Type.FieldByIndex]
+ index []int // 1st index and remainder according to [reflect.Type.FieldByIndex]
typ reflect.Type
fncs *arshaler
isZero func(addressableValue) bool
@@ -41,18 +73,12 @@ type structField struct {
fieldOptions
}
-func makeStructFields(root reflect.Type) (structFields, *SemanticError) {
- var fs structFields
- fs.byActualName = make(map[string]*structField, root.NumField())
- fs.byFoldedName = make(map[string][]*structField, root.NumField())
+var errNoExportedFields = errors.New("Go struct has no exported fields")
- // ambiguous is a sentinel value to indicate that at least two fields
- // at the same depth have the same name, and thus cancel each other out.
- // This follows the same rules as selecting a field on embedded structs
- // where the shallowest field takes precedence. If more than one field
- // exists at the shallowest depth, then the selection is illegal.
- // See https://go.dev/ref/spec#Selectors.
- ambiguous := new(structField)
+func makeStructFields(root reflect.Type) (fs structFields, serr *SemanticError) {
+ orErrorf := func(serr *SemanticError, t reflect.Type, f string, a ...any) *SemanticError {
+ return cmp.Or(serr, &SemanticError{GoType: t, Err: fmt.Errorf(f, a...)})
+ }
// Setup a queue for a breath-first search.
var queueIndex int
@@ -66,6 +92,7 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) {
// Perform a breadth-first search over all reachable fields.
// This ensures that len(f.index) will be monotonically increasing.
+ var allFields, inlinedFallbacks []structField
for queueIndex < len(queue) {
qe := queue[queueIndex]
queueIndex++
@@ -75,16 +102,16 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) {
namesIndex := make(map[string]int) // index of each field with a given JSON object name in current struct
var hasAnyJSONTag bool // whether any Go struct field has a `json` tag
var hasAnyJSONField bool // whether any JSON serializable fields exist in current struct
- for i := 0; i < t.NumField(); i++ {
+ for i := range t.NumField() {
sf := t.Field(i)
_, hasTag := sf.Tag.Lookup("json")
hasAnyJSONTag = hasAnyJSONTag || hasTag
- options, err := parseFieldOptions(sf)
+ options, ignored, err := parseFieldOptions(sf)
if err != nil {
- if err == errIgnoredField {
- continue
- }
- return structFields{}, &SemanticError{GoType: t, Err: err}
+ serr = cmp.Or(serr, &SemanticError{GoType: t, Err: err})
+ }
+ if ignored {
+ continue
}
hasAnyJSONField = true
f := structField{
@@ -96,84 +123,104 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) {
fieldOptions: options,
}
if sf.Anonymous && !f.hasName {
- f.inline = true // implied by use of Go embedding without an explicit name
+ if indirectType(f.typ).Kind() != reflect.Struct {
+ serr = orErrorf(serr, t, "embedded Go struct field %s of non-struct type must be explicitly given a JSON name", sf.Name)
+ } else {
+ f.inline = true // implied by use of Go embedding without an explicit name
+ }
}
if f.inline || f.unknown {
// Handle an inlined field that serializes to/from
// zero or more JSON object members.
- if f.inline && f.unknown {
- err := fmt.Errorf("Go struct field %s cannot have both `inline` and `unknown` specified", sf.Name)
- return structFields{}, &SemanticError{GoType: t, Err: err}
- }
switch f.fieldOptions {
case fieldOptions{name: f.name, quotedName: f.quotedName, inline: true}:
case fieldOptions{name: f.name, quotedName: f.quotedName, unknown: true}:
+ case fieldOptions{name: f.name, quotedName: f.quotedName, inline: true, unknown: true}:
+ serr = orErrorf(serr, t, "Go struct field %s cannot have both `inline` and `unknown` specified", sf.Name)
+ f.inline = false // let `unknown` take precedence
default:
- err := fmt.Errorf("Go struct field %s cannot have any options other than `inline` or `unknown` specified", sf.Name)
- return structFields{}, &SemanticError{GoType: t, Err: err}
+ serr = orErrorf(serr, t, "Go struct field %s cannot have any options other than `inline` or `unknown` specified", sf.Name)
+ if f.hasName {
+ continue // invalid inlined field; treat as ignored
+ }
+ f.fieldOptions = fieldOptions{name: f.name, quotedName: f.quotedName, inline: f.inline, unknown: f.unknown}
+ if f.inline && f.unknown {
+ f.inline = false // let `unknown` take precedence
+ }
}
- // Unwrap one level of pointer indirection similar to how Go
- // only allows embedding either T or *T, but not **T.
- tf := f.typ
- if tf.Kind() == reflect.Pointer && tf.Name() == "" {
- tf = tf.Elem()
- }
// Reject any types with custom serialization otherwise
// it becomes impossible to know what sub-fields to inline.
- if which, _ := implementsWhich(tf,
- jsonMarshalerV2Type, jsonMarshalerV1Type, textMarshalerType,
- jsonUnmarshalerV2Type, jsonUnmarshalerV1Type, textUnmarshalerType,
- ); which != nil && tf != rawValueType {
- err := fmt.Errorf("inlined Go struct field %s of type %s must not implement JSON marshal or unmarshal methods", sf.Name, tf)
- return structFields{}, &SemanticError{GoType: t, Err: err}
+ tf := indirectType(f.typ)
+ if implementsAny(tf, allMethodTypes...) && tf != jsontextValueType {
+ serr = orErrorf(serr, t, "inlined Go struct field %s of type %s must not implement marshal or unmarshal methods", sf.Name, tf)
}
// Handle an inlined field that serializes to/from
// a finite number of JSON object members backed by a Go struct.
if tf.Kind() == reflect.Struct {
if f.unknown {
- err := fmt.Errorf("inlined Go struct field %s of type %s with `unknown` tag must be a Go map of string key or a json.RawValue", sf.Name, tf)
- return structFields{}, &SemanticError{GoType: t, Err: err}
+ serr = orErrorf(serr, t, "inlined Go struct field %s of type %s with `unknown` tag must be a Go map of string key or a jsontext.Value", sf.Name, tf)
+ continue // invalid inlined field; treat as ignored
}
if qe.visitChildren {
queue = append(queue, queueEntry{tf, f.index, !seen[tf]})
}
seen[tf] = true
continue
+ } else if !sf.IsExported() {
+ serr = orErrorf(serr, t, "inlined Go struct field %s is not exported", sf.Name)
+ continue // invalid inlined field; treat as ignored
}
// Handle an inlined field that serializes to/from any number of
- // JSON object members back by a Go map or RawValue.
+ // JSON object members back by a Go map or jsontext.Value.
switch {
- case tf == rawValueType:
+ case tf == jsontextValueType:
f.fncs = nil // specially handled in arshal_inlined.go
- case tf.Kind() == reflect.Map && tf.Key() == stringType:
+ case tf.Kind() == reflect.Map && tf.Key().Kind() == reflect.String:
+ if implementsAny(tf.Key(), allMethodTypes...) {
+ serr = orErrorf(serr, t, "inlined map field %s of type %s must have a string key that does not implement marshal or unmarshal methods", sf.Name, tf)
+ continue // invalid inlined field; treat as ignored
+ }
f.fncs = lookupArshaler(tf.Elem())
default:
- err := fmt.Errorf("inlined Go struct field %s of type %s must be a Go struct, Go map of string key, or json.RawValue", sf.Name, tf)
- return structFields{}, &SemanticError{GoType: t, Err: err}
+ serr = orErrorf(serr, t, "inlined Go struct field %s of type %s must be a Go struct, Go map of string key, or jsontext.Value", sf.Name, tf)
+ continue // invalid inlined field; treat as ignored
}
// Reject multiple inlined fallback fields within the same struct.
if inlinedFallbackIndex >= 0 {
- err := fmt.Errorf("inlined Go struct fields %s and %s cannot both be a Go map or json.RawValue", t.Field(inlinedFallbackIndex).Name, sf.Name)
- return structFields{}, &SemanticError{GoType: t, Err: err}
+ serr = orErrorf(serr, t, "inlined Go struct fields %s and %s cannot both be a Go map or jsontext.Value", t.Field(inlinedFallbackIndex).Name, sf.Name)
+ // Still append f to inlinedFallbacks as there is still a
+ // check for a dominant inlined fallback before returning.
}
inlinedFallbackIndex = i
- // Multiple inlined fallback fields across different structs
- // follow the same precedence rules as Go struct embedding.
- if fs.inlinedFallback == nil {
- fs.inlinedFallback = &f // store first occurrence at lowest depth
- } else if len(fs.inlinedFallback.index) == len(f.index) {
- fs.inlinedFallback = ambiguous // at least two occurrences at same depth
- }
+ inlinedFallbacks = append(inlinedFallbacks, f)
} else {
// Handle normal Go struct field that serializes to/from
// a single JSON object member.
+ // Unexported fields cannot be serialized except for
+ // embedded fields of a struct type,
+ // which might promote exported fields of their own.
+ if !sf.IsExported() {
+ tf := indirectType(f.typ)
+ if !(sf.Anonymous && tf.Kind() == reflect.Struct) {
+ serr = orErrorf(serr, t, "Go struct field %s is not exported", sf.Name)
+ continue
+ }
+ // Unfortunately, methods on the unexported field
+ // still cannot be called.
+ if implementsAny(tf, allMethodTypes...) ||
+ (f.omitzero && implementsAny(tf, isZeroerType)) {
+ serr = orErrorf(serr, t, "Go struct field %s is not exported for method calls", sf.Name)
+ continue
+ }
+ }
+
// Provide a function that uses a type's IsZero method.
switch {
case sf.Type.Kind() == reflect.Interface && sf.Type.Implements(isZeroerType):
@@ -202,29 +249,17 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) {
f.isEmpty = func(va addressableValue) bool { return va.IsNil() }
}
- f.id = len(fs.flattened)
- f.fncs = lookupArshaler(sf.Type)
- fs.flattened = append(fs.flattened, f)
-
- // Reject user-specified names with invalid UTF-8.
- if !utf8.ValidString(f.name) {
- err := fmt.Errorf("Go struct field %s has JSON object name %q with invalid UTF-8", sf.Name, f.name)
- return structFields{}, &SemanticError{GoType: t, Err: err}
- }
// Reject multiple fields with same name within the same struct.
if j, ok := namesIndex[f.name]; ok {
- err := fmt.Errorf("Go struct fields %s and %s conflict over JSON object name %q", t.Field(j).Name, sf.Name, f.name)
- return structFields{}, &SemanticError{GoType: t, Err: err}
+ serr = orErrorf(serr, t, "Go struct fields %s and %s conflict over JSON object name %q", t.Field(j).Name, sf.Name, f.name)
+ // Still append f to allFields as there is still a
+ // check for a dominant field before returning.
}
namesIndex[f.name] = i
- // Multiple fields of the same name across different structs
- // follow the same precedence rules as Go struct embedding.
- if f2 := fs.byActualName[f.name]; f2 == nil {
- fs.byActualName[f.name] = &fs.flattened[len(fs.flattened)-1] // store first occurrence at lowest depth
- } else if len(f2.index) == len(f.index) {
- fs.byActualName[f.name] = ambiguous // at least two occurrences at same depth
- }
+ f.id = len(allFields)
+ f.fncs = lookupArshaler(sf.Type)
+ allFields = append(allFields, f)
}
}
@@ -239,58 +274,58 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) {
// errors returned by errors.New would fail to serialize.
isEmptyStruct := t.NumField() == 0
if !isEmptyStruct && !hasAnyJSONTag && !hasAnyJSONField {
- err := errors.New("Go struct has no exported fields")
- return structFields{}, &SemanticError{GoType: t, Err: err}
+ serr = cmp.Or(serr, &SemanticError{GoType: t, Err: errNoExportedFields})
}
}
- // Remove all fields that are duplicates.
- // This may move elements forward to fill the holes from removed fields.
- var n int
- for _, f := range fs.flattened {
- switch f2 := fs.byActualName[f.name]; {
- case f2 == ambiguous:
- delete(fs.byActualName, f.name)
- case f2 == nil:
- continue // may be nil due to previous delete
- // TODO(https://go.dev/issue/45955): Use slices.Equal.
- case reflect.DeepEqual(f.index, f2.index):
- f.id = n
- fs.flattened[n] = f
- fs.byActualName[f.name] = &fs.flattened[n] // fix pointer to new location
+ // Sort the fields by exact name (breaking ties by depth and
+ // then by presence of an explicitly provided JSON name).
+ // Select the dominant field from each set of fields with the same name.
+ // If multiple fields have the same name, then the dominant field
+ // is the one that exists alone at the shallowest depth,
+ // or the one that is uniquely tagged with a JSON name.
+ // Otherwise, no dominant field exists for the set.
+ flattened := allFields[:0]
+ slices.SortStableFunc(allFields, func(x, y structField) int {
+ return cmp.Or(
+ strings.Compare(x.name, y.name),
+ cmp.Compare(len(x.index), len(y.index)),
+ boolsCompare(!x.hasName, !y.hasName))
+ })
+ for len(allFields) > 0 {
+ n := 1 // number of fields with the same exact name
+ for n < len(allFields) && allFields[n-1].name == allFields[n].name {
n++
}
+ if n == 1 || len(allFields[0].index) != len(allFields[1].index) || allFields[0].hasName != allFields[1].hasName {
+ flattened = append(flattened, allFields[0]) // only keep field if there is a dominant field
+ }
+ allFields = allFields[n:]
}
- fs.flattened = fs.flattened[:n]
- if fs.inlinedFallback == ambiguous {
- fs.inlinedFallback = nil
- }
- if len(fs.flattened) != len(fs.byActualName) {
- panic(fmt.Sprintf("BUG: flattened list of fields mismatches fields mapped by name: %d != %d", len(fs.flattened), len(fs.byActualName)))
+
+ // Sort the fields according to a breadth-first ordering
+ // so that we can re-number IDs with the smallest possible values.
+ // This optimizes use of uintSet such that it fits in the 64-entry bit set.
+ slices.SortFunc(flattened, func(x, y structField) int {
+ return cmp.Compare(x.id, y.id)
+ })
+ for i := range flattened {
+ flattened[i].id = i
}
- // Sort the fields according to a depth-first ordering.
- // This operation will cause pointers in byActualName to become incorrect,
- // which we will correct in another loop shortly thereafter.
- sort.Slice(fs.flattened, func(i, j int) bool {
- si := fs.flattened[i].index
- sj := fs.flattened[j].index
- for len(si) > 0 && len(sj) > 0 {
- switch {
- case si[0] < sj[0]:
- return true
- case si[0] > sj[0]:
- return false
- default:
- si = si[1:]
- sj = sj[1:]
- }
- }
- return len(si) < len(sj)
+ // Sort the fields according to a depth-first ordering
+ // as the typical order that fields are marshaled.
+ slices.SortFunc(flattened, func(x, y structField) int {
+ return slices.Compare(x.index, y.index)
})
- // Recompute the mapping of fields in the byActualName map.
+ // Compute the mapping of fields in the byActualName map.
// Pre-fold all names so that we can lookup folded names quickly.
+ fs = structFields{
+ flattened: flattened,
+ byActualName: make(map[string]*structField, len(flattened)),
+ byFoldedName: make(map[string][]*structField, len(flattened)),
+ }
for i, f := range fs.flattened {
foldedName := string(foldName([]byte(f.name)))
fs.byActualName[f.name] = &fs.flattened[i]
@@ -298,58 +333,99 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) {
}
for foldedName, fields := range fs.byFoldedName {
if len(fields) > 1 {
- // The precedence order for conflicting nocase names
+ // The precedence order for conflicting ignoreCase names
// is by breadth-first order, rather than depth-first order.
- sort.Slice(fields, func(i, j int) bool {
- return fields[i].id < fields[j].id
+ slices.SortFunc(fields, func(x, y *structField) int {
+ return cmp.Compare(x.id, y.id)
})
fs.byFoldedName[foldedName] = fields
}
}
+ if n := len(inlinedFallbacks); n == 1 || (n > 1 && len(inlinedFallbacks[0].index) != len(inlinedFallbacks[1].index)) {
+ fs.inlinedFallback = &inlinedFallbacks[0] // dominant inlined fallback field
+ }
+ fs.reindex()
+ return fs, serr
+}
+
+// indirectType unwraps one level of pointer indirection
+// similar to how Go only allows embedding either T or *T,
+// but not **T or P (which is a named pointer).
+func indirectType(t reflect.Type) reflect.Type {
+ if t.Kind() == reflect.Pointer && t.Name() == "" {
+ t = t.Elem()
+ }
+ return t
+}
- return fs, nil
+// matchFoldedName matches a case-insensitive name depending on the options.
+// It assumes that foldName(f.name) == foldName(name).
+//
+// Case-insensitive matching is used if the `case:ignore` tag option is specified
+// or the MatchCaseInsensitiveNames call option is specified
+// (and the `case:strict` tag option is not specified).
+// Functionally, the `case:ignore` and `case:strict` tag options take precedence.
+//
+// The v1 definition of case-insensitivity operated under strings.EqualFold
+// and would strictly compare dashes and underscores,
+// while the v2 definition would ignore the presence of dashes and underscores.
+// Thus, if the MatchCaseSensitiveDelimiter call option is specified,
+// the match is further restricted to using strings.EqualFold.
+func (f *structField) matchFoldedName(name []byte, flags *jsonflags.Flags) bool {
+ if f.casing == caseIgnore || (flags.Get(jsonflags.MatchCaseInsensitiveNames) && f.casing != caseStrict) {
+ if !flags.Get(jsonflags.MatchCaseSensitiveDelimiter) || strings.EqualFold(string(name), f.name) {
+ return true
+ }
+ }
+ return false
}
+const (
+ caseIgnore = 1
+ caseStrict = 2
+)
+
type fieldOptions struct {
- name string
- quotedName string // quoted name per RFC 8785, section 3.2.2.2.
- hasName bool
- nocase bool
- inline bool
- unknown bool
- omitzero bool
- omitempty bool
- string bool
- format string
+ name string
+ quotedName string // quoted name per RFC 8785, section 3.2.2.2.
+ hasName bool
+ nameNeedEscape bool
+ casing int8 // either 0, caseIgnore, or caseStrict
+ inline bool
+ unknown bool
+ omitzero bool
+ omitempty bool
+ string bool
+ format string
}
// parseFieldOptions parses the `json` tag in a Go struct field as
// a structured set of options configuring parameters such as
// the JSON member name and other features.
-// As a special case, it returns errIgnoredField if the field is ignored.
-func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) {
+func parseFieldOptions(sf reflect.StructField) (out fieldOptions, ignored bool, err error) {
tag, hasTag := sf.Tag.Lookup("json")
+ tagOrig := tag
// Check whether this field is explicitly ignored.
if tag == "-" {
- return fieldOptions{}, errIgnoredField
+ return fieldOptions{}, true, nil
}
- // Check whether this field is unexported.
- if !sf.IsExported() {
- // In contrast to v1, v2 no longer forwards exported fields from
- // embedded fields of unexported types since Go reflection does not
- // allow the same set of operations that are available in normal cases
- // of purely exported fields.
- // See https://go.dev/issue/21357 and https://go.dev/issue/24153.
- if sf.Anonymous {
- return fieldOptions{}, fmt.Errorf("embedded Go struct field %s of an unexported type must be explicitly ignored with a `json:\"-\"` tag", sf.Type.Name())
- }
+ // Check whether this field is unexported and not embedded,
+ // which Go reflection cannot mutate for the sake of serialization.
+ //
+ // An embedded field of an unexported type is still capable of
+ // forwarding exported fields, which may be JSON serialized.
+ // This technically operates on the edge of what is permissible by
+ // the Go language, but the most recent decision is to permit this.
+ //
+ // See https://go.dev/issue/24153 and https://go.dev/issue/32772.
+ if !sf.IsExported() && !sf.Anonymous {
// Tag options specified on an unexported field suggests user error.
if hasTag {
- return fieldOptions{}, fmt.Errorf("unexported Go struct field %s cannot have non-ignored `json:%q` tag", sf.Name, tag)
+ err = cmp.Or(err, fmt.Errorf("unexported Go struct field %s cannot have non-ignored `json:%q` tag", sf.Name, tag))
}
- return fieldOptions{}, errIgnoredField
+ return fieldOptions{}, true, err
}
// Determine the JSON member name for this Go field. A user-specified name
@@ -362,20 +438,38 @@ func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) {
n := len(tag) - len(strings.TrimLeftFunc(tag, func(r rune) bool {
return !strings.ContainsRune(",\\'\"`", r) // reserve comma, backslash, and quotes
}))
- opt := tag[:n]
- if n == 0 {
- // Allow a single quoted string for arbitrary names.
- opt, n, err = consumeTagOption(tag)
- if err != nil {
- return fieldOptions{}, fmt.Errorf("Go struct field %s has malformed `json` tag: %v", sf.Name, err)
+ name := tag[:n]
+
+ // If the next character is not a comma, then the name is either
+ // malformed (if n > 0) or a single-quoted name.
+ // In either case, call consumeTagOption to handle it further.
+ var err2 error
+ if !strings.HasPrefix(tag[n:], ",") && len(name) != len(tag) {
+ name, n, err2 = consumeTagOption(tag)
+ if err2 != nil {
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed `json` tag: %v", sf.Name, err2))
}
}
- out.hasName = true
- out.name = opt
+ if !utf8.ValidString(name) {
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has JSON object name %q with invalid UTF-8", sf.Name, name))
+ name = string([]rune(name)) // replace invalid UTF-8 with utf8.RuneError
+ }
+ if name == "-" && tag[0] == '-' {
+ defer func() { // defer to let other errors take precedence
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has JSON object name %q; either "+
+ "use `json:\"-\"` to ignore the field or "+
+ "use `json:\"'-'%s` to specify %q as the name", sf.Name, out.name, strings.TrimPrefix(strconv.Quote(tagOrig), `"-`), name))
+ }()
+ }
+ if err2 == nil {
+ out.hasName = true
+ out.name = name
+ }
tag = tag[n:]
}
- b, _ := appendString(nil, out.name, false, nil)
+ b, _ := jsonwire.AppendQuote(nil, out.name, &jsonflags.Flags{})
out.quotedName = string(b)
+ out.nameNeedEscape = jsonwire.NeedEscape(out.name)
// Handle any additional tag options (if any).
var wasFormat bool
@@ -383,29 +477,53 @@ func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) {
for len(tag) > 0 {
// Consume comma delimiter.
if tag[0] != ',' {
- return fieldOptions{}, fmt.Errorf("Go struct field %s has malformed `json` tag: invalid character %q before next option (expecting ',')", sf.Name, tag[0])
- }
- tag = tag[len(","):]
- if len(tag) == 0 {
- return fieldOptions{}, fmt.Errorf("Go struct field %s has malformed `json` tag: invalid trailing ',' character", sf.Name)
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed `json` tag: invalid character %q before next option (expecting ',')", sf.Name, tag[0]))
+ } else {
+ tag = tag[len(","):]
+ if len(tag) == 0 {
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed `json` tag: invalid trailing ',' character", sf.Name))
+ break
+ }
}
// Consume and process the tag option.
- opt, n, err := consumeTagOption(tag)
- if err != nil {
- return fieldOptions{}, fmt.Errorf("Go struct field %s has malformed `json` tag: %v", sf.Name, err)
+ opt, n, err2 := consumeTagOption(tag)
+ if err2 != nil {
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed `json` tag: %v", sf.Name, err2))
}
rawOpt := tag[:n]
tag = tag[n:]
switch {
case wasFormat:
- return fieldOptions{}, fmt.Errorf("Go struct field %s has `format` tag option that was not specified last", sf.Name)
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has `format` tag option that was not specified last", sf.Name))
case strings.HasPrefix(rawOpt, "'") && strings.TrimFunc(opt, isLetterOrDigit) == "":
- return fieldOptions{}, fmt.Errorf("Go struct field %s has unnecessarily quoted appearance of `%s` tag option; specify `%s` instead", sf.Name, rawOpt, opt)
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has unnecessarily quoted appearance of `%s` tag option; specify `%s` instead", sf.Name, rawOpt, opt))
}
switch opt {
- case "nocase":
- out.nocase = true
+ case "case":
+ if !strings.HasPrefix(tag, ":") {
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s is missing value for `case` tag option; specify `case:ignore` or `case:strict` instead", sf.Name))
+ break
+ }
+ tag = tag[len(":"):]
+ opt, n, err2 := consumeTagOption(tag)
+ if err2 != nil {
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed value for `case` tag option: %v", sf.Name, err2))
+ break
+ }
+ rawOpt := tag[:n]
+ tag = tag[n:]
+ if strings.HasPrefix(rawOpt, "'") {
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has unnecessarily quoted appearance of `case:%s` tag option; specify `case:%s` instead", sf.Name, rawOpt, opt))
+ }
+ switch opt {
+ case "ignore":
+ out.casing |= caseIgnore
+ case "strict":
+ out.casing |= caseStrict
+ default:
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has unknown `case:%s` tag value", sf.Name, rawOpt))
+ }
case "inline":
out.inline = true
case "unknown":
@@ -418,12 +536,14 @@ func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) {
out.string = true
case "format":
if !strings.HasPrefix(tag, ":") {
- return fieldOptions{}, fmt.Errorf("Go struct field %s is missing value for `format` tag option", sf.Name)
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s is missing value for `format` tag option", sf.Name))
+ break
}
tag = tag[len(":"):]
- opt, n, err := consumeTagOption(tag)
- if err != nil {
- return fieldOptions{}, fmt.Errorf("Go struct field %s has malformed value for `format` tag option: %v", sf.Name, err)
+ opt, n, err2 := consumeTagOption(tag)
+ if err2 != nil {
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed value for `format` tag option: %v", sf.Name, err2))
+ break
}
tag = tag[n:]
out.format = opt
@@ -433,8 +553,8 @@ func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) {
// This catches invalid mutants such as "omitEmpty" or "omit_empty".
normOpt := strings.ReplaceAll(strings.ToLower(opt), "_", "")
switch normOpt {
- case "nocase", "inline", "unknown", "omitzero", "omitempty", "string", "format":
- return fieldOptions{}, fmt.Errorf("Go struct field %s has invalid appearance of `%s` tag option; specify `%s` instead", sf.Name, opt, normOpt)
+ case "case", "inline", "unknown", "omitzero", "omitempty", "string", "format":
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has invalid appearance of `%s` tag option; specify `%s` instead", sf.Name, opt, normOpt))
}
// NOTE: Everything else is ignored. This does not mean it is
@@ -443,15 +563,28 @@ func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) {
}
// Reject duplicates.
- if seenOpts[opt] {
- return fieldOptions{}, fmt.Errorf("Go struct field %s has duplicate appearance of `%s` tag option", sf.Name, rawOpt)
+ switch {
+ case out.casing == caseIgnore|caseStrict:
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s cannot have both `case:ignore` and `case:strict` tag options", sf.Name))
+ case seenOpts[opt]:
+ err = cmp.Or(err, fmt.Errorf("Go struct field %s has duplicate appearance of `%s` tag option", sf.Name, rawOpt))
}
seenOpts[opt] = true
}
- return out, nil
+ return out, false, err
}
+// consumeTagOption consumes the next option,
+// which is either a Go identifier or a single-quoted string.
+// If the next option is invalid, it returns all of in until the next comma,
+// and reports an error.
func consumeTagOption(in string) (string, int, error) {
+ // For legacy compatibility with v1, assume options are comma-separated.
+ i := strings.IndexByte(in, ',')
+ if i < 0 {
+ i = len(in)
+ }
+
switch r, _ := utf8.DecodeRuneInString(in); {
// Option as a Go identifier.
case r == '_' || unicode.IsLetter(r):
@@ -486,7 +619,7 @@ func consumeTagOption(in string) (string, int, error) {
n += len(`'`)
out, err := strconv.Unquote(string(b))
if err != nil {
- return "", 0, fmt.Errorf("invalid single-quoted string: %s", in[:n])
+ return in[:i], i, fmt.Errorf("invalid single-quoted string: %s", in[:n])
}
return out, n, nil
}
@@ -496,14 +629,26 @@ func consumeTagOption(in string) (string, int, error) {
if n > 10 {
n = 10 // limit the amount of context printed in the error
}
- return "", 0, fmt.Errorf("single-quoted string not terminated: %s...", in[:n])
+ return in[:i], i, fmt.Errorf("single-quoted string not terminated: %s...", in[:n])
case len(in) == 0:
- return "", 0, io.ErrUnexpectedEOF
+ return in[:i], i, io.ErrUnexpectedEOF
default:
- return "", 0, fmt.Errorf("invalid character %q at start of option (expecting Unicode letter or single quote)", r)
+ return in[:i], i, fmt.Errorf("invalid character %q at start of option (expecting Unicode letter or single quote)", r)
}
}
func isLetterOrDigit(r rune) bool {
return r == '_' || unicode.IsLetter(r) || unicode.IsNumber(r)
}
+
+// boolsCompare compares x and y, ordering false before true.
+func boolsCompare(x, y bool) int {
+ switch {
+ case !x && y:
+ return -1
+ default:
+ return 0
+ case x && !y:
+ return +1
+ }
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fold.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fold.go
index 9ab735814..973f52e73 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fold.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fold.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
import (
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/intern.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/intern.go
index 700a56db0..1bfb8ca63 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/intern.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/intern.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !goexperiment.jsonv2 || !go1.25
+
package json
import (
@@ -10,12 +12,12 @@ import (
)
// stringCache is a cache for strings converted from a []byte.
-type stringCache [256]string // 256*unsafe.Sizeof(string("")) => 4KiB
+type stringCache = [256]string // 256*unsafe.Sizeof(string("")) => 4KiB
-// make returns the string form of b.
+// makeString returns the string form of b.
// It returns a pre-allocated string from c if present, otherwise
// it allocates a new string, inserts it into the cache, and returns it.
-func (c *stringCache) make(b []byte) string {
+func makeString(c *stringCache, b []byte) string {
const (
minCachedLen = 2 // single byte strings are already interned by the runtime
maxCachedLen = 256 // large enough for UUIDs, IPv6 addresses, SHA-256 checksums, etc.
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/internal.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/internal.go
new file mode 100644
index 000000000..00b43fa30
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/internal.go
@@ -0,0 +1,42 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package internal
+
+import "errors"
+
+// NotForPublicUse is a marker type that an API is for internal use only.
+// It does not perfectly prevent usage of that API, but helps to restrict usage.
+// Anything with this marker is not covered by the Go compatibility agreement.
+type NotForPublicUse struct{}
+
+// AllowInternalUse is passed from "json" to "jsontext" to authenticate
+// that the caller can have access to internal functionality.
+var AllowInternalUse NotForPublicUse
+
+// Sentinel error values internally shared between jsonv1 and jsonv2.
+var (
+ ErrCycle = errors.New("encountered a cycle")
+ ErrNonNilReference = errors.New("value must be passed as a non-nil pointer reference")
+ ErrNilInterface = errors.New("cannot derive concrete type for nil interface with finite type set")
+)
+
+var (
+ // TransformMarshalError converts a v2 error into a v1 error.
+ // It is called only at the top-level of a Marshal function.
+ TransformMarshalError func(any, error) error
+ // NewMarshalerError constructs a jsonv1.MarshalerError.
+ // It is called after a user-defined Marshal method/function fails.
+ NewMarshalerError func(any, error, string) error
+ // TransformUnmarshalError converts a v2 error into a v1 error.
+ // It is called only at the top-level of a Unmarshal function.
+ TransformUnmarshalError func(any, error) error
+
+ // NewRawNumber returns new(jsonv1.Number).
+ NewRawNumber func() any
+ // RawNumberOf returns jsonv1.Number(b).
+ RawNumberOf func(b []byte) any
+)
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags/flags.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags/flags.go
new file mode 100644
index 000000000..36300011e
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags/flags.go
@@ -0,0 +1,215 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+// jsonflags implements all the optional boolean flags.
+// These flags are shared across both "json", "jsontext", and "jsonopts".
+package jsonflags
+
+import "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal"
+
+// Bools represents zero or more boolean flags, all set to true or false.
+// The least-significant bit is the boolean value of all flags in the set.
+// The remaining bits identify which particular flags.
+//
+// In common usage, this is OR'd with 0 or 1. For example:
+// - (AllowInvalidUTF8 | 0) means "AllowInvalidUTF8 is false"
+// - (Multiline | Indent | 1) means "Multiline and Indent are true"
+type Bools uint64
+
+func (Bools) JSONOptions(internal.NotForPublicUse) {}
+
+const (
+ // AllFlags is the set of all flags.
+ AllFlags = AllCoderFlags | AllArshalV2Flags | AllArshalV1Flags
+
+ // AllCoderFlags is the set of all encoder/decoder flags.
+ AllCoderFlags = (maxCoderFlag - 1) - initFlag
+
+ // AllArshalV2Flags is the set of all v2 marshal/unmarshal flags.
+ AllArshalV2Flags = (maxArshalV2Flag - 1) - (maxCoderFlag - 1)
+
+ // AllArshalV1Flags is the set of all v1 marshal/unmarshal flags.
+ AllArshalV1Flags = (maxArshalV1Flag - 1) - (maxArshalV2Flag - 1)
+
+ // NonBooleanFlags is the set of non-boolean flags,
+ // where the value is some other concrete Go type.
+ // The value of the flag is stored within jsonopts.Struct.
+ NonBooleanFlags = 0 |
+ Indent |
+ IndentPrefix |
+ ByteLimit |
+ DepthLimit |
+ Marshalers |
+ Unmarshalers
+
+ // DefaultV1Flags is the set of booleans flags that default to true under
+ // v1 semantics. None of the non-boolean flags differ between v1 and v2.
+ DefaultV1Flags = 0 |
+ AllowDuplicateNames |
+ AllowInvalidUTF8 |
+ EscapeForHTML |
+ EscapeForJS |
+ PreserveRawStrings |
+ Deterministic |
+ FormatNilMapAsNull |
+ FormatNilSliceAsNull |
+ MatchCaseInsensitiveNames |
+ CallMethodsWithLegacySemantics |
+ FormatByteArrayAsArray |
+ FormatBytesWithLegacySemantics |
+ FormatDurationAsNano |
+ MatchCaseSensitiveDelimiter |
+ MergeWithLegacySemantics |
+ OmitEmptyWithLegacySemantics |
+ ParseBytesWithLooseRFC4648 |
+ ParseTimeWithLooseRFC3339 |
+ ReportErrorsWithLegacySemantics |
+ StringifyWithLegacySemantics |
+ UnmarshalArrayFromAnyLength
+
+ // AnyWhitespace reports whether the encoded output might have any whitespace.
+ AnyWhitespace = Multiline | SpaceAfterColon | SpaceAfterComma
+
+ // WhitespaceFlags is the set of flags related to whitespace formatting.
+ // In contrast to AnyWhitespace, this includes Indent and IndentPrefix
+ // as those settings take no effect if Multiline is false.
+ WhitespaceFlags = AnyWhitespace | Indent | IndentPrefix
+
+ // AnyEscape is the set of flags related to escaping in a JSON string.
+ AnyEscape = EscapeForHTML | EscapeForJS
+
+ // CanonicalizeNumbers is the set of flags related to raw number canonicalization.
+ CanonicalizeNumbers = CanonicalizeRawInts | CanonicalizeRawFloats
+)
+
+// Encoder and decoder flags.
+const (
+ initFlag Bools = 1 << iota // reserved for the boolean value itself
+
+ AllowDuplicateNames // encode or decode
+ AllowInvalidUTF8 // encode or decode
+ WithinArshalCall // encode or decode; for internal use by json.Marshal and json.Unmarshal
+ OmitTopLevelNewline // encode only; for internal use by json.Marshal and json.MarshalWrite
+ PreserveRawStrings // encode only
+ CanonicalizeRawInts // encode only
+ CanonicalizeRawFloats // encode only
+ ReorderRawObjects // encode only
+ EscapeForHTML // encode only
+ EscapeForJS // encode only
+ Multiline // encode only
+ SpaceAfterColon // encode only
+ SpaceAfterComma // encode only
+ Indent // encode only; non-boolean flag
+ IndentPrefix // encode only; non-boolean flag
+ ByteLimit // encode or decode; non-boolean flag
+ DepthLimit // encode or decode; non-boolean flag
+
+ maxCoderFlag
+)
+
+// Marshal and Unmarshal flags (for v2).
+const (
+ _ Bools = (maxCoderFlag >> 1) << iota
+
+ StringifyNumbers // marshal or unmarshal
+ Deterministic // marshal only
+ FormatNilMapAsNull // marshal only
+ FormatNilSliceAsNull // marshal only
+ OmitZeroStructFields // marshal only
+ MatchCaseInsensitiveNames // marshal or unmarshal
+ DiscardUnknownMembers // marshal only
+ RejectUnknownMembers // unmarshal only
+ Marshalers // marshal only; non-boolean flag
+ Unmarshalers // unmarshal only; non-boolean flag
+
+ maxArshalV2Flag
+)
+
+// Marshal and Unmarshal flags (for v1).
+const (
+ _ Bools = (maxArshalV2Flag >> 1) << iota
+
+ CallMethodsWithLegacySemantics // marshal or unmarshal
+ FormatByteArrayAsArray // marshal or unmarshal
+ FormatBytesWithLegacySemantics // marshal or unmarshal
+ FormatDurationAsNano // marshal or unmarshal
+ MatchCaseSensitiveDelimiter // marshal or unmarshal
+ MergeWithLegacySemantics // unmarshal
+ OmitEmptyWithLegacySemantics // marshal
+ ParseBytesWithLooseRFC4648 // unmarshal
+ ParseTimeWithLooseRFC3339 // unmarshal
+ ReportErrorsWithLegacySemantics // marshal or unmarshal
+ StringifyWithLegacySemantics // marshal or unmarshal
+ StringifyBoolsAndStrings // marshal or unmarshal; for internal use by jsonv2.makeStructArshaler
+ UnmarshalAnyWithRawNumber // unmarshal; for internal use by jsonv1.Decoder.UseNumber
+ UnmarshalArrayFromAnyLength // unmarshal
+
+ maxArshalV1Flag
+)
+
+// bitsUsed is the number of bits used in the 64-bit boolean flags
+const bitsUsed = 42
+
+// Static compile check that bitsUsed and maxArshalV1Flag are in sync.
+const _ = uint64((1< 0b_110_11011
+ dst.Values &= ^src.Presence // e.g., 0b_1000_0011 & 0b_1010_0101 -> 0b_100_00001
+ dst.Values |= src.Values // e.g., 0b_1000_0001 | 0b_1001_0010 -> 0b_100_10011
+}
+
+// Set sets both the presence and value for the provided bool (or set of bools).
+func (fs *Flags) Set(f Bools) {
+ // Select out the bits for the flag identifiers (everything except LSB),
+ // then set the presence for all the identifier bits (using OR),
+ // then invert the identifier bits to clear out the values (using AND-NOT),
+ // then copy over all the identifier bits to the value if LSB is 1.
+ // e.g., fs := Flags{Presence: 0b_0101_0010, Value: 0b_0001_0010}
+ // e.g., f := 0b_1001_0001
+ id := uint64(f) &^ uint64(1) // e.g., 0b_1001_0001 & 0b_1111_1110 -> 0b_1001_0000
+ fs.Presence |= id // e.g., 0b_0101_0010 | 0b_1001_0000 -> 0b_1101_0011
+ fs.Values &= ^id // e.g., 0b_0001_0010 & 0b_0110_1111 -> 0b_0000_0010
+ fs.Values |= uint64(f&1) * id // e.g., 0b_0000_0010 | 0b_1001_0000 -> 0b_1001_0010
+}
+
+// Get reports whether the bool (or any of the bools) is true.
+// This is generally only used with a singular bool.
+// The value bit of f (i.e., the LSB) is ignored.
+func (fs Flags) Get(f Bools) bool {
+ return fs.Values&uint64(f) > 0
+}
+
+// Has reports whether the bool (or any of the bools) is set.
+// The value bit of f (i.e., the LSB) is ignored.
+func (fs Flags) Has(f Bools) bool {
+ return fs.Presence&uint64(f) > 0
+}
+
+// Clear clears both the presence and value for the provided bool or bools.
+// The value bit of f (i.e., the LSB) is ignored.
+func (fs *Flags) Clear(f Bools) {
+ // Invert f to produce a mask to clear all bits in f (using AND).
+ // e.g., fs := Flags{Presence: 0b_0101_0010, Value: 0b_0001_0010}
+ // e.g., f := 0b_0001_1000
+ mask := uint64(^f) // e.g., 0b_0001_1000 -> 0b_1110_0111
+ fs.Presence &= mask // e.g., 0b_0101_0010 & 0b_1110_0111 -> 0b_0100_0010
+ fs.Values &= mask // e.g., 0b_0001_0010 & 0b_1110_0111 -> 0b_0000_0010
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts/options.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts/options.go
new file mode 100644
index 000000000..c4fc8dba8
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts/options.go
@@ -0,0 +1,202 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsonopts
+
+import (
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+)
+
+// Options is the common options type shared across json packages.
+type Options interface {
+ // JSONOptions is exported so related json packages can implement Options.
+ JSONOptions(internal.NotForPublicUse)
+}
+
+// Struct is the combination of all options in struct form.
+// This is efficient to pass down the call stack and to query.
+type Struct struct {
+ Flags jsonflags.Flags
+
+ CoderValues
+ ArshalValues
+}
+
+type CoderValues struct {
+ Indent string // jsonflags.Indent
+ IndentPrefix string // jsonflags.IndentPrefix
+ ByteLimit int64 // jsonflags.ByteLimit
+ DepthLimit int // jsonflags.DepthLimit
+}
+
+type ArshalValues struct {
+ // The Marshalers and Unmarshalers fields use the any type to avoid a
+ // concrete dependency on *json.Marshalers and *json.Unmarshalers,
+ // which would in turn create a dependency on the "reflect" package.
+
+ Marshalers any // jsonflags.Marshalers
+ Unmarshalers any // jsonflags.Unmarshalers
+
+ Format string
+ FormatDepth int
+}
+
+// DefaultOptionsV2 is the set of all options that define default v2 behavior.
+var DefaultOptionsV2 = Struct{
+ Flags: jsonflags.Flags{
+ Presence: uint64(jsonflags.AllFlags & ^jsonflags.WhitespaceFlags),
+ Values: uint64(0),
+ },
+}
+
+// DefaultOptionsV1 is the set of all options that define default v1 behavior.
+var DefaultOptionsV1 = Struct{
+ Flags: jsonflags.Flags{
+ Presence: uint64(jsonflags.AllFlags & ^jsonflags.WhitespaceFlags),
+ Values: uint64(jsonflags.DefaultV1Flags),
+ },
+}
+
+func (*Struct) JSONOptions(internal.NotForPublicUse) {}
+
+// GetUnknownOption is injected by the "json" package to handle Options
+// declared in that package so that "jsonopts" can handle them.
+var GetUnknownOption = func(Struct, Options) (any, bool) { panic("unknown option") }
+
+func GetOption[T any](opts Options, setter func(T) Options) (T, bool) {
+ // Collapse the options to *Struct to simplify lookup.
+ structOpts, ok := opts.(*Struct)
+ if !ok {
+ var structOpts2 Struct
+ structOpts2.Join(opts)
+ structOpts = &structOpts2
+ }
+
+ // Lookup the option based on the return value of the setter.
+ var zero T
+ switch opt := setter(zero).(type) {
+ case jsonflags.Bools:
+ v := structOpts.Flags.Get(opt)
+ ok := structOpts.Flags.Has(opt)
+ return any(v).(T), ok
+ case Indent:
+ if !structOpts.Flags.Has(jsonflags.Indent) {
+ return zero, false
+ }
+ return any(structOpts.Indent).(T), true
+ case IndentPrefix:
+ if !structOpts.Flags.Has(jsonflags.IndentPrefix) {
+ return zero, false
+ }
+ return any(structOpts.IndentPrefix).(T), true
+ case ByteLimit:
+ if !structOpts.Flags.Has(jsonflags.ByteLimit) {
+ return zero, false
+ }
+ return any(structOpts.ByteLimit).(T), true
+ case DepthLimit:
+ if !structOpts.Flags.Has(jsonflags.DepthLimit) {
+ return zero, false
+ }
+ return any(structOpts.DepthLimit).(T), true
+ default:
+ v, ok := GetUnknownOption(*structOpts, opt)
+ return v.(T), ok
+ }
+}
+
+// JoinUnknownOption is injected by the "json" package to handle Options
+// declared in that package so that "jsonopts" can handle them.
+var JoinUnknownOption = func(Struct, Options) Struct { panic("unknown option") }
+
+func (dst *Struct) Join(srcs ...Options) {
+ dst.join(false, srcs...)
+}
+
+func (dst *Struct) JoinWithoutCoderOptions(srcs ...Options) {
+ dst.join(true, srcs...)
+}
+
+func (dst *Struct) join(excludeCoderOptions bool, srcs ...Options) {
+ for _, src := range srcs {
+ switch src := src.(type) {
+ case nil:
+ continue
+ case jsonflags.Bools:
+ if excludeCoderOptions {
+ src &= ^jsonflags.AllCoderFlags
+ }
+ dst.Flags.Set(src)
+ case Indent:
+ if excludeCoderOptions {
+ continue
+ }
+ dst.Flags.Set(jsonflags.Multiline | jsonflags.Indent | 1)
+ dst.Indent = string(src)
+ case IndentPrefix:
+ if excludeCoderOptions {
+ continue
+ }
+ dst.Flags.Set(jsonflags.Multiline | jsonflags.IndentPrefix | 1)
+ dst.IndentPrefix = string(src)
+ case ByteLimit:
+ if excludeCoderOptions {
+ continue
+ }
+ dst.Flags.Set(jsonflags.ByteLimit | 1)
+ dst.ByteLimit = int64(src)
+ case DepthLimit:
+ if excludeCoderOptions {
+ continue
+ }
+ dst.Flags.Set(jsonflags.DepthLimit | 1)
+ dst.DepthLimit = int(src)
+ case *Struct:
+ srcFlags := src.Flags // shallow copy the flags
+ if excludeCoderOptions {
+ srcFlags.Clear(jsonflags.AllCoderFlags)
+ }
+ dst.Flags.Join(srcFlags)
+ if srcFlags.Has(jsonflags.NonBooleanFlags) {
+ if srcFlags.Has(jsonflags.Indent) {
+ dst.Indent = src.Indent
+ }
+ if srcFlags.Has(jsonflags.IndentPrefix) {
+ dst.IndentPrefix = src.IndentPrefix
+ }
+ if srcFlags.Has(jsonflags.ByteLimit) {
+ dst.ByteLimit = src.ByteLimit
+ }
+ if srcFlags.Has(jsonflags.DepthLimit) {
+ dst.DepthLimit = src.DepthLimit
+ }
+ if srcFlags.Has(jsonflags.Marshalers) {
+ dst.Marshalers = src.Marshalers
+ }
+ if srcFlags.Has(jsonflags.Unmarshalers) {
+ dst.Unmarshalers = src.Unmarshalers
+ }
+ }
+ default:
+ *dst = JoinUnknownOption(*dst, src)
+ }
+ }
+}
+
+type (
+ Indent string // jsontext.WithIndent
+ IndentPrefix string // jsontext.WithIndentPrefix
+ ByteLimit int64 // jsontext.WithByteLimit
+ DepthLimit int // jsontext.WithDepthLimit
+ // type for jsonflags.Marshalers declared in "json" package
+ // type for jsonflags.Unmarshalers declared in "json" package
+)
+
+func (Indent) JSONOptions(internal.NotForPublicUse) {}
+func (IndentPrefix) JSONOptions(internal.NotForPublicUse) {}
+func (ByteLimit) JSONOptions(internal.NotForPublicUse) {}
+func (DepthLimit) JSONOptions(internal.NotForPublicUse) {}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/decode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/decode.go
new file mode 100644
index 000000000..6a5acb8ec
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/decode.go
@@ -0,0 +1,629 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsonwire
+
+import (
+ "io"
+ "math"
+ "slices"
+ "strconv"
+ "unicode/utf16"
+ "unicode/utf8"
+)
+
+type ValueFlags uint
+
+const (
+ _ ValueFlags = (1 << iota) / 2 // powers of two starting with zero
+
+ stringNonVerbatim // string cannot be naively treated as valid UTF-8
+ stringNonCanonical // string not formatted according to RFC 8785, section 3.2.2.2.
+ // TODO: Track whether a number is a non-integer?
+)
+
+func (f *ValueFlags) Join(f2 ValueFlags) { *f |= f2 }
+func (f ValueFlags) IsVerbatim() bool { return f&stringNonVerbatim == 0 }
+func (f ValueFlags) IsCanonical() bool { return f&stringNonCanonical == 0 }
+
+// ConsumeWhitespace consumes leading JSON whitespace per RFC 7159, section 2.
+func ConsumeWhitespace(b []byte) (n int) {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ for len(b) > n && (b[n] == ' ' || b[n] == '\t' || b[n] == '\r' || b[n] == '\n') {
+ n++
+ }
+ return n
+}
+
+// ConsumeNull consumes the next JSON null literal per RFC 7159, section 3.
+// It returns 0 if it is invalid, in which case consumeLiteral should be used.
+func ConsumeNull(b []byte) int {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ const literal = "null"
+ if len(b) >= len(literal) && string(b[:len(literal)]) == literal {
+ return len(literal)
+ }
+ return 0
+}
+
+// ConsumeFalse consumes the next JSON false literal per RFC 7159, section 3.
+// It returns 0 if it is invalid, in which case consumeLiteral should be used.
+func ConsumeFalse(b []byte) int {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ const literal = "false"
+ if len(b) >= len(literal) && string(b[:len(literal)]) == literal {
+ return len(literal)
+ }
+ return 0
+}
+
+// ConsumeTrue consumes the next JSON true literal per RFC 7159, section 3.
+// It returns 0 if it is invalid, in which case consumeLiteral should be used.
+func ConsumeTrue(b []byte) int {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ const literal = "true"
+ if len(b) >= len(literal) && string(b[:len(literal)]) == literal {
+ return len(literal)
+ }
+ return 0
+}
+
+// ConsumeLiteral consumes the next JSON literal per RFC 7159, section 3.
+// If the input appears truncated, it returns io.ErrUnexpectedEOF.
+func ConsumeLiteral(b []byte, lit string) (n int, err error) {
+ for i := 0; i < len(b) && i < len(lit); i++ {
+ if b[i] != lit[i] {
+ return i, NewInvalidCharacterError(b[i:], "in literal "+lit+" (expecting "+strconv.QuoteRune(rune(lit[i]))+")")
+ }
+ }
+ if len(b) < len(lit) {
+ return len(b), io.ErrUnexpectedEOF
+ }
+ return len(lit), nil
+}
+
+// ConsumeSimpleString consumes the next JSON string per RFC 7159, section 7
+// but is limited to the grammar for an ASCII string without escape sequences.
+// It returns 0 if it is invalid or more complicated than a simple string,
+// in which case consumeString should be called.
+//
+// It rejects '<', '>', and '&' for compatibility reasons since these were
+// always escaped in the v1 implementation. Thus, if this function reports
+// non-zero then we know that the string would be encoded the same way
+// under both v1 or v2 escape semantics.
+func ConsumeSimpleString(b []byte) (n int) {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ if len(b) > 0 && b[0] == '"' {
+ n++
+ for len(b) > n && b[n] < utf8.RuneSelf && escapeASCII[b[n]] == 0 {
+ n++
+ }
+ if uint(len(b)) > uint(n) && b[n] == '"' {
+ n++
+ return n
+ }
+ }
+ return 0
+}
+
+// ConsumeString consumes the next JSON string per RFC 7159, section 7.
+// If validateUTF8 is false, then this allows the presence of invalid UTF-8
+// characters within the string itself.
+// It reports the number of bytes consumed and whether an error was encountered.
+// If the input appears truncated, it returns io.ErrUnexpectedEOF.
+func ConsumeString(flags *ValueFlags, b []byte, validateUTF8 bool) (n int, err error) {
+ return ConsumeStringResumable(flags, b, 0, validateUTF8)
+}
+
+// ConsumeStringResumable is identical to consumeString but supports resuming
+// from a previous call that returned io.ErrUnexpectedEOF.
+func ConsumeStringResumable(flags *ValueFlags, b []byte, resumeOffset int, validateUTF8 bool) (n int, err error) {
+ // Consume the leading double quote.
+ switch {
+ case resumeOffset > 0:
+ n = resumeOffset // already handled the leading quote
+ case uint(len(b)) == 0:
+ return n, io.ErrUnexpectedEOF
+ case b[0] == '"':
+ n++
+ default:
+ return n, NewInvalidCharacterError(b[n:], `at start of string (expecting '"')`)
+ }
+
+ // Consume every character in the string.
+ for uint(len(b)) > uint(n) {
+ // Optimize for long sequences of unescaped characters.
+ noEscape := func(c byte) bool {
+ return c < utf8.RuneSelf && ' ' <= c && c != '\\' && c != '"'
+ }
+ for uint(len(b)) > uint(n) && noEscape(b[n]) {
+ n++
+ }
+ if uint(len(b)) <= uint(n) {
+ return n, io.ErrUnexpectedEOF
+ }
+
+ // Check for terminating double quote.
+ if b[n] == '"' {
+ n++
+ return n, nil
+ }
+
+ switch r, rn := utf8.DecodeRune(b[n:]); {
+ // Handle UTF-8 encoded byte sequence.
+ // Due to specialized handling of ASCII above, we know that
+ // all normal sequences at this point must be 2 bytes or larger.
+ case rn > 1:
+ n += rn
+ // Handle escape sequence.
+ case r == '\\':
+ flags.Join(stringNonVerbatim)
+ resumeOffset = n
+ if uint(len(b)) < uint(n+2) {
+ return resumeOffset, io.ErrUnexpectedEOF
+ }
+ switch r := b[n+1]; r {
+ case '/':
+ // Forward slash is the only character with 3 representations.
+ // Per RFC 8785, section 3.2.2.2., this must not be escaped.
+ flags.Join(stringNonCanonical)
+ n += 2
+ case '"', '\\', 'b', 'f', 'n', 'r', 't':
+ n += 2
+ case 'u':
+ if uint(len(b)) < uint(n+6) {
+ if hasEscapedUTF16Prefix(b[n:], false) {
+ return resumeOffset, io.ErrUnexpectedEOF
+ }
+ flags.Join(stringNonCanonical)
+ return n, NewInvalidEscapeSequenceError(b[n:])
+ }
+ v1, ok := parseHexUint16(b[n+2 : n+6])
+ if !ok {
+ flags.Join(stringNonCanonical)
+ return n, NewInvalidEscapeSequenceError(b[n : n+6])
+ }
+ // Only certain control characters can use the \uFFFF notation
+ // for canonical formatting (per RFC 8785, section 3.2.2.2.).
+ switch v1 {
+ // \uFFFF notation not permitted for these characters.
+ case '\b', '\f', '\n', '\r', '\t':
+ flags.Join(stringNonCanonical)
+ default:
+ // \uFFFF notation only permitted for control characters.
+ if v1 >= ' ' {
+ flags.Join(stringNonCanonical)
+ } else {
+ // \uFFFF notation must be lower case.
+ for _, c := range b[n+2 : n+6] {
+ if 'A' <= c && c <= 'F' {
+ flags.Join(stringNonCanonical)
+ }
+ }
+ }
+ }
+ n += 6
+
+ r := rune(v1)
+ if validateUTF8 && utf16.IsSurrogate(r) {
+ if uint(len(b)) < uint(n+6) {
+ if hasEscapedUTF16Prefix(b[n:], true) {
+ return resumeOffset, io.ErrUnexpectedEOF
+ }
+ flags.Join(stringNonCanonical)
+ return n - 6, NewInvalidEscapeSequenceError(b[n-6:])
+ } else if v2, ok := parseHexUint16(b[n+2 : n+6]); b[n] != '\\' || b[n+1] != 'u' || !ok {
+ flags.Join(stringNonCanonical)
+ return n - 6, NewInvalidEscapeSequenceError(b[n-6 : n+6])
+ } else if r = utf16.DecodeRune(rune(v1), rune(v2)); r == utf8.RuneError {
+ flags.Join(stringNonCanonical)
+ return n - 6, NewInvalidEscapeSequenceError(b[n-6 : n+6])
+ } else {
+ n += 6
+ }
+ }
+ default:
+ flags.Join(stringNonCanonical)
+ return n, NewInvalidEscapeSequenceError(b[n : n+2])
+ }
+ // Handle invalid UTF-8.
+ case r == utf8.RuneError:
+ if !utf8.FullRune(b[n:]) {
+ return n, io.ErrUnexpectedEOF
+ }
+ flags.Join(stringNonVerbatim | stringNonCanonical)
+ if validateUTF8 {
+ return n, ErrInvalidUTF8
+ }
+ n++
+ // Handle invalid control characters.
+ case r < ' ':
+ flags.Join(stringNonVerbatim | stringNonCanonical)
+ return n, NewInvalidCharacterError(b[n:], "in string (expecting non-control character)")
+ default:
+ panic("BUG: unhandled character " + QuoteRune(b[n:]))
+ }
+ }
+ return n, io.ErrUnexpectedEOF
+}
+
+// AppendUnquote appends the unescaped form of a JSON string in src to dst.
+// Any invalid UTF-8 within the string will be replaced with utf8.RuneError,
+// but the error will be specified as having encountered such an error.
+// The input must be an entire JSON string with no surrounding whitespace.
+func AppendUnquote[Bytes ~[]byte | ~string](dst []byte, src Bytes) (v []byte, err error) {
+ dst = slices.Grow(dst, len(src))
+
+ // Consume the leading double quote.
+ var i, n int
+ switch {
+ case uint(len(src)) == 0:
+ return dst, io.ErrUnexpectedEOF
+ case src[0] == '"':
+ i, n = 1, 1
+ default:
+ return dst, NewInvalidCharacterError(src, `at start of string (expecting '"')`)
+ }
+
+ // Consume every character in the string.
+ for uint(len(src)) > uint(n) {
+ // Optimize for long sequences of unescaped characters.
+ noEscape := func(c byte) bool {
+ return c < utf8.RuneSelf && ' ' <= c && c != '\\' && c != '"'
+ }
+ for uint(len(src)) > uint(n) && noEscape(src[n]) {
+ n++
+ }
+ if uint(len(src)) <= uint(n) {
+ dst = append(dst, src[i:n]...)
+ return dst, io.ErrUnexpectedEOF
+ }
+
+ // Check for terminating double quote.
+ if src[n] == '"' {
+ dst = append(dst, src[i:n]...)
+ n++
+ if n < len(src) {
+ err = NewInvalidCharacterError(src[n:], "after string value")
+ }
+ return dst, err
+ }
+
+ switch r, rn := utf8.DecodeRuneInString(string(truncateMaxUTF8(src[n:]))); {
+ // Handle UTF-8 encoded byte sequence.
+ // Due to specialized handling of ASCII above, we know that
+ // all normal sequences at this point must be 2 bytes or larger.
+ case rn > 1:
+ n += rn
+ // Handle escape sequence.
+ case r == '\\':
+ dst = append(dst, src[i:n]...)
+
+ // Handle escape sequence.
+ if uint(len(src)) < uint(n+2) {
+ return dst, io.ErrUnexpectedEOF
+ }
+ switch r := src[n+1]; r {
+ case '"', '\\', '/':
+ dst = append(dst, r)
+ n += 2
+ case 'b':
+ dst = append(dst, '\b')
+ n += 2
+ case 'f':
+ dst = append(dst, '\f')
+ n += 2
+ case 'n':
+ dst = append(dst, '\n')
+ n += 2
+ case 'r':
+ dst = append(dst, '\r')
+ n += 2
+ case 't':
+ dst = append(dst, '\t')
+ n += 2
+ case 'u':
+ if uint(len(src)) < uint(n+6) {
+ if hasEscapedUTF16Prefix(src[n:], false) {
+ return dst, io.ErrUnexpectedEOF
+ }
+ return dst, NewInvalidEscapeSequenceError(src[n:])
+ }
+ v1, ok := parseHexUint16(src[n+2 : n+6])
+ if !ok {
+ return dst, NewInvalidEscapeSequenceError(src[n : n+6])
+ }
+ n += 6
+
+ // Check whether this is a surrogate half.
+ r := rune(v1)
+ if utf16.IsSurrogate(r) {
+ r = utf8.RuneError // assume failure unless the following succeeds
+ if uint(len(src)) < uint(n+6) {
+ if hasEscapedUTF16Prefix(src[n:], true) {
+ return utf8.AppendRune(dst, r), io.ErrUnexpectedEOF
+ }
+ err = NewInvalidEscapeSequenceError(src[n-6:])
+ } else if v2, ok := parseHexUint16(src[n+2 : n+6]); src[n] != '\\' || src[n+1] != 'u' || !ok {
+ err = NewInvalidEscapeSequenceError(src[n-6 : n+6])
+ } else if r = utf16.DecodeRune(rune(v1), rune(v2)); r == utf8.RuneError {
+ err = NewInvalidEscapeSequenceError(src[n-6 : n+6])
+ } else {
+ n += 6
+ }
+ }
+
+ dst = utf8.AppendRune(dst, r)
+ default:
+ return dst, NewInvalidEscapeSequenceError(src[n : n+2])
+ }
+ i = n
+ // Handle invalid UTF-8.
+ case r == utf8.RuneError:
+ dst = append(dst, src[i:n]...)
+ if !utf8.FullRuneInString(string(truncateMaxUTF8(src[n:]))) {
+ return dst, io.ErrUnexpectedEOF
+ }
+ // NOTE: An unescaped string may be longer than the escaped string
+ // because invalid UTF-8 bytes are being replaced.
+ dst = append(dst, "\uFFFD"...)
+ n += rn
+ i = n
+ err = ErrInvalidUTF8
+ // Handle invalid control characters.
+ case r < ' ':
+ dst = append(dst, src[i:n]...)
+ return dst, NewInvalidCharacterError(src[n:], "in string (expecting non-control character)")
+ default:
+ panic("BUG: unhandled character " + QuoteRune(src[n:]))
+ }
+ }
+ dst = append(dst, src[i:n]...)
+ return dst, io.ErrUnexpectedEOF
+}
+
+// hasEscapedUTF16Prefix reports whether b is possibly
+// the truncated prefix of a \uFFFF escape sequence.
+func hasEscapedUTF16Prefix[Bytes ~[]byte | ~string](b Bytes, lowerSurrogateHalf bool) bool {
+ for i := range len(b) {
+ switch c := b[i]; {
+ case i == 0 && c != '\\':
+ return false
+ case i == 1 && c != 'u':
+ return false
+ case i == 2 && lowerSurrogateHalf && c != 'd' && c != 'D':
+ return false // not within ['\uDC00':'\uDFFF']
+ case i == 3 && lowerSurrogateHalf && !('c' <= c && c <= 'f') && !('C' <= c && c <= 'F'):
+ return false // not within ['\uDC00':'\uDFFF']
+ case i >= 2 && i < 6 && !('0' <= c && c <= '9') && !('a' <= c && c <= 'f') && !('A' <= c && c <= 'F'):
+ return false
+ }
+ }
+ return true
+}
+
+// UnquoteMayCopy returns the unescaped form of b.
+// If there are no escaped characters, the output is simply a subslice of
+// the input with the surrounding quotes removed.
+// Otherwise, a new buffer is allocated for the output.
+// It assumes the input is valid.
+func UnquoteMayCopy(b []byte, isVerbatim bool) []byte {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ if isVerbatim {
+ return b[len(`"`) : len(b)-len(`"`)]
+ }
+ b, _ = AppendUnquote(nil, b)
+ return b
+}
+
+// ConsumeSimpleNumber consumes the next JSON number per RFC 7159, section 6
+// but is limited to the grammar for a positive integer.
+// It returns 0 if it is invalid or more complicated than a simple integer,
+// in which case consumeNumber should be called.
+func ConsumeSimpleNumber(b []byte) (n int) {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ if len(b) > 0 {
+ if b[0] == '0' {
+ n++
+ } else if '1' <= b[0] && b[0] <= '9' {
+ n++
+ for len(b) > n && ('0' <= b[n] && b[n] <= '9') {
+ n++
+ }
+ } else {
+ return 0
+ }
+ if uint(len(b)) <= uint(n) || (b[n] != '.' && b[n] != 'e' && b[n] != 'E') {
+ return n
+ }
+ }
+ return 0
+}
+
+type ConsumeNumberState uint
+
+const (
+ consumeNumberInit ConsumeNumberState = iota
+ beforeIntegerDigits
+ withinIntegerDigits
+ beforeFractionalDigits
+ withinFractionalDigits
+ beforeExponentDigits
+ withinExponentDigits
+)
+
+// ConsumeNumber consumes the next JSON number per RFC 7159, section 6.
+// It reports the number of bytes consumed and whether an error was encountered.
+// If the input appears truncated, it returns io.ErrUnexpectedEOF.
+//
+// Note that JSON numbers are not self-terminating.
+// If the entire input is consumed, then the caller needs to consider whether
+// there may be subsequent unread data that may still be part of this number.
+func ConsumeNumber(b []byte) (n int, err error) {
+ n, _, err = ConsumeNumberResumable(b, 0, consumeNumberInit)
+ return n, err
+}
+
+// ConsumeNumberResumable is identical to consumeNumber but supports resuming
+// from a previous call that returned io.ErrUnexpectedEOF.
+func ConsumeNumberResumable(b []byte, resumeOffset int, state ConsumeNumberState) (n int, _ ConsumeNumberState, err error) {
+ // Jump to the right state when resuming from a partial consumption.
+ n = resumeOffset
+ if state > consumeNumberInit {
+ switch state {
+ case withinIntegerDigits, withinFractionalDigits, withinExponentDigits:
+ // Consume leading digits.
+ for uint(len(b)) > uint(n) && ('0' <= b[n] && b[n] <= '9') {
+ n++
+ }
+ if uint(len(b)) <= uint(n) {
+ return n, state, nil // still within the same state
+ }
+ state++ // switches "withinX" to "beforeY" where Y is the state after X
+ }
+ switch state {
+ case beforeIntegerDigits:
+ goto beforeInteger
+ case beforeFractionalDigits:
+ goto beforeFractional
+ case beforeExponentDigits:
+ goto beforeExponent
+ default:
+ return n, state, nil
+ }
+ }
+
+ // Consume required integer component (with optional minus sign).
+beforeInteger:
+ resumeOffset = n
+ if uint(len(b)) > 0 && b[0] == '-' {
+ n++
+ }
+ switch {
+ case uint(len(b)) <= uint(n):
+ return resumeOffset, beforeIntegerDigits, io.ErrUnexpectedEOF
+ case b[n] == '0':
+ n++
+ state = beforeFractionalDigits
+ case '1' <= b[n] && b[n] <= '9':
+ n++
+ for uint(len(b)) > uint(n) && ('0' <= b[n] && b[n] <= '9') {
+ n++
+ }
+ state = withinIntegerDigits
+ default:
+ return n, state, NewInvalidCharacterError(b[n:], "in number (expecting digit)")
+ }
+
+ // Consume optional fractional component.
+beforeFractional:
+ if uint(len(b)) > uint(n) && b[n] == '.' {
+ resumeOffset = n
+ n++
+ switch {
+ case uint(len(b)) <= uint(n):
+ return resumeOffset, beforeFractionalDigits, io.ErrUnexpectedEOF
+ case '0' <= b[n] && b[n] <= '9':
+ n++
+ default:
+ return n, state, NewInvalidCharacterError(b[n:], "in number (expecting digit)")
+ }
+ for uint(len(b)) > uint(n) && ('0' <= b[n] && b[n] <= '9') {
+ n++
+ }
+ state = withinFractionalDigits
+ }
+
+ // Consume optional exponent component.
+beforeExponent:
+ if uint(len(b)) > uint(n) && (b[n] == 'e' || b[n] == 'E') {
+ resumeOffset = n
+ n++
+ if uint(len(b)) > uint(n) && (b[n] == '-' || b[n] == '+') {
+ n++
+ }
+ switch {
+ case uint(len(b)) <= uint(n):
+ return resumeOffset, beforeExponentDigits, io.ErrUnexpectedEOF
+ case '0' <= b[n] && b[n] <= '9':
+ n++
+ default:
+ return n, state, NewInvalidCharacterError(b[n:], "in number (expecting digit)")
+ }
+ for uint(len(b)) > uint(n) && ('0' <= b[n] && b[n] <= '9') {
+ n++
+ }
+ state = withinExponentDigits
+ }
+
+ return n, state, nil
+}
+
+// parseHexUint16 is similar to strconv.ParseUint,
+// but operates directly on []byte and is optimized for base-16.
+// See https://go.dev/issue/42429.
+func parseHexUint16[Bytes ~[]byte | ~string](b Bytes) (v uint16, ok bool) {
+ if len(b) != 4 {
+ return 0, false
+ }
+ for i := range 4 {
+ c := b[i]
+ switch {
+ case '0' <= c && c <= '9':
+ c = c - '0'
+ case 'a' <= c && c <= 'f':
+ c = 10 + c - 'a'
+ case 'A' <= c && c <= 'F':
+ c = 10 + c - 'A'
+ default:
+ return 0, false
+ }
+ v = v*16 + uint16(c)
+ }
+ return v, true
+}
+
+// ParseUint parses b as a decimal unsigned integer according to
+// a strict subset of the JSON number grammar, returning the value if valid.
+// It returns (0, false) if there is a syntax error and
+// returns (math.MaxUint64, false) if there is an overflow.
+func ParseUint(b []byte) (v uint64, ok bool) {
+ const unsafeWidth = 20 // len(fmt.Sprint(uint64(math.MaxUint64)))
+ var n int
+ for ; len(b) > n && ('0' <= b[n] && b[n] <= '9'); n++ {
+ v = 10*v + uint64(b[n]-'0')
+ }
+ switch {
+ case n == 0 || len(b) != n || (b[0] == '0' && string(b) != "0"):
+ return 0, false
+ case n >= unsafeWidth && (b[0] != '1' || v < 1e19 || n > unsafeWidth):
+ return math.MaxUint64, false
+ }
+ return v, true
+}
+
+// ParseFloat parses a floating point number according to the Go float grammar.
+// Note that the JSON number grammar is a strict subset.
+//
+// If the number overflows the finite representation of a float,
+// then we return MaxFloat since any finite value will always be infinitely
+// more accurate at representing another finite value than an infinite value.
+func ParseFloat(b []byte, bits int) (v float64, ok bool) {
+ fv, err := strconv.ParseFloat(string(b), bits)
+ if math.IsInf(fv, 0) {
+ switch {
+ case bits == 32 && math.IsInf(fv, +1):
+ fv = +math.MaxFloat32
+ case bits == 64 && math.IsInf(fv, +1):
+ fv = +math.MaxFloat64
+ case bits == 32 && math.IsInf(fv, -1):
+ fv = -math.MaxFloat32
+ case bits == 64 && math.IsInf(fv, -1):
+ fv = -math.MaxFloat64
+ }
+ }
+ return fv, err == nil
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/encode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/encode.go
new file mode 100644
index 000000000..e74ed713e
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/encode.go
@@ -0,0 +1,290 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsonwire
+
+import (
+ "math"
+ "slices"
+ "strconv"
+ "unicode/utf16"
+ "unicode/utf8"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+)
+
+// escapeASCII reports whether the ASCII character needs to be escaped.
+// It conservatively assumes EscapeForHTML.
+var escapeASCII = [...]uint8{
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // escape control characters
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // escape control characters
+ 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, // escape '"' and '&'
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, // escape '<' and '>'
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, // escape '\\'
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+}
+
+// NeedEscape reports whether src needs escaping of any characters.
+// It conservatively assumes EscapeForHTML and EscapeForJS.
+// It reports true for inputs with invalid UTF-8.
+func NeedEscape[Bytes ~[]byte | ~string](src Bytes) bool {
+ var i int
+ for uint(len(src)) > uint(i) {
+ if c := src[i]; c < utf8.RuneSelf {
+ if escapeASCII[c] > 0 {
+ return true
+ }
+ i++
+ } else {
+ r, rn := utf8.DecodeRuneInString(string(truncateMaxUTF8(src[i:])))
+ if r == utf8.RuneError || r == '\u2028' || r == '\u2029' {
+ return true
+ }
+ i += rn
+ }
+ }
+ return false
+}
+
+// AppendQuote appends src to dst as a JSON string per RFC 7159, section 7.
+//
+// It takes in flags and respects the following:
+// - EscapeForHTML escapes '<', '>', and '&'.
+// - EscapeForJS escapes '\u2028' and '\u2029'.
+// - AllowInvalidUTF8 avoids reporting an error for invalid UTF-8.
+//
+// Regardless of whether AllowInvalidUTF8 is specified,
+// invalid bytes are replaced with the Unicode replacement character ('\ufffd').
+// If no escape flags are set, then the shortest representable form is used,
+// which is also the canonical form for strings (RFC 8785, section 3.2.2.2).
+func AppendQuote[Bytes ~[]byte | ~string](dst []byte, src Bytes, flags *jsonflags.Flags) ([]byte, error) {
+ var i, n int
+ var hasInvalidUTF8 bool
+ dst = slices.Grow(dst, len(`"`)+len(src)+len(`"`))
+ dst = append(dst, '"')
+ for uint(len(src)) > uint(n) {
+ if c := src[n]; c < utf8.RuneSelf {
+ // Handle single-byte ASCII.
+ n++
+ if escapeASCII[c] == 0 {
+ continue // no escaping possibly needed
+ }
+ // Handle escaping of single-byte ASCII.
+ if !(c == '<' || c == '>' || c == '&') || flags.Get(jsonflags.EscapeForHTML) {
+ dst = append(dst, src[i:n-1]...)
+ dst = appendEscapedASCII(dst, c)
+ i = n
+ }
+ } else {
+ // Handle multi-byte Unicode.
+ r, rn := utf8.DecodeRuneInString(string(truncateMaxUTF8(src[n:])))
+ n += rn
+ if r != utf8.RuneError && r != '\u2028' && r != '\u2029' {
+ continue // no escaping possibly needed
+ }
+ // Handle escaping of multi-byte Unicode.
+ switch {
+ case isInvalidUTF8(r, rn):
+ hasInvalidUTF8 = true
+ dst = append(dst, src[i:n-rn]...)
+ dst = append(dst, "\ufffd"...)
+ i = n
+ case (r == '\u2028' || r == '\u2029') && flags.Get(jsonflags.EscapeForJS):
+ dst = append(dst, src[i:n-rn]...)
+ dst = appendEscapedUnicode(dst, r)
+ i = n
+ }
+ }
+ }
+ dst = append(dst, src[i:n]...)
+ dst = append(dst, '"')
+ if hasInvalidUTF8 && !flags.Get(jsonflags.AllowInvalidUTF8) {
+ return dst, ErrInvalidUTF8
+ }
+ return dst, nil
+}
+
+func appendEscapedASCII(dst []byte, c byte) []byte {
+ switch c {
+ case '"', '\\':
+ dst = append(dst, '\\', c)
+ case '\b':
+ dst = append(dst, "\\b"...)
+ case '\f':
+ dst = append(dst, "\\f"...)
+ case '\n':
+ dst = append(dst, "\\n"...)
+ case '\r':
+ dst = append(dst, "\\r"...)
+ case '\t':
+ dst = append(dst, "\\t"...)
+ default:
+ dst = appendEscapedUTF16(dst, uint16(c))
+ }
+ return dst
+}
+
+func appendEscapedUnicode(dst []byte, r rune) []byte {
+ if r1, r2 := utf16.EncodeRune(r); r1 != '\ufffd' && r2 != '\ufffd' {
+ dst = appendEscapedUTF16(dst, uint16(r1))
+ dst = appendEscapedUTF16(dst, uint16(r2))
+ } else {
+ dst = appendEscapedUTF16(dst, uint16(r))
+ }
+ return dst
+}
+
+func appendEscapedUTF16(dst []byte, x uint16) []byte {
+ const hex = "0123456789abcdef"
+ return append(dst, '\\', 'u', hex[(x>>12)&0xf], hex[(x>>8)&0xf], hex[(x>>4)&0xf], hex[(x>>0)&0xf])
+}
+
+// ReformatString consumes a JSON string from src and appends it to dst,
+// reformatting it if necessary according to the specified flags.
+// It returns the appended output and the number of consumed input bytes.
+func ReformatString(dst, src []byte, flags *jsonflags.Flags) ([]byte, int, error) {
+ // TODO: Should this update ValueFlags as input?
+ var valFlags ValueFlags
+ n, err := ConsumeString(&valFlags, src, !flags.Get(jsonflags.AllowInvalidUTF8))
+ if err != nil {
+ return dst, n, err
+ }
+
+ // If the output requires no special escapes, and the input
+ // is already in canonical form or should be preserved verbatim,
+ // then directly copy the input to the output.
+ if !flags.Get(jsonflags.AnyEscape) &&
+ (valFlags.IsCanonical() || flags.Get(jsonflags.PreserveRawStrings)) {
+ dst = append(dst, src[:n]...) // copy the string verbatim
+ return dst, n, nil
+ }
+
+ // Under [jsonflags.PreserveRawStrings], any pre-escaped sequences
+ // remain escaped, however we still need to respect the
+ // [jsonflags.EscapeForHTML] and [jsonflags.EscapeForJS] options.
+ if flags.Get(jsonflags.PreserveRawStrings) {
+ var i, lastAppendIndex int
+ for i < n {
+ if c := src[i]; c < utf8.RuneSelf {
+ if (c == '<' || c == '>' || c == '&') && flags.Get(jsonflags.EscapeForHTML) {
+ dst = append(dst, src[lastAppendIndex:i]...)
+ dst = appendEscapedASCII(dst, c)
+ lastAppendIndex = i + 1
+ }
+ i++
+ } else {
+ r, rn := utf8.DecodeRune(truncateMaxUTF8(src[i:]))
+ if (r == '\u2028' || r == '\u2029') && flags.Get(jsonflags.EscapeForJS) {
+ dst = append(dst, src[lastAppendIndex:i]...)
+ dst = appendEscapedUnicode(dst, r)
+ lastAppendIndex = i + rn
+ }
+ i += rn
+ }
+ }
+ return append(dst, src[lastAppendIndex:n]...), n, nil
+ }
+
+ // The input contains characters that might need escaping,
+ // unnecessary escape sequences, or invalid UTF-8.
+ // Perform a round-trip unquote and quote to properly reformat
+ // these sequences according the current flags.
+ b, _ := AppendUnquote(nil, src[:n])
+ dst, _ = AppendQuote(dst, b, flags)
+ return dst, n, nil
+}
+
+// AppendFloat appends src to dst as a JSON number per RFC 7159, section 6.
+// It formats numbers similar to the ES6 number-to-string conversion.
+// See https://go.dev/issue/14135.
+//
+// The output is identical to ECMA-262, 6th edition, section 7.1.12.1 and with
+// RFC 8785, section 3.2.2.3 for 64-bit floating-point numbers except for -0,
+// which is formatted as -0 instead of just 0.
+//
+// For 32-bit floating-point numbers,
+// the output is a 32-bit equivalent of the algorithm.
+// Note that ECMA-262 specifies no algorithm for 32-bit numbers.
+func AppendFloat(dst []byte, src float64, bits int) []byte {
+ if bits == 32 {
+ src = float64(float32(src))
+ }
+
+ abs := math.Abs(src)
+ fmt := byte('f')
+ if abs != 0 {
+ if bits == 64 && (float64(abs) < 1e-6 || float64(abs) >= 1e21) ||
+ bits == 32 && (float32(abs) < 1e-6 || float32(abs) >= 1e21) {
+ fmt = 'e'
+ }
+ }
+ dst = strconv.AppendFloat(dst, src, fmt, -1, bits)
+ if fmt == 'e' {
+ // Clean up e-09 to e-9.
+ n := len(dst)
+ if n >= 4 && dst[n-4] == 'e' && dst[n-3] == '-' && dst[n-2] == '0' {
+ dst[n-2] = dst[n-1]
+ dst = dst[:n-1]
+ }
+ }
+ return dst
+}
+
+// ReformatNumber consumes a JSON string from src and appends it to dst,
+// canonicalizing it if specified.
+// It returns the appended output and the number of consumed input bytes.
+func ReformatNumber(dst, src []byte, flags *jsonflags.Flags) ([]byte, int, error) {
+ n, err := ConsumeNumber(src)
+ if err != nil {
+ return dst, n, err
+ }
+ if !flags.Get(jsonflags.CanonicalizeNumbers) {
+ dst = append(dst, src[:n]...) // copy the number verbatim
+ return dst, n, nil
+ }
+
+ // Identify the kind of number.
+ var isFloat bool
+ for _, c := range src[:n] {
+ if c == '.' || c == 'e' || c == 'E' {
+ isFloat = true // has fraction or exponent
+ break
+ }
+ }
+
+ // Check if need to canonicalize this kind of number.
+ switch {
+ case string(src[:n]) == "-0":
+ break // canonicalize -0 as 0 regardless of kind
+ case isFloat:
+ if !flags.Get(jsonflags.CanonicalizeRawFloats) {
+ dst = append(dst, src[:n]...) // copy the number verbatim
+ return dst, n, nil
+ }
+ default:
+ // As an optimization, we can copy integer numbers below 2⁵³ verbatim
+ // since the canonical form is always identical.
+ const maxExactIntegerDigits = 16 // len(strconv.AppendUint(nil, 1<<53, 10))
+ if !flags.Get(jsonflags.CanonicalizeRawInts) || n < maxExactIntegerDigits {
+ dst = append(dst, src[:n]...) // copy the number verbatim
+ return dst, n, nil
+ }
+ }
+
+ // Parse and reformat the number (which uses a canonical format).
+ fv, _ := strconv.ParseFloat(string(src[:n]), 64)
+ switch {
+ case fv == 0:
+ fv = 0 // normalize negative zero as just zero
+ case math.IsInf(fv, +1):
+ fv = +math.MaxFloat64
+ case math.IsInf(fv, -1):
+ fv = -math.MaxFloat64
+ }
+ return AppendFloat(dst, fv, 64), n, nil
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/wire.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/wire.go
new file mode 100644
index 000000000..a0622c65b
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/wire.go
@@ -0,0 +1,217 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+// Package jsonwire implements stateless functionality for handling JSON text.
+package jsonwire
+
+import (
+ "cmp"
+ "errors"
+ "strconv"
+ "strings"
+ "unicode"
+ "unicode/utf16"
+ "unicode/utf8"
+)
+
+// TrimSuffixWhitespace trims JSON from the end of b.
+func TrimSuffixWhitespace(b []byte) []byte {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ n := len(b) - 1
+ for n >= 0 && (b[n] == ' ' || b[n] == '\t' || b[n] == '\r' || b[n] == '\n') {
+ n--
+ }
+ return b[:n+1]
+}
+
+// TrimSuffixString trims a valid JSON string at the end of b.
+// The behavior is undefined if there is not a valid JSON string present.
+func TrimSuffixString(b []byte) []byte {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ if len(b) > 0 && b[len(b)-1] == '"' {
+ b = b[:len(b)-1]
+ }
+ for len(b) >= 2 && !(b[len(b)-1] == '"' && b[len(b)-2] != '\\') {
+ b = b[:len(b)-1] // trim all characters except an unescaped quote
+ }
+ if len(b) > 0 && b[len(b)-1] == '"' {
+ b = b[:len(b)-1]
+ }
+ return b
+}
+
+// HasSuffixByte reports whether b ends with c.
+func HasSuffixByte(b []byte, c byte) bool {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ return len(b) > 0 && b[len(b)-1] == c
+}
+
+// TrimSuffixByte removes c from the end of b if it is present.
+func TrimSuffixByte(b []byte, c byte) []byte {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ if len(b) > 0 && b[len(b)-1] == c {
+ return b[:len(b)-1]
+ }
+ return b
+}
+
+// QuoteRune quotes the first rune in the input.
+func QuoteRune[Bytes ~[]byte | ~string](b Bytes) string {
+ r, n := utf8.DecodeRuneInString(string(truncateMaxUTF8(b)))
+ if r == utf8.RuneError && n == 1 {
+ return `'\x` + strconv.FormatUint(uint64(b[0]), 16) + `'`
+ }
+ return strconv.QuoteRune(r)
+}
+
+// CompareUTF16 lexicographically compares x to y according
+// to the UTF-16 codepoints of the UTF-8 encoded input strings.
+// This implements the ordering specified in RFC 8785, section 3.2.3.
+func CompareUTF16[Bytes ~[]byte | ~string](x, y Bytes) int {
+ // NOTE: This is an optimized, mostly allocation-free implementation
+ // of CompareUTF16Simple in wire_test.go. FuzzCompareUTF16 verifies that the
+ // two implementations agree on the result of comparing any two strings.
+ isUTF16Self := func(r rune) bool {
+ return ('\u0000' <= r && r <= '\uD7FF') || ('\uE000' <= r && r <= '\uFFFF')
+ }
+
+ for {
+ if len(x) == 0 || len(y) == 0 {
+ return cmp.Compare(len(x), len(y))
+ }
+
+ // ASCII fast-path.
+ if x[0] < utf8.RuneSelf || y[0] < utf8.RuneSelf {
+ if x[0] != y[0] {
+ return cmp.Compare(x[0], y[0])
+ }
+ x, y = x[1:], y[1:]
+ continue
+ }
+
+ // Decode next pair of runes as UTF-8.
+ rx, nx := utf8.DecodeRuneInString(string(truncateMaxUTF8(x)))
+ ry, ny := utf8.DecodeRuneInString(string(truncateMaxUTF8(y)))
+
+ selfx := isUTF16Self(rx)
+ selfy := isUTF16Self(ry)
+ switch {
+ // The x rune is a single UTF-16 codepoint, while
+ // the y rune is a surrogate pair of UTF-16 codepoints.
+ case selfx && !selfy:
+ ry, _ = utf16.EncodeRune(ry)
+ // The y rune is a single UTF-16 codepoint, while
+ // the x rune is a surrogate pair of UTF-16 codepoints.
+ case selfy && !selfx:
+ rx, _ = utf16.EncodeRune(rx)
+ }
+ if rx != ry {
+ return cmp.Compare(rx, ry)
+ }
+
+ // Check for invalid UTF-8, in which case,
+ // we just perform a byte-for-byte comparison.
+ if isInvalidUTF8(rx, nx) || isInvalidUTF8(ry, ny) {
+ if x[0] != y[0] {
+ return cmp.Compare(x[0], y[0])
+ }
+ }
+ x, y = x[nx:], y[ny:]
+ }
+}
+
+// truncateMaxUTF8 truncates b such it contains at least one rune.
+//
+// The utf8 package currently lacks generic variants, which complicates
+// generic functions that operates on either []byte or string.
+// As a hack, we always call the utf8 function operating on strings,
+// but always truncate the input such that the result is identical.
+//
+// Example usage:
+//
+// utf8.DecodeRuneInString(string(truncateMaxUTF8(b)))
+//
+// Converting a []byte to a string is stack allocated since
+// truncateMaxUTF8 guarantees that the []byte is short.
+func truncateMaxUTF8[Bytes ~[]byte | ~string](b Bytes) Bytes {
+ // TODO(https://go.dev/issue/56948): Remove this function and
+ // instead directly call generic utf8 functions wherever used.
+ if len(b) > utf8.UTFMax {
+ return b[:utf8.UTFMax]
+ }
+ return b
+}
+
+// TODO(https://go.dev/issue/70547): Use utf8.ErrInvalid instead.
+var ErrInvalidUTF8 = errors.New("invalid UTF-8")
+
+func NewInvalidCharacterError[Bytes ~[]byte | ~string](prefix Bytes, where string) error {
+ what := QuoteRune(prefix)
+ return errors.New("invalid character " + what + " " + where)
+}
+
+func NewInvalidEscapeSequenceError[Bytes ~[]byte | ~string](what Bytes) error {
+ label := "escape sequence"
+ if len(what) > 6 {
+ label = "surrogate pair"
+ }
+ needEscape := strings.IndexFunc(string(what), func(r rune) bool {
+ return r == '`' || r == utf8.RuneError || unicode.IsSpace(r) || !unicode.IsPrint(r)
+ }) >= 0
+ if needEscape {
+ return errors.New("invalid " + label + " " + strconv.Quote(string(what)) + " in string")
+ } else {
+ return errors.New("invalid " + label + " `" + string(what) + "` in string")
+ }
+}
+
+// TruncatePointer optionally truncates the JSON pointer,
+// enforcing that the length roughly does not exceed n.
+func TruncatePointer(s string, n int) string {
+ if len(s) <= n {
+ return s
+ }
+ i := n / 2
+ j := len(s) - n/2
+
+ // Avoid truncating a name if there are multiple names present.
+ if k := strings.LastIndexByte(s[:i], '/'); k > 0 {
+ i = k
+ }
+ if k := strings.IndexByte(s[j:], '/'); k >= 0 {
+ j += k + len("/")
+ }
+
+ // Avoid truncation in the middle of a UTF-8 rune.
+ for i > 0 && isInvalidUTF8(utf8.DecodeLastRuneInString(s[:i])) {
+ i--
+ }
+ for j < len(s) && isInvalidUTF8(utf8.DecodeRuneInString(s[j:])) {
+ j++
+ }
+
+ // Determine the right middle fragment to use.
+ var middle string
+ switch strings.Count(s[i:j], "/") {
+ case 0:
+ middle = "…"
+ case 1:
+ middle = "…/…"
+ default:
+ middle = "…/…/…"
+ }
+ if strings.HasPrefix(s[i:j], "/") && middle != "…" {
+ middle = strings.TrimPrefix(middle, "…")
+ }
+ if strings.HasSuffix(s[i:j], "/") && middle != "…" {
+ middle = strings.TrimSuffix(middle, "…")
+ }
+ return s[:i] + middle + s[j:]
+}
+
+func isInvalidUTF8(r rune, rn int) bool {
+ return r == utf8.RuneError && rn == 1
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/alias.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/alias.go
new file mode 100644
index 000000000..dc18d5d55
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/alias.go
@@ -0,0 +1,536 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Code generated by alias_gen.go; DO NOT EDIT.
+
+//go:build goexperiment.jsonv2 && go1.25
+
+// Package jsontext implements syntactic processing of JSON
+// as specified in RFC 4627, RFC 7159, RFC 7493, RFC 8259, and RFC 8785.
+// JSON is a simple data interchange format that can represent
+// primitive data types such as booleans, strings, and numbers,
+// in addition to structured data types such as objects and arrays.
+//
+// The [Encoder] and [Decoder] types are used to encode or decode
+// a stream of JSON tokens or values.
+//
+// # Tokens and Values
+//
+// A JSON token refers to the basic structural elements of JSON:
+//
+// - a JSON literal (i.e., null, true, or false)
+// - a JSON string (e.g., "hello, world!")
+// - a JSON number (e.g., 123.456)
+// - a begin or end delimiter for a JSON object (i.e., '{' or '}')
+// - a begin or end delimiter for a JSON array (i.e., '[' or ']')
+//
+// A JSON token is represented by the [Token] type in Go. Technically,
+// there are two additional structural characters (i.e., ':' and ','),
+// but there is no [Token] representation for them since their presence
+// can be inferred by the structure of the JSON grammar itself.
+// For example, there must always be an implicit colon between
+// the name and value of a JSON object member.
+//
+// A JSON value refers to a complete unit of JSON data:
+//
+// - a JSON literal, string, or number
+// - a JSON object (e.g., `{"name":"value"}`)
+// - a JSON array (e.g., `[1,2,3,]`)
+//
+// A JSON value is represented by the [Value] type in Go and is a []byte
+// containing the raw textual representation of the value. There is some overlap
+// between tokens and values as both contain literals, strings, and numbers.
+// However, only a value can represent the entirety of a JSON object or array.
+//
+// The [Encoder] and [Decoder] types contain methods to read or write the next
+// [Token] or [Value] in a sequence. They maintain a state machine to validate
+// whether the sequence of JSON tokens and/or values produces a valid JSON.
+// [Options] may be passed to the [NewEncoder] or [NewDecoder] constructors
+// to configure the syntactic behavior of encoding and decoding.
+//
+// # Terminology
+//
+// The terms "encode" and "decode" are used for syntactic functionality
+// that is concerned with processing JSON based on its grammar, and
+// the terms "marshal" and "unmarshal" are used for semantic functionality
+// that determines the meaning of JSON values as Go values and vice-versa.
+// This package (i.e., [jsontext]) deals with JSON at a syntactic layer,
+// while [encoding/json/v2] deals with JSON at a semantic layer.
+// The goal is to provide a clear distinction between functionality that
+// is purely concerned with encoding versus that of marshaling.
+// For example, one can directly encode a stream of JSON tokens without
+// needing to marshal a concrete Go value representing them.
+// Similarly, one can decode a stream of JSON tokens without
+// needing to unmarshal them into a concrete Go value.
+//
+// This package uses JSON terminology when discussing JSON, which may differ
+// from related concepts in Go or elsewhere in computing literature.
+//
+// - a JSON "object" refers to an unordered collection of name/value members.
+// - a JSON "array" refers to an ordered sequence of elements.
+// - a JSON "value" refers to either a literal (i.e., null, false, or true),
+// string, number, object, or array.
+//
+// See RFC 8259 for more information.
+//
+// # Specifications
+//
+// Relevant specifications include RFC 4627, RFC 7159, RFC 7493, RFC 8259,
+// and RFC 8785. Each RFC is generally a stricter subset of another RFC.
+// In increasing order of strictness:
+//
+// - RFC 4627 and RFC 7159 do not require (but recommend) the use of UTF-8
+// and also do not require (but recommend) that object names be unique.
+// - RFC 8259 requires the use of UTF-8,
+// but does not require (but recommends) that object names be unique.
+// - RFC 7493 requires the use of UTF-8
+// and also requires that object names be unique.
+// - RFC 8785 defines a canonical representation. It requires the use of UTF-8
+// and also requires that object names be unique and in a specific ordering.
+// It specifies exactly how strings and numbers must be formatted.
+//
+// The primary difference between RFC 4627 and RFC 7159 is that the former
+// restricted top-level values to only JSON objects and arrays, while
+// RFC 7159 and subsequent RFCs permit top-level values to additionally be
+// JSON nulls, booleans, strings, or numbers.
+//
+// By default, this package operates on RFC 7493, but can be configured
+// to operate according to the other RFC specifications.
+// RFC 7493 is a stricter subset of RFC 8259 and fully compliant with it.
+// In particular, it makes specific choices about behavior that RFC 8259
+// leaves as undefined in order to ensure greater interoperability.
+//
+// # Security Considerations
+//
+// See the "Security Considerations" section in [encoding/json/v2].
+package jsontext
+
+import (
+ "encoding/json/jsontext"
+ "io"
+)
+
+// Decoder is a streaming decoder for raw JSON tokens and values.
+// It is used to read a stream of top-level JSON values,
+// each separated by optional whitespace characters.
+//
+// [Decoder.ReadToken] and [Decoder.ReadValue] calls may be interleaved.
+// For example, the following JSON value:
+//
+// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}}
+//
+// can be parsed with the following calls (ignoring errors for brevity):
+//
+// d.ReadToken() // {
+// d.ReadToken() // "name"
+// d.ReadToken() // "value"
+// d.ReadValue() // "array"
+// d.ReadToken() // [
+// d.ReadToken() // null
+// d.ReadToken() // false
+// d.ReadValue() // true
+// d.ReadToken() // 3.14159
+// d.ReadToken() // ]
+// d.ReadValue() // "object"
+// d.ReadValue() // {"k":"v"}
+// d.ReadToken() // }
+//
+// The above is one of many possible sequence of calls and
+// may not represent the most sensible method to call for any given token/value.
+// For example, it is probably more common to call [Decoder.ReadToken] to obtain a
+// string token for object names.
+type Decoder = jsontext.Decoder
+
+// NewDecoder constructs a new streaming decoder reading from r.
+//
+// If r is a [bytes.Buffer], then the decoder parses directly from the buffer
+// without first copying the contents to an intermediate buffer.
+// Additional writes to the buffer must not occur while the decoder is in use.
+func NewDecoder(r io.Reader, opts ...Options) *Decoder {
+ return jsontext.NewDecoder(r, opts...)
+}
+
+// Encoder is a streaming encoder from raw JSON tokens and values.
+// It is used to write a stream of top-level JSON values,
+// each terminated with a newline character.
+//
+// [Encoder.WriteToken] and [Encoder.WriteValue] calls may be interleaved.
+// For example, the following JSON value:
+//
+// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}}
+//
+// can be composed with the following calls (ignoring errors for brevity):
+//
+// e.WriteToken(BeginObject) // {
+// e.WriteToken(String("name")) // "name"
+// e.WriteToken(String("value")) // "value"
+// e.WriteValue(Value(`"array"`)) // "array"
+// e.WriteToken(BeginArray) // [
+// e.WriteToken(Null) // null
+// e.WriteToken(False) // false
+// e.WriteValue(Value("true")) // true
+// e.WriteToken(Float(3.14159)) // 3.14159
+// e.WriteToken(EndArray) // ]
+// e.WriteValue(Value(`"object"`)) // "object"
+// e.WriteValue(Value(`{"k":"v"}`)) // {"k":"v"}
+// e.WriteToken(EndObject) // }
+//
+// The above is one of many possible sequence of calls and
+// may not represent the most sensible method to call for any given token/value.
+// For example, it is probably more common to call [Encoder.WriteToken] with a string
+// for object names.
+type Encoder = jsontext.Encoder
+
+// NewEncoder constructs a new streaming encoder writing to w
+// configured with the provided options.
+// It flushes the internal buffer when the buffer is sufficiently full or
+// when a top-level value has been written.
+//
+// If w is a [bytes.Buffer], then the encoder appends directly into the buffer
+// without copying the contents from an intermediate buffer.
+func NewEncoder(w io.Writer, opts ...Options) *Encoder {
+ return jsontext.NewEncoder(w, opts...)
+}
+
+// SyntacticError is a description of a syntactic error that occurred when
+// encoding or decoding JSON according to the grammar.
+//
+// The contents of this error as produced by this package may change over time.
+type SyntacticError = jsontext.SyntacticError
+
+// Options configures [NewEncoder], [Encoder.Reset], [NewDecoder],
+// and [Decoder.Reset] with specific features.
+// Each function takes in a variadic list of options, where properties
+// set in latter options override the value of previously set properties.
+//
+// There is a single Options type, which is used with both encoding and decoding.
+// Some options affect both operations, while others only affect one operation:
+//
+// - [AllowDuplicateNames] affects encoding and decoding
+// - [AllowInvalidUTF8] affects encoding and decoding
+// - [EscapeForHTML] affects encoding only
+// - [EscapeForJS] affects encoding only
+// - [PreserveRawStrings] affects encoding only
+// - [CanonicalizeRawInts] affects encoding only
+// - [CanonicalizeRawFloats] affects encoding only
+// - [ReorderRawObjects] affects encoding only
+// - [SpaceAfterColon] affects encoding only
+// - [SpaceAfterComma] affects encoding only
+// - [Multiline] affects encoding only
+// - [WithIndent] affects encoding only
+// - [WithIndentPrefix] affects encoding only
+//
+// Options that do not affect a particular operation are ignored.
+//
+// The Options type is identical to [encoding/json.Options] and
+// [encoding/json/v2.Options]. Options from the other packages may
+// be passed to functionality in this package, but are ignored.
+// Options from this package may be used with the other packages.
+type Options = jsontext.Options
+
+// AllowDuplicateNames specifies that JSON objects may contain
+// duplicate member names. Disabling the duplicate name check may provide
+// performance benefits, but breaks compliance with RFC 7493, section 2.3.
+// The input or output will still be compliant with RFC 8259,
+// which leaves the handling of duplicate names as unspecified behavior.
+//
+// This affects either encoding or decoding.
+func AllowDuplicateNames(v bool) Options {
+ return jsontext.AllowDuplicateNames(v)
+}
+
+// AllowInvalidUTF8 specifies that JSON strings may contain invalid UTF-8,
+// which will be mangled as the Unicode replacement character, U+FFFD.
+// This causes the encoder or decoder to break compliance with
+// RFC 7493, section 2.1, and RFC 8259, section 8.1.
+//
+// This affects either encoding or decoding.
+func AllowInvalidUTF8(v bool) Options {
+ return jsontext.AllowInvalidUTF8(v)
+}
+
+// EscapeForHTML specifies that '<', '>', and '&' characters within JSON strings
+// should be escaped as a hexadecimal Unicode codepoint (e.g., \u003c) so that
+// the output is safe to embed within HTML.
+//
+// This only affects encoding and is ignored when decoding.
+func EscapeForHTML(v bool) Options {
+ return jsontext.EscapeForHTML(v)
+}
+
+// EscapeForJS specifies that U+2028 and U+2029 characters within JSON strings
+// should be escaped as a hexadecimal Unicode codepoint (e.g., \u2028) so that
+// the output is valid to embed within JavaScript. See RFC 8259, section 12.
+//
+// This only affects encoding and is ignored when decoding.
+func EscapeForJS(v bool) Options {
+ return jsontext.EscapeForJS(v)
+}
+
+// PreserveRawStrings specifies that when encoding a raw JSON string in a
+// [Token] or [Value], pre-escaped sequences
+// in a JSON string are preserved to the output.
+// However, raw strings still respect [EscapeForHTML] and [EscapeForJS]
+// such that the relevant characters are escaped.
+// If [AllowInvalidUTF8] is enabled, bytes of invalid UTF-8
+// are preserved to the output.
+//
+// This only affects encoding and is ignored when decoding.
+func PreserveRawStrings(v bool) Options {
+ return jsontext.PreserveRawStrings(v)
+}
+
+// CanonicalizeRawInts specifies that when encoding a raw JSON
+// integer number (i.e., a number without a fraction and exponent) in a
+// [Token] or [Value], the number is canonicalized
+// according to RFC 8785, section 3.2.2.3. As a special case,
+// the number -0 is canonicalized as 0.
+//
+// JSON numbers are treated as IEEE 754 double precision numbers.
+// Any numbers with precision beyond what is representable by that form
+// will lose their precision when canonicalized. For example,
+// integer values beyond ±2⁵³ will lose their precision.
+// For example, 1234567890123456789 is formatted as 1234567890123456800.
+//
+// This only affects encoding and is ignored when decoding.
+func CanonicalizeRawInts(v bool) Options {
+ return jsontext.CanonicalizeRawInts(v)
+}
+
+// CanonicalizeRawFloats specifies that when encoding a raw JSON
+// floating-point number (i.e., a number with a fraction or exponent) in a
+// [Token] or [Value], the number is canonicalized
+// according to RFC 8785, section 3.2.2.3. As a special case,
+// the number -0 is canonicalized as 0.
+//
+// JSON numbers are treated as IEEE 754 double precision numbers.
+// It is safe to canonicalize a serialized single precision number and
+// parse it back as a single precision number and expect the same value.
+// If a number exceeds ±1.7976931348623157e+308, which is the maximum
+// finite number, then it saturated at that value and formatted as such.
+//
+// This only affects encoding and is ignored when decoding.
+func CanonicalizeRawFloats(v bool) Options {
+ return jsontext.CanonicalizeRawFloats(v)
+}
+
+// ReorderRawObjects specifies that when encoding a raw JSON object in a
+// [Value], the object members are reordered according to
+// RFC 8785, section 3.2.3.
+//
+// This only affects encoding and is ignored when decoding.
+func ReorderRawObjects(v bool) Options {
+ return jsontext.ReorderRawObjects(v)
+}
+
+// SpaceAfterColon specifies that the JSON output should emit a space character
+// after each colon separator following a JSON object name.
+// If false, then no space character appears after the colon separator.
+//
+// This only affects encoding and is ignored when decoding.
+func SpaceAfterColon(v bool) Options {
+ return jsontext.SpaceAfterColon(v)
+}
+
+// SpaceAfterComma specifies that the JSON output should emit a space character
+// after each comma separator following a JSON object value or array element.
+// If false, then no space character appears after the comma separator.
+//
+// This only affects encoding and is ignored when decoding.
+func SpaceAfterComma(v bool) Options {
+ return jsontext.SpaceAfterComma(v)
+}
+
+// Multiline specifies that the JSON output should expand to multiple lines,
+// where every JSON object member or JSON array element appears on
+// a new, indented line according to the nesting depth.
+//
+// If [SpaceAfterColon] is not specified, then the default is true.
+// If [SpaceAfterComma] is not specified, then the default is false.
+// If [WithIndent] is not specified, then the default is "\t".
+//
+// If set to false, then the output is a single-line,
+// where the only whitespace emitted is determined by the current
+// values of [SpaceAfterColon] and [SpaceAfterComma].
+//
+// This only affects encoding and is ignored when decoding.
+func Multiline(v bool) Options {
+ return jsontext.Multiline(v)
+}
+
+// WithIndent specifies that the encoder should emit multiline output
+// where each element in a JSON object or array begins on a new, indented line
+// beginning with the indent prefix (see [WithIndentPrefix])
+// followed by one or more copies of indent according to the nesting depth.
+// The indent must only be composed of space or tab characters.
+//
+// If the intent to emit indented output without a preference for
+// the particular indent string, then use [Multiline] instead.
+//
+// This only affects encoding and is ignored when decoding.
+// Use of this option implies [Multiline] being set to true.
+func WithIndent(indent string) Options {
+ return jsontext.WithIndent(indent)
+}
+
+// WithIndentPrefix specifies that the encoder should emit multiline output
+// where each element in a JSON object or array begins on a new, indented line
+// beginning with the indent prefix followed by one or more copies of indent
+// (see [WithIndent]) according to the nesting depth.
+// The prefix must only be composed of space or tab characters.
+//
+// This only affects encoding and is ignored when decoding.
+// Use of this option implies [Multiline] being set to true.
+func WithIndentPrefix(prefix string) Options {
+ return jsontext.WithIndentPrefix(prefix)
+}
+
+// AppendQuote appends a double-quoted JSON string literal representing src
+// to dst and returns the extended buffer.
+// It uses the minimal string representation per RFC 8785, section 3.2.2.2.
+// Invalid UTF-8 bytes are replaced with the Unicode replacement character
+// and an error is returned at the end indicating the presence of invalid UTF-8.
+// The dst must not overlap with the src.
+func AppendQuote[Bytes ~[]byte | ~string](dst []byte, src Bytes) ([]byte, error) {
+ return jsontext.AppendQuote[Bytes](dst, src)
+}
+
+// AppendUnquote appends the decoded interpretation of src as a
+// double-quoted JSON string literal to dst and returns the extended buffer.
+// The input src must be a JSON string without any surrounding whitespace.
+// Invalid UTF-8 bytes are replaced with the Unicode replacement character
+// and an error is returned at the end indicating the presence of invalid UTF-8.
+// Any trailing bytes after the JSON string literal results in an error.
+// The dst must not overlap with the src.
+func AppendUnquote[Bytes ~[]byte | ~string](dst []byte, src Bytes) ([]byte, error) {
+ return jsontext.AppendUnquote[Bytes](dst, src)
+}
+
+// ErrDuplicateName indicates that a JSON token could not be
+// encoded or decoded because it results in a duplicate JSON object name.
+// This error is directly wrapped within a [SyntacticError] when produced.
+//
+// The name of a duplicate JSON object member can be extracted as:
+//
+// err := ...
+// var serr jsontext.SyntacticError
+// if errors.As(err, &serr) && serr.Err == jsontext.ErrDuplicateName {
+// ptr := serr.JSONPointer // JSON pointer to duplicate name
+// name := ptr.LastToken() // duplicate name itself
+// ...
+// }
+//
+// This error is only returned if [AllowDuplicateNames] is false.
+var ErrDuplicateName = jsontext.ErrDuplicateName
+
+// ErrNonStringName indicates that a JSON token could not be
+// encoded or decoded because it is not a string,
+// as required for JSON object names according to RFC 8259, section 4.
+// This error is directly wrapped within a [SyntacticError] when produced.
+var ErrNonStringName = jsontext.ErrNonStringName
+
+// Pointer is a JSON Pointer (RFC 6901) that references a particular JSON value
+// relative to the root of the top-level JSON value.
+//
+// A Pointer is a slash-separated list of tokens, where each token is
+// either a JSON object name or an index to a JSON array element
+// encoded as a base-10 integer value.
+// It is impossible to distinguish between an array index and an object name
+// (that happens to be an base-10 encoded integer) without also knowing
+// the structure of the top-level JSON value that the pointer refers to.
+//
+// There is exactly one representation of a pointer to a particular value,
+// so comparability of Pointer values is equivalent to checking whether
+// they both point to the exact same value.
+type Pointer = jsontext.Pointer
+
+// Token represents a lexical JSON token, which may be one of the following:
+// - a JSON literal (i.e., null, true, or false)
+// - a JSON string (e.g., "hello, world!")
+// - a JSON number (e.g., 123.456)
+// - a begin or end delimiter for a JSON object (i.e., { or } )
+// - a begin or end delimiter for a JSON array (i.e., [ or ] )
+//
+// A Token cannot represent entire array or object values, while a [Value] can.
+// There is no Token to represent commas and colons since
+// these structural tokens can be inferred from the surrounding context.
+type Token = jsontext.Token
+
+var (
+ Null = jsontext.Null
+ False = jsontext.False
+ True = jsontext.True
+ BeginObject = jsontext.BeginObject
+ EndObject = jsontext.EndObject
+ BeginArray = jsontext.BeginArray
+ EndArray = jsontext.EndArray
+)
+
+// Bool constructs a Token representing a JSON boolean.
+func Bool(b bool) Token {
+ return jsontext.Bool(b)
+}
+
+// String constructs a Token representing a JSON string.
+// The provided string should contain valid UTF-8, otherwise invalid characters
+// may be mangled as the Unicode replacement character.
+func String(s string) Token {
+ return jsontext.String(s)
+}
+
+// Float constructs a Token representing a JSON number.
+// The values NaN, +Inf, and -Inf will be represented
+// as a JSON string with the values "NaN", "Infinity", and "-Infinity".
+func Float(n float64) Token {
+ return jsontext.Float(n)
+}
+
+// Int constructs a Token representing a JSON number from an int64.
+func Int(n int64) Token {
+ return jsontext.Int(n)
+}
+
+// Uint constructs a Token representing a JSON number from a uint64.
+func Uint(n uint64) Token {
+ return jsontext.Uint(n)
+}
+
+// Kind represents each possible JSON token kind with a single byte,
+// which is conveniently the first byte of that kind's grammar
+// with the restriction that numbers always be represented with '0':
+//
+// - 'n': null
+// - 'f': false
+// - 't': true
+// - '"': string
+// - '0': number
+// - '{': object begin
+// - '}': object end
+// - '[': array begin
+// - ']': array end
+//
+// An invalid kind is usually represented using 0,
+// but may be non-zero due to invalid JSON data.
+type Kind = jsontext.Kind
+
+// AppendFormat formats the JSON value in src and appends it to dst
+// according to the specified options.
+// See [Value.Format] for more details about the formatting behavior.
+//
+// The dst and src may overlap.
+// If an error is reported, then the entirety of src is appended to dst.
+func AppendFormat(dst, src []byte, opts ...Options) ([]byte, error) {
+ return jsontext.AppendFormat(dst, src, opts...)
+}
+
+// Value represents a single raw JSON value, which may be one of the following:
+// - a JSON literal (i.e., null, true, or false)
+// - a JSON string (e.g., "hello, world!")
+// - a JSON number (e.g., 123.456)
+// - an entire JSON object (e.g., {"fizz":"buzz"} )
+// - an entire JSON array (e.g., [1,2,3] )
+//
+// Value can represent entire array or object values, while [Token] cannot.
+// Value may contain leading and/or trailing whitespace.
+type Value = jsontext.Value
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/decode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/decode.go
new file mode 100644
index 000000000..7e847de37
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/decode.go
@@ -0,0 +1,1179 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsontext
+
+import (
+ "bytes"
+ "errors"
+ "io"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+)
+
+// NOTE: The logic for decoding is complicated by the fact that reading from
+// an io.Reader into a temporary buffer means that the buffer may contain a
+// truncated portion of some valid input, requiring the need to fetch more data.
+//
+// This file is structured in the following way:
+//
+// - consumeXXX functions parse an exact JSON token from a []byte.
+// If the buffer appears truncated, then it returns io.ErrUnexpectedEOF.
+// The consumeSimpleXXX functions are so named because they only handle
+// a subset of the grammar for the JSON token being parsed.
+// They do not handle the full grammar to keep these functions inlinable.
+//
+// - Decoder.consumeXXX methods parse the next JSON token from Decoder.buf,
+// automatically fetching more input if necessary. These methods take
+// a position relative to the start of Decoder.buf as an argument and
+// return the end of the consumed JSON token as a position,
+// also relative to the start of Decoder.buf.
+//
+// - In the event of an I/O errors or state machine violations,
+// the implementation avoids mutating the state of Decoder
+// (aside from the book-keeping needed to implement Decoder.fetch).
+// For this reason, only Decoder.ReadToken and Decoder.ReadValue are
+// responsible for updated Decoder.prevStart and Decoder.prevEnd.
+//
+// - For performance, much of the implementation uses the pattern of calling
+// the inlinable consumeXXX functions first, and if more work is necessary,
+// then it calls the slower Decoder.consumeXXX methods.
+// TODO: Revisit this pattern if the Go compiler provides finer control
+// over exactly which calls are inlined or not.
+
+// Decoder is a streaming decoder for raw JSON tokens and values.
+// It is used to read a stream of top-level JSON values,
+// each separated by optional whitespace characters.
+//
+// [Decoder.ReadToken] and [Decoder.ReadValue] calls may be interleaved.
+// For example, the following JSON value:
+//
+// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}}
+//
+// can be parsed with the following calls (ignoring errors for brevity):
+//
+// d.ReadToken() // {
+// d.ReadToken() // "name"
+// d.ReadToken() // "value"
+// d.ReadValue() // "array"
+// d.ReadToken() // [
+// d.ReadToken() // null
+// d.ReadToken() // false
+// d.ReadValue() // true
+// d.ReadToken() // 3.14159
+// d.ReadToken() // ]
+// d.ReadValue() // "object"
+// d.ReadValue() // {"k":"v"}
+// d.ReadToken() // }
+//
+// The above is one of many possible sequence of calls and
+// may not represent the most sensible method to call for any given token/value.
+// For example, it is probably more common to call [Decoder.ReadToken] to obtain a
+// string token for object names.
+type Decoder struct {
+ s decoderState
+}
+
+// decoderState is the low-level state of Decoder.
+// It has exported fields and method for use by the "json" package.
+type decoderState struct {
+ state
+ decodeBuffer
+ jsonopts.Struct
+
+ StringCache *[256]string // only used when unmarshaling; identical to json.stringCache
+}
+
+// decodeBuffer is a buffer split into 4 segments:
+//
+// - buf[0:prevEnd] // already read portion of the buffer
+// - buf[prevStart:prevEnd] // previously read value
+// - buf[prevEnd:len(buf)] // unread portion of the buffer
+// - buf[len(buf):cap(buf)] // unused portion of the buffer
+//
+// Invariants:
+//
+// 0 ≤ prevStart ≤ prevEnd ≤ len(buf) ≤ cap(buf)
+type decodeBuffer struct {
+ peekPos int // non-zero if valid offset into buf for start of next token
+ peekErr error // implies peekPos is -1
+
+ buf []byte // may alias rd if it is a bytes.Buffer
+ prevStart int
+ prevEnd int
+
+ // baseOffset is added to prevStart and prevEnd to obtain
+ // the absolute offset relative to the start of io.Reader stream.
+ baseOffset int64
+
+ rd io.Reader
+}
+
+// NewDecoder constructs a new streaming decoder reading from r.
+//
+// If r is a [bytes.Buffer], then the decoder parses directly from the buffer
+// without first copying the contents to an intermediate buffer.
+// Additional writes to the buffer must not occur while the decoder is in use.
+func NewDecoder(r io.Reader, opts ...Options) *Decoder {
+ d := new(Decoder)
+ d.Reset(r, opts...)
+ return d
+}
+
+// Reset resets a decoder such that it is reading afresh from r and
+// configured with the provided options. Reset must not be called on an
+// a Decoder passed to the [encoding/json/v2.UnmarshalerFrom.UnmarshalJSONFrom] method
+// or the [encoding/json/v2.UnmarshalFromFunc] function.
+func (d *Decoder) Reset(r io.Reader, opts ...Options) {
+ switch {
+ case d == nil:
+ panic("jsontext: invalid nil Decoder")
+ case r == nil:
+ panic("jsontext: invalid nil io.Reader")
+ case d.s.Flags.Get(jsonflags.WithinArshalCall):
+ panic("jsontext: cannot reset Decoder passed to json.UnmarshalerFrom")
+ }
+ // Reuse the buffer if it does not alias a previous [bytes.Buffer].
+ b := d.s.buf[:0]
+ if _, ok := d.s.rd.(*bytes.Buffer); ok {
+ b = nil
+ }
+ d.s.reset(b, r, opts...)
+}
+
+func (d *decoderState) reset(b []byte, r io.Reader, opts ...Options) {
+ d.state.reset()
+ d.decodeBuffer = decodeBuffer{buf: b, rd: r}
+ opts2 := jsonopts.Struct{} // avoid mutating d.Struct in case it is part of opts
+ opts2.Join(opts...)
+ d.Struct = opts2
+}
+
+// Options returns the options used to construct the encoder and
+// may additionally contain semantic options passed to a
+// [encoding/json/v2.UnmarshalDecode] call.
+//
+// If operating within
+// a [encoding/json/v2.UnmarshalerFrom.UnmarshalJSONFrom] method call or
+// a [encoding/json/v2.UnmarshalFromFunc] function call,
+// then the returned options are only valid within the call.
+func (d *Decoder) Options() Options {
+ return &d.s.Struct
+}
+
+var errBufferWriteAfterNext = errors.New("invalid bytes.Buffer.Write call after calling bytes.Buffer.Next")
+
+// fetch reads at least 1 byte from the underlying io.Reader.
+// It returns io.ErrUnexpectedEOF if zero bytes were read and io.EOF was seen.
+func (d *decoderState) fetch() error {
+ if d.rd == nil {
+ return io.ErrUnexpectedEOF
+ }
+
+ // Inform objectNameStack that we are about to fetch new buffer content.
+ d.Names.copyQuotedBuffer(d.buf)
+
+ // Specialize bytes.Buffer for better performance.
+ if bb, ok := d.rd.(*bytes.Buffer); ok {
+ switch {
+ case bb.Len() == 0:
+ return io.ErrUnexpectedEOF
+ case len(d.buf) == 0:
+ d.buf = bb.Next(bb.Len()) // "read" all data in the buffer
+ return nil
+ default:
+ // This only occurs if a partially filled bytes.Buffer was provided
+ // and more data is written to it while Decoder is reading from it.
+ // This practice will lead to data corruption since future writes
+ // may overwrite the contents of the current buffer.
+ //
+ // The user is trying to use a bytes.Buffer as a pipe,
+ // but a bytes.Buffer is poor implementation of a pipe,
+ // the purpose-built io.Pipe should be used instead.
+ return &ioError{action: "read", err: errBufferWriteAfterNext}
+ }
+ }
+
+ // Allocate initial buffer if empty.
+ if cap(d.buf) == 0 {
+ d.buf = make([]byte, 0, 64)
+ }
+
+ // Check whether to grow the buffer.
+ const maxBufferSize = 4 << 10
+ const growthSizeFactor = 2 // higher value is faster
+ const growthRateFactor = 2 // higher value is slower
+ // By default, grow if below the maximum buffer size.
+ grow := cap(d.buf) <= maxBufferSize/growthSizeFactor
+ // Growing can be expensive, so only grow
+ // if a sufficient number of bytes have been processed.
+ grow = grow && int64(cap(d.buf)) < d.previousOffsetEnd()/growthRateFactor
+ // If prevStart==0, then fetch was called in order to fetch more data
+ // to finish consuming a large JSON value contiguously.
+ // Grow if less than 25% of the remaining capacity is available.
+ // Note that this may cause the input buffer to exceed maxBufferSize.
+ grow = grow || (d.prevStart == 0 && len(d.buf) >= 3*cap(d.buf)/4)
+
+ if grow {
+ // Allocate a new buffer and copy the contents of the old buffer over.
+ // TODO: Provide a hard limit on the maximum internal buffer size?
+ buf := make([]byte, 0, cap(d.buf)*growthSizeFactor)
+ d.buf = append(buf, d.buf[d.prevStart:]...)
+ } else {
+ // Move unread portion of the data to the front.
+ n := copy(d.buf[:cap(d.buf)], d.buf[d.prevStart:])
+ d.buf = d.buf[:n]
+ }
+ d.baseOffset += int64(d.prevStart)
+ d.prevEnd -= d.prevStart
+ d.prevStart = 0
+
+ // Read more data into the internal buffer.
+ for {
+ n, err := d.rd.Read(d.buf[len(d.buf):cap(d.buf)])
+ switch {
+ case n > 0:
+ d.buf = d.buf[:len(d.buf)+n]
+ return nil // ignore errors if any bytes are read
+ case err == io.EOF:
+ return io.ErrUnexpectedEOF
+ case err != nil:
+ return &ioError{action: "read", err: err}
+ default:
+ continue // Read returned (0, nil)
+ }
+ }
+}
+
+const invalidateBufferByte = '#' // invalid starting character for JSON grammar
+
+// invalidatePreviousRead invalidates buffers returned by Peek and Read calls
+// so that the first byte is an invalid character.
+// This Hyrum-proofs the API against faulty application code that assumes
+// values returned by ReadValue remain valid past subsequent Read calls.
+func (d *decodeBuffer) invalidatePreviousRead() {
+ // Avoid mutating the buffer if d.rd is nil which implies that d.buf
+ // is provided by the user code and may not expect mutations.
+ isBytesBuffer := func(r io.Reader) bool {
+ _, ok := r.(*bytes.Buffer)
+ return ok
+ }
+ if d.rd != nil && !isBytesBuffer(d.rd) && d.prevStart < d.prevEnd && uint(d.prevStart) < uint(len(d.buf)) {
+ d.buf[d.prevStart] = invalidateBufferByte
+ d.prevStart = d.prevEnd
+ }
+}
+
+// needMore reports whether there are no more unread bytes.
+func (d *decodeBuffer) needMore(pos int) bool {
+ // NOTE: The arguments and logic are kept simple to keep this inlinable.
+ return pos == len(d.buf)
+}
+
+func (d *decodeBuffer) offsetAt(pos int) int64 { return d.baseOffset + int64(pos) }
+func (d *decodeBuffer) previousOffsetStart() int64 { return d.baseOffset + int64(d.prevStart) }
+func (d *decodeBuffer) previousOffsetEnd() int64 { return d.baseOffset + int64(d.prevEnd) }
+func (d *decodeBuffer) previousBuffer() []byte { return d.buf[d.prevStart:d.prevEnd] }
+func (d *decodeBuffer) unreadBuffer() []byte { return d.buf[d.prevEnd:len(d.buf)] }
+
+// PreviousTokenOrValue returns the previously read token or value
+// unless it has been invalidated by a call to PeekKind.
+// If a token is just a delimiter, then this returns a 1-byte buffer.
+// This method is used for error reporting at the semantic layer.
+func (d *decodeBuffer) PreviousTokenOrValue() []byte {
+ b := d.previousBuffer()
+ // If peek was called, then the previous token or buffer is invalidated.
+ if d.peekPos > 0 || len(b) > 0 && b[0] == invalidateBufferByte {
+ return nil
+ }
+ // ReadToken does not preserve the buffer for null, bools, or delimiters.
+ // Manually re-construct that buffer.
+ if len(b) == 0 {
+ b = d.buf[:d.prevEnd] // entirety of the previous buffer
+ for _, tok := range []string{"null", "false", "true", "{", "}", "[", "]"} {
+ if len(b) >= len(tok) && string(b[len(b)-len(tok):]) == tok {
+ return b[len(b)-len(tok):]
+ }
+ }
+ }
+ return b
+}
+
+// PeekKind retrieves the next token kind, but does not advance the read offset.
+//
+// It returns 0 if an error occurs. Any such error is cached until
+// the next read call and it is the caller's responsibility to eventually
+// follow up a PeekKind call with a read call.
+func (d *Decoder) PeekKind() Kind {
+ return d.s.PeekKind()
+}
+func (d *decoderState) PeekKind() Kind {
+ // Check whether we have a cached peek result.
+ if d.peekPos > 0 {
+ return Kind(d.buf[d.peekPos]).normalize()
+ }
+
+ var err error
+ d.invalidatePreviousRead()
+ pos := d.prevEnd
+
+ // Consume leading whitespace.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ if err == io.ErrUnexpectedEOF && d.Tokens.Depth() == 1 {
+ err = io.EOF // EOF possibly if no Tokens present after top-level value
+ }
+ d.peekPos, d.peekErr = -1, wrapSyntacticError(d, err, pos, 0)
+ return invalidKind
+ }
+ }
+
+ // Consume colon or comma.
+ var delim byte
+ if c := d.buf[pos]; c == ':' || c == ',' {
+ delim = c
+ pos += 1
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ err = wrapSyntacticError(d, err, pos, 0)
+ d.peekPos, d.peekErr = -1, d.checkDelimBeforeIOError(delim, err)
+ return invalidKind
+ }
+ }
+ }
+ next := Kind(d.buf[pos]).normalize()
+ if d.Tokens.needDelim(next) != delim {
+ d.peekPos, d.peekErr = -1, d.checkDelim(delim, next)
+ return invalidKind
+ }
+
+ // This may set peekPos to zero, which is indistinguishable from
+ // the uninitialized state. While a small hit to performance, it is correct
+ // since ReadValue and ReadToken will disregard the cached result and
+ // recompute the next kind.
+ d.peekPos, d.peekErr = pos, nil
+ return next
+}
+
+// checkDelimBeforeIOError checks whether the delim is even valid
+// before returning an IO error, which occurs after the delim.
+func (d *decoderState) checkDelimBeforeIOError(delim byte, err error) error {
+ // Since an IO error occurred, we do not know what the next kind is.
+ // However, knowing the next kind is necessary to validate
+ // whether the current delim is at least potentially valid.
+ // Since a JSON string is always valid as the next token,
+ // conservatively assume that is the next kind for validation.
+ const next = Kind('"')
+ if d.Tokens.needDelim(next) != delim {
+ err = d.checkDelim(delim, next)
+ }
+ return err
+}
+
+// CountNextDelimWhitespace counts the number of upcoming bytes of
+// delimiter or whitespace characters.
+// This method is used for error reporting at the semantic layer.
+func (d *decoderState) CountNextDelimWhitespace() int {
+ d.PeekKind() // populate unreadBuffer
+ return len(d.unreadBuffer()) - len(bytes.TrimLeft(d.unreadBuffer(), ",: \n\r\t"))
+}
+
+// checkDelim checks whether delim is valid for the given next kind.
+func (d *decoderState) checkDelim(delim byte, next Kind) error {
+ where := "at start of value"
+ switch d.Tokens.needDelim(next) {
+ case delim:
+ return nil
+ case ':':
+ where = "after object name (expecting ':')"
+ case ',':
+ if d.Tokens.Last.isObject() {
+ where = "after object value (expecting ',' or '}')"
+ } else {
+ where = "after array element (expecting ',' or ']')"
+ }
+ }
+ pos := d.prevEnd // restore position to right after leading whitespace
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ err := jsonwire.NewInvalidCharacterError(d.buf[pos:], where)
+ return wrapSyntacticError(d, err, pos, 0)
+}
+
+// SkipValue is semantically equivalent to calling [Decoder.ReadValue] and discarding
+// the result except that memory is not wasted trying to hold the entire result.
+func (d *Decoder) SkipValue() error {
+ return d.s.SkipValue()
+}
+func (d *decoderState) SkipValue() error {
+ switch d.PeekKind() {
+ case '{', '[':
+ // For JSON objects and arrays, keep skipping all tokens
+ // until the depth matches the starting depth.
+ depth := d.Tokens.Depth()
+ for {
+ if _, err := d.ReadToken(); err != nil {
+ return err
+ }
+ if depth >= d.Tokens.Depth() {
+ return nil
+ }
+ }
+ default:
+ // Trying to skip a value when the next token is a '}' or ']'
+ // will result in an error being returned here.
+ var flags jsonwire.ValueFlags
+ if _, err := d.ReadValue(&flags); err != nil {
+ return err
+ }
+ return nil
+ }
+}
+
+// SkipValueRemainder skips the remainder of a value
+// after reading a '{' or '[' token.
+func (d *decoderState) SkipValueRemainder() error {
+ if d.Tokens.Depth()-1 > 0 && d.Tokens.Last.Length() == 0 {
+ for n := d.Tokens.Depth(); d.Tokens.Depth() >= n; {
+ if _, err := d.ReadToken(); err != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}
+
+// SkipUntil skips all tokens until the state machine
+// is at or past the specified depth and length.
+func (d *decoderState) SkipUntil(depth int, length int64) error {
+ for d.Tokens.Depth() > depth || (d.Tokens.Depth() == depth && d.Tokens.Last.Length() < length) {
+ if _, err := d.ReadToken(); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// ReadToken reads the next [Token], advancing the read offset.
+// The returned token is only valid until the next Peek, Read, or Skip call.
+// It returns [io.EOF] if there are no more tokens.
+func (d *Decoder) ReadToken() (Token, error) {
+ return d.s.ReadToken()
+}
+func (d *decoderState) ReadToken() (Token, error) {
+ // Determine the next kind.
+ var err error
+ var next Kind
+ pos := d.peekPos
+ if pos != 0 {
+ // Use cached peek result.
+ if d.peekErr != nil {
+ err := d.peekErr
+ d.peekPos, d.peekErr = 0, nil // possibly a transient I/O error
+ return Token{}, err
+ }
+ next = Kind(d.buf[pos]).normalize()
+ d.peekPos = 0 // reset cache
+ } else {
+ d.invalidatePreviousRead()
+ pos = d.prevEnd
+
+ // Consume leading whitespace.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ if err == io.ErrUnexpectedEOF && d.Tokens.Depth() == 1 {
+ err = io.EOF // EOF possibly if no Tokens present after top-level value
+ }
+ return Token{}, wrapSyntacticError(d, err, pos, 0)
+ }
+ }
+
+ // Consume colon or comma.
+ var delim byte
+ if c := d.buf[pos]; c == ':' || c == ',' {
+ delim = c
+ pos += 1
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ err = wrapSyntacticError(d, err, pos, 0)
+ return Token{}, d.checkDelimBeforeIOError(delim, err)
+ }
+ }
+ }
+ next = Kind(d.buf[pos]).normalize()
+ if d.Tokens.needDelim(next) != delim {
+ return Token{}, d.checkDelim(delim, next)
+ }
+ }
+
+ // Handle the next token.
+ var n int
+ switch next {
+ case 'n':
+ if jsonwire.ConsumeNull(d.buf[pos:]) == 0 {
+ pos, err = d.consumeLiteral(pos, "null")
+ if err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos, +1)
+ }
+ } else {
+ pos += len("null")
+ }
+ if err = d.Tokens.appendLiteral(); err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos-len("null"), +1) // report position at start of literal
+ }
+ d.prevStart, d.prevEnd = pos, pos
+ return Null, nil
+
+ case 'f':
+ if jsonwire.ConsumeFalse(d.buf[pos:]) == 0 {
+ pos, err = d.consumeLiteral(pos, "false")
+ if err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos, +1)
+ }
+ } else {
+ pos += len("false")
+ }
+ if err = d.Tokens.appendLiteral(); err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos-len("false"), +1) // report position at start of literal
+ }
+ d.prevStart, d.prevEnd = pos, pos
+ return False, nil
+
+ case 't':
+ if jsonwire.ConsumeTrue(d.buf[pos:]) == 0 {
+ pos, err = d.consumeLiteral(pos, "true")
+ if err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos, +1)
+ }
+ } else {
+ pos += len("true")
+ }
+ if err = d.Tokens.appendLiteral(); err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos-len("true"), +1) // report position at start of literal
+ }
+ d.prevStart, d.prevEnd = pos, pos
+ return True, nil
+
+ case '"':
+ var flags jsonwire.ValueFlags // TODO: Preserve this in Token?
+ if n = jsonwire.ConsumeSimpleString(d.buf[pos:]); n == 0 {
+ oldAbsPos := d.baseOffset + int64(pos)
+ pos, err = d.consumeString(&flags, pos)
+ newAbsPos := d.baseOffset + int64(pos)
+ n = int(newAbsPos - oldAbsPos)
+ if err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos, +1)
+ }
+ } else {
+ pos += n
+ }
+ if d.Tokens.Last.NeedObjectName() {
+ if !d.Flags.Get(jsonflags.AllowDuplicateNames) {
+ if !d.Tokens.Last.isValidNamespace() {
+ return Token{}, wrapSyntacticError(d, errInvalidNamespace, pos-n, +1)
+ }
+ if d.Tokens.Last.isActiveNamespace() && !d.Namespaces.Last().insertQuoted(d.buf[pos-n:pos], flags.IsVerbatim()) {
+ err = wrapWithObjectName(ErrDuplicateName, d.buf[pos-n:pos])
+ return Token{}, wrapSyntacticError(d, err, pos-n, +1) // report position at start of string
+ }
+ }
+ d.Names.ReplaceLastQuotedOffset(pos - n) // only replace if insertQuoted succeeds
+ }
+ if err = d.Tokens.appendString(); err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos-n, +1) // report position at start of string
+ }
+ d.prevStart, d.prevEnd = pos-n, pos
+ return Token{raw: &d.decodeBuffer, num: uint64(d.previousOffsetStart())}, nil
+
+ case '0':
+ // NOTE: Since JSON numbers are not self-terminating,
+ // we need to make sure that the next byte is not part of a number.
+ if n = jsonwire.ConsumeSimpleNumber(d.buf[pos:]); n == 0 || d.needMore(pos+n) {
+ oldAbsPos := d.baseOffset + int64(pos)
+ pos, err = d.consumeNumber(pos)
+ newAbsPos := d.baseOffset + int64(pos)
+ n = int(newAbsPos - oldAbsPos)
+ if err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos, +1)
+ }
+ } else {
+ pos += n
+ }
+ if err = d.Tokens.appendNumber(); err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos-n, +1) // report position at start of number
+ }
+ d.prevStart, d.prevEnd = pos-n, pos
+ return Token{raw: &d.decodeBuffer, num: uint64(d.previousOffsetStart())}, nil
+
+ case '{':
+ if err = d.Tokens.pushObject(); err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos, +1)
+ }
+ d.Names.push()
+ if !d.Flags.Get(jsonflags.AllowDuplicateNames) {
+ d.Namespaces.push()
+ }
+ pos += 1
+ d.prevStart, d.prevEnd = pos, pos
+ return BeginObject, nil
+
+ case '}':
+ if err = d.Tokens.popObject(); err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos, +1)
+ }
+ d.Names.pop()
+ if !d.Flags.Get(jsonflags.AllowDuplicateNames) {
+ d.Namespaces.pop()
+ }
+ pos += 1
+ d.prevStart, d.prevEnd = pos, pos
+ return EndObject, nil
+
+ case '[':
+ if err = d.Tokens.pushArray(); err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos, +1)
+ }
+ pos += 1
+ d.prevStart, d.prevEnd = pos, pos
+ return BeginArray, nil
+
+ case ']':
+ if err = d.Tokens.popArray(); err != nil {
+ return Token{}, wrapSyntacticError(d, err, pos, +1)
+ }
+ pos += 1
+ d.prevStart, d.prevEnd = pos, pos
+ return EndArray, nil
+
+ default:
+ err = jsonwire.NewInvalidCharacterError(d.buf[pos:], "at start of value")
+ return Token{}, wrapSyntacticError(d, err, pos, +1)
+ }
+}
+
+// ReadValue returns the next raw JSON value, advancing the read offset.
+// The value is stripped of any leading or trailing whitespace and
+// contains the exact bytes of the input, which may contain invalid UTF-8
+// if [AllowInvalidUTF8] is specified.
+//
+// The returned value is only valid until the next Peek, Read, or Skip call and
+// may not be mutated while the Decoder remains in use.
+// If the decoder is currently at the end token for an object or array,
+// then it reports a [SyntacticError] and the internal state remains unchanged.
+// It returns [io.EOF] if there are no more values.
+func (d *Decoder) ReadValue() (Value, error) {
+ var flags jsonwire.ValueFlags
+ return d.s.ReadValue(&flags)
+}
+func (d *decoderState) ReadValue(flags *jsonwire.ValueFlags) (Value, error) {
+ // Determine the next kind.
+ var err error
+ var next Kind
+ pos := d.peekPos
+ if pos != 0 {
+ // Use cached peek result.
+ if d.peekErr != nil {
+ err := d.peekErr
+ d.peekPos, d.peekErr = 0, nil // possibly a transient I/O error
+ return nil, err
+ }
+ next = Kind(d.buf[pos]).normalize()
+ d.peekPos = 0 // reset cache
+ } else {
+ d.invalidatePreviousRead()
+ pos = d.prevEnd
+
+ // Consume leading whitespace.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ if err == io.ErrUnexpectedEOF && d.Tokens.Depth() == 1 {
+ err = io.EOF // EOF possibly if no Tokens present after top-level value
+ }
+ return nil, wrapSyntacticError(d, err, pos, 0)
+ }
+ }
+
+ // Consume colon or comma.
+ var delim byte
+ if c := d.buf[pos]; c == ':' || c == ',' {
+ delim = c
+ pos += 1
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ err = wrapSyntacticError(d, err, pos, 0)
+ return nil, d.checkDelimBeforeIOError(delim, err)
+ }
+ }
+ }
+ next = Kind(d.buf[pos]).normalize()
+ if d.Tokens.needDelim(next) != delim {
+ return nil, d.checkDelim(delim, next)
+ }
+ }
+
+ // Handle the next value.
+ oldAbsPos := d.baseOffset + int64(pos)
+ pos, err = d.consumeValue(flags, pos, d.Tokens.Depth())
+ newAbsPos := d.baseOffset + int64(pos)
+ n := int(newAbsPos - oldAbsPos)
+ if err != nil {
+ return nil, wrapSyntacticError(d, err, pos, +1)
+ }
+ switch next {
+ case 'n', 't', 'f':
+ err = d.Tokens.appendLiteral()
+ case '"':
+ if d.Tokens.Last.NeedObjectName() {
+ if !d.Flags.Get(jsonflags.AllowDuplicateNames) {
+ if !d.Tokens.Last.isValidNamespace() {
+ err = errInvalidNamespace
+ break
+ }
+ if d.Tokens.Last.isActiveNamespace() && !d.Namespaces.Last().insertQuoted(d.buf[pos-n:pos], flags.IsVerbatim()) {
+ err = wrapWithObjectName(ErrDuplicateName, d.buf[pos-n:pos])
+ break
+ }
+ }
+ d.Names.ReplaceLastQuotedOffset(pos - n) // only replace if insertQuoted succeeds
+ }
+ err = d.Tokens.appendString()
+ case '0':
+ err = d.Tokens.appendNumber()
+ case '{':
+ if err = d.Tokens.pushObject(); err != nil {
+ break
+ }
+ if err = d.Tokens.popObject(); err != nil {
+ panic("BUG: popObject should never fail immediately after pushObject: " + err.Error())
+ }
+ case '[':
+ if err = d.Tokens.pushArray(); err != nil {
+ break
+ }
+ if err = d.Tokens.popArray(); err != nil {
+ panic("BUG: popArray should never fail immediately after pushArray: " + err.Error())
+ }
+ }
+ if err != nil {
+ return nil, wrapSyntacticError(d, err, pos-n, +1) // report position at start of value
+ }
+ d.prevEnd = pos
+ d.prevStart = pos - n
+ return d.buf[pos-n : pos : pos], nil
+}
+
+// CheckNextValue checks whether the next value is syntactically valid,
+// but does not advance the read offset.
+// If last, it verifies that the stream cleanly terminates with [io.EOF].
+func (d *decoderState) CheckNextValue(last bool) error {
+ d.PeekKind() // populates d.peekPos and d.peekErr
+ pos, err := d.peekPos, d.peekErr
+ d.peekPos, d.peekErr = 0, nil
+ if err != nil {
+ return err
+ }
+
+ var flags jsonwire.ValueFlags
+ if pos, err := d.consumeValue(&flags, pos, d.Tokens.Depth()); err != nil {
+ return wrapSyntacticError(d, err, pos, +1)
+ } else if last {
+ return d.checkEOF(pos)
+ }
+ return nil
+}
+
+// CheckEOF verifies that the input has no more data.
+func (d *decoderState) CheckEOF() error {
+ return d.checkEOF(d.prevEnd)
+}
+func (d *decoderState) checkEOF(pos int) error {
+ switch pos, err := d.consumeWhitespace(pos); err {
+ case nil:
+ err := jsonwire.NewInvalidCharacterError(d.buf[pos:], "after top-level value")
+ return wrapSyntacticError(d, err, pos, 0)
+ case io.ErrUnexpectedEOF:
+ return nil
+ default:
+ return err
+ }
+}
+
+// consumeWhitespace consumes all whitespace starting at d.buf[pos:].
+// It returns the new position in d.buf immediately after the last whitespace.
+// If it returns nil, there is guaranteed to at least be one unread byte.
+//
+// The following pattern is common in this implementation:
+//
+// pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+// if d.needMore(pos) {
+// if pos, err = d.consumeWhitespace(pos); err != nil {
+// return ...
+// }
+// }
+//
+// It is difficult to simplify this without sacrificing performance since
+// consumeWhitespace must be inlined. The body of the if statement is
+// executed only in rare situations where we need to fetch more data.
+// Since fetching may return an error, we also need to check the error.
+func (d *decoderState) consumeWhitespace(pos int) (newPos int, err error) {
+ for {
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ absPos := d.baseOffset + int64(pos)
+ err = d.fetch() // will mutate d.buf and invalidate pos
+ pos = int(absPos - d.baseOffset)
+ if err != nil {
+ return pos, err
+ }
+ continue
+ }
+ return pos, nil
+ }
+}
+
+// consumeValue consumes a single JSON value starting at d.buf[pos:].
+// It returns the new position in d.buf immediately after the value.
+func (d *decoderState) consumeValue(flags *jsonwire.ValueFlags, pos, depth int) (newPos int, err error) {
+ for {
+ var n int
+ var err error
+ switch next := Kind(d.buf[pos]).normalize(); next {
+ case 'n':
+ if n = jsonwire.ConsumeNull(d.buf[pos:]); n == 0 {
+ n, err = jsonwire.ConsumeLiteral(d.buf[pos:], "null")
+ }
+ case 'f':
+ if n = jsonwire.ConsumeFalse(d.buf[pos:]); n == 0 {
+ n, err = jsonwire.ConsumeLiteral(d.buf[pos:], "false")
+ }
+ case 't':
+ if n = jsonwire.ConsumeTrue(d.buf[pos:]); n == 0 {
+ n, err = jsonwire.ConsumeLiteral(d.buf[pos:], "true")
+ }
+ case '"':
+ if n = jsonwire.ConsumeSimpleString(d.buf[pos:]); n == 0 {
+ return d.consumeString(flags, pos)
+ }
+ case '0':
+ // NOTE: Since JSON numbers are not self-terminating,
+ // we need to make sure that the next byte is not part of a number.
+ if n = jsonwire.ConsumeSimpleNumber(d.buf[pos:]); n == 0 || d.needMore(pos+n) {
+ return d.consumeNumber(pos)
+ }
+ case '{':
+ return d.consumeObject(flags, pos, depth)
+ case '[':
+ return d.consumeArray(flags, pos, depth)
+ default:
+ if (d.Tokens.Last.isObject() && next == ']') || (d.Tokens.Last.isArray() && next == '}') {
+ return pos, errMismatchDelim
+ }
+ return pos, jsonwire.NewInvalidCharacterError(d.buf[pos:], "at start of value")
+ }
+ if err == io.ErrUnexpectedEOF {
+ absPos := d.baseOffset + int64(pos)
+ err = d.fetch() // will mutate d.buf and invalidate pos
+ pos = int(absPos - d.baseOffset)
+ if err != nil {
+ return pos + n, err
+ }
+ continue
+ }
+ return pos + n, err
+ }
+}
+
+// consumeLiteral consumes a single JSON literal starting at d.buf[pos:].
+// It returns the new position in d.buf immediately after the literal.
+func (d *decoderState) consumeLiteral(pos int, lit string) (newPos int, err error) {
+ for {
+ n, err := jsonwire.ConsumeLiteral(d.buf[pos:], lit)
+ if err == io.ErrUnexpectedEOF {
+ absPos := d.baseOffset + int64(pos)
+ err = d.fetch() // will mutate d.buf and invalidate pos
+ pos = int(absPos - d.baseOffset)
+ if err != nil {
+ return pos + n, err
+ }
+ continue
+ }
+ return pos + n, err
+ }
+}
+
+// consumeString consumes a single JSON string starting at d.buf[pos:].
+// It returns the new position in d.buf immediately after the string.
+func (d *decoderState) consumeString(flags *jsonwire.ValueFlags, pos int) (newPos int, err error) {
+ var n int
+ for {
+ n, err = jsonwire.ConsumeStringResumable(flags, d.buf[pos:], n, !d.Flags.Get(jsonflags.AllowInvalidUTF8))
+ if err == io.ErrUnexpectedEOF {
+ absPos := d.baseOffset + int64(pos)
+ err = d.fetch() // will mutate d.buf and invalidate pos
+ pos = int(absPos - d.baseOffset)
+ if err != nil {
+ return pos + n, err
+ }
+ continue
+ }
+ return pos + n, err
+ }
+}
+
+// consumeNumber consumes a single JSON number starting at d.buf[pos:].
+// It returns the new position in d.buf immediately after the number.
+func (d *decoderState) consumeNumber(pos int) (newPos int, err error) {
+ var n int
+ var state jsonwire.ConsumeNumberState
+ for {
+ n, state, err = jsonwire.ConsumeNumberResumable(d.buf[pos:], n, state)
+ // NOTE: Since JSON numbers are not self-terminating,
+ // we need to make sure that the next byte is not part of a number.
+ if err == io.ErrUnexpectedEOF || d.needMore(pos+n) {
+ mayTerminate := err == nil
+ absPos := d.baseOffset + int64(pos)
+ err = d.fetch() // will mutate d.buf and invalidate pos
+ pos = int(absPos - d.baseOffset)
+ if err != nil {
+ if mayTerminate && err == io.ErrUnexpectedEOF {
+ return pos + n, nil
+ }
+ return pos, err
+ }
+ continue
+ }
+ return pos + n, err
+ }
+}
+
+// consumeObject consumes a single JSON object starting at d.buf[pos:].
+// It returns the new position in d.buf immediately after the object.
+func (d *decoderState) consumeObject(flags *jsonwire.ValueFlags, pos, depth int) (newPos int, err error) {
+ var n int
+ var names *objectNamespace
+ if !d.Flags.Get(jsonflags.AllowDuplicateNames) {
+ d.Namespaces.push()
+ defer d.Namespaces.pop()
+ names = d.Namespaces.Last()
+ }
+
+ // Handle before start.
+ if uint(pos) >= uint(len(d.buf)) || d.buf[pos] != '{' {
+ panic("BUG: consumeObject must be called with a buffer that starts with '{'")
+ } else if depth == maxNestingDepth+1 {
+ return pos, errMaxDepth
+ }
+ pos++
+
+ // Handle after start.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ return pos, err
+ }
+ }
+ if d.buf[pos] == '}' {
+ pos++
+ return pos, nil
+ }
+
+ depth++
+ for {
+ // Handle before name.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ return pos, err
+ }
+ }
+ var flags2 jsonwire.ValueFlags
+ if n = jsonwire.ConsumeSimpleString(d.buf[pos:]); n == 0 {
+ oldAbsPos := d.baseOffset + int64(pos)
+ pos, err = d.consumeString(&flags2, pos)
+ newAbsPos := d.baseOffset + int64(pos)
+ n = int(newAbsPos - oldAbsPos)
+ flags.Join(flags2)
+ if err != nil {
+ return pos, err
+ }
+ } else {
+ pos += n
+ }
+ quotedName := d.buf[pos-n : pos]
+ if !d.Flags.Get(jsonflags.AllowDuplicateNames) && !names.insertQuoted(quotedName, flags2.IsVerbatim()) {
+ return pos - n, wrapWithObjectName(ErrDuplicateName, quotedName)
+ }
+
+ // Handle after name.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ return pos, wrapWithObjectName(err, quotedName)
+ }
+ }
+ if d.buf[pos] != ':' {
+ err := jsonwire.NewInvalidCharacterError(d.buf[pos:], "after object name (expecting ':')")
+ return pos, wrapWithObjectName(err, quotedName)
+ }
+ pos++
+
+ // Handle before value.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ return pos, wrapWithObjectName(err, quotedName)
+ }
+ }
+ pos, err = d.consumeValue(flags, pos, depth)
+ if err != nil {
+ return pos, wrapWithObjectName(err, quotedName)
+ }
+
+ // Handle after value.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ return pos, err
+ }
+ }
+ switch d.buf[pos] {
+ case ',':
+ pos++
+ continue
+ case '}':
+ pos++
+ return pos, nil
+ default:
+ return pos, jsonwire.NewInvalidCharacterError(d.buf[pos:], "after object value (expecting ',' or '}')")
+ }
+ }
+}
+
+// consumeArray consumes a single JSON array starting at d.buf[pos:].
+// It returns the new position in d.buf immediately after the array.
+func (d *decoderState) consumeArray(flags *jsonwire.ValueFlags, pos, depth int) (newPos int, err error) {
+ // Handle before start.
+ if uint(pos) >= uint(len(d.buf)) || d.buf[pos] != '[' {
+ panic("BUG: consumeArray must be called with a buffer that starts with '['")
+ } else if depth == maxNestingDepth+1 {
+ return pos, errMaxDepth
+ }
+ pos++
+
+ // Handle after start.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ return pos, err
+ }
+ }
+ if d.buf[pos] == ']' {
+ pos++
+ return pos, nil
+ }
+
+ var idx int64
+ depth++
+ for {
+ // Handle before value.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ return pos, err
+ }
+ }
+ pos, err = d.consumeValue(flags, pos, depth)
+ if err != nil {
+ return pos, wrapWithArrayIndex(err, idx)
+ }
+
+ // Handle after value.
+ pos += jsonwire.ConsumeWhitespace(d.buf[pos:])
+ if d.needMore(pos) {
+ if pos, err = d.consumeWhitespace(pos); err != nil {
+ return pos, err
+ }
+ }
+ switch d.buf[pos] {
+ case ',':
+ pos++
+ idx++
+ continue
+ case ']':
+ pos++
+ return pos, nil
+ default:
+ return pos, jsonwire.NewInvalidCharacterError(d.buf[pos:], "after array element (expecting ',' or ']')")
+ }
+ }
+}
+
+// InputOffset returns the current input byte offset. It gives the location
+// of the next byte immediately after the most recently returned token or value.
+// The number of bytes actually read from the underlying [io.Reader] may be more
+// than this offset due to internal buffering effects.
+func (d *Decoder) InputOffset() int64 {
+ return d.s.previousOffsetEnd()
+}
+
+// UnreadBuffer returns the data remaining in the unread buffer,
+// which may contain zero or more bytes.
+// The returned buffer must not be mutated while Decoder continues to be used.
+// The buffer contents are valid until the next Peek, Read, or Skip call.
+func (d *Decoder) UnreadBuffer() []byte {
+ return d.s.unreadBuffer()
+}
+
+// StackDepth returns the depth of the state machine for read JSON data.
+// Each level on the stack represents a nested JSON object or array.
+// It is incremented whenever an [BeginObject] or [BeginArray] token is encountered
+// and decremented whenever an [EndObject] or [EndArray] token is encountered.
+// The depth is zero-indexed, where zero represents the top-level JSON value.
+func (d *Decoder) StackDepth() int {
+ // NOTE: Keep in sync with Encoder.StackDepth.
+ return d.s.Tokens.Depth() - 1
+}
+
+// StackIndex returns information about the specified stack level.
+// It must be a number between 0 and [Decoder.StackDepth], inclusive.
+// For each level, it reports the kind:
+//
+// - 0 for a level of zero,
+// - '{' for a level representing a JSON object, and
+// - '[' for a level representing a JSON array.
+//
+// It also reports the length of that JSON object or array.
+// Each name and value in a JSON object is counted separately,
+// so the effective number of members would be half the length.
+// A complete JSON object must have an even length.
+func (d *Decoder) StackIndex(i int) (Kind, int64) {
+ // NOTE: Keep in sync with Encoder.StackIndex.
+ switch s := d.s.Tokens.index(i); {
+ case i > 0 && s.isObject():
+ return '{', s.Length()
+ case i > 0 && s.isArray():
+ return '[', s.Length()
+ default:
+ return 0, s.Length()
+ }
+}
+
+// StackPointer returns a JSON Pointer (RFC 6901) to the most recently read value.
+func (d *Decoder) StackPointer() Pointer {
+ return Pointer(d.s.AppendStackPointer(nil, -1))
+}
+
+func (d *decoderState) AppendStackPointer(b []byte, where int) []byte {
+ d.Names.copyQuotedBuffer(d.buf)
+ return d.state.appendStackPointer(b, where)
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/doc.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/doc.go
new file mode 100644
index 000000000..22081df05
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/doc.go
@@ -0,0 +1,111 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+// Package jsontext implements syntactic processing of JSON
+// as specified in RFC 4627, RFC 7159, RFC 7493, RFC 8259, and RFC 8785.
+// JSON is a simple data interchange format that can represent
+// primitive data types such as booleans, strings, and numbers,
+// in addition to structured data types such as objects and arrays.
+//
+// The [Encoder] and [Decoder] types are used to encode or decode
+// a stream of JSON tokens or values.
+//
+// # Tokens and Values
+//
+// A JSON token refers to the basic structural elements of JSON:
+//
+// - a JSON literal (i.e., null, true, or false)
+// - a JSON string (e.g., "hello, world!")
+// - a JSON number (e.g., 123.456)
+// - a begin or end delimiter for a JSON object (i.e., '{' or '}')
+// - a begin or end delimiter for a JSON array (i.e., '[' or ']')
+//
+// A JSON token is represented by the [Token] type in Go. Technically,
+// there are two additional structural characters (i.e., ':' and ','),
+// but there is no [Token] representation for them since their presence
+// can be inferred by the structure of the JSON grammar itself.
+// For example, there must always be an implicit colon between
+// the name and value of a JSON object member.
+//
+// A JSON value refers to a complete unit of JSON data:
+//
+// - a JSON literal, string, or number
+// - a JSON object (e.g., `{"name":"value"}`)
+// - a JSON array (e.g., `[1,2,3,]`)
+//
+// A JSON value is represented by the [Value] type in Go and is a []byte
+// containing the raw textual representation of the value. There is some overlap
+// between tokens and values as both contain literals, strings, and numbers.
+// However, only a value can represent the entirety of a JSON object or array.
+//
+// The [Encoder] and [Decoder] types contain methods to read or write the next
+// [Token] or [Value] in a sequence. They maintain a state machine to validate
+// whether the sequence of JSON tokens and/or values produces a valid JSON.
+// [Options] may be passed to the [NewEncoder] or [NewDecoder] constructors
+// to configure the syntactic behavior of encoding and decoding.
+//
+// # Terminology
+//
+// The terms "encode" and "decode" are used for syntactic functionality
+// that is concerned with processing JSON based on its grammar, and
+// the terms "marshal" and "unmarshal" are used for semantic functionality
+// that determines the meaning of JSON values as Go values and vice-versa.
+// This package (i.e., [jsontext]) deals with JSON at a syntactic layer,
+// while [encoding/json/v2] deals with JSON at a semantic layer.
+// The goal is to provide a clear distinction between functionality that
+// is purely concerned with encoding versus that of marshaling.
+// For example, one can directly encode a stream of JSON tokens without
+// needing to marshal a concrete Go value representing them.
+// Similarly, one can decode a stream of JSON tokens without
+// needing to unmarshal them into a concrete Go value.
+//
+// This package uses JSON terminology when discussing JSON, which may differ
+// from related concepts in Go or elsewhere in computing literature.
+//
+// - a JSON "object" refers to an unordered collection of name/value members.
+// - a JSON "array" refers to an ordered sequence of elements.
+// - a JSON "value" refers to either a literal (i.e., null, false, or true),
+// string, number, object, or array.
+//
+// See RFC 8259 for more information.
+//
+// # Specifications
+//
+// Relevant specifications include RFC 4627, RFC 7159, RFC 7493, RFC 8259,
+// and RFC 8785. Each RFC is generally a stricter subset of another RFC.
+// In increasing order of strictness:
+//
+// - RFC 4627 and RFC 7159 do not require (but recommend) the use of UTF-8
+// and also do not require (but recommend) that object names be unique.
+// - RFC 8259 requires the use of UTF-8,
+// but does not require (but recommends) that object names be unique.
+// - RFC 7493 requires the use of UTF-8
+// and also requires that object names be unique.
+// - RFC 8785 defines a canonical representation. It requires the use of UTF-8
+// and also requires that object names be unique and in a specific ordering.
+// It specifies exactly how strings and numbers must be formatted.
+//
+// The primary difference between RFC 4627 and RFC 7159 is that the former
+// restricted top-level values to only JSON objects and arrays, while
+// RFC 7159 and subsequent RFCs permit top-level values to additionally be
+// JSON nulls, booleans, strings, or numbers.
+//
+// By default, this package operates on RFC 7493, but can be configured
+// to operate according to the other RFC specifications.
+// RFC 7493 is a stricter subset of RFC 8259 and fully compliant with it.
+// In particular, it makes specific choices about behavior that RFC 8259
+// leaves as undefined in order to ensure greater interoperability.
+//
+// # Security Considerations
+//
+// See the "Security Considerations" section in [encoding/json/v2].
+package jsontext
+
+// requireKeyedLiterals can be embedded in a struct to require keyed literals.
+type requireKeyedLiterals struct{}
+
+// nonComparable can be embedded in a struct to prevent comparability.
+type nonComparable [0]func()
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/encode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/encode.go
new file mode 100644
index 000000000..c2e88045a
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/encode.go
@@ -0,0 +1,977 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsontext
+
+import (
+ "bytes"
+ "io"
+ "math/bits"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+)
+
+// Encoder is a streaming encoder from raw JSON tokens and values.
+// It is used to write a stream of top-level JSON values,
+// each terminated with a newline character.
+//
+// [Encoder.WriteToken] and [Encoder.WriteValue] calls may be interleaved.
+// For example, the following JSON value:
+//
+// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}}
+//
+// can be composed with the following calls (ignoring errors for brevity):
+//
+// e.WriteToken(BeginObject) // {
+// e.WriteToken(String("name")) // "name"
+// e.WriteToken(String("value")) // "value"
+// e.WriteValue(Value(`"array"`)) // "array"
+// e.WriteToken(BeginArray) // [
+// e.WriteToken(Null) // null
+// e.WriteToken(False) // false
+// e.WriteValue(Value("true")) // true
+// e.WriteToken(Float(3.14159)) // 3.14159
+// e.WriteToken(EndArray) // ]
+// e.WriteValue(Value(`"object"`)) // "object"
+// e.WriteValue(Value(`{"k":"v"}`)) // {"k":"v"}
+// e.WriteToken(EndObject) // }
+//
+// The above is one of many possible sequence of calls and
+// may not represent the most sensible method to call for any given token/value.
+// For example, it is probably more common to call [Encoder.WriteToken] with a string
+// for object names.
+type Encoder struct {
+ s encoderState
+}
+
+// encoderState is the low-level state of Encoder.
+// It has exported fields and method for use by the "json" package.
+type encoderState struct {
+ state
+ encodeBuffer
+ jsonopts.Struct
+
+ SeenPointers map[any]struct{} // only used when marshaling; identical to json.seenPointers
+}
+
+// encodeBuffer is a buffer split into 2 segments:
+//
+// - buf[0:len(buf)] // written (but unflushed) portion of the buffer
+// - buf[len(buf):cap(buf)] // unused portion of the buffer
+type encodeBuffer struct {
+ Buf []byte // may alias wr if it is a bytes.Buffer
+
+ // baseOffset is added to len(buf) to obtain the absolute offset
+ // relative to the start of io.Writer stream.
+ baseOffset int64
+
+ wr io.Writer
+
+ // maxValue is the approximate maximum Value size passed to WriteValue.
+ maxValue int
+ // availBuffer is the buffer returned by the AvailableBuffer method.
+ availBuffer []byte // always has zero length
+ // bufStats is statistics about buffer utilization.
+ // It is only used with pooled encoders in pools.go.
+ bufStats bufferStatistics
+}
+
+// NewEncoder constructs a new streaming encoder writing to w
+// configured with the provided options.
+// It flushes the internal buffer when the buffer is sufficiently full or
+// when a top-level value has been written.
+//
+// If w is a [bytes.Buffer], then the encoder appends directly into the buffer
+// without copying the contents from an intermediate buffer.
+func NewEncoder(w io.Writer, opts ...Options) *Encoder {
+ e := new(Encoder)
+ e.Reset(w, opts...)
+ return e
+}
+
+// Reset resets an encoder such that it is writing afresh to w and
+// configured with the provided options. Reset must not be called on
+// a Encoder passed to the [encoding/json/v2.MarshalerTo.MarshalJSONTo] method
+// or the [encoding/json/v2.MarshalToFunc] function.
+func (e *Encoder) Reset(w io.Writer, opts ...Options) {
+ switch {
+ case e == nil:
+ panic("jsontext: invalid nil Encoder")
+ case w == nil:
+ panic("jsontext: invalid nil io.Writer")
+ case e.s.Flags.Get(jsonflags.WithinArshalCall):
+ panic("jsontext: cannot reset Encoder passed to json.MarshalerTo")
+ }
+ // Reuse the buffer if it does not alias a previous [bytes.Buffer].
+ b := e.s.Buf[:0]
+ if _, ok := e.s.wr.(*bytes.Buffer); ok {
+ b = nil
+ }
+ e.s.reset(b, w, opts...)
+}
+
+func (e *encoderState) reset(b []byte, w io.Writer, opts ...Options) {
+ e.state.reset()
+ e.encodeBuffer = encodeBuffer{Buf: b, wr: w, availBuffer: e.availBuffer, bufStats: e.bufStats}
+ if bb, ok := w.(*bytes.Buffer); ok && bb != nil {
+ e.Buf = bb.AvailableBuffer() // alias the unused buffer of bb
+ }
+ opts2 := jsonopts.Struct{} // avoid mutating e.Struct in case it is part of opts
+ opts2.Join(opts...)
+ e.Struct = opts2
+ if e.Flags.Get(jsonflags.Multiline) {
+ if !e.Flags.Has(jsonflags.SpaceAfterColon) {
+ e.Flags.Set(jsonflags.SpaceAfterColon | 1)
+ }
+ if !e.Flags.Has(jsonflags.SpaceAfterComma) {
+ e.Flags.Set(jsonflags.SpaceAfterComma | 0)
+ }
+ if !e.Flags.Has(jsonflags.Indent) {
+ e.Flags.Set(jsonflags.Indent | 1)
+ e.Indent = "\t"
+ }
+ }
+}
+
+// Options returns the options used to construct the decoder and
+// may additionally contain semantic options passed to a
+// [encoding/json/v2.MarshalEncode] call.
+//
+// If operating within
+// a [encoding/json/v2.MarshalerTo.MarshalJSONTo] method call or
+// a [encoding/json/v2.MarshalToFunc] function call,
+// then the returned options are only valid within the call.
+func (e *Encoder) Options() Options {
+ return &e.s.Struct
+}
+
+// NeedFlush determines whether to flush at this point.
+func (e *encoderState) NeedFlush() bool {
+ // NOTE: This function is carefully written to be inlinable.
+
+ // Avoid flushing if e.wr is nil since there is no underlying writer.
+ // Flush if less than 25% of the capacity remains.
+ // Flushing at some constant fraction ensures that the buffer stops growing
+ // so long as the largest Token or Value fits within that unused capacity.
+ return e.wr != nil && (e.Tokens.Depth() == 1 || len(e.Buf) > 3*cap(e.Buf)/4)
+}
+
+// Flush flushes the buffer to the underlying io.Writer.
+// It may append a trailing newline after the top-level value.
+func (e *encoderState) Flush() error {
+ if e.wr == nil || e.avoidFlush() {
+ return nil
+ }
+
+ // In streaming mode, always emit a newline after the top-level value.
+ if e.Tokens.Depth() == 1 && !e.Flags.Get(jsonflags.OmitTopLevelNewline) {
+ e.Buf = append(e.Buf, '\n')
+ }
+
+ // Inform objectNameStack that we are about to flush the buffer content.
+ e.Names.copyQuotedBuffer(e.Buf)
+
+ // Specialize bytes.Buffer for better performance.
+ if bb, ok := e.wr.(*bytes.Buffer); ok {
+ // If e.buf already aliases the internal buffer of bb,
+ // then the Write call simply increments the internal offset,
+ // otherwise Write operates as expected.
+ // See https://go.dev/issue/42986.
+ n, _ := bb.Write(e.Buf) // never fails unless bb is nil
+ e.baseOffset += int64(n)
+
+ // If the internal buffer of bytes.Buffer is too small,
+ // append operations elsewhere in the Encoder may grow the buffer.
+ // This would be semantically correct, but hurts performance.
+ // As such, ensure 25% of the current length is always available
+ // to reduce the probability that other appends must allocate.
+ if avail := bb.Available(); avail < bb.Len()/4 {
+ bb.Grow(avail + 1)
+ }
+
+ e.Buf = bb.AvailableBuffer()
+ return nil
+ }
+
+ // Flush the internal buffer to the underlying io.Writer.
+ n, err := e.wr.Write(e.Buf)
+ e.baseOffset += int64(n)
+ if err != nil {
+ // In the event of an error, preserve the unflushed portion.
+ // Thus, write errors aren't fatal so long as the io.Writer
+ // maintains consistent state after errors.
+ if n > 0 {
+ e.Buf = e.Buf[:copy(e.Buf, e.Buf[n:])]
+ }
+ return &ioError{action: "write", err: err}
+ }
+ e.Buf = e.Buf[:0]
+
+ // Check whether to grow the buffer.
+ // Note that cap(e.buf) may already exceed maxBufferSize since
+ // an append elsewhere already grew it to store a large token.
+ const maxBufferSize = 4 << 10
+ const growthSizeFactor = 2 // higher value is faster
+ const growthRateFactor = 2 // higher value is slower
+ // By default, grow if below the maximum buffer size.
+ grow := cap(e.Buf) <= maxBufferSize/growthSizeFactor
+ // Growing can be expensive, so only grow
+ // if a sufficient number of bytes have been processed.
+ grow = grow && int64(cap(e.Buf)) < e.previousOffsetEnd()/growthRateFactor
+ if grow {
+ e.Buf = make([]byte, 0, cap(e.Buf)*growthSizeFactor)
+ }
+
+ return nil
+}
+func (d *encodeBuffer) offsetAt(pos int) int64 { return d.baseOffset + int64(pos) }
+func (e *encodeBuffer) previousOffsetEnd() int64 { return e.baseOffset + int64(len(e.Buf)) }
+func (e *encodeBuffer) unflushedBuffer() []byte { return e.Buf }
+
+// avoidFlush indicates whether to avoid flushing to ensure there is always
+// enough in the buffer to unwrite the last object member if it were empty.
+func (e *encoderState) avoidFlush() bool {
+ switch {
+ case e.Tokens.Last.Length() == 0:
+ // Never flush after BeginObject or BeginArray since we don't know yet
+ // if the object or array will end up being empty.
+ return true
+ case e.Tokens.Last.needObjectValue():
+ // Never flush before the object value since we don't know yet
+ // if the object value will end up being empty.
+ return true
+ case e.Tokens.Last.NeedObjectName() && len(e.Buf) >= 2:
+ // Never flush after the object value if it does turn out to be empty.
+ switch string(e.Buf[len(e.Buf)-2:]) {
+ case `ll`, `""`, `{}`, `[]`: // last two bytes of every empty value
+ return true
+ }
+ }
+ return false
+}
+
+// UnwriteEmptyObjectMember unwrites the last object member if it is empty
+// and reports whether it performed an unwrite operation.
+func (e *encoderState) UnwriteEmptyObjectMember(prevName *string) bool {
+ if last := e.Tokens.Last; !last.isObject() || !last.NeedObjectName() || last.Length() == 0 {
+ panic("BUG: must be called on an object after writing a value")
+ }
+
+ // The flushing logic is modified to never flush a trailing empty value.
+ // The encoder never writes trailing whitespace eagerly.
+ b := e.unflushedBuffer()
+
+ // Detect whether the last value was empty.
+ var n int
+ if len(b) >= 3 {
+ switch string(b[len(b)-2:]) {
+ case "ll": // last two bytes of `null`
+ n = len(`null`)
+ case `""`:
+ // It is possible for a non-empty string to have `""` as a suffix
+ // if the second to the last quote was escaped.
+ if b[len(b)-3] == '\\' {
+ return false // e.g., `"\""` is not empty
+ }
+ n = len(`""`)
+ case `{}`:
+ n = len(`{}`)
+ case `[]`:
+ n = len(`[]`)
+ }
+ }
+ if n == 0 {
+ return false
+ }
+
+ // Unwrite the value, whitespace, colon, name, whitespace, and comma.
+ b = b[:len(b)-n]
+ b = jsonwire.TrimSuffixWhitespace(b)
+ b = jsonwire.TrimSuffixByte(b, ':')
+ b = jsonwire.TrimSuffixString(b)
+ b = jsonwire.TrimSuffixWhitespace(b)
+ b = jsonwire.TrimSuffixByte(b, ',')
+ e.Buf = b // store back truncated unflushed buffer
+
+ // Undo state changes.
+ e.Tokens.Last.decrement() // for object member value
+ e.Tokens.Last.decrement() // for object member name
+ if !e.Flags.Get(jsonflags.AllowDuplicateNames) {
+ if e.Tokens.Last.isActiveNamespace() {
+ e.Namespaces.Last().removeLast()
+ }
+ }
+ e.Names.clearLast()
+ if prevName != nil {
+ e.Names.copyQuotedBuffer(e.Buf) // required by objectNameStack.replaceLastUnquotedName
+ e.Names.replaceLastUnquotedName(*prevName)
+ }
+ return true
+}
+
+// UnwriteOnlyObjectMemberName unwrites the only object member name
+// and returns the unquoted name.
+func (e *encoderState) UnwriteOnlyObjectMemberName() string {
+ if last := e.Tokens.Last; !last.isObject() || last.Length() != 1 {
+ panic("BUG: must be called on an object after writing first name")
+ }
+
+ // Unwrite the name and whitespace.
+ b := jsonwire.TrimSuffixString(e.Buf)
+ isVerbatim := bytes.IndexByte(e.Buf[len(b):], '\\') < 0
+ name := string(jsonwire.UnquoteMayCopy(e.Buf[len(b):], isVerbatim))
+ e.Buf = jsonwire.TrimSuffixWhitespace(b)
+
+ // Undo state changes.
+ e.Tokens.Last.decrement()
+ if !e.Flags.Get(jsonflags.AllowDuplicateNames) {
+ if e.Tokens.Last.isActiveNamespace() {
+ e.Namespaces.Last().removeLast()
+ }
+ }
+ e.Names.clearLast()
+ return name
+}
+
+// WriteToken writes the next token and advances the internal write offset.
+//
+// The provided token kind must be consistent with the JSON grammar.
+// For example, it is an error to provide a number when the encoder
+// is expecting an object name (which is always a string), or
+// to provide an end object delimiter when the encoder is finishing an array.
+// If the provided token is invalid, then it reports a [SyntacticError] and
+// the internal state remains unchanged. The offset reported
+// in [SyntacticError] will be relative to the [Encoder.OutputOffset].
+func (e *Encoder) WriteToken(t Token) error {
+ return e.s.WriteToken(t)
+}
+func (e *encoderState) WriteToken(t Token) error {
+ k := t.Kind()
+ b := e.Buf // use local variable to avoid mutating e in case of error
+
+ // Append any delimiters or optional whitespace.
+ b = e.Tokens.MayAppendDelim(b, k)
+ if e.Flags.Get(jsonflags.AnyWhitespace) {
+ b = e.appendWhitespace(b, k)
+ }
+ pos := len(b) // offset before the token
+
+ // Append the token to the output and to the state machine.
+ var err error
+ switch k {
+ case 'n':
+ b = append(b, "null"...)
+ err = e.Tokens.appendLiteral()
+ case 'f':
+ b = append(b, "false"...)
+ err = e.Tokens.appendLiteral()
+ case 't':
+ b = append(b, "true"...)
+ err = e.Tokens.appendLiteral()
+ case '"':
+ if b, err = t.appendString(b, &e.Flags); err != nil {
+ break
+ }
+ if e.Tokens.Last.NeedObjectName() {
+ if !e.Flags.Get(jsonflags.AllowDuplicateNames) {
+ if !e.Tokens.Last.isValidNamespace() {
+ err = errInvalidNamespace
+ break
+ }
+ if e.Tokens.Last.isActiveNamespace() && !e.Namespaces.Last().insertQuoted(b[pos:], false) {
+ err = wrapWithObjectName(ErrDuplicateName, b[pos:])
+ break
+ }
+ }
+ e.Names.ReplaceLastQuotedOffset(pos) // only replace if insertQuoted succeeds
+ }
+ err = e.Tokens.appendString()
+ case '0':
+ if b, err = t.appendNumber(b, &e.Flags); err != nil {
+ break
+ }
+ err = e.Tokens.appendNumber()
+ case '{':
+ b = append(b, '{')
+ if err = e.Tokens.pushObject(); err != nil {
+ break
+ }
+ e.Names.push()
+ if !e.Flags.Get(jsonflags.AllowDuplicateNames) {
+ e.Namespaces.push()
+ }
+ case '}':
+ b = append(b, '}')
+ if err = e.Tokens.popObject(); err != nil {
+ break
+ }
+ e.Names.pop()
+ if !e.Flags.Get(jsonflags.AllowDuplicateNames) {
+ e.Namespaces.pop()
+ }
+ case '[':
+ b = append(b, '[')
+ err = e.Tokens.pushArray()
+ case ']':
+ b = append(b, ']')
+ err = e.Tokens.popArray()
+ default:
+ err = errInvalidToken
+ }
+ if err != nil {
+ return wrapSyntacticError(e, err, pos, +1)
+ }
+
+ // Finish off the buffer and store it back into e.
+ e.Buf = b
+ if e.NeedFlush() {
+ return e.Flush()
+ }
+ return nil
+}
+
+// AppendRaw appends either a raw string (without double quotes) or number.
+// Specify safeASCII if the string output is guaranteed to be ASCII
+// without any characters (including '<', '>', and '&') that need escaping,
+// otherwise this will validate whether the string needs escaping.
+// The appended bytes for a JSON number must be valid.
+//
+// This is a specialized implementation of Encoder.WriteValue
+// that allows appending directly into the buffer.
+// It is only called from marshal logic in the "json" package.
+func (e *encoderState) AppendRaw(k Kind, safeASCII bool, appendFn func([]byte) ([]byte, error)) error {
+ b := e.Buf // use local variable to avoid mutating e in case of error
+
+ // Append any delimiters or optional whitespace.
+ b = e.Tokens.MayAppendDelim(b, k)
+ if e.Flags.Get(jsonflags.AnyWhitespace) {
+ b = e.appendWhitespace(b, k)
+ }
+ pos := len(b) // offset before the token
+
+ var err error
+ switch k {
+ case '"':
+ // Append directly into the encoder buffer by assuming that
+ // most of the time none of the characters need escaping.
+ b = append(b, '"')
+ if b, err = appendFn(b); err != nil {
+ return err
+ }
+ b = append(b, '"')
+
+ // Check whether we need to escape the string and if necessary
+ // copy it to a scratch buffer and then escape it back.
+ isVerbatim := safeASCII || !jsonwire.NeedEscape(b[pos+len(`"`):len(b)-len(`"`)])
+ if !isVerbatim {
+ var err error
+ b2 := append(e.availBuffer, b[pos+len(`"`):len(b)-len(`"`)]...)
+ b, err = jsonwire.AppendQuote(b[:pos], string(b2), &e.Flags)
+ e.availBuffer = b2[:0]
+ if err != nil {
+ return wrapSyntacticError(e, err, pos, +1)
+ }
+ }
+
+ // Update the state machine.
+ if e.Tokens.Last.NeedObjectName() {
+ if !e.Flags.Get(jsonflags.AllowDuplicateNames) {
+ if !e.Tokens.Last.isValidNamespace() {
+ return wrapSyntacticError(e, err, pos, +1)
+ }
+ if e.Tokens.Last.isActiveNamespace() && !e.Namespaces.Last().insertQuoted(b[pos:], isVerbatim) {
+ err = wrapWithObjectName(ErrDuplicateName, b[pos:])
+ return wrapSyntacticError(e, err, pos, +1)
+ }
+ }
+ e.Names.ReplaceLastQuotedOffset(pos) // only replace if insertQuoted succeeds
+ }
+ if err := e.Tokens.appendString(); err != nil {
+ return wrapSyntacticError(e, err, pos, +1)
+ }
+ case '0':
+ if b, err = appendFn(b); err != nil {
+ return err
+ }
+ if err := e.Tokens.appendNumber(); err != nil {
+ return wrapSyntacticError(e, err, pos, +1)
+ }
+ default:
+ panic("BUG: invalid kind")
+ }
+
+ // Finish off the buffer and store it back into e.
+ e.Buf = b
+ if e.NeedFlush() {
+ return e.Flush()
+ }
+ return nil
+}
+
+// WriteValue writes the next raw value and advances the internal write offset.
+// The Encoder does not simply copy the provided value verbatim, but
+// parses it to ensure that it is syntactically valid and reformats it
+// according to how the Encoder is configured to format whitespace and strings.
+// If [AllowInvalidUTF8] is specified, then any invalid UTF-8 is mangled
+// as the Unicode replacement character, U+FFFD.
+//
+// The provided value kind must be consistent with the JSON grammar
+// (see examples on [Encoder.WriteToken]). If the provided value is invalid,
+// then it reports a [SyntacticError] and the internal state remains unchanged.
+// The offset reported in [SyntacticError] will be relative to the
+// [Encoder.OutputOffset] plus the offset into v of any encountered syntax error.
+func (e *Encoder) WriteValue(v Value) error {
+ return e.s.WriteValue(v)
+}
+func (e *encoderState) WriteValue(v Value) error {
+ e.maxValue |= len(v) // bitwise OR is a fast approximation of max
+
+ k := v.Kind()
+ b := e.Buf // use local variable to avoid mutating e in case of error
+
+ // Append any delimiters or optional whitespace.
+ b = e.Tokens.MayAppendDelim(b, k)
+ if e.Flags.Get(jsonflags.AnyWhitespace) {
+ b = e.appendWhitespace(b, k)
+ }
+ pos := len(b) // offset before the value
+
+ // Append the value the output.
+ var n int
+ n += jsonwire.ConsumeWhitespace(v[n:])
+ b, m, err := e.reformatValue(b, v[n:], e.Tokens.Depth())
+ if err != nil {
+ return wrapSyntacticError(e, err, pos+n+m, +1)
+ }
+ n += m
+ n += jsonwire.ConsumeWhitespace(v[n:])
+ if len(v) > n {
+ err = jsonwire.NewInvalidCharacterError(v[n:], "after top-level value")
+ return wrapSyntacticError(e, err, pos+n, 0)
+ }
+
+ // Append the kind to the state machine.
+ switch k {
+ case 'n', 'f', 't':
+ err = e.Tokens.appendLiteral()
+ case '"':
+ if e.Tokens.Last.NeedObjectName() {
+ if !e.Flags.Get(jsonflags.AllowDuplicateNames) {
+ if !e.Tokens.Last.isValidNamespace() {
+ err = errInvalidNamespace
+ break
+ }
+ if e.Tokens.Last.isActiveNamespace() && !e.Namespaces.Last().insertQuoted(b[pos:], false) {
+ err = wrapWithObjectName(ErrDuplicateName, b[pos:])
+ break
+ }
+ }
+ e.Names.ReplaceLastQuotedOffset(pos) // only replace if insertQuoted succeeds
+ }
+ err = e.Tokens.appendString()
+ case '0':
+ err = e.Tokens.appendNumber()
+ case '{':
+ if err = e.Tokens.pushObject(); err != nil {
+ break
+ }
+ if err = e.Tokens.popObject(); err != nil {
+ panic("BUG: popObject should never fail immediately after pushObject: " + err.Error())
+ }
+ if e.Flags.Get(jsonflags.ReorderRawObjects) {
+ mustReorderObjects(b[pos:])
+ }
+ case '[':
+ if err = e.Tokens.pushArray(); err != nil {
+ break
+ }
+ if err = e.Tokens.popArray(); err != nil {
+ panic("BUG: popArray should never fail immediately after pushArray: " + err.Error())
+ }
+ if e.Flags.Get(jsonflags.ReorderRawObjects) {
+ mustReorderObjects(b[pos:])
+ }
+ }
+ if err != nil {
+ return wrapSyntacticError(e, err, pos, +1)
+ }
+
+ // Finish off the buffer and store it back into e.
+ e.Buf = b
+ if e.NeedFlush() {
+ return e.Flush()
+ }
+ return nil
+}
+
+// CountNextDelimWhitespace counts the number of bytes of delimiter and
+// whitespace bytes assuming the upcoming token is a JSON value.
+// This method is used for error reporting at the semantic layer.
+func (e *encoderState) CountNextDelimWhitespace() (n int) {
+ const next = Kind('"') // arbitrary kind as next JSON value
+ delim := e.Tokens.needDelim(next)
+ if delim > 0 {
+ n += len(",") | len(":")
+ }
+ if delim == ':' {
+ if e.Flags.Get(jsonflags.SpaceAfterColon) {
+ n += len(" ")
+ }
+ } else {
+ if delim == ',' && e.Flags.Get(jsonflags.SpaceAfterComma) {
+ n += len(" ")
+ }
+ if e.Flags.Get(jsonflags.Multiline) {
+ if m := e.Tokens.NeedIndent(next); m > 0 {
+ n += len("\n") + len(e.IndentPrefix) + (m-1)*len(e.Indent)
+ }
+ }
+ }
+ return n
+}
+
+// appendWhitespace appends whitespace that immediately precedes the next token.
+func (e *encoderState) appendWhitespace(b []byte, next Kind) []byte {
+ if delim := e.Tokens.needDelim(next); delim == ':' {
+ if e.Flags.Get(jsonflags.SpaceAfterColon) {
+ b = append(b, ' ')
+ }
+ } else {
+ if delim == ',' && e.Flags.Get(jsonflags.SpaceAfterComma) {
+ b = append(b, ' ')
+ }
+ if e.Flags.Get(jsonflags.Multiline) {
+ b = e.AppendIndent(b, e.Tokens.NeedIndent(next))
+ }
+ }
+ return b
+}
+
+// AppendIndent appends the appropriate number of indentation characters
+// for the current nested level, n.
+func (e *encoderState) AppendIndent(b []byte, n int) []byte {
+ if n == 0 {
+ return b
+ }
+ b = append(b, '\n')
+ b = append(b, e.IndentPrefix...)
+ for ; n > 1; n-- {
+ b = append(b, e.Indent...)
+ }
+ return b
+}
+
+// reformatValue parses a JSON value from the start of src and
+// appends it to the end of dst, reformatting whitespace and strings as needed.
+// It returns the extended dst buffer and the number of consumed input bytes.
+func (e *encoderState) reformatValue(dst []byte, src Value, depth int) ([]byte, int, error) {
+ // TODO: Should this update ValueFlags as input?
+ if len(src) == 0 {
+ return dst, 0, io.ErrUnexpectedEOF
+ }
+ switch k := Kind(src[0]).normalize(); k {
+ case 'n':
+ if jsonwire.ConsumeNull(src) == 0 {
+ n, err := jsonwire.ConsumeLiteral(src, "null")
+ return dst, n, err
+ }
+ return append(dst, "null"...), len("null"), nil
+ case 'f':
+ if jsonwire.ConsumeFalse(src) == 0 {
+ n, err := jsonwire.ConsumeLiteral(src, "false")
+ return dst, n, err
+ }
+ return append(dst, "false"...), len("false"), nil
+ case 't':
+ if jsonwire.ConsumeTrue(src) == 0 {
+ n, err := jsonwire.ConsumeLiteral(src, "true")
+ return dst, n, err
+ }
+ return append(dst, "true"...), len("true"), nil
+ case '"':
+ if n := jsonwire.ConsumeSimpleString(src); n > 0 {
+ dst = append(dst, src[:n]...) // copy simple strings verbatim
+ return dst, n, nil
+ }
+ return jsonwire.ReformatString(dst, src, &e.Flags)
+ case '0':
+ if n := jsonwire.ConsumeSimpleNumber(src); n > 0 && !e.Flags.Get(jsonflags.CanonicalizeNumbers) {
+ dst = append(dst, src[:n]...) // copy simple numbers verbatim
+ return dst, n, nil
+ }
+ return jsonwire.ReformatNumber(dst, src, &e.Flags)
+ case '{':
+ return e.reformatObject(dst, src, depth)
+ case '[':
+ return e.reformatArray(dst, src, depth)
+ default:
+ return dst, 0, jsonwire.NewInvalidCharacterError(src, "at start of value")
+ }
+}
+
+// reformatObject parses a JSON object from the start of src and
+// appends it to the end of src, reformatting whitespace and strings as needed.
+// It returns the extended dst buffer and the number of consumed input bytes.
+func (e *encoderState) reformatObject(dst []byte, src Value, depth int) ([]byte, int, error) {
+ // Append object begin.
+ if len(src) == 0 || src[0] != '{' {
+ panic("BUG: reformatObject must be called with a buffer that starts with '{'")
+ } else if depth == maxNestingDepth+1 {
+ return dst, 0, errMaxDepth
+ }
+ dst = append(dst, '{')
+ n := len("{")
+
+ // Append (possible) object end.
+ n += jsonwire.ConsumeWhitespace(src[n:])
+ if uint(len(src)) <= uint(n) {
+ return dst, n, io.ErrUnexpectedEOF
+ }
+ if src[n] == '}' {
+ dst = append(dst, '}')
+ n += len("}")
+ return dst, n, nil
+ }
+
+ var err error
+ var names *objectNamespace
+ if !e.Flags.Get(jsonflags.AllowDuplicateNames) {
+ e.Namespaces.push()
+ defer e.Namespaces.pop()
+ names = e.Namespaces.Last()
+ }
+ depth++
+ for {
+ // Append optional newline and indentation.
+ if e.Flags.Get(jsonflags.Multiline) {
+ dst = e.AppendIndent(dst, depth)
+ }
+
+ // Append object name.
+ n += jsonwire.ConsumeWhitespace(src[n:])
+ if uint(len(src)) <= uint(n) {
+ return dst, n, io.ErrUnexpectedEOF
+ }
+ m := jsonwire.ConsumeSimpleString(src[n:])
+ isVerbatim := m > 0
+ if isVerbatim {
+ dst = append(dst, src[n:n+m]...)
+ } else {
+ dst, m, err = jsonwire.ReformatString(dst, src[n:], &e.Flags)
+ if err != nil {
+ return dst, n + m, err
+ }
+ }
+ quotedName := src[n : n+m]
+ if !e.Flags.Get(jsonflags.AllowDuplicateNames) && !names.insertQuoted(quotedName, isVerbatim) {
+ return dst, n, wrapWithObjectName(ErrDuplicateName, quotedName)
+ }
+ n += m
+
+ // Append colon.
+ n += jsonwire.ConsumeWhitespace(src[n:])
+ if uint(len(src)) <= uint(n) {
+ return dst, n, wrapWithObjectName(io.ErrUnexpectedEOF, quotedName)
+ }
+ if src[n] != ':' {
+ err = jsonwire.NewInvalidCharacterError(src[n:], "after object name (expecting ':')")
+ return dst, n, wrapWithObjectName(err, quotedName)
+ }
+ dst = append(dst, ':')
+ n += len(":")
+ if e.Flags.Get(jsonflags.SpaceAfterColon) {
+ dst = append(dst, ' ')
+ }
+
+ // Append object value.
+ n += jsonwire.ConsumeWhitespace(src[n:])
+ if uint(len(src)) <= uint(n) {
+ return dst, n, wrapWithObjectName(io.ErrUnexpectedEOF, quotedName)
+ }
+ dst, m, err = e.reformatValue(dst, src[n:], depth)
+ if err != nil {
+ return dst, n + m, wrapWithObjectName(err, quotedName)
+ }
+ n += m
+
+ // Append comma or object end.
+ n += jsonwire.ConsumeWhitespace(src[n:])
+ if uint(len(src)) <= uint(n) {
+ return dst, n, io.ErrUnexpectedEOF
+ }
+ switch src[n] {
+ case ',':
+ dst = append(dst, ',')
+ if e.Flags.Get(jsonflags.SpaceAfterComma) {
+ dst = append(dst, ' ')
+ }
+ n += len(",")
+ continue
+ case '}':
+ if e.Flags.Get(jsonflags.Multiline) {
+ dst = e.AppendIndent(dst, depth-1)
+ }
+ dst = append(dst, '}')
+ n += len("}")
+ return dst, n, nil
+ default:
+ return dst, n, jsonwire.NewInvalidCharacterError(src[n:], "after object value (expecting ',' or '}')")
+ }
+ }
+}
+
+// reformatArray parses a JSON array from the start of src and
+// appends it to the end of dst, reformatting whitespace and strings as needed.
+// It returns the extended dst buffer and the number of consumed input bytes.
+func (e *encoderState) reformatArray(dst []byte, src Value, depth int) ([]byte, int, error) {
+ // Append array begin.
+ if len(src) == 0 || src[0] != '[' {
+ panic("BUG: reformatArray must be called with a buffer that starts with '['")
+ } else if depth == maxNestingDepth+1 {
+ return dst, 0, errMaxDepth
+ }
+ dst = append(dst, '[')
+ n := len("[")
+
+ // Append (possible) array end.
+ n += jsonwire.ConsumeWhitespace(src[n:])
+ if uint(len(src)) <= uint(n) {
+ return dst, n, io.ErrUnexpectedEOF
+ }
+ if src[n] == ']' {
+ dst = append(dst, ']')
+ n += len("]")
+ return dst, n, nil
+ }
+
+ var idx int64
+ var err error
+ depth++
+ for {
+ // Append optional newline and indentation.
+ if e.Flags.Get(jsonflags.Multiline) {
+ dst = e.AppendIndent(dst, depth)
+ }
+
+ // Append array value.
+ n += jsonwire.ConsumeWhitespace(src[n:])
+ if uint(len(src)) <= uint(n) {
+ return dst, n, io.ErrUnexpectedEOF
+ }
+ var m int
+ dst, m, err = e.reformatValue(dst, src[n:], depth)
+ if err != nil {
+ return dst, n + m, wrapWithArrayIndex(err, idx)
+ }
+ n += m
+
+ // Append comma or array end.
+ n += jsonwire.ConsumeWhitespace(src[n:])
+ if uint(len(src)) <= uint(n) {
+ return dst, n, io.ErrUnexpectedEOF
+ }
+ switch src[n] {
+ case ',':
+ dst = append(dst, ',')
+ if e.Flags.Get(jsonflags.SpaceAfterComma) {
+ dst = append(dst, ' ')
+ }
+ n += len(",")
+ idx++
+ continue
+ case ']':
+ if e.Flags.Get(jsonflags.Multiline) {
+ dst = e.AppendIndent(dst, depth-1)
+ }
+ dst = append(dst, ']')
+ n += len("]")
+ return dst, n, nil
+ default:
+ return dst, n, jsonwire.NewInvalidCharacterError(src[n:], "after array value (expecting ',' or ']')")
+ }
+ }
+}
+
+// OutputOffset returns the current output byte offset. It gives the location
+// of the next byte immediately after the most recently written token or value.
+// The number of bytes actually written to the underlying [io.Writer] may be less
+// than this offset due to internal buffering effects.
+func (e *Encoder) OutputOffset() int64 {
+ return e.s.previousOffsetEnd()
+}
+
+// AvailableBuffer returns a zero-length buffer with a possible non-zero capacity.
+// This buffer is intended to be used to populate a [Value]
+// being passed to an immediately succeeding [Encoder.WriteValue] call.
+//
+// Example usage:
+//
+// b := d.AvailableBuffer()
+// b = append(b, '"')
+// b = appendString(b, v) // append the string formatting of v
+// b = append(b, '"')
+// ... := d.WriteValue(b)
+//
+// It is the user's responsibility to ensure that the value is valid JSON.
+func (e *Encoder) AvailableBuffer() []byte {
+ // NOTE: We don't return e.buf[len(e.buf):cap(e.buf)] since WriteValue would
+ // need to take special care to avoid mangling the data while reformatting.
+ // WriteValue can't easily identify whether the input Value aliases e.buf
+ // without using unsafe.Pointer. Thus, we just return a different buffer.
+ // Should this ever alias e.buf, we need to consider how it operates with
+ // the specialized performance optimization for bytes.Buffer.
+ n := 1 << bits.Len(uint(e.s.maxValue|63)) // fast approximation for max length
+ if cap(e.s.availBuffer) < n {
+ e.s.availBuffer = make([]byte, 0, n)
+ }
+ return e.s.availBuffer
+}
+
+// StackDepth returns the depth of the state machine for written JSON data.
+// Each level on the stack represents a nested JSON object or array.
+// It is incremented whenever an [BeginObject] or [BeginArray] token is encountered
+// and decremented whenever an [EndObject] or [EndArray] token is encountered.
+// The depth is zero-indexed, where zero represents the top-level JSON value.
+func (e *Encoder) StackDepth() int {
+ // NOTE: Keep in sync with Decoder.StackDepth.
+ return e.s.Tokens.Depth() - 1
+}
+
+// StackIndex returns information about the specified stack level.
+// It must be a number between 0 and [Encoder.StackDepth], inclusive.
+// For each level, it reports the kind:
+//
+// - 0 for a level of zero,
+// - '{' for a level representing a JSON object, and
+// - '[' for a level representing a JSON array.
+//
+// It also reports the length of that JSON object or array.
+// Each name and value in a JSON object is counted separately,
+// so the effective number of members would be half the length.
+// A complete JSON object must have an even length.
+func (e *Encoder) StackIndex(i int) (Kind, int64) {
+ // NOTE: Keep in sync with Decoder.StackIndex.
+ switch s := e.s.Tokens.index(i); {
+ case i > 0 && s.isObject():
+ return '{', s.Length()
+ case i > 0 && s.isArray():
+ return '[', s.Length()
+ default:
+ return 0, s.Length()
+ }
+}
+
+// StackPointer returns a JSON Pointer (RFC 6901) to the most recently written value.
+func (e *Encoder) StackPointer() Pointer {
+ return Pointer(e.s.AppendStackPointer(nil, -1))
+}
+
+func (e *encoderState) AppendStackPointer(b []byte, where int) []byte {
+ e.Names.copyQuotedBuffer(e.Buf)
+ return e.state.appendStackPointer(b, where)
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/errors.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/errors.go
new file mode 100644
index 000000000..3c53151b3
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/errors.go
@@ -0,0 +1,182 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsontext
+
+import (
+ "bytes"
+ "io"
+ "strconv"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+)
+
+const errorPrefix = "jsontext: "
+
+type ioError struct {
+ action string // either "read" or "write"
+ err error
+}
+
+func (e *ioError) Error() string {
+ return errorPrefix + e.action + " error: " + e.err.Error()
+}
+func (e *ioError) Unwrap() error {
+ return e.err
+}
+
+// SyntacticError is a description of a syntactic error that occurred when
+// encoding or decoding JSON according to the grammar.
+//
+// The contents of this error as produced by this package may change over time.
+type SyntacticError struct {
+ requireKeyedLiterals
+ nonComparable
+
+ // ByteOffset indicates that an error occurred after this byte offset.
+ ByteOffset int64
+ // JSONPointer indicates that an error occurred within this JSON value
+ // as indicated using the JSON Pointer notation (see RFC 6901).
+ JSONPointer Pointer
+
+ // Err is the underlying error.
+ Err error
+}
+
+// wrapSyntacticError wraps an error and annotates it with a precise location
+// using the provided [encoderState] or [decoderState].
+// If err is an [ioError] or [io.EOF], then it is not wrapped.
+//
+// It takes a relative offset pos that can be resolved into
+// an absolute offset using state.offsetAt.
+//
+// It takes a where that specify how the JSON pointer is derived.
+// If the underlying error is a [pointerSuffixError],
+// then the suffix is appended to the derived pointer.
+func wrapSyntacticError(state interface {
+ offsetAt(pos int) int64
+ AppendStackPointer(b []byte, where int) []byte
+}, err error, pos, where int) error {
+ if _, ok := err.(*ioError); err == io.EOF || ok {
+ return err
+ }
+ offset := state.offsetAt(pos)
+ ptr := state.AppendStackPointer(nil, where)
+ if serr, ok := err.(*pointerSuffixError); ok {
+ ptr = serr.appendPointer(ptr)
+ err = serr.error
+ }
+ if d, ok := state.(*decoderState); ok && err == errMismatchDelim {
+ where := "at start of value"
+ if len(d.Tokens.Stack) > 0 && d.Tokens.Last.Length() > 0 {
+ switch {
+ case d.Tokens.Last.isArray():
+ where = "after array element (expecting ',' or ']')"
+ ptr = []byte(Pointer(ptr).Parent()) // problem is with parent array
+ case d.Tokens.Last.isObject():
+ where = "after object value (expecting ',' or '}')"
+ ptr = []byte(Pointer(ptr).Parent()) // problem is with parent object
+ }
+ }
+ err = jsonwire.NewInvalidCharacterError(d.buf[pos:], where)
+ }
+ return &SyntacticError{ByteOffset: offset, JSONPointer: Pointer(ptr), Err: err}
+}
+
+func (e *SyntacticError) Error() string {
+ pointer := e.JSONPointer
+ offset := e.ByteOffset
+ b := []byte(errorPrefix)
+ if e.Err != nil {
+ b = append(b, e.Err.Error()...)
+ if e.Err == ErrDuplicateName {
+ b = strconv.AppendQuote(append(b, ' '), pointer.LastToken())
+ pointer = pointer.Parent()
+ offset = 0 // not useful to print offset for duplicate names
+ }
+ } else {
+ b = append(b, "syntactic error"...)
+ }
+ if pointer != "" {
+ b = strconv.AppendQuote(append(b, " within "...), jsonwire.TruncatePointer(string(pointer), 100))
+ }
+ if offset > 0 {
+ b = strconv.AppendInt(append(b, " after offset "...), offset, 10)
+ }
+ return string(b)
+}
+
+func (e *SyntacticError) Unwrap() error {
+ return e.Err
+}
+
+// pointerSuffixError represents a JSON pointer suffix to be appended
+// to [SyntacticError.JSONPointer]. It is an internal error type
+// used within this package and does not appear in the public API.
+//
+// This type is primarily used to annotate errors in Encoder.WriteValue
+// and Decoder.ReadValue with precise positions.
+// At the time WriteValue or ReadValue is called, a JSON pointer to the
+// upcoming value can be constructed using the Encoder/Decoder state.
+// However, tracking pointers within values during normal operation
+// would incur a performance penalty in the error-free case.
+//
+// To provide precise error locations without this overhead,
+// the error is wrapped with object names or array indices
+// as the call stack is popped when an error occurs.
+// Since this happens in reverse order, pointerSuffixError holds
+// the pointer in reverse and is only later reversed when appending to
+// the pointer prefix.
+//
+// For example, if the encoder is at "/alpha/bravo/charlie"
+// and an error occurs in WriteValue at "/xray/yankee/zulu", then
+// the final pointer should be "/alpha/bravo/charlie/xray/yankee/zulu".
+//
+// As pointerSuffixError is populated during the error return path,
+// it first contains "/zulu", then "/zulu/yankee",
+// and finally "/zulu/yankee/xray".
+// These tokens are reversed and concatenated to "/alpha/bravo/charlie"
+// to form the full pointer.
+type pointerSuffixError struct {
+ error
+
+ // reversePointer is a JSON pointer, but with each token in reverse order.
+ reversePointer []byte
+}
+
+// wrapWithObjectName wraps err with a JSON object name access,
+// which must be a valid quoted JSON string.
+func wrapWithObjectName(err error, quotedName []byte) error {
+ serr, _ := err.(*pointerSuffixError)
+ if serr == nil {
+ serr = &pointerSuffixError{error: err}
+ }
+ name := jsonwire.UnquoteMayCopy(quotedName, false)
+ serr.reversePointer = appendEscapePointerName(append(serr.reversePointer, '/'), name)
+ return serr
+}
+
+// wrapWithArrayIndex wraps err with a JSON array index access.
+func wrapWithArrayIndex(err error, index int64) error {
+ serr, _ := err.(*pointerSuffixError)
+ if serr == nil {
+ serr = &pointerSuffixError{error: err}
+ }
+ serr.reversePointer = strconv.AppendUint(append(serr.reversePointer, '/'), uint64(index), 10)
+ return serr
+}
+
+// appendPointer appends the path encoded in e to the end of pointer.
+func (e *pointerSuffixError) appendPointer(pointer []byte) []byte {
+ // Copy each token in reversePointer to the end of pointer in reverse order.
+ // Double reversal means that the appended suffix is now in forward order.
+ bi, bo := e.reversePointer, pointer
+ for len(bi) > 0 {
+ i := bytes.LastIndexByte(bi, '/')
+ bi, bo = bi[:i], append(bo, bi[i:]...)
+ }
+ return bo
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/export.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/export.go
new file mode 100644
index 000000000..0d6dc58c0
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/export.go
@@ -0,0 +1,77 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsontext
+
+import (
+ "io"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal"
+)
+
+// Internal is for internal use only.
+// This is exempt from the Go compatibility agreement.
+var Internal exporter
+
+type exporter struct{}
+
+// Export exposes internal functionality from "jsontext" to "json".
+// This cannot be dynamically called by other packages since
+// they cannot obtain a reference to the internal.AllowInternalUse value.
+func (exporter) Export(p *internal.NotForPublicUse) export {
+ if p != &internal.AllowInternalUse {
+ panic("unauthorized call to Export")
+ }
+ return export{}
+}
+
+// The export type exposes functionality to packages with visibility to
+// the internal.AllowInternalUse variable. The "json" package uses this
+// to modify low-level state in the Encoder and Decoder types.
+// It mutates the state directly instead of calling ReadToken or WriteToken
+// since this is more performant. The public APIs need to track state to ensure
+// that users are constructing a valid JSON value, but the "json" implementation
+// guarantees that it emits valid JSON by the structure of the code itself.
+type export struct{}
+
+// Encoder returns a pointer to the underlying encoderState.
+func (export) Encoder(e *Encoder) *encoderState { return &e.s }
+
+// Decoder returns a pointer to the underlying decoderState.
+func (export) Decoder(d *Decoder) *decoderState { return &d.s }
+
+func (export) GetBufferedEncoder(o ...Options) *Encoder {
+ return getBufferedEncoder(o...)
+}
+func (export) PutBufferedEncoder(e *Encoder) {
+ putBufferedEncoder(e)
+}
+
+func (export) GetStreamingEncoder(w io.Writer, o ...Options) *Encoder {
+ return getStreamingEncoder(w, o...)
+}
+func (export) PutStreamingEncoder(e *Encoder) {
+ putStreamingEncoder(e)
+}
+
+func (export) GetBufferedDecoder(b []byte, o ...Options) *Decoder {
+ return getBufferedDecoder(b, o...)
+}
+func (export) PutBufferedDecoder(d *Decoder) {
+ putBufferedDecoder(d)
+}
+
+func (export) GetStreamingDecoder(r io.Reader, o ...Options) *Decoder {
+ return getStreamingDecoder(r, o...)
+}
+func (export) PutStreamingDecoder(d *Decoder) {
+ putStreamingDecoder(d)
+}
+
+func (export) IsIOError(err error) bool {
+ _, ok := err.(*ioError)
+ return ok
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/options.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/options.go
new file mode 100644
index 000000000..d22d0635d
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/options.go
@@ -0,0 +1,304 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsontext
+
+import (
+ "strings"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+)
+
+// Options configures [NewEncoder], [Encoder.Reset], [NewDecoder],
+// and [Decoder.Reset] with specific features.
+// Each function takes in a variadic list of options, where properties
+// set in latter options override the value of previously set properties.
+//
+// There is a single Options type, which is used with both encoding and decoding.
+// Some options affect both operations, while others only affect one operation:
+//
+// - [AllowDuplicateNames] affects encoding and decoding
+// - [AllowInvalidUTF8] affects encoding and decoding
+// - [EscapeForHTML] affects encoding only
+// - [EscapeForJS] affects encoding only
+// - [PreserveRawStrings] affects encoding only
+// - [CanonicalizeRawInts] affects encoding only
+// - [CanonicalizeRawFloats] affects encoding only
+// - [ReorderRawObjects] affects encoding only
+// - [SpaceAfterColon] affects encoding only
+// - [SpaceAfterComma] affects encoding only
+// - [Multiline] affects encoding only
+// - [WithIndent] affects encoding only
+// - [WithIndentPrefix] affects encoding only
+//
+// Options that do not affect a particular operation are ignored.
+//
+// The Options type is identical to [encoding/json.Options] and
+// [encoding/json/v2.Options]. Options from the other packages may
+// be passed to functionality in this package, but are ignored.
+// Options from this package may be used with the other packages.
+type Options = jsonopts.Options
+
+// AllowDuplicateNames specifies that JSON objects may contain
+// duplicate member names. Disabling the duplicate name check may provide
+// performance benefits, but breaks compliance with RFC 7493, section 2.3.
+// The input or output will still be compliant with RFC 8259,
+// which leaves the handling of duplicate names as unspecified behavior.
+//
+// This affects either encoding or decoding.
+func AllowDuplicateNames(v bool) Options {
+ if v {
+ return jsonflags.AllowDuplicateNames | 1
+ } else {
+ return jsonflags.AllowDuplicateNames | 0
+ }
+}
+
+// AllowInvalidUTF8 specifies that JSON strings may contain invalid UTF-8,
+// which will be mangled as the Unicode replacement character, U+FFFD.
+// This causes the encoder or decoder to break compliance with
+// RFC 7493, section 2.1, and RFC 8259, section 8.1.
+//
+// This affects either encoding or decoding.
+func AllowInvalidUTF8(v bool) Options {
+ if v {
+ return jsonflags.AllowInvalidUTF8 | 1
+ } else {
+ return jsonflags.AllowInvalidUTF8 | 0
+ }
+}
+
+// EscapeForHTML specifies that '<', '>', and '&' characters within JSON strings
+// should be escaped as a hexadecimal Unicode codepoint (e.g., \u003c) so that
+// the output is safe to embed within HTML.
+//
+// This only affects encoding and is ignored when decoding.
+func EscapeForHTML(v bool) Options {
+ if v {
+ return jsonflags.EscapeForHTML | 1
+ } else {
+ return jsonflags.EscapeForHTML | 0
+ }
+}
+
+// EscapeForJS specifies that U+2028 and U+2029 characters within JSON strings
+// should be escaped as a hexadecimal Unicode codepoint (e.g., \u2028) so that
+// the output is valid to embed within JavaScript. See RFC 8259, section 12.
+//
+// This only affects encoding and is ignored when decoding.
+func EscapeForJS(v bool) Options {
+ if v {
+ return jsonflags.EscapeForJS | 1
+ } else {
+ return jsonflags.EscapeForJS | 0
+ }
+}
+
+// PreserveRawStrings specifies that when encoding a raw JSON string in a
+// [Token] or [Value], pre-escaped sequences
+// in a JSON string are preserved to the output.
+// However, raw strings still respect [EscapeForHTML] and [EscapeForJS]
+// such that the relevant characters are escaped.
+// If [AllowInvalidUTF8] is enabled, bytes of invalid UTF-8
+// are preserved to the output.
+//
+// This only affects encoding and is ignored when decoding.
+func PreserveRawStrings(v bool) Options {
+ if v {
+ return jsonflags.PreserveRawStrings | 1
+ } else {
+ return jsonflags.PreserveRawStrings | 0
+ }
+}
+
+// CanonicalizeRawInts specifies that when encoding a raw JSON
+// integer number (i.e., a number without a fraction and exponent) in a
+// [Token] or [Value], the number is canonicalized
+// according to RFC 8785, section 3.2.2.3. As a special case,
+// the number -0 is canonicalized as 0.
+//
+// JSON numbers are treated as IEEE 754 double precision numbers.
+// Any numbers with precision beyond what is representable by that form
+// will lose their precision when canonicalized. For example,
+// integer values beyond ±2⁵³ will lose their precision.
+// For example, 1234567890123456789 is formatted as 1234567890123456800.
+//
+// This only affects encoding and is ignored when decoding.
+func CanonicalizeRawInts(v bool) Options {
+ if v {
+ return jsonflags.CanonicalizeRawInts | 1
+ } else {
+ return jsonflags.CanonicalizeRawInts | 0
+ }
+}
+
+// CanonicalizeRawFloats specifies that when encoding a raw JSON
+// floating-point number (i.e., a number with a fraction or exponent) in a
+// [Token] or [Value], the number is canonicalized
+// according to RFC 8785, section 3.2.2.3. As a special case,
+// the number -0 is canonicalized as 0.
+//
+// JSON numbers are treated as IEEE 754 double precision numbers.
+// It is safe to canonicalize a serialized single precision number and
+// parse it back as a single precision number and expect the same value.
+// If a number exceeds ±1.7976931348623157e+308, which is the maximum
+// finite number, then it saturated at that value and formatted as such.
+//
+// This only affects encoding and is ignored when decoding.
+func CanonicalizeRawFloats(v bool) Options {
+ if v {
+ return jsonflags.CanonicalizeRawFloats | 1
+ } else {
+ return jsonflags.CanonicalizeRawFloats | 0
+ }
+}
+
+// ReorderRawObjects specifies that when encoding a raw JSON object in a
+// [Value], the object members are reordered according to
+// RFC 8785, section 3.2.3.
+//
+// This only affects encoding and is ignored when decoding.
+func ReorderRawObjects(v bool) Options {
+ if v {
+ return jsonflags.ReorderRawObjects | 1
+ } else {
+ return jsonflags.ReorderRawObjects | 0
+ }
+}
+
+// SpaceAfterColon specifies that the JSON output should emit a space character
+// after each colon separator following a JSON object name.
+// If false, then no space character appears after the colon separator.
+//
+// This only affects encoding and is ignored when decoding.
+func SpaceAfterColon(v bool) Options {
+ if v {
+ return jsonflags.SpaceAfterColon | 1
+ } else {
+ return jsonflags.SpaceAfterColon | 0
+ }
+}
+
+// SpaceAfterComma specifies that the JSON output should emit a space character
+// after each comma separator following a JSON object value or array element.
+// If false, then no space character appears after the comma separator.
+//
+// This only affects encoding and is ignored when decoding.
+func SpaceAfterComma(v bool) Options {
+ if v {
+ return jsonflags.SpaceAfterComma | 1
+ } else {
+ return jsonflags.SpaceAfterComma | 0
+ }
+}
+
+// Multiline specifies that the JSON output should expand to multiple lines,
+// where every JSON object member or JSON array element appears on
+// a new, indented line according to the nesting depth.
+//
+// If [SpaceAfterColon] is not specified, then the default is true.
+// If [SpaceAfterComma] is not specified, then the default is false.
+// If [WithIndent] is not specified, then the default is "\t".
+//
+// If set to false, then the output is a single-line,
+// where the only whitespace emitted is determined by the current
+// values of [SpaceAfterColon] and [SpaceAfterComma].
+//
+// This only affects encoding and is ignored when decoding.
+func Multiline(v bool) Options {
+ if v {
+ return jsonflags.Multiline | 1
+ } else {
+ return jsonflags.Multiline | 0
+ }
+}
+
+// WithIndent specifies that the encoder should emit multiline output
+// where each element in a JSON object or array begins on a new, indented line
+// beginning with the indent prefix (see [WithIndentPrefix])
+// followed by one or more copies of indent according to the nesting depth.
+// The indent must only be composed of space or tab characters.
+//
+// If the intent to emit indented output without a preference for
+// the particular indent string, then use [Multiline] instead.
+//
+// This only affects encoding and is ignored when decoding.
+// Use of this option implies [Multiline] being set to true.
+func WithIndent(indent string) Options {
+ // Fast-path: Return a constant for common indents, which avoids allocating.
+ // These are derived from analyzing the Go module proxy on 2023-07-01.
+ switch indent {
+ case "\t":
+ return jsonopts.Indent("\t") // ~14k usages
+ case " ":
+ return jsonopts.Indent(" ") // ~18k usages
+ case " ":
+ return jsonopts.Indent(" ") // ~1.7k usages
+ case " ":
+ return jsonopts.Indent(" ") // ~52k usages
+ case " ":
+ return jsonopts.Indent(" ") // ~12k usages
+ case "":
+ return jsonopts.Indent("") // ~1.5k usages
+ }
+
+ // Otherwise, allocate for this unique value.
+ if s := strings.Trim(indent, " \t"); len(s) > 0 {
+ panic("json: invalid character " + jsonwire.QuoteRune(s) + " in indent")
+ }
+ return jsonopts.Indent(indent)
+}
+
+// WithIndentPrefix specifies that the encoder should emit multiline output
+// where each element in a JSON object or array begins on a new, indented line
+// beginning with the indent prefix followed by one or more copies of indent
+// (see [WithIndent]) according to the nesting depth.
+// The prefix must only be composed of space or tab characters.
+//
+// This only affects encoding and is ignored when decoding.
+// Use of this option implies [Multiline] being set to true.
+func WithIndentPrefix(prefix string) Options {
+ if s := strings.Trim(prefix, " \t"); len(s) > 0 {
+ panic("json: invalid character " + jsonwire.QuoteRune(s) + " in indent prefix")
+ }
+ return jsonopts.IndentPrefix(prefix)
+}
+
+/*
+// TODO(https://go.dev/issue/56733): Implement WithByteLimit and WithDepthLimit.
+// Remember to also update the "Security Considerations" section.
+
+// WithByteLimit sets a limit on the number of bytes of input or output bytes
+// that may be consumed or produced for each top-level JSON value.
+// If a [Decoder] or [Encoder] method call would need to consume/produce
+// more than a total of n bytes to make progress on the top-level JSON value,
+// then the call will report an error.
+// Whitespace before and within the top-level value are counted against the limit.
+// Whitespace after a top-level value are counted against the limit
+// for the next top-level value.
+//
+// A non-positive limit is equivalent to no limit at all.
+// If unspecified, the default limit is no limit at all.
+// This affects either encoding or decoding.
+func WithByteLimit(n int64) Options {
+ return jsonopts.ByteLimit(max(n, 0))
+}
+
+// WithDepthLimit sets a limit on the maximum depth of JSON nesting
+// that may be consumed or produced for each top-level JSON value.
+// If a [Decoder] or [Encoder] method call would need to consume or produce
+// a depth greater than n to make progress on the top-level JSON value,
+// then the call will report an error.
+//
+// A non-positive limit is equivalent to no limit at all.
+// If unspecified, the default limit is 10000.
+// This affects either encoding or decoding.
+func WithDepthLimit(n int) Options {
+ return jsonopts.DepthLimit(max(n, 0))
+}
+*/
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/pools.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/pools.go
similarity index 64%
rename from vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/pools.go
rename to vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/pools.go
index 60e93270f..cf59d99b9 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/pools.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/pools.go
@@ -2,13 +2,14 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package json
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsontext
import (
"bytes"
"io"
"math/bits"
- "sort"
"sync"
)
@@ -40,16 +41,16 @@ type bufferStatistics struct {
prevLen int // length of previous buffer
}
-func getBufferedEncoder(o EncodeOptions) *Encoder {
+func getBufferedEncoder(opts ...Options) *Encoder {
e := bufferedEncoderPool.Get().(*Encoder)
- if e.buf == nil {
+ if e.s.Buf == nil {
// Round up to nearest 2ⁿ to make best use of malloc size classes.
// See runtime/sizeclasses.go on Go1.15.
// Logical OR with 63 to ensure 64 as the minimum buffer size.
- n := 1 << bits.Len(uint(e.bufStats.prevLen|63))
- e.buf = make([]byte, 0, n)
+ n := 1 << bits.Len(uint(e.s.bufStats.prevLen|63))
+ e.s.Buf = make([]byte, 0, n)
}
- e.reset(e.buf[:0], nil, o)
+ e.s.reset(e.s.Buf[:0], nil, opts...)
return e
}
func putBufferedEncoder(e *Encoder) {
@@ -68,37 +69,37 @@ func putBufferedEncoder(e *Encoder) {
//
// See https://go.dev/issue/27735.
switch {
- case cap(e.buf) <= 4<<10: // always recycle buffers smaller than 4KiB
- e.bufStats.strikes = 0
- case cap(e.buf)/4 <= len(e.buf): // at least 25% utilization
- e.bufStats.strikes = 0
- case e.bufStats.strikes < 4: // at most 4 strikes
- e.bufStats.strikes++
+ case cap(e.s.Buf) <= 4<<10: // always recycle buffers smaller than 4KiB
+ e.s.bufStats.strikes = 0
+ case cap(e.s.Buf)/4 <= len(e.s.Buf): // at least 25% utilization
+ e.s.bufStats.strikes = 0
+ case e.s.bufStats.strikes < 4: // at most 4 strikes
+ e.s.bufStats.strikes++
default: // discard the buffer; too large and too often under-utilized
- e.bufStats.strikes = 0
- e.bufStats.prevLen = len(e.buf) // heuristic for size to allocate next time
- e.buf = nil
+ e.s.bufStats.strikes = 0
+ e.s.bufStats.prevLen = len(e.s.Buf) // heuristic for size to allocate next time
+ e.s.Buf = nil
}
bufferedEncoderPool.Put(e)
}
-func getStreamingEncoder(w io.Writer, o EncodeOptions) *Encoder {
+func getStreamingEncoder(w io.Writer, opts ...Options) *Encoder {
if _, ok := w.(*bytes.Buffer); ok {
e := bytesBufferEncoderPool.Get().(*Encoder)
- e.reset(nil, w, o) // buffer taken from bytes.Buffer
+ e.s.reset(nil, w, opts...) // buffer taken from bytes.Buffer
return e
} else {
e := streamingEncoderPool.Get().(*Encoder)
- e.reset(e.buf[:0], w, o) // preserve existing buffer
+ e.s.reset(e.s.Buf[:0], w, opts...) // preserve existing buffer
return e
}
}
func putStreamingEncoder(e *Encoder) {
- if _, ok := e.wr.(*bytes.Buffer); ok {
+ if _, ok := e.s.wr.(*bytes.Buffer); ok {
bytesBufferEncoderPool.Put(e)
} else {
- if cap(e.buf) > 64<<10 {
- e.buf = nil // avoid pinning arbitrarily large amounts of memory
+ if cap(e.s.Buf) > 64<<10 {
+ e.s.Buf = nil // avoid pinning arbitrarily large amounts of memory
}
streamingEncoderPool.Put(e)
}
@@ -119,64 +120,33 @@ var (
bytesBufferDecoderPool = bufferedDecoderPool
)
-func getBufferedDecoder(b []byte, o DecodeOptions) *Decoder {
+func getBufferedDecoder(b []byte, opts ...Options) *Decoder {
d := bufferedDecoderPool.Get().(*Decoder)
- d.reset(b, nil, o)
+ d.s.reset(b, nil, opts...)
return d
}
func putBufferedDecoder(d *Decoder) {
bufferedDecoderPool.Put(d)
}
-func getStreamingDecoder(r io.Reader, o DecodeOptions) *Decoder {
+func getStreamingDecoder(r io.Reader, opts ...Options) *Decoder {
if _, ok := r.(*bytes.Buffer); ok {
d := bytesBufferDecoderPool.Get().(*Decoder)
- d.reset(nil, r, o) // buffer taken from bytes.Buffer
+ d.s.reset(nil, r, opts...) // buffer taken from bytes.Buffer
return d
} else {
d := streamingDecoderPool.Get().(*Decoder)
- d.reset(d.buf[:0], r, o) // preserve existing buffer
+ d.s.reset(d.s.buf[:0], r, opts...) // preserve existing buffer
return d
}
}
func putStreamingDecoder(d *Decoder) {
- if _, ok := d.rd.(*bytes.Buffer); ok {
+ if _, ok := d.s.rd.(*bytes.Buffer); ok {
bytesBufferDecoderPool.Put(d)
} else {
- if cap(d.buf) > 64<<10 {
- d.buf = nil // avoid pinning arbitrarily large amounts of memory
+ if cap(d.s.buf) > 64<<10 {
+ d.s.buf = nil // avoid pinning arbitrarily large amounts of memory
}
streamingDecoderPool.Put(d)
}
}
-
-var stringsPools = &sync.Pool{New: func() any { return new(stringSlice) }}
-
-type stringSlice []string
-
-// getStrings returns a non-nil pointer to a slice with length n.
-func getStrings(n int) *stringSlice {
- s := stringsPools.Get().(*stringSlice)
- if cap(*s) < n {
- *s = make([]string, n)
- }
- *s = (*s)[:n]
- return s
-}
-
-func putStrings(s *stringSlice) {
- if cap(*s) > 1<<10 {
- *s = nil // avoid pinning arbitrarily large amounts of memory
- }
- stringsPools.Put(s)
-}
-
-// Sort sorts the string slice according to RFC 8785, section 3.2.3.
-func (ss *stringSlice) Sort() {
- // TODO(https://go.dev/issue/47619): Use slices.SortFunc instead.
- sort.Sort(ss)
-}
-
-func (ss *stringSlice) Len() int { return len(*ss) }
-func (ss *stringSlice) Less(i, j int) bool { return lessUTF16((*ss)[i], (*ss)[j]) }
-func (ss *stringSlice) Swap(i, j int) { (*ss)[i], (*ss)[j] = (*ss)[j], (*ss)[i] }
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/quote.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/quote.go
new file mode 100644
index 000000000..a4353be3a
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/quote.go
@@ -0,0 +1,41 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsontext
+
+import (
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+)
+
+// AppendQuote appends a double-quoted JSON string literal representing src
+// to dst and returns the extended buffer.
+// It uses the minimal string representation per RFC 8785, section 3.2.2.2.
+// Invalid UTF-8 bytes are replaced with the Unicode replacement character
+// and an error is returned at the end indicating the presence of invalid UTF-8.
+// The dst must not overlap with the src.
+func AppendQuote[Bytes ~[]byte | ~string](dst []byte, src Bytes) ([]byte, error) {
+ dst, err := jsonwire.AppendQuote(dst, src, &jsonflags.Flags{})
+ if err != nil {
+ err = &SyntacticError{Err: err}
+ }
+ return dst, err
+}
+
+// AppendUnquote appends the decoded interpretation of src as a
+// double-quoted JSON string literal to dst and returns the extended buffer.
+// The input src must be a JSON string without any surrounding whitespace.
+// Invalid UTF-8 bytes are replaced with the Unicode replacement character
+// and an error is returned at the end indicating the presence of invalid UTF-8.
+// Any trailing bytes after the JSON string literal results in an error.
+// The dst must not overlap with the src.
+func AppendUnquote[Bytes ~[]byte | ~string](dst []byte, src Bytes) ([]byte, error) {
+ dst, err := jsonwire.AppendUnquote(dst, src)
+ if err != nil {
+ err = &SyntacticError{Err: err}
+ }
+ return dst, err
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/state.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/state.go
similarity index 63%
rename from vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/state.go
rename to vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/state.go
index ee14c753f..6f1aa8e21 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/state.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/state.go
@@ -2,81 +2,216 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package json
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsontext
import (
+ "errors"
+ "iter"
"math"
"strconv"
+ "strings"
+ "unicode/utf8"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
)
+// ErrDuplicateName indicates that a JSON token could not be
+// encoded or decoded because it results in a duplicate JSON object name.
+// This error is directly wrapped within a [SyntacticError] when produced.
+//
+// The name of a duplicate JSON object member can be extracted as:
+//
+// err := ...
+// var serr jsontext.SyntacticError
+// if errors.As(err, &serr) && serr.Err == jsontext.ErrDuplicateName {
+// ptr := serr.JSONPointer // JSON pointer to duplicate name
+// name := ptr.LastToken() // duplicate name itself
+// ...
+// }
+//
+// This error is only returned if [AllowDuplicateNames] is false.
+var ErrDuplicateName = errors.New("duplicate object member name")
+
+// ErrNonStringName indicates that a JSON token could not be
+// encoded or decoded because it is not a string,
+// as required for JSON object names according to RFC 8259, section 4.
+// This error is directly wrapped within a [SyntacticError] when produced.
+var ErrNonStringName = errors.New("object member name must be a string")
+
var (
- errMissingName = &SyntacticError{str: "missing string for object name"}
- errMissingColon = &SyntacticError{str: "missing character ':' after object name"}
- errMissingValue = &SyntacticError{str: "missing value after object name"}
- errMissingComma = &SyntacticError{str: "missing character ',' after object or array value"}
- errMismatchDelim = &SyntacticError{str: "mismatching structural token for object or array"}
+ errMissingValue = errors.New("missing value after object name")
+ errMismatchDelim = errors.New("mismatching structural token for object or array")
+ errMaxDepth = errors.New("exceeded max depth")
+
+ errInvalidNamespace = errors.New("object namespace is in an invalid state")
)
-const errInvalidNamespace = jsonError("object namespace is in an invalid state")
+// Per RFC 8259, section 9, implementations may enforce a maximum depth.
+// Such a limit is necessary to prevent stack overflows.
+const maxNestingDepth = 10000
type state struct {
- // tokens validates whether the next token kind is valid.
- tokens stateMachine
+ // Tokens validates whether the next token kind is valid.
+ Tokens stateMachine
- // names is a stack of object names.
- // Not used if AllowDuplicateNames is true.
- names objectNameStack
+ // Names is a stack of object names.
+ Names objectNameStack
- // namespaces is a stack of object namespaces.
+ // Namespaces is a stack of object namespaces.
// For performance reasons, Encoder or Decoder may not update this
// if Marshal or Unmarshal is able to track names in a more efficient way.
// See makeMapArshaler and makeStructArshaler.
// Not used if AllowDuplicateNames is true.
- namespaces objectNamespaceStack
+ Namespaces objectNamespaceStack
+}
+
+// needObjectValue reports whether the next token should be an object value.
+// This method is used by [wrapSyntacticError].
+func (s *state) needObjectValue() bool {
+ return s.Tokens.Last.needObjectValue()
}
func (s *state) reset() {
- s.tokens.reset()
- s.names.reset()
- s.namespaces.reset()
+ s.Tokens.reset()
+ s.Names.reset()
+ s.Namespaces.reset()
+}
+
+// Pointer is a JSON Pointer (RFC 6901) that references a particular JSON value
+// relative to the root of the top-level JSON value.
+//
+// A Pointer is a slash-separated list of tokens, where each token is
+// either a JSON object name or an index to a JSON array element
+// encoded as a base-10 integer value.
+// It is impossible to distinguish between an array index and an object name
+// (that happens to be an base-10 encoded integer) without also knowing
+// the structure of the top-level JSON value that the pointer refers to.
+//
+// There is exactly one representation of a pointer to a particular value,
+// so comparability of Pointer values is equivalent to checking whether
+// they both point to the exact same value.
+type Pointer string
+
+// IsValid reports whether p is a valid JSON Pointer according to RFC 6901.
+// Note that the concatenation of two valid pointers produces a valid pointer.
+func (p Pointer) IsValid() bool {
+ for i, r := range p {
+ switch {
+ case r == '~' && (i+1 == len(p) || (p[i+1] != '0' && p[i+1] != '1')):
+ return false // invalid escape
+ case r == '\ufffd' && !strings.HasPrefix(string(p[i:]), "\ufffd"):
+ return false // invalid UTF-8
+ }
+ }
+ return len(p) == 0 || p[0] == '/'
+}
+
+// Contains reports whether the JSON value that p points to
+// is equal to or contains the JSON value that pc points to.
+func (p Pointer) Contains(pc Pointer) bool {
+ // Invariant: len(p) <= len(pc) if p.Contains(pc)
+ suffix, ok := strings.CutPrefix(string(pc), string(p))
+ return ok && (suffix == "" || suffix[0] == '/')
+}
+
+// Parent strips off the last token and returns the remaining pointer.
+// The parent of an empty p is an empty string.
+func (p Pointer) Parent() Pointer {
+ return p[:max(strings.LastIndexByte(string(p), '/'), 0)]
+}
+
+// LastToken returns the last token in the pointer.
+// The last token of an empty p is an empty string.
+func (p Pointer) LastToken() string {
+ last := p[max(strings.LastIndexByte(string(p), '/'), 0):]
+ return unescapePointerToken(strings.TrimPrefix(string(last), "/"))
+}
+
+// AppendToken appends a token to the end of p and returns the full pointer.
+func (p Pointer) AppendToken(tok string) Pointer {
+ return Pointer(appendEscapePointerName([]byte(p+"/"), tok))
+}
+
+// TODO: Add Pointer.AppendTokens,
+// but should this take in a ...string or an iter.Seq[string]?
+
+// Tokens returns an iterator over the reference tokens in the JSON pointer,
+// starting from the first token until the last token (unless stopped early).
+func (p Pointer) Tokens() iter.Seq[string] {
+ return func(yield func(string) bool) {
+ for len(p) > 0 {
+ p = Pointer(strings.TrimPrefix(string(p), "/"))
+ i := min(uint(strings.IndexByte(string(p), '/')), uint(len(p)))
+ if !yield(unescapePointerToken(string(p)[:i])) {
+ return
+ }
+ p = p[i:]
+ }
+ }
+}
+
+func unescapePointerToken(token string) string {
+ if strings.Contains(token, "~") {
+ // Per RFC 6901, section 3, unescape '~' and '/' characters.
+ token = strings.ReplaceAll(token, "~1", "/")
+ token = strings.ReplaceAll(token, "~0", "~")
+ }
+ return token
}
// appendStackPointer appends a JSON Pointer (RFC 6901) to the current value.
-// The returned pointer is only accurate if s.names is populated,
-// otherwise it uses the numeric index as the object member name.
+//
+// - If where is -1, then it points to the previously processed token.
+//
+// - If where is 0, then it points to the parent JSON object or array,
+// or an object member if in-between an object member key and value.
+// This is useful when the position is ambiguous whether
+// we are interested in the previous or next token, or
+// when we are uncertain whether the next token
+// continues or terminates the current object or array.
+//
+// - If where is +1, then it points to the next expected value,
+// assuming that it continues the current JSON object or array.
+// As a special case, if the next token is a JSON object name,
+// then it points to the parent JSON object.
//
// Invariant: Must call s.names.copyQuotedBuffer beforehand.
-func (s state) appendStackPointer(b []byte) []byte {
+func (s state) appendStackPointer(b []byte, where int) []byte {
var objectDepth int
- for i := 1; i < s.tokens.depth(); i++ {
- e := s.tokens.index(i)
- if e.length() == 0 {
- break // empty object or array
+ for i := 1; i < s.Tokens.Depth(); i++ {
+ e := s.Tokens.index(i)
+ arrayDelta := -1 // by default point to previous array element
+ if isLast := i == s.Tokens.Depth()-1; isLast {
+ switch {
+ case where < 0 && e.Length() == 0 || where == 0 && !e.needObjectValue() || where > 0 && e.NeedObjectName():
+ return b
+ case where > 0 && e.isArray():
+ arrayDelta = 0 // point to next array element
+ }
}
- b = append(b, '/')
switch {
case e.isObject():
- if objectDepth < s.names.length() {
- for _, c := range s.names.getUnquoted(objectDepth) {
- // Per RFC 6901, section 3, escape '~' and '/' characters.
- switch c {
- case '~':
- b = append(b, "~0"...)
- case '/':
- b = append(b, "~1"...)
- default:
- b = append(b, c)
- }
- }
- } else {
- // Since the names stack is unpopulated, the name is unknown.
- // As a best-effort replacement, use the numeric member index.
- // While inaccurate, it produces a syntactically valid pointer.
- b = strconv.AppendUint(b, uint64((e.length()-1)/2), 10)
- }
+ b = appendEscapePointerName(append(b, '/'), s.Names.getUnquoted(objectDepth))
objectDepth++
case e.isArray():
- b = strconv.AppendUint(b, uint64(e.length()-1), 10)
+ b = strconv.AppendUint(append(b, '/'), uint64(e.Length()+int64(arrayDelta)), 10)
+ }
+ }
+ return b
+}
+
+func appendEscapePointerName[Bytes ~[]byte | ~string](b []byte, name Bytes) []byte {
+ for _, r := range string(name) {
+ // Per RFC 6901, section 3, escape '~' and '/' characters.
+ switch r {
+ case '~':
+ b = append(b, "~0"...)
+ case '/':
+ b = append(b, "~1"...)
+ default:
+ b = utf8.AppendRune(b, r)
}
}
return b
@@ -92,54 +227,54 @@ func (s state) appendStackPointer(b []byte) []byte {
// The top-level virtual JSON array is special in that it doesn't require commas
// between each JSON value.
//
-// For performance, most methods are carefully written to be inlineable.
+// For performance, most methods are carefully written to be inlinable.
// The zero value is a valid state machine ready for use.
type stateMachine struct {
- stack []stateEntry
- last stateEntry
+ Stack []stateEntry
+ Last stateEntry
}
// reset resets the state machine.
// The machine always starts with a minimum depth of 1.
func (m *stateMachine) reset() {
- m.stack = m.stack[:0]
- if cap(m.stack) > 1<<10 {
- m.stack = nil
+ m.Stack = m.Stack[:0]
+ if cap(m.Stack) > 1<<10 {
+ m.Stack = nil
}
- m.last = stateTypeArray
+ m.Last = stateTypeArray
}
-// depth is the current nested depth of JSON objects and arrays.
+// Depth is the current nested depth of JSON objects and arrays.
// It is one-indexed (i.e., top-level values have a depth of 1).
-func (m stateMachine) depth() int {
- return len(m.stack) + 1
+func (m stateMachine) Depth() int {
+ return len(m.Stack) + 1
}
// index returns a reference to the ith entry.
// It is only valid until the next push method call.
func (m *stateMachine) index(i int) *stateEntry {
- if i == len(m.stack) {
- return &m.last
+ if i == len(m.Stack) {
+ return &m.Last
}
- return &m.stack[i]
+ return &m.Stack[i]
}
-// depthLength reports the current nested depth and
+// DepthLength reports the current nested depth and
// the length of the last JSON object or array.
-func (m stateMachine) depthLength() (int, int) {
- return m.depth(), m.last.length()
+func (m stateMachine) DepthLength() (int, int64) {
+ return m.Depth(), m.Last.Length()
}
// appendLiteral appends a JSON literal as the next token in the sequence.
// If an error is returned, the state is not mutated.
func (m *stateMachine) appendLiteral() error {
switch {
- case m.last.needObjectName():
- return errMissingName
- case !m.last.isValidNamespace():
+ case m.Last.NeedObjectName():
+ return ErrNonStringName
+ case !m.Last.isValidNamespace():
return errInvalidNamespace
default:
- m.last.increment()
+ m.Last.Increment()
return nil
}
}
@@ -148,10 +283,10 @@ func (m *stateMachine) appendLiteral() error {
// If an error is returned, the state is not mutated.
func (m *stateMachine) appendString() error {
switch {
- case !m.last.isValidNamespace():
+ case !m.Last.isValidNamespace():
return errInvalidNamespace
default:
- m.last.increment()
+ m.Last.Increment()
return nil
}
}
@@ -162,18 +297,20 @@ func (m *stateMachine) appendNumber() error {
return m.appendLiteral()
}
-// pushObject appends a JSON start object token as next in the sequence.
+// pushObject appends a JSON begin object token as next in the sequence.
// If an error is returned, the state is not mutated.
func (m *stateMachine) pushObject() error {
switch {
- case m.last.needObjectName():
- return errMissingName
- case !m.last.isValidNamespace():
+ case m.Last.NeedObjectName():
+ return ErrNonStringName
+ case !m.Last.isValidNamespace():
return errInvalidNamespace
+ case len(m.Stack) == maxNestingDepth:
+ return errMaxDepth
default:
- m.last.increment()
- m.stack = append(m.stack, m.last)
- m.last = stateTypeObject
+ m.Last.Increment()
+ m.Stack = append(m.Stack, m.Last)
+ m.Last = stateTypeObject
return nil
}
}
@@ -182,31 +319,33 @@ func (m *stateMachine) pushObject() error {
// If an error is returned, the state is not mutated.
func (m *stateMachine) popObject() error {
switch {
- case !m.last.isObject():
+ case !m.Last.isObject():
return errMismatchDelim
- case m.last.needObjectValue():
+ case m.Last.needObjectValue():
return errMissingValue
- case !m.last.isValidNamespace():
+ case !m.Last.isValidNamespace():
return errInvalidNamespace
default:
- m.last = m.stack[len(m.stack)-1]
- m.stack = m.stack[:len(m.stack)-1]
+ m.Last = m.Stack[len(m.Stack)-1]
+ m.Stack = m.Stack[:len(m.Stack)-1]
return nil
}
}
-// pushArray appends a JSON start array token as next in the sequence.
+// pushArray appends a JSON begin array token as next in the sequence.
// If an error is returned, the state is not mutated.
func (m *stateMachine) pushArray() error {
switch {
- case m.last.needObjectName():
- return errMissingName
- case !m.last.isValidNamespace():
+ case m.Last.NeedObjectName():
+ return ErrNonStringName
+ case !m.Last.isValidNamespace():
return errInvalidNamespace
+ case len(m.Stack) == maxNestingDepth:
+ return errMaxDepth
default:
- m.last.increment()
- m.stack = append(m.stack, m.last)
- m.last = stateTypeArray
+ m.Last.Increment()
+ m.Stack = append(m.Stack, m.Last)
+ m.Last = stateTypeArray
return nil
}
}
@@ -215,43 +354,43 @@ func (m *stateMachine) pushArray() error {
// If an error is returned, the state is not mutated.
func (m *stateMachine) popArray() error {
switch {
- case !m.last.isArray() || len(m.stack) == 0: // forbid popping top-level virtual JSON array
+ case !m.Last.isArray() || len(m.Stack) == 0: // forbid popping top-level virtual JSON array
return errMismatchDelim
- case !m.last.isValidNamespace():
+ case !m.Last.isValidNamespace():
return errInvalidNamespace
default:
- m.last = m.stack[len(m.stack)-1]
- m.stack = m.stack[:len(m.stack)-1]
+ m.Last = m.Stack[len(m.Stack)-1]
+ m.Stack = m.Stack[:len(m.Stack)-1]
return nil
}
}
-// needIndent reports whether indent whitespace should be injected.
+// NeedIndent reports whether indent whitespace should be injected.
// A zero value means that no whitespace should be injected.
// A positive value means '\n', indentPrefix, and (n-1) copies of indentBody
// should be appended to the output immediately before the next token.
-func (m stateMachine) needIndent(next Kind) (n int) {
+func (m stateMachine) NeedIndent(next Kind) (n int) {
willEnd := next == '}' || next == ']'
switch {
- case m.depth() == 1:
+ case m.Depth() == 1:
return 0 // top-level values are never indented
- case m.last.length() == 0 && willEnd:
+ case m.Last.Length() == 0 && willEnd:
return 0 // an empty object or array is never indented
- case m.last.length() == 0 || m.last.needImplicitComma(next):
- return m.depth()
+ case m.Last.Length() == 0 || m.Last.needImplicitComma(next):
+ return m.Depth()
case willEnd:
- return m.depth() - 1
+ return m.Depth() - 1
default:
return 0
}
}
-// mayAppendDelim appends a colon or comma that may precede the next token.
-func (m stateMachine) mayAppendDelim(b []byte, next Kind) []byte {
+// MayAppendDelim appends a colon or comma that may precede the next token.
+func (m stateMachine) MayAppendDelim(b []byte, next Kind) []byte {
switch {
- case m.last.needImplicitColon():
+ case m.Last.needImplicitColon():
return append(b, ':')
- case m.last.needImplicitComma(next) && len(m.stack) != 0: // comma not needed for top-level values
+ case m.Last.needImplicitComma(next) && len(m.Stack) != 0: // comma not needed for top-level values
return append(b, ',')
default:
return b
@@ -263,39 +402,24 @@ func (m stateMachine) mayAppendDelim(b []byte, next Kind) []byte {
// A zero value means no delimiter should be emitted.
func (m stateMachine) needDelim(next Kind) (delim byte) {
switch {
- case m.last.needImplicitColon():
+ case m.Last.needImplicitColon():
return ':'
- case m.last.needImplicitComma(next) && len(m.stack) != 0: // comma not needed for top-level values
+ case m.Last.needImplicitComma(next) && len(m.Stack) != 0: // comma not needed for top-level values
return ','
default:
return 0
}
}
-// checkDelim reports whether the specified delimiter should be there given
-// the kind of the next token that appears immediately afterwards.
-func (m stateMachine) checkDelim(delim byte, next Kind) error {
- switch needDelim := m.needDelim(next); {
- case needDelim == delim:
- return nil
- case needDelim == ':':
- return errMissingColon
- case needDelim == ',':
- return errMissingComma
- default:
- return newInvalidCharacterError([]byte{delim}, "before next token")
- }
-}
-
-// invalidateDisabledNamespaces marks all disabled namespaces as invalid.
+// InvalidateDisabledNamespaces marks all disabled namespaces as invalid.
//
// For efficiency, Marshal and Unmarshal may disable namespaces since there are
// more efficient ways to track duplicate names. However, if an error occurs,
// the namespaces in Encoder or Decoder will be left in an inconsistent state.
// Mark the namespaces as invalid so that future method calls on
// Encoder or Decoder will return an error.
-func (m *stateMachine) invalidateDisabledNamespaces() {
- for i := 0; i < m.depth(); i++ {
+func (m *stateMachine) InvalidateDisabledNamespaces() {
+ for i := range m.Depth() {
e := m.index(i)
if !e.isActiveNamespace() {
e.invalidateNamespace()
@@ -329,10 +453,10 @@ const (
stateCountEven stateEntry = 0x0000_0000_0000_0000
)
-// length reports the number of elements in the JSON object or array.
+// Length reports the number of elements in the JSON object or array.
// Each name and value in an object entry is treated as a separate element.
-func (e stateEntry) length() int {
- return int(e & stateCountMask)
+func (e stateEntry) Length() int64 {
+ return int64(e & stateCountMask)
}
// isObject reports whether this is a JSON object.
@@ -345,9 +469,9 @@ func (e stateEntry) isArray() bool {
return e&stateTypeMask == stateTypeArray
}
-// needObjectName reports whether the next token must be a JSON string,
+// NeedObjectName reports whether the next token must be a JSON string,
// which is necessary for JSON object names.
-func (e stateEntry) needObjectName() bool {
+func (e stateEntry) NeedObjectName() bool {
return e&(stateTypeMask|stateCountLSBMask) == stateTypeObject|stateCountEven
}
@@ -367,13 +491,13 @@ func (e stateEntry) needObjectValue() bool {
// which always occurs after a value in a JSON object or array
// before the next value (or name).
func (e stateEntry) needImplicitComma(next Kind) bool {
- return !e.needObjectValue() && e.length() > 0 && next != '}' && next != ']'
+ return !e.needObjectValue() && e.Length() > 0 && next != '}' && next != ']'
}
-// increment increments the number of elements for the current object or array.
+// Increment increments the number of elements for the current object or array.
// This assumes that overflow won't practically be an issue since
// 1< 0 {
startOffset = ns.offsets[i-1]
}
- if n := consumeSimpleString(quotedName); n > 0 {
+ if n := jsonwire.ConsumeSimpleString(quotedName); n > 0 {
ns.unquotedNames = append(ns.unquotedNames[:startOffset], quotedName[len(`"`):n-len(`"`)]...)
} else {
- ns.unquotedNames, _ = unescapeString(ns.unquotedNames[:startOffset], quotedName)
+ ns.unquotedNames, _ = jsonwire.AppendUnquote(ns.unquotedNames[:startOffset], quotedName)
}
ns.offsets[i] = len(ns.unquotedNames)
}
@@ -565,14 +689,14 @@ func (nss *objectNamespaceStack) reset() {
func (nss *objectNamespaceStack) push() {
if cap(*nss) > len(*nss) {
*nss = (*nss)[:len(*nss)+1]
- nss.last().reset()
+ nss.Last().reset()
} else {
*nss = append(*nss, objectNamespace{})
}
}
-// last returns a pointer to the last JSON object namespace.
-func (nss objectNamespaceStack) last() *objectNamespace {
+// Last returns a pointer to the last JSON object namespace.
+func (nss objectNamespaceStack) Last() *objectNamespace {
return &nss[len(nss)-1]
}
@@ -641,13 +765,13 @@ func (ns *objectNamespace) insertQuoted(name []byte, isVerbatim bool) bool {
}
return ns.insert(name, !isVerbatim)
}
-func (ns *objectNamespace) insertUnquoted(name []byte) bool {
+func (ns *objectNamespace) InsertUnquoted(name []byte) bool {
return ns.insert(name, false)
}
func (ns *objectNamespace) insert(name []byte, quoted bool) bool {
var allNames []byte
if quoted {
- allNames, _ = unescapeString(ns.allUnquotedNames, name)
+ allNames, _ = jsonwire.AppendUnquote(ns.allUnquotedNames, name)
} else {
allNames = append(ns.allUnquotedNames, name...)
}
@@ -702,46 +826,3 @@ func (ns *objectNamespace) removeLast() {
ns.allUnquotedNames = ns.allUnquotedNames[:ns.endOffsets[ns.length()-1]]
}
}
-
-type uintSet64 uint64
-
-func (s uintSet64) has(i uint) bool { return s&(1< 0 }
-func (s *uintSet64) set(i uint) { *s |= 1 << i }
-
-// uintSet is a set of unsigned integers.
-// It is optimized for most integers being close to zero.
-type uintSet struct {
- lo uintSet64
- hi []uintSet64
-}
-
-// has reports whether i is in the set.
-func (s *uintSet) has(i uint) bool {
- if i < 64 {
- return s.lo.has(i)
- } else {
- i -= 64
- iHi, iLo := int(i/64), i%64
- return iHi < len(s.hi) && s.hi[iHi].has(iLo)
- }
-}
-
-// insert inserts i into the set and reports whether it was the first insertion.
-func (s *uintSet) insert(i uint) bool {
- // TODO: Make this inlineable at least for the lower 64-bit case.
- if i < 64 {
- has := s.lo.has(i)
- s.lo.set(i)
- return !has
- } else {
- i -= 64
- iHi, iLo := int(i/64), i%64
- if iHi >= len(s.hi) {
- s.hi = append(s.hi, make([]uintSet64, iHi+1-len(s.hi))...)
- s.hi = s.hi[:cap(s.hi)]
- }
- has := s.hi[iHi].has(iLo)
- s.hi[iHi].set(iLo)
- return !has
- }
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/token.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/token.go
similarity index 87%
rename from vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/token.go
rename to vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/token.go
index 9acba7dad..3e87c9140 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/token.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/token.go
@@ -2,11 +2,18 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package json
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsontext
import (
+ "bytes"
+ "errors"
"math"
"strconv"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
)
// NOTE: Token is analogous to v1 json.Token.
@@ -17,17 +24,19 @@ const (
maxUint64 = math.MaxUint64
minUint64 = 0 // for consistency and readability purposes
- invalidTokenPanic = "invalid json.Token; it has been voided by a subsequent json.Decoder call"
+ invalidTokenPanic = "invalid jsontext.Token; it has been voided by a subsequent json.Decoder call"
)
+var errInvalidToken = errors.New("invalid jsontext.Token")
+
// Token represents a lexical JSON token, which may be one of the following:
// - a JSON literal (i.e., null, true, or false)
// - a JSON string (e.g., "hello, world!")
// - a JSON number (e.g., 123.456)
-// - a start or end delimiter for a JSON object (i.e., { or } )
-// - a start or end delimiter for a JSON array (i.e., [ or ] )
+// - a begin or end delimiter for a JSON object (i.e., { or } )
+// - a begin or end delimiter for a JSON array (i.e., [ or ] )
//
-// A Token cannot represent entire array or object values, while a RawValue can.
+// A Token cannot represent entire array or object values, while a [Value] can.
// There is no Token to represent commas and colons since
// these structural tokens can be inferred from the surrounding context.
type Token struct {
@@ -87,10 +96,10 @@ var (
False Token = rawToken("false")
True Token = rawToken("true")
- ObjectStart Token = rawToken("{")
- ObjectEnd Token = rawToken("}")
- ArrayStart Token = rawToken("[")
- ArrayEnd Token = rawToken("]")
+ BeginObject Token = rawToken("{")
+ EndObject Token = rawToken("}")
+ BeginArray Token = rawToken("[")
+ EndArray Token = rawToken("]")
zeroString Token = rawToken(`""`)
zeroNumber Token = rawToken(`0`)
@@ -156,7 +165,7 @@ func Uint(n uint64) Token {
}
// Clone makes a copy of the Token such that its value remains valid
-// even after a subsequent Decoder.Read call.
+// even after a subsequent [Decoder.Read] call.
func (t Token) Clone() Token {
// TODO: Allow caller to avoid any allocations?
if raw := t.raw; raw != nil {
@@ -169,22 +178,21 @@ func (t Token) Clone() Token {
return False
case True.raw:
return True
- case ObjectStart.raw:
- return ObjectStart
- case ObjectEnd.raw:
- return ObjectEnd
- case ArrayStart.raw:
- return ArrayStart
- case ArrayEnd.raw:
- return ArrayEnd
+ case BeginObject.raw:
+ return BeginObject
+ case EndObject.raw:
+ return EndObject
+ case BeginArray.raw:
+ return BeginArray
+ case EndArray.raw:
+ return EndArray
}
}
if uint64(raw.previousOffsetStart()) != t.num {
panic(invalidTokenPanic)
}
- // TODO(https://go.dev/issue/45038): Use bytes.Clone.
- buf := append([]byte(nil), raw.previousBuffer()...)
+ buf := bytes.Clone(raw.previousBuffer())
return Token{raw: &decodeBuffer{buf: buf, prevStart: 0, prevEnd: len(buf)}}
}
return t
@@ -205,20 +213,20 @@ func (t Token) Bool() bool {
// appendString appends a JSON string to dst and returns it.
// It panics if t is not a JSON string.
-func (t Token) appendString(dst []byte, validateUTF8, preserveRaw bool, escapeRune func(rune) bool) ([]byte, error) {
+func (t Token) appendString(dst []byte, flags *jsonflags.Flags) ([]byte, error) {
if raw := t.raw; raw != nil {
// Handle raw string value.
buf := raw.previousBuffer()
if Kind(buf[0]) == '"' {
- if escapeRune == nil && consumeSimpleString(buf) == len(buf) {
+ if jsonwire.ConsumeSimpleString(buf) == len(buf) {
return append(dst, buf...), nil
}
- dst, _, err := reformatString(dst, buf, validateUTF8, preserveRaw, escapeRune)
+ dst, _, err := jsonwire.ReformatString(dst, buf, flags)
return dst, err
}
} else if len(t.str) != 0 && t.num == 0 {
// Handle exact string value.
- return appendString(dst, t.str, validateUTF8, escapeRune)
+ return jsonwire.AppendQuote(dst, t.str, flags)
}
panic("invalid JSON token kind: " + t.Kind().String())
@@ -244,9 +252,9 @@ func (t Token) string() (string, []byte) {
}
buf := raw.previousBuffer()
if buf[0] == '"' {
- // TODO: Preserve valueFlags in Token?
- isVerbatim := consumeSimpleString(buf) == len(buf)
- return "", unescapeStringMayCopy(buf, isVerbatim)
+ // TODO: Preserve ValueFlags in Token?
+ isVerbatim := jsonwire.ConsumeSimpleString(buf) == len(buf)
+ return "", jsonwire.UnquoteMayCopy(buf, isVerbatim)
}
// Handle tokens that are not JSON strings for fmt.Stringer.
return "", buf
@@ -258,34 +266,31 @@ func (t Token) string() (string, []byte) {
if t.num > 0 {
switch t.str[0] {
case 'f':
- return string(appendNumber(nil, math.Float64frombits(t.num), 64)), nil
+ return string(jsonwire.AppendFloat(nil, math.Float64frombits(t.num), 64)), nil
case 'i':
return strconv.FormatInt(int64(t.num), 10), nil
case 'u':
return strconv.FormatUint(uint64(t.num), 10), nil
}
}
- return "", nil
+ return "", nil
}
// appendNumber appends a JSON number to dst and returns it.
// It panics if t is not a JSON number.
-func (t Token) appendNumber(dst []byte, canonicalize bool) ([]byte, error) {
+func (t Token) appendNumber(dst []byte, flags *jsonflags.Flags) ([]byte, error) {
if raw := t.raw; raw != nil {
// Handle raw number value.
buf := raw.previousBuffer()
if Kind(buf[0]).normalize() == '0' {
- if !canonicalize {
- return append(dst, buf...), nil
- }
- dst, _, err := reformatNumber(dst, buf, canonicalize)
+ dst, _, err := jsonwire.ReformatNumber(dst, buf, flags)
return dst, err
}
} else if t.num != 0 {
// Handle exact number value.
switch t.str[0] {
case 'f':
- return appendNumber(dst, math.Float64frombits(t.num), 64), nil
+ return jsonwire.AppendFloat(dst, math.Float64frombits(t.num), 64), nil
case 'i':
return strconv.AppendInt(dst, int64(t.num), 10), nil
case 'u':
@@ -308,7 +313,7 @@ func (t Token) Float() float64 {
}
buf := raw.previousBuffer()
if Kind(buf[0]).normalize() == '0' {
- fv, _ := parseFloat(buf, 64)
+ fv, _ := jsonwire.ParseFloat(buf, 64)
return fv
}
} else if t.num != 0 {
@@ -354,7 +359,7 @@ func (t Token) Int() int64 {
if len(buf) > 0 && buf[0] == '-' {
neg, buf = true, buf[1:]
}
- if numAbs, ok := parseDecUint(buf); ok {
+ if numAbs, ok := jsonwire.ParseUint(buf); ok {
if neg {
if numAbs > -minInt64 {
return minInt64
@@ -415,7 +420,7 @@ func (t Token) Uint() uint64 {
if len(buf) > 0 && buf[0] == '-' {
neg, buf = true, buf[1:]
}
- if num, ok := parseDecUint(buf); ok {
+ if num, ok := jsonwire.ParseUint(buf); ok {
if neg {
return minUint64
}
@@ -476,9 +481,9 @@ func (t Token) Kind() Kind {
// - 't': true
// - '"': string
// - '0': number
-// - '{': object start
+// - '{': object begin
// - '}': object end
-// - '[': array start
+// - '[': array begin
// - ']': array end
//
// An invalid kind is usually represented using 0,
@@ -509,7 +514,7 @@ func (k Kind) String() string {
case ']':
return "]"
default:
- return ""
+ return ""
}
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/value.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/value.go
new file mode 100644
index 000000000..f29f32356
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/value.go
@@ -0,0 +1,395 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package jsontext
+
+import (
+ "bytes"
+ "errors"
+ "io"
+ "slices"
+ "sync"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire"
+)
+
+// NOTE: Value is analogous to v1 json.RawMessage.
+
+// AppendFormat formats the JSON value in src and appends it to dst
+// according to the specified options.
+// See [Value.Format] for more details about the formatting behavior.
+//
+// The dst and src may overlap.
+// If an error is reported, then the entirety of src is appended to dst.
+func AppendFormat(dst, src []byte, opts ...Options) ([]byte, error) {
+ e := getBufferedEncoder(opts...)
+ defer putBufferedEncoder(e)
+ e.s.Flags.Set(jsonflags.OmitTopLevelNewline | 1)
+ if err := e.s.WriteValue(src); err != nil {
+ return append(dst, src...), err
+ }
+ return append(dst, e.s.Buf...), nil
+}
+
+// Value represents a single raw JSON value, which may be one of the following:
+// - a JSON literal (i.e., null, true, or false)
+// - a JSON string (e.g., "hello, world!")
+// - a JSON number (e.g., 123.456)
+// - an entire JSON object (e.g., {"fizz":"buzz"} )
+// - an entire JSON array (e.g., [1,2,3] )
+//
+// Value can represent entire array or object values, while [Token] cannot.
+// Value may contain leading and/or trailing whitespace.
+type Value []byte
+
+// Clone returns a copy of v.
+func (v Value) Clone() Value {
+ return bytes.Clone(v)
+}
+
+// String returns the string formatting of v.
+func (v Value) String() string {
+ if v == nil {
+ return "null"
+ }
+ return string(v)
+}
+
+// IsValid reports whether the raw JSON value is syntactically valid
+// according to the specified options.
+//
+// By default (if no options are specified), it validates according to RFC 7493.
+// It verifies whether the input is properly encoded as UTF-8,
+// that escape sequences within strings decode to valid Unicode codepoints, and
+// that all names in each object are unique.
+// It does not verify whether numbers are representable within the limits
+// of any common numeric type (e.g., float64, int64, or uint64).
+//
+// Relevant options include:
+// - [AllowDuplicateNames]
+// - [AllowInvalidUTF8]
+//
+// All other options are ignored.
+func (v Value) IsValid(opts ...Options) bool {
+ // TODO: Document support for [WithByteLimit] and [WithDepthLimit].
+ d := getBufferedDecoder(v, opts...)
+ defer putBufferedDecoder(d)
+ _, errVal := d.ReadValue()
+ _, errEOF := d.ReadToken()
+ return errVal == nil && errEOF == io.EOF
+}
+
+// Format formats the raw JSON value in place.
+//
+// By default (if no options are specified), it validates according to RFC 7493
+// and produces the minimal JSON representation, where
+// all whitespace is elided and JSON strings use the shortest encoding.
+//
+// Relevant options include:
+// - [AllowDuplicateNames]
+// - [AllowInvalidUTF8]
+// - [EscapeForHTML]
+// - [EscapeForJS]
+// - [PreserveRawStrings]
+// - [CanonicalizeRawInts]
+// - [CanonicalizeRawFloats]
+// - [ReorderRawObjects]
+// - [SpaceAfterColon]
+// - [SpaceAfterComma]
+// - [Multiline]
+// - [WithIndent]
+// - [WithIndentPrefix]
+//
+// All other options are ignored.
+//
+// It is guaranteed to succeed if the value is valid according to the same options.
+// If the value is already formatted, then the buffer is not mutated.
+func (v *Value) Format(opts ...Options) error {
+ // TODO: Document support for [WithByteLimit] and [WithDepthLimit].
+ return v.format(opts, nil)
+}
+
+// format accepts two []Options to avoid the allocation appending them together.
+// It is equivalent to v.Format(append(opts1, opts2...)...).
+func (v *Value) format(opts1, opts2 []Options) error {
+ e := getBufferedEncoder(opts1...)
+ defer putBufferedEncoder(e)
+ e.s.Join(opts2...)
+ e.s.Flags.Set(jsonflags.OmitTopLevelNewline | 1)
+ if err := e.s.WriteValue(*v); err != nil {
+ return err
+ }
+ if !bytes.Equal(*v, e.s.Buf) {
+ *v = append((*v)[:0], e.s.Buf...)
+ }
+ return nil
+}
+
+// Compact removes all whitespace from the raw JSON value.
+//
+// It does not reformat JSON strings or numbers to use any other representation.
+// To maximize the set of JSON values that can be formatted,
+// this permits values with duplicate names and invalid UTF-8.
+//
+// Compact is equivalent to calling [Value.Format] with the following options:
+// - [AllowDuplicateNames](true)
+// - [AllowInvalidUTF8](true)
+// - [PreserveRawStrings](true)
+//
+// Any options specified by the caller are applied after the initial set
+// and may deliberately override prior options.
+func (v *Value) Compact(opts ...Options) error {
+ return v.format([]Options{
+ AllowDuplicateNames(true),
+ AllowInvalidUTF8(true),
+ PreserveRawStrings(true),
+ }, opts)
+}
+
+// Indent reformats the whitespace in the raw JSON value so that each element
+// in a JSON object or array begins on a indented line according to the nesting.
+//
+// It does not reformat JSON strings or numbers to use any other representation.
+// To maximize the set of JSON values that can be formatted,
+// this permits values with duplicate names and invalid UTF-8.
+//
+// Indent is equivalent to calling [Value.Format] with the following options:
+// - [AllowDuplicateNames](true)
+// - [AllowInvalidUTF8](true)
+// - [PreserveRawStrings](true)
+// - [Multiline](true)
+//
+// Any options specified by the caller are applied after the initial set
+// and may deliberately override prior options.
+func (v *Value) Indent(opts ...Options) error {
+ return v.format([]Options{
+ AllowDuplicateNames(true),
+ AllowInvalidUTF8(true),
+ PreserveRawStrings(true),
+ Multiline(true),
+ }, opts)
+}
+
+// Canonicalize canonicalizes the raw JSON value according to the
+// JSON Canonicalization Scheme (JCS) as defined by RFC 8785
+// where it produces a stable representation of a JSON value.
+//
+// JSON strings are formatted to use their minimal representation,
+// JSON numbers are formatted as double precision numbers according
+// to some stable serialization algorithm.
+// JSON object members are sorted in ascending order by name.
+// All whitespace is removed.
+//
+// The output stability is dependent on the stability of the application data
+// (see RFC 8785, Appendix E). It cannot produce stable output from
+// fundamentally unstable input. For example, if the JSON value
+// contains ephemeral data (e.g., a frequently changing timestamp),
+// then the value is still unstable regardless of whether this is called.
+//
+// Canonicalize is equivalent to calling [Value.Format] with the following options:
+// - [CanonicalizeRawInts](true)
+// - [CanonicalizeRawFloats](true)
+// - [ReorderRawObjects](true)
+//
+// Any options specified by the caller are applied after the initial set
+// and may deliberately override prior options.
+//
+// Note that JCS treats all JSON numbers as IEEE 754 double precision numbers.
+// Any numbers with precision beyond what is representable by that form
+// will lose their precision when canonicalized. For example, integer values
+// beyond ±2⁵³ will lose their precision. To preserve the original representation
+// of JSON integers, additionally set [CanonicalizeRawInts] to false:
+//
+// v.Canonicalize(jsontext.CanonicalizeRawInts(false))
+func (v *Value) Canonicalize(opts ...Options) error {
+ return v.format([]Options{
+ CanonicalizeRawInts(true),
+ CanonicalizeRawFloats(true),
+ ReorderRawObjects(true),
+ }, opts)
+}
+
+// MarshalJSON returns v as the JSON encoding of v.
+// It returns the stored value as the raw JSON output without any validation.
+// If v is nil, then this returns a JSON null.
+func (v Value) MarshalJSON() ([]byte, error) {
+ // NOTE: This matches the behavior of v1 json.RawMessage.MarshalJSON.
+ if v == nil {
+ return []byte("null"), nil
+ }
+ return v, nil
+}
+
+// UnmarshalJSON sets v as the JSON encoding of b.
+// It stores a copy of the provided raw JSON input without any validation.
+func (v *Value) UnmarshalJSON(b []byte) error {
+ // NOTE: This matches the behavior of v1 json.RawMessage.UnmarshalJSON.
+ if v == nil {
+ return errors.New("jsontext.Value: UnmarshalJSON on nil pointer")
+ }
+ *v = append((*v)[:0], b...)
+ return nil
+}
+
+// Kind returns the starting token kind.
+// For a valid value, this will never include '}' or ']'.
+func (v Value) Kind() Kind {
+ if v := v[jsonwire.ConsumeWhitespace(v):]; len(v) > 0 {
+ return Kind(v[0]).normalize()
+ }
+ return invalidKind
+}
+
+const commaAndWhitespace = ", \n\r\t"
+
+type objectMember struct {
+ // name is the unquoted name.
+ name []byte // e.g., "name"
+ // buffer is the entirety of the raw JSON object member
+ // starting from right after the previous member (or opening '{')
+ // until right after the member value.
+ buffer []byte // e.g., `, \n\r\t"name": "value"`
+}
+
+func (x objectMember) Compare(y objectMember) int {
+ if c := jsonwire.CompareUTF16(x.name, y.name); c != 0 {
+ return c
+ }
+ // With [AllowDuplicateNames] or [AllowInvalidUTF8],
+ // names could be identical, so also sort using the member value.
+ return jsonwire.CompareUTF16(
+ bytes.TrimLeft(x.buffer, commaAndWhitespace),
+ bytes.TrimLeft(y.buffer, commaAndWhitespace))
+}
+
+var objectMemberPool = sync.Pool{New: func() any { return new([]objectMember) }}
+
+func getObjectMembers() *[]objectMember {
+ ns := objectMemberPool.Get().(*[]objectMember)
+ *ns = (*ns)[:0]
+ return ns
+}
+func putObjectMembers(ns *[]objectMember) {
+ if cap(*ns) < 1<<10 {
+ clear(*ns) // avoid pinning name and buffer
+ objectMemberPool.Put(ns)
+ }
+}
+
+// mustReorderObjects reorders in-place all object members in a JSON value,
+// which must be valid otherwise it panics.
+func mustReorderObjects(b []byte) {
+ // Obtain a buffered encoder just to use its internal buffer as
+ // a scratch buffer for reordering object members.
+ e2 := getBufferedEncoder()
+ defer putBufferedEncoder(e2)
+
+ // Disable unnecessary checks to syntactically parse the JSON value.
+ d := getBufferedDecoder(b)
+ defer putBufferedDecoder(d)
+ d.s.Flags.Set(jsonflags.AllowDuplicateNames | jsonflags.AllowInvalidUTF8 | 1)
+ mustReorderObjectsFromDecoder(d, &e2.s.Buf) // per RFC 8785, section 3.2.3
+}
+
+// mustReorderObjectsFromDecoder recursively reorders all object members in place
+// according to the ordering specified in RFC 8785, section 3.2.3.
+//
+// Pre-conditions:
+// - The value is valid (i.e., no decoder errors should ever occur).
+// - Initial call is provided a Decoder reading from the start of v.
+//
+// Post-conditions:
+// - Exactly one JSON value is read from the Decoder.
+// - All fully-parsed JSON objects are reordered by directly moving
+// the members in the value buffer.
+//
+// The runtime is approximately O(n·log(n)) + O(m·log(m)),
+// where n is len(v) and m is the total number of object members.
+func mustReorderObjectsFromDecoder(d *Decoder, scratch *[]byte) {
+ switch tok, err := d.ReadToken(); tok.Kind() {
+ case '{':
+ // Iterate and collect the name and offsets for every object member.
+ members := getObjectMembers()
+ defer putObjectMembers(members)
+ var prevMember objectMember
+ isSorted := true
+
+ beforeBody := d.InputOffset() // offset after '{'
+ for d.PeekKind() != '}' {
+ beforeName := d.InputOffset()
+ var flags jsonwire.ValueFlags
+ name, _ := d.s.ReadValue(&flags)
+ name = jsonwire.UnquoteMayCopy(name, flags.IsVerbatim())
+ mustReorderObjectsFromDecoder(d, scratch)
+ afterValue := d.InputOffset()
+
+ currMember := objectMember{name, d.s.buf[beforeName:afterValue]}
+ if isSorted && len(*members) > 0 {
+ isSorted = objectMember.Compare(prevMember, currMember) < 0
+ }
+ *members = append(*members, currMember)
+ prevMember = currMember
+ }
+ afterBody := d.InputOffset() // offset before '}'
+ d.ReadToken()
+
+ // Sort the members; return early if it's already sorted.
+ if isSorted {
+ return
+ }
+ firstBufferBeforeSorting := (*members)[0].buffer
+ slices.SortFunc(*members, objectMember.Compare)
+ firstBufferAfterSorting := (*members)[0].buffer
+
+ // Append the reordered members to a new buffer,
+ // then copy the reordered members back over the original members.
+ // Avoid swapping in place since each member may be a different size
+ // where moving a member over a smaller member may corrupt the data
+ // for subsequent members before they have been moved.
+ //
+ // The following invariant must hold:
+ // sum([m.after-m.before for m in members]) == afterBody-beforeBody
+ commaAndWhitespacePrefix := func(b []byte) []byte {
+ return b[:len(b)-len(bytes.TrimLeft(b, commaAndWhitespace))]
+ }
+ sorted := (*scratch)[:0]
+ for i, member := range *members {
+ switch {
+ case i == 0 && &member.buffer[0] != &firstBufferBeforeSorting[0]:
+ // First member after sorting is not the first member before sorting,
+ // so use the prefix of the first member before sorting.
+ sorted = append(sorted, commaAndWhitespacePrefix(firstBufferBeforeSorting)...)
+ sorted = append(sorted, bytes.TrimLeft(member.buffer, commaAndWhitespace)...)
+ case i != 0 && &member.buffer[0] == &firstBufferBeforeSorting[0]:
+ // Later member after sorting is the first member before sorting,
+ // so use the prefix of the first member after sorting.
+ sorted = append(sorted, commaAndWhitespacePrefix(firstBufferAfterSorting)...)
+ sorted = append(sorted, bytes.TrimLeft(member.buffer, commaAndWhitespace)...)
+ default:
+ sorted = append(sorted, member.buffer...)
+ }
+ }
+ if int(afterBody-beforeBody) != len(sorted) {
+ panic("BUG: length invariant violated")
+ }
+ copy(d.s.buf[beforeBody:afterBody], sorted)
+
+ // Update scratch buffer to the largest amount ever used.
+ if len(sorted) > len(*scratch) {
+ *scratch = sorted
+ }
+ case '[':
+ for d.PeekKind() != ']' {
+ mustReorderObjectsFromDecoder(d, scratch)
+ }
+ d.ReadToken()
+ default:
+ if err != nil {
+ panic("BUG: " + err.Error())
+ }
+ }
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/migrate.sh b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/migrate.sh
new file mode 100644
index 000000000..9c34f26eb
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/migrate.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+GOROOT=${1:-../go}
+JSONROOT="."
+
+cp $JSONROOT/alias_gen.go $JSONROOT/alias_gen.go.bak
+rm -r $JSONROOT/*.go $JSONROOT/internal $JSONROOT/jsontext $JSONROOT/v1
+mv $JSONROOT/alias_gen.go.bak $JSONROOT/alias_gen.go
+cp -r $GOROOT/src/encoding/json/v2/*.go $JSONROOT/
+cp -r $GOROOT/src/encoding/json/internal/ $JSONROOT/internal/
+cp -r $GOROOT/src/encoding/json/jsontext/ $JSONROOT/jsontext/
+mkdir $JSONROOT/v1
+for X in $GOROOT/src/encoding/json/v2_*.go; do
+ cp $X $JSONROOT/v1/$(basename $X | sed "s/v2_//")
+done
+cd $JSONROOT
+for X in $(git ls-files --cached --others --exclude-standard | grep ".*[.]go$"); do
+ if [ ! -e "$X" ]; then
+ continue
+ fi
+ sed -i 's/go:build goexperiment.jsonv2$/go:build !goexperiment.jsonv2 || !go1.25/' $X
+ sed -i 's|"encoding/json/v2"|"github.com/go-json-experiment/json"|' $X
+ sed -i 's|"encoding/json/internal"|"github.com/go-json-experiment/json/internal"|' $X
+ sed -i 's|"encoding/json/internal/jsonflags"|"github.com/go-json-experiment/json/internal/jsonflags"|' $X
+ sed -i 's|"encoding/json/internal/jsonopts"|"github.com/go-json-experiment/json/internal/jsonopts"|' $X
+ sed -i 's|"encoding/json/internal/jsontest"|"github.com/go-json-experiment/json/internal/jsontest"|' $X
+ sed -i 's|"encoding/json/internal/jsonwire"|"github.com/go-json-experiment/json/internal/jsonwire"|' $X
+ sed -i 's|"encoding/json/jsontext"|"github.com/go-json-experiment/json/jsontext"|' $X
+ sed -i 's|"encoding/json"|"github.com/go-json-experiment/json/v1"|' $X
+ sed -i 's|"internal/zstd"|"github.com/go-json-experiment/json/internal/zstd"|' $X
+ goimports -w $X
+done
+sed -i 's/v2[.]struct/json.struct/' $JSONROOT/errors_test.go
+sed -i 's|jsonv1 "github.com/go-json-experiment/json/v1"|jsonv1 "encoding/json"|' $JSONROOT/bench_test.go
+
+# TODO(go1.25): Remove test that relies on "synctest" that is not available yet.
+sed -i '/Issue #73733/,+17d' $JSONROOT/v1/encode_test.go
+goimports -w $JSONROOT/v1/encode_test.go
+
+# Remove documentation that only makes sense within the stdlib.
+sed -i '/This package .* is experimental/,+4d' $JSONROOT/doc.go
+sed -i '/This package .* is experimental/,+4d' $JSONROOT/jsontext/doc.go
+
+git checkout internal/zstd # we still need local copy of zstd for testing
+
+go run alias_gen.go "encoding/json" $JSONROOT/v1
+go run alias_gen.go "encoding/json/v2" $JSONROOT
+go run alias_gen.go "encoding/json/jsontext" $JSONROOT/jsontext
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/options.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/options.go
new file mode 100644
index 000000000..de401b0de
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/options.go
@@ -0,0 +1,289 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.jsonv2 || !go1.25
+
+package json
+
+import (
+ "fmt"
+
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts"
+)
+
+// Options configure [Marshal], [MarshalWrite], [MarshalEncode],
+// [Unmarshal], [UnmarshalRead], and [UnmarshalDecode] with specific features.
+// Each function takes in a variadic list of options, where properties
+// set in later options override the value of previously set properties.
+//
+// The Options type is identical to [encoding/json.Options] and
+// [encoding/json/jsontext.Options]. Options from the other packages can
+// be used interchangeably with functionality in this package.
+//
+// Options represent either a singular option or a set of options.
+// It can be functionally thought of as a Go map of option properties
+// (even though the underlying implementation avoids Go maps for performance).
+//
+// The constructors (e.g., [Deterministic]) return a singular option value:
+//
+// opt := Deterministic(true)
+//
+// which is analogous to creating a single entry map:
+//
+// opt := Options{"Deterministic": true}
+//
+// [JoinOptions] composes multiple options values to together:
+//
+// out := JoinOptions(opts...)
+//
+// which is analogous to making a new map and copying the options over:
+//
+// out := make(Options)
+// for _, m := range opts {
+// for k, v := range m {
+// out[k] = v
+// }
+// }
+//
+// [GetOption] looks up the value of options parameter:
+//
+// v, ok := GetOption(opts, Deterministic)
+//
+// which is analogous to a Go map lookup:
+//
+// v, ok := Options["Deterministic"]
+//
+// There is a single Options type, which is used with both marshal and unmarshal.
+// Some options affect both operations, while others only affect one operation:
+//
+// - [StringifyNumbers] affects marshaling and unmarshaling
+// - [Deterministic] affects marshaling only
+// - [FormatNilSliceAsNull] affects marshaling only
+// - [FormatNilMapAsNull] affects marshaling only
+// - [OmitZeroStructFields] affects marshaling only
+// - [MatchCaseInsensitiveNames] affects marshaling and unmarshaling
+// - [DiscardUnknownMembers] affects marshaling only
+// - [RejectUnknownMembers] affects unmarshaling only
+// - [WithMarshalers] affects marshaling only
+// - [WithUnmarshalers] affects unmarshaling only
+//
+// Options that do not affect a particular operation are ignored.
+type Options = jsonopts.Options
+
+// JoinOptions coalesces the provided list of options into a single Options.
+// Properties set in later options override the value of previously set properties.
+func JoinOptions(srcs ...Options) Options {
+ var dst jsonopts.Struct
+ dst.Join(srcs...)
+ return &dst
+}
+
+// GetOption returns the value stored in opts with the provided setter,
+// reporting whether the value is present.
+//
+// Example usage:
+//
+// v, ok := json.GetOption(opts, json.Deterministic)
+//
+// Options are most commonly introspected to alter the JSON representation of
+// [MarshalerTo.MarshalJSONTo] and [UnmarshalerFrom.UnmarshalJSONFrom] methods, and
+// [MarshalToFunc] and [UnmarshalFromFunc] functions.
+// In such cases, the presence bit should generally be ignored.
+func GetOption[T any](opts Options, setter func(T) Options) (T, bool) {
+ return jsonopts.GetOption(opts, setter)
+}
+
+// DefaultOptionsV2 is the full set of all options that define v2 semantics.
+// It is equivalent to all options under [Options], [encoding/json.Options],
+// and [encoding/json/jsontext.Options] being set to false or the zero value,
+// except for the options related to whitespace formatting.
+func DefaultOptionsV2() Options {
+ return &jsonopts.DefaultOptionsV2
+}
+
+// StringifyNumbers specifies that numeric Go types should be marshaled
+// as a JSON string containing the equivalent JSON number value.
+// When unmarshaling, numeric Go types are parsed from a JSON string
+// containing the JSON number without any surrounding whitespace.
+//
+// According to RFC 8259, section 6, a JSON implementation may choose to
+// limit the representation of a JSON number to an IEEE 754 binary64 value.
+// This may cause decoders to lose precision for int64 and uint64 types.
+// Quoting JSON numbers as a JSON string preserves the exact precision.
+//
+// This affects either marshaling or unmarshaling.
+func StringifyNumbers(v bool) Options {
+ if v {
+ return jsonflags.StringifyNumbers | 1
+ } else {
+ return jsonflags.StringifyNumbers | 0
+ }
+}
+
+// Deterministic specifies that the same input value will be serialized
+// as the exact same output bytes. Different processes of
+// the same program will serialize equal values to the same bytes,
+// but different versions of the same program are not guaranteed
+// to produce the exact same sequence of bytes.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func Deterministic(v bool) Options {
+ if v {
+ return jsonflags.Deterministic | 1
+ } else {
+ return jsonflags.Deterministic | 0
+ }
+}
+
+// FormatNilSliceAsNull specifies that a nil Go slice should marshal as a
+// JSON null instead of the default representation as an empty JSON array
+// (or an empty JSON string in the case of ~[]byte).
+// Slice fields explicitly marked with `format:emitempty` still marshal
+// as an empty JSON array.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func FormatNilSliceAsNull(v bool) Options {
+ if v {
+ return jsonflags.FormatNilSliceAsNull | 1
+ } else {
+ return jsonflags.FormatNilSliceAsNull | 0
+ }
+}
+
+// FormatNilMapAsNull specifies that a nil Go map should marshal as a
+// JSON null instead of the default representation as an empty JSON object.
+// Map fields explicitly marked with `format:emitempty` still marshal
+// as an empty JSON object.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func FormatNilMapAsNull(v bool) Options {
+ if v {
+ return jsonflags.FormatNilMapAsNull | 1
+ } else {
+ return jsonflags.FormatNilMapAsNull | 0
+ }
+}
+
+// OmitZeroStructFields specifies that a Go struct should marshal in such a way
+// that all struct fields that are zero are omitted from the marshaled output
+// if the value is zero as determined by the "IsZero() bool" method if present,
+// otherwise based on whether the field is the zero Go value.
+// This is semantically equivalent to specifying the `omitzero` tag option
+// on every field in a Go struct.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func OmitZeroStructFields(v bool) Options {
+ if v {
+ return jsonflags.OmitZeroStructFields | 1
+ } else {
+ return jsonflags.OmitZeroStructFields | 0
+ }
+}
+
+// MatchCaseInsensitiveNames specifies that JSON object members are matched
+// against Go struct fields using a case-insensitive match of the name.
+// Go struct fields explicitly marked with `case:strict` or `case:ignore`
+// always use case-sensitive (or case-insensitive) name matching,
+// regardless of the value of this option.
+//
+// This affects either marshaling or unmarshaling.
+// For marshaling, this option may alter the detection of duplicate names
+// (assuming [jsontext.AllowDuplicateNames] is false) from inlined fields
+// if it matches one of the declared fields in the Go struct.
+func MatchCaseInsensitiveNames(v bool) Options {
+ if v {
+ return jsonflags.MatchCaseInsensitiveNames | 1
+ } else {
+ return jsonflags.MatchCaseInsensitiveNames | 0
+ }
+}
+
+// DiscardUnknownMembers specifies that marshaling should ignore any
+// JSON object members stored in Go struct fields dedicated to storing
+// unknown JSON object members.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func DiscardUnknownMembers(v bool) Options {
+ if v {
+ return jsonflags.DiscardUnknownMembers | 1
+ } else {
+ return jsonflags.DiscardUnknownMembers | 0
+ }
+}
+
+// RejectUnknownMembers specifies that unknown members should be rejected
+// when unmarshaling a JSON object, regardless of whether there is a field
+// to store unknown members.
+//
+// This only affects unmarshaling and is ignored when marshaling.
+func RejectUnknownMembers(v bool) Options {
+ if v {
+ return jsonflags.RejectUnknownMembers | 1
+ } else {
+ return jsonflags.RejectUnknownMembers | 0
+ }
+}
+
+// WithMarshalers specifies a list of type-specific marshalers to use,
+// which can be used to override the default marshal behavior for values
+// of particular types.
+//
+// This only affects marshaling and is ignored when unmarshaling.
+func WithMarshalers(v *Marshalers) Options {
+ return (*marshalersOption)(v)
+}
+
+// WithUnmarshalers specifies a list of type-specific unmarshalers to use,
+// which can be used to override the default unmarshal behavior for values
+// of particular types.
+//
+// This only affects unmarshaling and is ignored when marshaling.
+func WithUnmarshalers(v *Unmarshalers) Options {
+ return (*unmarshalersOption)(v)
+}
+
+// These option types are declared here instead of "jsonopts"
+// to avoid a dependency on "reflect" from "jsonopts".
+type (
+ marshalersOption Marshalers
+ unmarshalersOption Unmarshalers
+)
+
+func (*marshalersOption) JSONOptions(internal.NotForPublicUse) {}
+func (*unmarshalersOption) JSONOptions(internal.NotForPublicUse) {}
+
+// Inject support into "jsonopts" to handle these types.
+func init() {
+ jsonopts.GetUnknownOption = func(src jsonopts.Struct, zero jsonopts.Options) (any, bool) {
+ switch zero.(type) {
+ case *marshalersOption:
+ if !src.Flags.Has(jsonflags.Marshalers) {
+ return (*Marshalers)(nil), false
+ }
+ return src.Marshalers.(*Marshalers), true
+ case *unmarshalersOption:
+ if !src.Flags.Has(jsonflags.Unmarshalers) {
+ return (*Unmarshalers)(nil), false
+ }
+ return src.Unmarshalers.(*Unmarshalers), true
+ default:
+ panic(fmt.Sprintf("unknown option %T", zero))
+ }
+ }
+ jsonopts.JoinUnknownOption = func(dst jsonopts.Struct, src jsonopts.Options) jsonopts.Struct {
+ switch src := src.(type) {
+ case *marshalersOption:
+ dst.Flags.Set(jsonflags.Marshalers | 1)
+ dst.Marshalers = (*Marshalers)(src)
+ case *unmarshalersOption:
+ dst.Flags.Set(jsonflags.Unmarshalers | 1)
+ dst.Unmarshalers = (*Unmarshalers)(src)
+ default:
+ panic(fmt.Sprintf("unknown option %T", src))
+ }
+ return dst
+ }
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/value.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/value.go
deleted file mode 100644
index e0bd1b31d..000000000
--- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/value.go
+++ /dev/null
@@ -1,381 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package json
-
-import (
- "bytes"
- "errors"
- "io"
- "sort"
- "sync"
- "unicode/utf16"
- "unicode/utf8"
-)
-
-// NOTE: RawValue is analogous to v1 json.RawMessage.
-
-// RawValue represents a single raw JSON value, which may be one of the following:
-// - a JSON literal (i.e., null, true, or false)
-// - a JSON string (e.g., "hello, world!")
-// - a JSON number (e.g., 123.456)
-// - an entire JSON object (e.g., {"fizz":"buzz"} )
-// - an entire JSON array (e.g., [1,2,3] )
-//
-// RawValue can represent entire array or object values, while Token cannot.
-// RawValue may contain leading and/or trailing whitespace.
-type RawValue []byte
-
-// Clone returns a copy of v.
-func (v RawValue) Clone() RawValue {
- if v == nil {
- return nil
- }
- return append(RawValue{}, v...)
-}
-
-// String returns the string formatting of v.
-func (v RawValue) String() string {
- if v == nil {
- return "null"
- }
- return string(v)
-}
-
-// IsValid reports whether the raw JSON value is syntactically valid
-// according to RFC 7493.
-//
-// It verifies whether the input is properly encoded as UTF-8,
-// that escape sequences within strings decode to valid Unicode codepoints, and
-// that all names in each object are unique.
-// It does not verify whether numbers are representable within the limits
-// of any common numeric type (e.g., float64, int64, or uint64).
-func (v RawValue) IsValid() bool {
- d := getBufferedDecoder(v, DecodeOptions{})
- defer putBufferedDecoder(d)
- _, errVal := d.ReadValue()
- _, errEOF := d.ReadToken()
- return errVal == nil && errEOF == io.EOF
-}
-
-// Compact removes all whitespace from the raw JSON value.
-//
-// It does not reformat JSON strings to use any other representation.
-// It is guaranteed to succeed if the input is valid.
-// If the value is already compacted, then the buffer is not mutated.
-func (v *RawValue) Compact() error {
- return v.reformat(false, false, "", "")
-}
-
-// Indent reformats the whitespace in the raw JSON value so that each element
-// in a JSON object or array begins on a new, indented line beginning with
-// prefix followed by one or more copies of indent according to the nesting.
-// The value does not begin with the prefix nor any indention,
-// to make it easier to embed inside other formatted JSON data.
-//
-// It does not reformat JSON strings to use any other representation.
-// It is guaranteed to succeed if the input is valid.
-// If the value is already indented properly, then the buffer is not mutated.
-func (v *RawValue) Indent(prefix, indent string) error {
- return v.reformat(false, true, prefix, indent)
-}
-
-// Canonicalize canonicalizes the raw JSON value according to the
-// JSON Canonicalization Scheme (JCS) as defined by RFC 8785
-// where it produces a stable representation of a JSON value.
-//
-// The output stability is dependent on the stability of the application data
-// (see RFC 8785, Appendix E). It cannot produce stable output from
-// fundamentally unstable input. For example, if the JSON value
-// contains ephemeral data (e.g., a frequently changing timestamp),
-// then the value is still unstable regardless of whether this is called.
-//
-// Note that JCS treats all JSON numbers as IEEE 754 double precision numbers.
-// Any numbers with precision beyond what is representable by that form
-// will lose their precision when canonicalized. For example, integer values
-// beyond ±2⁵³ will lose their precision. It is recommended that
-// int64 and uint64 data types be represented as a JSON string.
-//
-// It is guaranteed to succeed if the input is valid.
-// If the value is already canonicalized, then the buffer is not mutated.
-func (v *RawValue) Canonicalize() error {
- return v.reformat(true, false, "", "")
-}
-
-// TODO: Instead of implementing the v1 Marshaler/Unmarshaler,
-// consider implementing the v2 versions instead.
-
-// MarshalJSON returns v as the JSON encoding of v.
-// It returns the stored value as the raw JSON output without any validation.
-// If v is nil, then this returns a JSON null.
-func (v RawValue) MarshalJSON() ([]byte, error) {
- // NOTE: This matches the behavior of v1 json.RawMessage.MarshalJSON.
- if v == nil {
- return []byte("null"), nil
- }
- return v, nil
-}
-
-// UnmarshalJSON sets v as the JSON encoding of b.
-// It stores a copy of the provided raw JSON input without any validation.
-func (v *RawValue) UnmarshalJSON(b []byte) error {
- // NOTE: This matches the behavior of v1 json.RawMessage.UnmarshalJSON.
- if v == nil {
- return errors.New("json.RawValue: UnmarshalJSON on nil pointer")
- }
- *v = append((*v)[:0], b...)
- return nil
-}
-
-// Kind returns the starting token kind.
-// For a valid value, this will never include '}' or ']'.
-func (v RawValue) Kind() Kind {
- if v := v[consumeWhitespace(v):]; len(v) > 0 {
- return Kind(v[0]).normalize()
- }
- return invalidKind
-}
-
-func (v *RawValue) reformat(canonical, multiline bool, prefix, indent string) error {
- var eo EncodeOptions
- if canonical {
- eo.AllowInvalidUTF8 = false // per RFC 8785, section 3.2.4
- eo.AllowDuplicateNames = false // per RFC 8785, section 3.1
- eo.canonicalizeNumbers = true // per RFC 8785, section 3.2.2.3
- eo.EscapeRune = nil // per RFC 8785, section 3.2.2.2
- eo.multiline = false // per RFC 8785, section 3.2.1
- } else {
- if s := trimLeftSpaceTab(prefix); len(s) > 0 {
- panic("json: invalid character " + quoteRune([]byte(s)) + " in indent prefix")
- }
- if s := trimLeftSpaceTab(indent); len(s) > 0 {
- panic("json: invalid character " + quoteRune([]byte(s)) + " in indent")
- }
- eo.AllowInvalidUTF8 = true
- eo.AllowDuplicateNames = true
- eo.preserveRawStrings = true
- eo.multiline = multiline // in case indent is empty
- eo.IndentPrefix = prefix
- eo.Indent = indent
- }
- eo.omitTopLevelNewline = true
-
- // Write the entire value to reformat all tokens and whitespace.
- e := getBufferedEncoder(eo)
- defer putBufferedEncoder(e)
- if err := e.WriteValue(*v); err != nil {
- return err
- }
-
- // For canonical output, we may need to reorder object members.
- if canonical {
- // Obtain a buffered encoder just to use its internal buffer as
- // a scratch buffer in reorderObjects for reordering object members.
- e2 := getBufferedEncoder(EncodeOptions{})
- defer putBufferedEncoder(e2)
-
- // Disable redundant checks performed earlier during encoding.
- d := getBufferedDecoder(e.buf, DecodeOptions{AllowInvalidUTF8: true, AllowDuplicateNames: true})
- defer putBufferedDecoder(d)
- reorderObjects(d, &e2.buf) // per RFC 8785, section 3.2.3
- }
-
- // Store the result back into the value if different.
- if !bytes.Equal(*v, e.buf) {
- *v = append((*v)[:0], e.buf...)
- }
- return nil
-}
-
-func trimLeftSpaceTab(s string) string {
- for i, r := range s {
- switch r {
- case ' ', '\t':
- default:
- return s[i:]
- }
- }
- return ""
-}
-
-type memberName struct {
- // name is the unescaped name.
- name []byte
- // before and after are byte offsets into Decoder.buf that represents
- // the entire name/value pair. It may contain leading commas.
- before, after int64
-}
-
-var memberNamePool = sync.Pool{New: func() any { return new(memberNames) }}
-
-func getMemberNames() *memberNames {
- ns := memberNamePool.Get().(*memberNames)
- *ns = (*ns)[:0]
- return ns
-}
-func putMemberNames(ns *memberNames) {
- if cap(*ns) < 1<<10 {
- for i := range *ns {
- (*ns)[i] = memberName{} // avoid pinning name
- }
- memberNamePool.Put(ns)
- }
-}
-
-type memberNames []memberName
-
-func (m *memberNames) Len() int { return len(*m) }
-func (m *memberNames) Less(i, j int) bool { return lessUTF16((*m)[i].name, (*m)[j].name) }
-func (m *memberNames) Swap(i, j int) { (*m)[i], (*m)[j] = (*m)[j], (*m)[i] }
-
-// reorderObjects recursively reorders all object members in place
-// according to the ordering specified in RFC 8785, section 3.2.3.
-//
-// Pre-conditions:
-// - The value is valid (i.e., no decoder errors should ever occur).
-// - The value is compact (i.e., no whitespace is present).
-// - Initial call is provided a Decoder reading from the start of v.
-//
-// Post-conditions:
-// - Exactly one JSON value is read from the Decoder.
-// - All fully-parsed JSON objects are reordered by directly moving
-// the members in the value buffer.
-//
-// The runtime is approximately O(n·log(n)) + O(m·log(m)),
-// where n is len(v) and m is the total number of object members.
-func reorderObjects(d *Decoder, scratch *[]byte) {
- switch tok, _ := d.ReadToken(); tok.Kind() {
- case '{':
- // Iterate and collect the name and offsets for every object member.
- members := getMemberNames()
- defer putMemberNames(members)
- var prevName []byte
- isSorted := true
-
- beforeBody := d.InputOffset() // offset after '{'
- for d.PeekKind() != '}' {
- beforeName := d.InputOffset()
- var flags valueFlags
- name, _ := d.readValue(&flags)
- name = unescapeStringMayCopy(name, flags.isVerbatim())
- reorderObjects(d, scratch)
- afterValue := d.InputOffset()
-
- if isSorted && len(*members) > 0 {
- isSorted = lessUTF16(prevName, []byte(name))
- }
- *members = append(*members, memberName{name, beforeName, afterValue})
- prevName = name
- }
- afterBody := d.InputOffset() // offset before '}'
- d.ReadToken()
-
- // Sort the members; return early if it's already sorted.
- if isSorted {
- return
- }
- // TODO(https://go.dev/issue/47619): Use slices.Sort.
- sort.Sort(members)
-
- // Append the reordered members to a new buffer,
- // then copy the reordered members back over the original members.
- // Avoid swapping in place since each member may be a different size
- // where moving a member over a smaller member may corrupt the data
- // for subsequent members before they have been moved.
- //
- // The following invariant must hold:
- // sum([m.after-m.before for m in members]) == afterBody-beforeBody
- sorted := (*scratch)[:0]
- for i, member := range *members {
- if d.buf[member.before] == ',' {
- member.before++ // trim leading comma
- }
- sorted = append(sorted, d.buf[member.before:member.after]...)
- if i < len(*members)-1 {
- sorted = append(sorted, ',') // append trailing comma
- }
- }
- if int(afterBody-beforeBody) != len(sorted) {
- panic("BUG: length invariant violated")
- }
- copy(d.buf[beforeBody:afterBody], sorted)
-
- // Update scratch buffer to the largest amount ever used.
- if len(sorted) > len(*scratch) {
- *scratch = sorted
- }
- case '[':
- for d.PeekKind() != ']' {
- reorderObjects(d, scratch)
- }
- d.ReadToken()
- }
-}
-
-// lessUTF16 reports whether x is lexicographically less than y according
-// to the UTF-16 codepoints of the UTF-8 encoded input strings.
-// This implements the ordering specified in RFC 8785, section 3.2.3.
-// The inputs must be valid UTF-8, otherwise this may panic.
-func lessUTF16[Bytes []byte | string](x, y Bytes) bool {
- // NOTE: This is an optimized, allocation-free implementation
- // of lessUTF16Simple in fuzz_test.go. FuzzLessUTF16 verifies that the
- // two implementations agree on the result of comparing any two strings.
-
- isUTF16Self := func(r rune) bool {
- return ('\u0000' <= r && r <= '\uD7FF') || ('\uE000' <= r && r <= '\uFFFF')
- }
-
- var invalidUTF8 bool
- x0, y0 := x, y
- for {
- if len(x) == 0 || len(y) == 0 {
- if len(x) == len(y) && invalidUTF8 {
- return string(x0) < string(y0)
- }
- return len(x) < len(y)
- }
-
- // ASCII fast-path.
- if x[0] < utf8.RuneSelf || y[0] < utf8.RuneSelf {
- if x[0] != y[0] {
- return x[0] < y[0]
- }
- x, y = x[1:], y[1:]
- continue
- }
-
- // Decode next pair of runes as UTF-8.
- // TODO(https://go.dev/issue/56948): Use a generic implementation
- // of utf8.DecodeRune, or rely on a compiler optimization to statically
- // hide the cost of a type switch (https://go.dev/issue/57072).
- var rx, ry rune
- var nx, ny int
- switch any(x).(type) {
- case string:
- rx, nx = utf8.DecodeRuneInString(string(x))
- ry, ny = utf8.DecodeRuneInString(string(y))
- case []byte:
- rx, nx = utf8.DecodeRune([]byte(x))
- ry, ny = utf8.DecodeRune([]byte(y))
- }
-
- selfx := isUTF16Self(rx)
- selfy := isUTF16Self(ry)
- switch {
- // The x rune is a single UTF-16 codepoint, while
- // the y rune is a surrogate pair of UTF-16 codepoints.
- case selfx && !selfy:
- ry, _ = utf16.EncodeRune(ry)
- // The y rune is a single UTF-16 codepoint, while
- // the x rune is a surrogate pair of UTF-16 codepoints.
- case selfy && !selfx:
- rx, _ = utf16.EncodeRune(rx)
- }
- if rx != ry {
- return rx < ry
- }
- invalidUTF8 = invalidUTF8 || (rx == utf8.RuneError && nx == 1) || (ry == utf8.RuneError && ny == 1)
- x, y = x[nx:], y[ny:]
- }
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/schemaconv/openapi.go b/vendor/k8s.io/kube-openapi/pkg/schemaconv/openapi.go
index 81280aae6..6067ee03d 100644
--- a/vendor/k8s.io/kube-openapi/pkg/schemaconv/openapi.go
+++ b/vendor/k8s.io/kube-openapi/pkg/schemaconv/openapi.go
@@ -140,7 +140,7 @@ func (c *convert) makeOpenAPIRef(specSchema *spec.Schema) schema.TypeRef {
// to deduplicate)
mapRelationship, err := getMapElementRelationship(specSchema.Extensions)
if err != nil {
- c.reportError(err.Error())
+ c.reportError("%v", err)
}
if len(mapRelationship) > 0 {
@@ -212,7 +212,7 @@ func (c *convert) parseObject(s *spec.Schema) *schema.Map {
relationship, err := getMapElementRelationship(s.Extensions)
if err != nil {
- c.reportError(err.Error())
+ c.reportError("%v", err)
}
return &schema.Map{
@@ -225,7 +225,7 @@ func (c *convert) parseObject(s *spec.Schema) *schema.Map {
func (c *convert) parseList(s *spec.Schema) *schema.List {
relationship, mapKeys, err := getListElementRelationship(s.Extensions)
if err != nil {
- c.reportError(err.Error())
+ c.reportError("%v", err)
}
elementType := func() schema.TypeRef {
if s.Items != nil {
diff --git a/vendor/k8s.io/kube-openapi/pkg/schemaconv/proto_models.go b/vendor/k8s.io/kube-openapi/pkg/schemaconv/proto_models.go
index e40f6056e..6a8b9f44a 100644
--- a/vendor/k8s.io/kube-openapi/pkg/schemaconv/proto_models.go
+++ b/vendor/k8s.io/kube-openapi/pkg/schemaconv/proto_models.go
@@ -72,7 +72,7 @@ func (c *convert) makeRef(model proto.Schema, preserveUnknownFields bool) schema
mapRelationship, err := getMapElementRelationship(model.GetExtensions())
if err != nil {
- c.reportError(err.Error())
+ c.reportError("%v", err)
}
// empty string means unset.
@@ -114,7 +114,7 @@ func (c *convert) VisitKind(k *proto.Kind) {
unions, err := makeUnions(k.GetExtensions())
if err != nil {
- c.reportError(err.Error())
+ c.reportError("%v", err)
return
}
// TODO: We should check that the fields and discriminator
@@ -129,14 +129,14 @@ func (c *convert) VisitKind(k *proto.Kind) {
a.Map.ElementRelationship, err = getMapElementRelationship(k.GetExtensions())
if err != nil {
- c.reportError(err.Error())
+ c.reportError("%v", err)
}
}
func (c *convert) VisitArray(a *proto.Array) {
relationship, mapKeys, err := getListElementRelationship(a.GetExtensions())
if err != nil {
- c.reportError(err.Error())
+ c.reportError("%v", err)
}
atom := c.top()
@@ -150,7 +150,7 @@ func (c *convert) VisitArray(a *proto.Array) {
func (c *convert) VisitMap(m *proto.Map) {
relationship, err := getMapElementRelationship(m.GetExtensions())
if err != nil {
- c.reportError(err.Error())
+ c.reportError("%v", err)
}
a := c.top()
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go b/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go
index 1f62c6e77..1b3dfff1d 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -46,14 +47,14 @@ func (e *Encoding) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2), nil
}
-func (e *Encoding) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (e *Encoding) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
EncodingProps encodingPropsOmitZero `json:",inline"`
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
}
x.Extensions = internal.SanitizeExtensions(e.Extensions)
x.EncodingProps = encodingPropsOmitZero(e.EncodingProps)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (e *Encoding) UnmarshalJSON(data []byte) error {
@@ -69,12 +70,12 @@ func (e *Encoding) UnmarshalJSON(data []byte) error {
return nil
}
-func (e *Encoding) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (e *Encoding) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
EncodingProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/example.go b/vendor/k8s.io/kube-openapi/pkg/spec3/example.go
index 8834a92e6..3edb10492 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/example.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/example.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -53,16 +54,16 @@ func (e *Example) MarshalJSON() ([]byte, error) {
}
return swag.ConcatJSON(b1, b2, b3), nil
}
-func (e *Example) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (e *Example) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
Ref string `json:"$ref,omitempty"`
ExampleProps `json:",inline"`
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
}
x.Ref = e.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(e.Extensions)
x.ExampleProps = e.ExampleProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (e *Example) UnmarshalJSON(data []byte) error {
@@ -81,12 +82,12 @@ func (e *Example) UnmarshalJSON(data []byte) error {
return nil
}
-func (e *Example) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (e *Example) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
ExampleProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
if err := internal.JSONRefFromMap(&e.Ref.Ref, x.Extensions); err != nil {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go b/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go
index f0515496e..7a83c53c0 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -53,14 +54,14 @@ func (e *ExternalDocumentation) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2), nil
}
-func (e *ExternalDocumentation) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (e *ExternalDocumentation) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
ExternalDocumentationProps `json:",inline"`
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
}
x.Extensions = internal.SanitizeExtensions(e.Extensions)
x.ExternalDocumentationProps = e.ExternalDocumentationProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (e *ExternalDocumentation) UnmarshalJSON(data []byte) error {
@@ -76,12 +77,12 @@ func (e *ExternalDocumentation) UnmarshalJSON(data []byte) error {
return nil
}
-func (e *ExternalDocumentation) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (e *ExternalDocumentation) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
ExternalDocumentationProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
e.Extensions = internal.SanitizeExtensions(x.Extensions)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/header.go b/vendor/k8s.io/kube-openapi/pkg/spec3/header.go
index 9ea30628c..475817f66 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/header.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/header.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -54,16 +55,16 @@ func (h *Header) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2, b3), nil
}
-func (h *Header) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (h *Header) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
Ref string `json:"$ref,omitempty"`
HeaderProps headerPropsOmitZero `json:",inline"`
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
}
x.Ref = h.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(h.Extensions)
x.HeaderProps = headerPropsOmitZero(h.HeaderProps)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (h *Header) UnmarshalJSON(data []byte) error {
@@ -83,12 +84,12 @@ func (h *Header) UnmarshalJSON(data []byte) error {
return nil
}
-func (h *Header) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (h *Header) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
HeaderProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
if err := internal.JSONRefFromMap(&h.Ref.Ref, x.Extensions); err != nil {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go b/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go
index 47eef1edb..c9062b238 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -49,14 +50,14 @@ func (m *MediaType) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2), nil
}
-func (e *MediaType) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (e *MediaType) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
MediaTypeProps mediaTypePropsOmitZero `json:",inline"`
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
}
x.Extensions = internal.SanitizeExtensions(e.Extensions)
x.MediaTypeProps = mediaTypePropsOmitZero(e.MediaTypeProps)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (m *MediaType) UnmarshalJSON(data []byte) error {
@@ -72,12 +73,12 @@ func (m *MediaType) UnmarshalJSON(data []byte) error {
return nil
}
-func (m *MediaType) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (m *MediaType) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
MediaTypeProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
m.Extensions = internal.SanitizeExtensions(x.Extensions)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go b/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go
index f1e102547..8219b29d0 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -49,14 +50,14 @@ func (o *Operation) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2), nil
}
-func (o *Operation) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (o *Operation) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
OperationProps operationPropsOmitZero `json:",inline"`
}
x.Extensions = internal.SanitizeExtensions(o.Extensions)
x.OperationProps = operationPropsOmitZero(o.OperationProps)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
// UnmarshalJSON hydrates this items instance with the data from JSON
@@ -70,12 +71,12 @@ func (o *Operation) UnmarshalJSON(data []byte) error {
return json.Unmarshal(data, &o.VendorExtensible)
}
-func (o *Operation) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (o *Operation) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
OperationProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
o.Extensions = internal.SanitizeExtensions(x.Extensions)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go b/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go
index ada7edb63..a5e7d46c4 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -54,16 +55,16 @@ func (p *Parameter) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2, b3), nil
}
-func (p *Parameter) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (p *Parameter) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
Ref string `json:"$ref,omitempty"`
ParameterProps parameterPropsOmitZero `json:",inline"`
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
}
x.Ref = p.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(p.Extensions)
x.ParameterProps = parameterPropsOmitZero(p.ParameterProps)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (p *Parameter) UnmarshalJSON(data []byte) error {
@@ -84,12 +85,12 @@ func (p *Parameter) UnmarshalJSON(data []byte) error {
return nil
}
-func (p *Parameter) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (p *Parameter) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
ParameterProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
if err := internal.JSONRefFromMap(&p.Ref.Ref, x.Extensions); err != nil {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/path.go b/vendor/k8s.io/kube-openapi/pkg/spec3/path.go
index 16fbbb4dd..cb04cf0f9 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/path.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/path.go
@@ -24,6 +24,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -57,7 +58,7 @@ func (p *Paths) MarshalJSON() ([]byte, error) {
return concated, nil
}
-func (p *Paths) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (p *Paths) MarshalJSONTo(enc *jsontext.Encoder) error {
m := make(map[string]any, len(p.Extensions)+len(p.Paths))
for k, v := range p.Extensions {
if internal.IsExtensionKey(k) {
@@ -69,7 +70,7 @@ func (p *Paths) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder)
m[k] = v
}
}
- return opts.MarshalNext(enc, m)
+ return jsonv2.MarshalEncode(enc, m)
}
// UnmarshalJSON hydrates this items instance with the data from JSON
@@ -106,7 +107,7 @@ func (p *Paths) UnmarshalJSON(data []byte) error {
return nil
}
-func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (p *Paths) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
tok, err := dec.ReadToken()
if err != nil {
return err
@@ -129,7 +130,7 @@ func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Deco
switch k := tok.String(); {
case internal.IsExtensionKey(k):
var ext any
- if err := opts.UnmarshalNext(dec, &ext); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &ext); err != nil {
return err
}
@@ -139,7 +140,7 @@ func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Deco
p.Extensions[k] = ext
case len(k) > 0 && k[0] == '/':
pi := Path{}
- if err := opts.UnmarshalNext(dec, &pi); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &pi); err != nil {
return err
}
@@ -188,16 +189,16 @@ func (p *Path) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2, b3), nil
}
-func (p *Path) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (p *Path) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- Ref string `json:"$ref,omitempty"`
- spec.Extensions
+ Ref string `json:"$ref,omitempty"`
+ Extensions spec.Extensions `json:",inline"`
PathProps
}
x.Ref = p.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(p.Extensions)
x.PathProps = p.PathProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (p *Path) UnmarshalJSON(data []byte) error {
@@ -216,13 +217,13 @@ func (p *Path) UnmarshalJSON(data []byte) error {
return nil
}
-func (p *Path) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (p *Path) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
PathProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
if err := internal.JSONRefFromMap(&p.Ref.Ref, x.Extensions); err != nil {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go b/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go
index 6f8607e40..b39c0d4fe 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -54,16 +55,16 @@ func (r *RequestBody) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2, b3), nil
}
-func (r *RequestBody) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (r *RequestBody) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
Ref string `json:"$ref,omitempty"`
RequestBodyProps requestBodyPropsOmitZero `json:",inline"`
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
}
x.Ref = r.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(r.Extensions)
x.RequestBodyProps = requestBodyPropsOmitZero(r.RequestBodyProps)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (r *RequestBody) UnmarshalJSON(data []byte) error {
@@ -98,12 +99,12 @@ type requestBodyPropsOmitZero struct {
Required bool `json:"required,omitzero"`
}
-func (r *RequestBody) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (r *RequestBody) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
RequestBodyProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
if err := internal.JSONRefFromMap(&r.Ref.Ref, x.Extensions); err != nil {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/response.go b/vendor/k8s.io/kube-openapi/pkg/spec3/response.go
index 73e241fdc..72ad9882d 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/response.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/response.go
@@ -24,6 +24,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -51,11 +52,11 @@ func (r *Responses) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2), nil
}
-func (r Responses) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (r Responses) MarshalJSONTo(enc *jsontext.Encoder) error {
type ArbitraryKeys map[string]interface{}
var x struct {
- ArbitraryKeys
- Default *Response `json:"default,omitzero"`
+ ArbitraryKeys ArbitraryKeys `json:",inline"`
+ Default *Response `json:"default,omitzero"`
}
x.ArbitraryKeys = make(map[string]any, len(r.Extensions)+len(r.StatusCodeResponses))
for k, v := range r.Extensions {
@@ -67,7 +68,7 @@ func (r Responses) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encod
x.ArbitraryKeys[strconv.Itoa(k)] = v
}
x.Default = r.Default
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (r *Responses) UnmarshalJSON(data []byte) error {
@@ -136,7 +137,7 @@ func (r *ResponsesProps) UnmarshalJSON(data []byte) error {
return nil
}
-func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) (err error) {
+func (r *Responses) UnmarshalJSONFrom(dec *jsontext.Decoder) (err error) {
tok, err := dec.ReadToken()
if err != nil {
return err
@@ -157,7 +158,7 @@ func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.
switch k := tok.String(); {
case internal.IsExtensionKey(k):
var ext any
- if err := opts.UnmarshalNext(dec, &ext); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &ext); err != nil {
return err
}
@@ -167,14 +168,14 @@ func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.
r.Extensions[k] = ext
case k == "default":
resp := Response{}
- if err := opts.UnmarshalNext(dec, &resp); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &resp); err != nil {
return err
}
r.ResponsesProps.Default = &resp
default:
if nk, err := strconv.Atoi(k); err == nil {
resp := Response{}
- if err := opts.UnmarshalNext(dec, &resp); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &resp); err != nil {
return err
}
@@ -219,16 +220,16 @@ func (r *Response) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2, b3), nil
}
-func (r Response) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (r Response) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- Ref string `json:"$ref,omitempty"`
- spec.Extensions
+ Ref string `json:"$ref,omitempty"`
+ Extensions spec.Extensions `json:",inline"`
ResponseProps `json:",inline"`
}
x.Ref = r.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(r.Extensions)
x.ResponseProps = r.ResponseProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (r *Response) UnmarshalJSON(data []byte) error {
@@ -247,12 +248,12 @@ func (r *Response) UnmarshalJSON(data []byte) error {
return nil
}
-func (r *Response) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (r *Response) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
ResponseProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
if err := internal.JSONRefFromMap(&r.Ref.Ref, x.Extensions); err != nil {
@@ -302,16 +303,16 @@ func (r *Link) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2, b3), nil
}
-func (r *Link) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (r *Link) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- Ref string `json:"$ref,omitempty"`
- spec.Extensions
- LinkProps `json:",inline"`
+ Ref string `json:"$ref,omitempty"`
+ Extensions spec.Extensions `json:",inline"`
+ LinkProps `json:",inline"`
}
x.Ref = r.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(r.Extensions)
x.LinkProps = r.LinkProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (r *Link) UnmarshalJSON(data []byte) error {
@@ -331,12 +332,12 @@ func (r *Link) UnmarshalJSON(data []byte) error {
return nil
}
-func (l *Link) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (l *Link) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
LinkProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
if err := internal.JSONRefFromMap(&l.Ref.Ref, x.Extensions); err != nil {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go b/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go
index dd1e98ed8..9bc180eaf 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -52,16 +53,16 @@ func (s *SecurityScheme) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2, b3), nil
}
-func (s *SecurityScheme) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (s *SecurityScheme) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
Ref string `json:"$ref,omitempty"`
SecuritySchemeProps `json:",inline"`
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
}
x.Ref = s.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(s.Extensions)
x.SecuritySchemeProps = s.SecuritySchemeProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
// UnmarshalJSON hydrates this items instance with the data from JSON
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/server.go b/vendor/k8s.io/kube-openapi/pkg/spec3/server.go
index 654a42c06..3037fbce4 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/server.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/server.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -55,14 +56,14 @@ func (s *Server) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2), nil
}
-func (s *Server) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (s *Server) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
ServerProps `json:",inline"`
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
}
x.Extensions = internal.SanitizeExtensions(s.Extensions)
x.ServerProps = s.ServerProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (s *Server) UnmarshalJSON(data []byte) error {
@@ -79,12 +80,12 @@ func (s *Server) UnmarshalJSON(data []byte) error {
return nil
}
-func (s *Server) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (s *Server) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
ServerProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
s.Extensions = internal.SanitizeExtensions(x.Extensions)
@@ -123,14 +124,14 @@ func (s *ServerVariable) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2), nil
}
-func (s *ServerVariable) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (s *ServerVariable) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
ServerVariableProps `json:",inline"`
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
}
x.Extensions = internal.SanitizeExtensions(s.Extensions)
x.ServerVariableProps = s.ServerVariableProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
func (s *ServerVariable) UnmarshalJSON(data []byte) error {
@@ -146,12 +147,12 @@ func (s *ServerVariable) UnmarshalJSON(data []byte) error {
return nil
}
-func (s *ServerVariable) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (s *ServerVariable) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- spec.Extensions
+ Extensions spec.Extensions `json:",inline"`
ServerVariableProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
s.Extensions = internal.SanitizeExtensions(x.Extensions)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go b/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
index 5db819c7f..91b1ae333 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
@@ -21,6 +21,7 @@ import (
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
"k8s.io/kube-openapi/pkg/validation/spec"
)
@@ -60,7 +61,7 @@ func (o *OpenAPI) MarshalJSON() ([]byte, error) {
return json.Marshal(&p)
}
-func (o *OpenAPI) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (o *OpenAPI) MarshalJSONTo(enc *jsontext.Encoder) error {
type OpenAPIOmitZero struct {
Version string `json:"openapi"`
Info *spec.Info `json:"info"`
@@ -71,5 +72,5 @@ func (o *OpenAPI) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encode
ExternalDocs *ExternalDocumentation `json:"externalDocs,omitzero"`
}
x := (*OpenAPIOmitZero)(o)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/header.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/header.go
index 05310c46b..5aa66ae25 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/header.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/header.go
@@ -20,6 +20,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
const (
@@ -65,18 +66,18 @@ func (h Header) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2, b3, b4), nil
}
-func (h Header) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (h Header) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
CommonValidations commonValidationsOmitZero `json:",inline"`
SimpleSchema simpleSchemaOmitZero `json:",inline"`
- Extensions
+ Extensions Extensions `json:",inline"`
HeaderProps
}
x.CommonValidations = commonValidationsOmitZero(h.CommonValidations)
x.SimpleSchema = simpleSchemaOmitZero(h.SimpleSchema)
x.Extensions = internal.SanitizeExtensions(h.Extensions)
x.HeaderProps = h.HeaderProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
// UnmarshalJSON unmarshals this header from JSON
@@ -97,15 +98,15 @@ func (h *Header) UnmarshalJSON(data []byte) error {
return json.Unmarshal(data, &h.HeaderProps)
}
-func (h *Header) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (h *Header) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
CommonValidations
SimpleSchema
- Extensions
+ Extensions Extensions `json:",inline"`
HeaderProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/info.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/info.go
index d667b705b..8d002a1c5 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/info.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/info.go
@@ -21,6 +21,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// Extensions vendor specific extensions
@@ -183,14 +184,14 @@ func (i Info) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2), nil
}
-func (i Info) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (i Info) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
InfoProps
}
x.Extensions = i.Extensions
x.InfoProps = i.InfoProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
// UnmarshalJSON marshal this from JSON
@@ -205,12 +206,12 @@ func (i *Info) UnmarshalJSON(data []byte) error {
return json.Unmarshal(data, &i.VendorExtensible)
}
-func (i *Info) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (i *Info) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
InfoProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
i.Extensions = internal.SanitizeExtensions(x.Extensions)
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/items.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/items.go
index 4132467d2..6fbb19a46 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/items.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/items.go
@@ -20,6 +20,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
const (
@@ -122,13 +123,13 @@ func (i *Items) UnmarshalJSON(data []byte) error {
return nil
}
-func (i *Items) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (i *Items) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
CommonValidations
SimpleSchema
- Extensions
+ Extensions Extensions `json:",inline"`
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
if err := i.Refable.Ref.fromMap(x.Extensions); err != nil {
@@ -165,16 +166,16 @@ func (i Items) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b4, b3, b1, b2), nil
}
-func (i Items) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (i Items) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
CommonValidations commonValidationsOmitZero `json:",inline"`
SimpleSchema simpleSchemaOmitZero `json:",inline"`
Ref string `json:"$ref,omitempty"`
- Extensions
+ Extensions Extensions `json:",inline"`
}
x.CommonValidations = commonValidationsOmitZero(i.CommonValidations)
x.SimpleSchema = simpleSchemaOmitZero(i.SimpleSchema)
x.Ref = i.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(i.Extensions)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/operation.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/operation.go
index 63eed3460..99b620f94 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/operation.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/operation.go
@@ -20,6 +20,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// OperationProps describes an operation
@@ -104,13 +105,13 @@ func (o *Operation) UnmarshalJSON(data []byte) error {
return json.Unmarshal(data, &o.VendorExtensible)
}
-func (o *Operation) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (o *Operation) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
type OperationPropsNoMethods OperationProps // strip MarshalJSON method
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
OperationPropsNoMethods
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
o.Extensions = internal.SanitizeExtensions(x.Extensions)
@@ -135,12 +136,12 @@ func (o Operation) MarshalJSON() ([]byte, error) {
return concated, nil
}
-func (o Operation) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (o Operation) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
OperationProps operationPropsOmitZero `json:",inline"`
}
x.Extensions = internal.SanitizeExtensions(o.Extensions)
x.OperationProps = operationPropsOmitZero(o.OperationProps)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/parameter.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/parameter.go
index 53d1e0aa9..f2e61a721 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/parameter.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/parameter.go
@@ -20,6 +20,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// ParamProps describes the specific attributes of an operation parameter
@@ -107,14 +108,14 @@ func (p *Parameter) UnmarshalJSON(data []byte) error {
return json.Unmarshal(data, &p.ParamProps)
}
-func (p *Parameter) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (p *Parameter) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
CommonValidations
SimpleSchema
- Extensions
+ Extensions Extensions `json:",inline"`
ParamProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
if err := p.Refable.Ref.fromMap(x.Extensions); err != nil {
@@ -155,18 +156,18 @@ func (p Parameter) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b3, b1, b2, b4, b5), nil
}
-func (p Parameter) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (p Parameter) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
CommonValidations commonValidationsOmitZero `json:",inline"`
SimpleSchema simpleSchemaOmitZero `json:",inline"`
ParamProps paramPropsOmitZero `json:",inline"`
Ref string `json:"$ref,omitempty"`
- Extensions
+ Extensions Extensions `json:",inline"`
}
x.CommonValidations = commonValidationsOmitZero(p.CommonValidations)
x.SimpleSchema = simpleSchemaOmitZero(p.SimpleSchema)
x.Extensions = internal.SanitizeExtensions(p.Extensions)
x.ParamProps = paramPropsOmitZero(p.ParamProps)
x.Ref = p.Refable.Ref.String()
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/path_item.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/path_item.go
index 1d1588cb9..f2a0d9542 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/path_item.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/path_item.go
@@ -20,6 +20,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// PathItemProps the path item specific properties
@@ -61,13 +62,13 @@ func (p *PathItem) UnmarshalJSON(data []byte) error {
return json.Unmarshal(data, &p.PathItemProps)
}
-func (p *PathItem) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (p *PathItem) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
PathItemProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
if err := p.Refable.Ref.fromMap(x.Extensions); err != nil {
@@ -100,14 +101,14 @@ func (p PathItem) MarshalJSON() ([]byte, error) {
return concated, nil
}
-func (p PathItem) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (p PathItem) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- Ref string `json:"$ref,omitempty"`
- Extensions
+ Ref string `json:"$ref,omitempty"`
+ Extensions Extensions `json:",inline"`
PathItemProps
}
x.Ref = p.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(p.Extensions)
x.PathItemProps = p.PathItemProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/paths.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/paths.go
index 18f6a9f42..23b72ccce 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/paths.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/paths.go
@@ -22,6 +22,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// Paths holds the relative paths to the individual endpoints.
@@ -70,7 +71,7 @@ func (p *Paths) UnmarshalJSON(data []byte) error {
return nil
}
-func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (p *Paths) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
tok, err := dec.ReadToken()
if err != nil {
return err
@@ -94,7 +95,7 @@ func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Deco
switch k := tok.String(); {
case internal.IsExtensionKey(k):
ext = nil
- if err := opts.UnmarshalNext(dec, &ext); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &ext); err != nil {
return err
}
@@ -104,7 +105,7 @@ func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Deco
p.Extensions[k] = ext
case len(k) > 0 && k[0] == '/':
pi = PathItem{}
- if err := opts.UnmarshalNext(dec, &pi); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &pi); err != nil {
return err
}
@@ -148,7 +149,7 @@ func (p Paths) MarshalJSON() ([]byte, error) {
return concated, nil
}
-func (p Paths) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (p Paths) MarshalJSONTo(enc *jsontext.Encoder) error {
m := make(map[string]any, len(p.Extensions)+len(p.Paths))
for k, v := range p.Extensions {
if internal.IsExtensionKey(k) {
@@ -160,5 +161,5 @@ func (p Paths) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder)
m[k] = v
}
}
- return opts.MarshalNext(enc, m)
+ return jsonv2.MarshalEncode(enc, m)
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/ref.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/ref.go
index 775b3b0c3..29cec6193 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/ref.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/ref.go
@@ -16,10 +16,6 @@ package spec
import (
"encoding/json"
- "net/http"
- "os"
- "path/filepath"
-
"github.com/go-openapi/jsonreference"
"k8s.io/kube-openapi/pkg/internal"
@@ -56,52 +52,6 @@ func (r *Ref) RemoteURI() string {
return u.String()
}
-// IsValidURI returns true when the url the ref points to can be found
-func (r *Ref) IsValidURI(basepaths ...string) bool {
- if r.String() == "" {
- return true
- }
-
- v := r.RemoteURI()
- if v == "" {
- return true
- }
-
- if r.HasFullURL {
- rr, err := http.Get(v)
- if err != nil {
- return false
- }
-
- return rr.StatusCode/100 == 2
- }
-
- if !(r.HasFileScheme || r.HasFullFilePath || r.HasURLPathOnly) {
- return false
- }
-
- // check for local file
- pth := v
- if r.HasURLPathOnly {
- base := "."
- if len(basepaths) > 0 {
- base = filepath.Dir(filepath.Join(basepaths...))
- }
- p, e := filepath.Abs(filepath.ToSlash(filepath.Join(base, pth)))
- if e != nil {
- return false
- }
- pth = p
- }
-
- fi, err := os.Stat(filepath.ToSlash(pth))
- if err != nil {
- return false
- }
-
- return !fi.IsDir()
-}
-
// Inherits creates a new reference from a parent and a child
// If the child cannot inherit from the parent, an error is returned
func (r *Ref) Inherits(child Ref) (*Ref, error) {
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/response.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/response.go
index 3ff1fe132..585a93acc 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/response.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/response.go
@@ -20,6 +20,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// ResponseProps properties specific to a response
@@ -67,13 +68,13 @@ func (r *Response) UnmarshalJSON(data []byte) error {
return nil
}
-func (r *Response) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (r *Response) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
ResponseProps
- Extensions
+ Extensions Extensions `json:",inline"`
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
@@ -106,16 +107,16 @@ func (r Response) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2, b3), nil
}
-func (r Response) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (r Response) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- Ref string `json:"$ref,omitempty"`
- Extensions
+ Ref string `json:"$ref,omitempty"`
+ Extensions Extensions `json:",inline"`
ResponseProps responsePropsOmitZero `json:",inline"`
}
x.Ref = r.Refable.Ref.String()
x.Extensions = internal.SanitizeExtensions(r.Extensions)
x.ResponseProps = responsePropsOmitZero(r.ResponseProps)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
// NewResponse creates a new response instance
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/responses.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/responses.go
index d9ad760a4..a1a3d0fd5 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/responses.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/responses.go
@@ -23,6 +23,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// Responses is a container for the expected responses of an operation.
@@ -78,11 +79,11 @@ func (r Responses) MarshalJSON() ([]byte, error) {
return concated, nil
}
-func (r Responses) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (r Responses) MarshalJSONTo(enc *jsontext.Encoder) error {
type ArbitraryKeys map[string]interface{}
var x struct {
- ArbitraryKeys
- Default *Response `json:"default,omitempty"`
+ ArbitraryKeys ArbitraryKeys `json:",inline"`
+ Default *Response `json:"default,omitempty"`
}
x.ArbitraryKeys = make(map[string]any, len(r.Extensions)+len(r.StatusCodeResponses))
for k, v := range r.Extensions {
@@ -94,7 +95,7 @@ func (r Responses) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encod
x.ArbitraryKeys[strconv.Itoa(k)] = v
}
x.Default = r.Default
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
// ResponsesProps describes all responses for an operation.
@@ -150,7 +151,7 @@ func (r *ResponsesProps) UnmarshalJSON(data []byte) error {
return nil
}
-func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) (err error) {
+func (r *Responses) UnmarshalJSONFrom(dec *jsontext.Decoder) (err error) {
tok, err := dec.ReadToken()
if err != nil {
return err
@@ -172,7 +173,7 @@ func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.
switch k := tok.String(); {
case internal.IsExtensionKey(k):
ext = nil
- if err := opts.UnmarshalNext(dec, &ext); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &ext); err != nil {
return err
}
@@ -182,7 +183,7 @@ func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.
r.Extensions[k] = ext
case k == "default":
resp = Response{}
- if err := opts.UnmarshalNext(dec, &resp); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &resp); err != nil {
return err
}
@@ -191,7 +192,7 @@ func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.
default:
if nk, err := strconv.Atoi(k); err == nil {
resp = Response{}
- if err := opts.UnmarshalNext(dec, &resp); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &resp); err != nil {
return err
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/schema.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/schema.go
index dfbb2e05c..6c0c6fc14 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/schema.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/schema.go
@@ -23,6 +23,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// BooleanProperty creates a boolean property
@@ -517,10 +518,10 @@ func (s Schema) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2, b3, b4, b5, b6), nil
}
-func (s Schema) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (s Schema) MarshalJSONTo(enc *jsontext.Encoder) error {
type ArbitraryKeys map[string]interface{}
var x struct {
- ArbitraryKeys
+ ArbitraryKeys ArbitraryKeys `json:",inline"`
SchemaProps schemaPropsOmitZero `json:",inline"`
SwaggerSchemaProps swaggerSchemaPropsOmitZero `json:",inline"`
Schema string `json:"$schema,omitempty"`
@@ -539,7 +540,7 @@ func (s Schema) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder)
x.SwaggerSchemaProps = swaggerSchemaPropsOmitZero(s.SwaggerSchemaProps)
x.Ref = s.Ref.String()
x.Schema = string(s.Schema)
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
// UnmarshalJSON marshal this from JSON
@@ -595,13 +596,13 @@ func (s *Schema) UnmarshalJSON(data []byte) error {
return nil
}
-func (s *Schema) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (s *Schema) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
SchemaProps
SwaggerSchemaProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/security_scheme.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/security_scheme.go
index e2b7da14c..7c7b6bdd8 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/security_scheme.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/security_scheme.go
@@ -20,6 +20,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// SecuritySchemeProps describes a swagger security scheme in the securityDefinitions section
@@ -60,14 +61,14 @@ func (s SecurityScheme) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2), nil
}
-func (s SecurityScheme) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (s SecurityScheme) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
SecuritySchemeProps
}
x.Extensions = internal.SanitizeExtensions(s.Extensions)
x.SecuritySchemeProps = s.SecuritySchemeProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
// UnmarshalJSON marshal this from JSON
@@ -78,12 +79,12 @@ func (s *SecurityScheme) UnmarshalJSON(data []byte) error {
return json.Unmarshal(data, &s.VendorExtensible)
}
-func (s *SecurityScheme) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (s *SecurityScheme) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
SecuritySchemeProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
s.Extensions = internal.SanitizeExtensions(x.Extensions)
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/swagger.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/swagger.go
index c8f3beaa3..533b7cc83 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/swagger.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/swagger.go
@@ -21,6 +21,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// Swagger this is the root document object for the API specification.
@@ -50,14 +51,14 @@ func (s Swagger) MarshalJSON() ([]byte, error) {
}
// MarshalJSON marshals this swagger structure to json
-func (s Swagger) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (s Swagger) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
SwaggerProps
}
x.Extensions = internal.SanitizeExtensions(s.Extensions)
x.SwaggerProps = s.SwaggerProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
// UnmarshalJSON unmarshals a swagger spec from json
@@ -76,16 +77,16 @@ func (s *Swagger) UnmarshalJSON(data []byte) error {
return nil
}
-func (s *Swagger) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (s *Swagger) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
// Note: If you're willing to make breaking changes, it is possible to
// optimize this and other usages of this pattern:
// https://github.com/kubernetes/kube-openapi/pull/319#discussion_r983165948
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
SwaggerProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
s.Extensions = internal.SanitizeExtensions(x.Extensions)
@@ -146,15 +147,15 @@ func (s SchemaOrBool) MarshalJSON() ([]byte, error) {
}
// MarshalJSON convert this object to JSON
-func (s SchemaOrBool) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (s SchemaOrBool) MarshalJSONTo(enc *jsontext.Encoder) error {
if s.Schema != nil {
- return opts.MarshalNext(enc, s.Schema)
+ return jsonv2.MarshalEncode(enc, s.Schema)
}
if s.Schema == nil && !s.Allows {
- return enc.WriteToken(jsonv2.False)
+ return enc.WriteToken(jsontext.False)
}
- return enc.WriteToken(jsonv2.True)
+ return enc.WriteToken(jsontext.True)
}
// UnmarshalJSON converts this bool or schema object from a JSON structure
@@ -178,17 +179,17 @@ func (s *SchemaOrBool) UnmarshalJSON(data []byte) error {
return nil
}
-func (s *SchemaOrBool) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (s *SchemaOrBool) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
switch k := dec.PeekKind(); k {
case '{':
- err := opts.UnmarshalNext(dec, &s.Schema)
+ err := jsonv2.UnmarshalDecode(dec, &s.Schema)
if err != nil {
return err
}
s.Allows = true
return nil
case 't', 'f':
- err := opts.UnmarshalNext(dec, &s.Allows)
+ err := jsonv2.UnmarshalDecode(dec, &s.Allows)
if err != nil {
return err
}
@@ -219,14 +220,14 @@ func (s SchemaOrStringArray) MarshalJSON() ([]byte, error) {
}
// MarshalJSON converts this schema object or array into JSON structure
-func (s SchemaOrStringArray) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (s SchemaOrStringArray) MarshalJSONTo(enc *jsontext.Encoder) error {
if len(s.Property) > 0 {
- return opts.MarshalNext(enc, s.Property)
+ return jsonv2.MarshalEncode(enc, s.Property)
}
if s.Schema != nil {
- return opts.MarshalNext(enc, s.Schema)
+ return jsonv2.MarshalEncode(enc, s.Schema)
}
- return enc.WriteToken(jsonv2.Null)
+ return enc.WriteToken(jsontext.Null)
}
// UnmarshalJSON converts this schema object or array from a JSON structure
@@ -256,12 +257,12 @@ func (s *SchemaOrStringArray) UnmarshalJSON(data []byte) error {
return nil
}
-func (s *SchemaOrStringArray) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (s *SchemaOrStringArray) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
switch dec.PeekKind() {
case '{':
- return opts.UnmarshalNext(dec, &s.Schema)
+ return jsonv2.UnmarshalDecode(dec, &s.Schema)
case '[':
- return opts.UnmarshalNext(dec, &s.Property)
+ return jsonv2.UnmarshalDecode(dec, &s.Property)
default:
_, err := dec.ReadValue()
return err
@@ -332,14 +333,14 @@ func (s *StringOrArray) UnmarshalJSON(data []byte) error {
}
}
-func (s *StringOrArray) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (s *StringOrArray) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
switch k := dec.PeekKind(); k {
case '[':
*s = StringOrArray{}
- return opts.UnmarshalNext(dec, (*[]string)(s))
+ return jsonv2.UnmarshalDecode(dec, (*[]string)(s))
case '"':
*s = StringOrArray{""}
- return opts.UnmarshalNext(dec, &(*s)[0])
+ return jsonv2.UnmarshalDecode(dec, &(*s)[0])
case 'n':
// Throw out null token
_, _ = dec.ReadToken()
@@ -392,11 +393,11 @@ func (s SchemaOrArray) MarshalJSON() ([]byte, error) {
}
// MarshalJSON converts this schema object or array into JSON structure
-func (s SchemaOrArray) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (s SchemaOrArray) MarshalJSONTo(enc *jsontext.Encoder) error {
if s.Schemas != nil {
- return opts.MarshalNext(enc, s.Schemas)
+ return jsonv2.MarshalEncode(enc, s.Schemas)
}
- return opts.MarshalNext(enc, s.Schema)
+ return jsonv2.MarshalEncode(enc, s.Schema)
}
// UnmarshalJSON converts this schema object or array from a JSON structure
@@ -426,12 +427,12 @@ func (s *SchemaOrArray) UnmarshalJSON(data []byte) error {
return nil
}
-func (s *SchemaOrArray) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (s *SchemaOrArray) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
switch dec.PeekKind() {
case '{':
- return opts.UnmarshalNext(dec, &s.Schema)
+ return jsonv2.UnmarshalDecode(dec, &s.Schema)
case '[':
- return opts.UnmarshalNext(dec, &s.Schemas)
+ return jsonv2.UnmarshalDecode(dec, &s.Schemas)
default:
_, err := dec.ReadValue()
return err
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/tag.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/tag.go
index d105d52ca..89c3d0d82 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/tag.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/tag.go
@@ -20,6 +20,7 @@ import (
"github.com/go-openapi/swag"
"k8s.io/kube-openapi/pkg/internal"
jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
+ "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext"
)
// TagProps describe a tag entry in the top level tags section of a swagger spec
@@ -55,14 +56,14 @@ func (t Tag) MarshalJSON() ([]byte, error) {
return swag.ConcatJSON(b1, b2), nil
}
-func (t Tag) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+func (t Tag) MarshalJSONTo(enc *jsontext.Encoder) error {
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
TagProps
}
x.Extensions = internal.SanitizeExtensions(t.Extensions)
x.TagProps = t.TagProps
- return opts.MarshalNext(enc, x)
+ return jsonv2.MarshalEncode(enc, x)
}
// UnmarshalJSON marshal this from JSON
@@ -77,12 +78,12 @@ func (t *Tag) UnmarshalJSON(data []byte) error {
return json.Unmarshal(data, &t.VendorExtensible)
}
-func (t *Tag) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
+func (t *Tag) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
var x struct {
- Extensions
+ Extensions Extensions `json:",inline"`
TagProps
}
- if err := opts.UnmarshalNext(dec, &x); err != nil {
+ if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
return err
}
t.Extensions = internal.SanitizeExtensions(x.Extensions)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 7c5dcaab4..7008a191b 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -473,9 +473,45 @@ github.com/go-openapi/jsonpointer
## explicit; go 1.20
github.com/go-openapi/jsonreference
github.com/go-openapi/jsonreference/internal
-# github.com/go-openapi/swag v0.23.1
-## explicit; go 1.20
+# github.com/go-openapi/swag v0.25.4
+## explicit; go 1.24.0
github.com/go-openapi/swag
+# github.com/go-openapi/swag/cmdutils v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/cmdutils
+# github.com/go-openapi/swag/conv v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/conv
+# github.com/go-openapi/swag/fileutils v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/fileutils
+# github.com/go-openapi/swag/jsonname v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/jsonname
+# github.com/go-openapi/swag/jsonutils v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/jsonutils
+github.com/go-openapi/swag/jsonutils/adapters
+github.com/go-openapi/swag/jsonutils/adapters/ifaces
+github.com/go-openapi/swag/jsonutils/adapters/stdlib/json
+# github.com/go-openapi/swag/loading v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/loading
+# github.com/go-openapi/swag/mangling v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/mangling
+# github.com/go-openapi/swag/netutils v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/netutils
+# github.com/go-openapi/swag/stringutils v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/stringutils
+# github.com/go-openapi/swag/typeutils v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/typeutils
+# github.com/go-openapi/swag/yamlutils v0.25.4
+## explicit; go 1.24.0
+github.com/go-openapi/swag/yamlutils
# github.com/go-task/slim-sprig/v3 v3.0.0
## explicit; go 1.20
github.com/go-task/slim-sprig/v3
@@ -855,9 +891,6 @@ github.com/jingyugao/rowserrcheck/passes/rowserr
# github.com/jjti/go-spancheck v0.6.5
## explicit; go 1.22.1
github.com/jjti/go-spancheck
-# github.com/josharian/intern v1.0.0
-## explicit; go 1.5
-github.com/josharian/intern
# github.com/json-iterator/go v1.1.12
## explicit; go 1.12
github.com/json-iterator/go
@@ -919,11 +952,6 @@ github.com/lucasb-eyer/go-colorful
# github.com/macabu/inamedparam v0.2.0
## explicit; go 1.23.0
github.com/macabu/inamedparam
-# github.com/mailru/easyjson v0.9.0
-## explicit; go 1.20
-github.com/mailru/easyjson/buffer
-github.com/mailru/easyjson/jlexer
-github.com/mailru/easyjson/jwriter
# github.com/manuelarte/embeddedstructfieldcheck v0.4.0
## explicit; go 1.23.0
github.com/manuelarte/embeddedstructfieldcheck/analyzer
@@ -1075,7 +1103,7 @@ github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo
github.com/openshift-eng/openshift-tests-extension/pkg/junit
github.com/openshift-eng/openshift-tests-extension/pkg/util/sets
github.com/openshift-eng/openshift-tests-extension/pkg/version
-# github.com/openshift/api v0.0.0-20260429122012-1180c0f5c3e9
+# github.com/openshift/api v0.0.0-20260629123346-784126000268
## explicit; go 1.25.0
github.com/openshift/api
github.com/openshift/api/annotations
@@ -1155,7 +1183,7 @@ github.com/openshift/api/template
github.com/openshift/api/template/v1
github.com/openshift/api/user
github.com/openshift/api/user/v1
-# github.com/openshift/client-go v0.0.0-20260429123927-c81f86abfa6a
+# github.com/openshift/client-go v0.0.0-20260629081241-b769428f4111
## explicit; go 1.25.0
github.com/openshift/client-go/config/applyconfigurations/config/v1
github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1
@@ -2666,13 +2694,18 @@ k8s.io/kube-aggregator/pkg/apis/apiregistration/v1
k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1
k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme
k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/typed/apiregistration/v1
-# k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912
-## explicit; go 1.23.0
+# k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288
+## explicit; go 1.24.0
k8s.io/kube-openapi/pkg/cached
k8s.io/kube-openapi/pkg/common
k8s.io/kube-openapi/pkg/handler3
k8s.io/kube-openapi/pkg/internal
k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
+k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal
+k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags
+k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts
+k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire
+k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext
k8s.io/kube-openapi/pkg/internal/third_party/govalidator
k8s.io/kube-openapi/pkg/schemaconv
k8s.io/kube-openapi/pkg/spec3
@@ -2957,7 +2990,7 @@ sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/
## explicit; go 1.18
sigs.k8s.io/randfill
sigs.k8s.io/randfill/bytesource
-# sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482
+# sigs.k8s.io/structured-merge-diff/v6 v6.3.2
## explicit; go 1.23
sigs.k8s.io/structured-merge-diff/v6/fieldpath
sigs.k8s.io/structured-merge-diff/v6/merge