From b5b680e6b04746699d1bfac931477492539642a4 Mon Sep 17 00:00:00 2001 From: Ben Perry Date: Fri, 24 Apr 2026 09:49:41 -0500 Subject: [PATCH] NodeUID in status to detect replaced node with same name --- go.mod | 2 + go.sum | 4 +- .../applyconfigurations/internal/internal.go | 3 + .../operator/v1/nodestatus.go | 13 ++++ .../openshift/api/apps/.codegen.yaml | 2 + .../openshift/api/authorization/.codegen.yaml | 2 + .../openshift/api/build/.codegen.yaml | 2 + .../openshift/api/cloudnetwork/.codegen.yaml | 2 + .../openshift/api/config/v1/types_network.go | 3 + .../v1/zz_generated.swagger_doc_generated.go | 2 +- .../v1alpha1/types_cluster_monitoring.go | 66 ++++++++++++------- .../config/v1alpha1/zz_generated.deepcopy.go | 7 +- .../zz_generated.swagger_doc_generated.go | 15 ++--- vendor/github.com/openshift/api/features.md | 5 +- .../openshift/api/image/.codegen.yaml | 5 ++ .../openshift/api/network/.codegen.yaml | 5 +- .../api/networkoperator/.codegen.yaml | 2 + .../openshift/api/oauth/.codegen.yaml | 2 + .../openshift/api/openapi/openapi.json | 27 ++++---- .../openshift/api/operator/v1/types.go | 7 ++ .../v1/zz_generated.swagger_doc_generated.go | 1 + .../openshift/api/project/.codegen.yaml | 2 + .../openshift/api/quota/.codegen.yaml | 2 + .../openshift/api/route/.codegen.yaml | 2 + .../openshift/api/samples/.codegen.yaml | 2 + .../openshift/api/security/.codegen.yaml | 2 + .../openshift/api/template/.codegen.yaml | 2 + .../openshift/api/user/.codegen.yaml | 2 + vendor/modules.txt | 3 +- 29 files changed, 136 insertions(+), 58 deletions(-) create mode 100644 vendor/github.com/openshift/api/apps/.codegen.yaml create mode 100644 vendor/github.com/openshift/api/authorization/.codegen.yaml create mode 100644 vendor/github.com/openshift/api/build/.codegen.yaml create mode 100644 vendor/github.com/openshift/api/project/.codegen.yaml create mode 100644 vendor/github.com/openshift/api/quota/.codegen.yaml create mode 100644 vendor/github.com/openshift/api/security/.codegen.yaml create mode 100644 vendor/github.com/openshift/api/template/.codegen.yaml create mode 100644 vendor/github.com/openshift/api/user/.codegen.yaml diff --git a/go.mod b/go.mod index 58d111aa3d..956385db34 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,8 @@ module github.com/openshift/client-go go 1.25.0 +replace github.com/openshift/api => github.com/bhperry/openshift-api v0.0.0-20260701172439-91ea97fb96d3 + require ( github.com/openshift/api v0.0.0-20260626094904-39631f42b31b github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee diff --git a/go.sum b/go.sum index 7afac635d9..2143022d0b 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +github.com/bhperry/openshift-api v0.0.0-20260701172439-91ea97fb96d3 h1:M/+G0B4S3emT+CbRMbfSUfH/KIev2Vq3WZeh8iZ5/Wk= +github.com/bhperry/openshift-api v0.0.0-20260701172439-91ea97fb96d3/go.mod h1:7WJ3IPaK6nmWT8bDcaNooHqd0H5WepjVqV/10VlkMEM= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -71,8 +73,6 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/openshift/api v0.0.0-20260626094904-39631f42b31b h1:Z1/iNCtc1qSLJC6a91Ywk2oPSB4S9v6Lzz9hFPPkvWc= -github.com/openshift/api v0.0.0-20260626094904-39631f42b31b/go.mod h1:Jm45pE7O6/G0tYYhiLzNyZykTjmf9BfhsKYuGfLLwTE= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/operator/applyconfigurations/internal/internal.go b/operator/applyconfigurations/internal/internal.go index a7f34e2640..ff46a1f102 100644 --- a/operator/applyconfigurations/internal/internal.go +++ b/operator/applyconfigurations/internal/internal.go @@ -3120,6 +3120,9 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: nodeUID + type: + scalar: string - name: targetRevision type: scalar: numeric diff --git a/operator/applyconfigurations/operator/v1/nodestatus.go b/operator/applyconfigurations/operator/v1/nodestatus.go index f107c370d2..9a796d563f 100644 --- a/operator/applyconfigurations/operator/v1/nodestatus.go +++ b/operator/applyconfigurations/operator/v1/nodestatus.go @@ -4,6 +4,7 @@ package v1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" ) // NodeStatusApplyConfiguration represents a declarative configuration of the NodeStatus type for use @@ -13,6 +14,10 @@ import ( type NodeStatusApplyConfiguration struct { // nodeName is the name of the node NodeName *string `json:"nodeName,omitempty"` + // nodeUID is the UID of the node. + // This field is used to detect that a node has been deleted and recreated with the same name. + // When the UID changes, it indicates the node is a new instance and the status should be reset. + NodeUID *types.UID `json:"nodeUID,omitempty"` // currentRevision is the generation of the most recently successful deployment. // Can not be set on creation of a nodeStatus. Updates must only increase the value. CurrentRevision *int32 `json:"currentRevision,omitempty"` @@ -47,6 +52,14 @@ func (b *NodeStatusApplyConfiguration) WithNodeName(value string) *NodeStatusApp return b } +// WithNodeUID sets the NodeUID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NodeUID field is set to the value of the last call. +func (b *NodeStatusApplyConfiguration) WithNodeUID(value types.UID) *NodeStatusApplyConfiguration { + b.NodeUID = &value + return b +} + // WithCurrentRevision sets the CurrentRevision field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the CurrentRevision field is set to the value of the last call. diff --git a/vendor/github.com/openshift/api/apps/.codegen.yaml b/vendor/github.com/openshift/api/apps/.codegen.yaml new file mode 100644 index 0000000000..f7a37129a0 --- /dev/null +++ b/vendor/github.com/openshift/api/apps/.codegen.yaml @@ -0,0 +1,2 @@ +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/authorization/.codegen.yaml b/vendor/github.com/openshift/api/authorization/.codegen.yaml new file mode 100644 index 0000000000..f7a37129a0 --- /dev/null +++ b/vendor/github.com/openshift/api/authorization/.codegen.yaml @@ -0,0 +1,2 @@ +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/build/.codegen.yaml b/vendor/github.com/openshift/api/build/.codegen.yaml new file mode 100644 index 0000000000..f7a37129a0 --- /dev/null +++ b/vendor/github.com/openshift/api/build/.codegen.yaml @@ -0,0 +1,2 @@ +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/cloudnetwork/.codegen.yaml b/vendor/github.com/openshift/api/cloudnetwork/.codegen.yaml index e69de29bb2..f7a37129a0 100644 --- a/vendor/github.com/openshift/api/cloudnetwork/.codegen.yaml +++ b/vendor/github.com/openshift/api/cloudnetwork/.codegen.yaml @@ -0,0 +1,2 @@ +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index 5e2eb93372..80b022de9f 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -331,6 +331,9 @@ type NetworkObservabilitySpec struct { // Valid values are "InstallAndEnable" and "NoAction". // When set to "InstallAndEnable", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again. // When set to "NoAction", nothing will be done regarding Network observability. + // During the installation of NetworkObservability, the platform checks for any existing manual installations. + // If a successful installation using the OLMv0 or OLMv1 API is detected, it will be used. + // If the platform cannot determine how the current version was installed, or if the existing installation is incomplete, the installation process will stop. // +required InstallationPolicy NetworkObservabilityInstallationPolicy `json:"installationPolicy,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index b321d3d7e1..e853db9793 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -2645,7 +2645,7 @@ func (NetworkMigration) SwaggerDoc() map[string]string { var map_NetworkObservabilitySpec = map[string]string{ "": "NetworkObservabilitySpec defines the configuration for network observability installation", - "installationPolicy": "installationPolicy controls whether network observability is installed during cluster deployment. Valid values are \"InstallAndEnable\" and \"NoAction\". When set to \"InstallAndEnable\", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again. When set to \"NoAction\", nothing will be done regarding Network observability.", + "installationPolicy": "installationPolicy controls whether network observability is installed during cluster deployment. Valid values are \"InstallAndEnable\" and \"NoAction\". When set to \"InstallAndEnable\", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again. When set to \"NoAction\", nothing will be done regarding Network observability. During the installation of NetworkObservability, the platform checks for any existing manual installations. If a successful installation using the OLMv0 or OLMv1 API is detected, it will be used. If the platform cannot determine how the current version was installed, or if the existing installation is incomplete, the installation process will stop.", } func (NetworkObservabilitySpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go index ca2f0216a9..d4846fd1cd 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go @@ -1552,7 +1552,7 @@ type RemoteWriteSpec struct { Name string `json:"name,omitempty"` // authorization defines the authorization method for the remote write endpoint. // When omitted, no authorization is performed. - // When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). + // When set, type must be one of Authorization, BasicAuth, OAuth2, SigV4, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). // +optional AuthorizationConfig RemoteWriteAuthorization `json:"authorization,omitzero"` // headers specifies the custom HTTP headers to be sent along with each remote write request. @@ -1654,39 +1654,49 @@ type BasicAuth struct { } // RemoteWriteAuthorizationType defines the authorization method for remote write endpoints. -// +kubebuilder:validation:Enum=BearerToken;BasicAuth;OAuth2;SigV4;SafeAuthorization;ServiceAccount +// +kubebuilder:validation:Enum=Authorization;BasicAuth;OAuth2;SigV4;ServiceAccount type RemoteWriteAuthorizationType string const ( - // RemoteWriteAuthorizationTypeBearerToken indicates bearer token from a secret. - RemoteWriteAuthorizationTypeBearerToken RemoteWriteAuthorizationType = "BearerToken" + // RemoteWriteAuthorizationTypeAuthorization indicates authorization credentials from a secret. + // The secret key contains the credentials (e.g. a Bearer token). Use the authorization field. + RemoteWriteAuthorizationTypeAuthorization RemoteWriteAuthorizationType = "Authorization" // RemoteWriteAuthorizationTypeBasicAuth indicates HTTP basic authentication. RemoteWriteAuthorizationTypeBasicAuth RemoteWriteAuthorizationType = "BasicAuth" // RemoteWriteAuthorizationTypeOAuth2 indicates OAuth2 client credentials. RemoteWriteAuthorizationTypeOAuth2 RemoteWriteAuthorizationType = "OAuth2" // RemoteWriteAuthorizationTypeSigV4 indicates AWS Signature Version 4. RemoteWriteAuthorizationTypeSigV4 RemoteWriteAuthorizationType = "SigV4" - // RemoteWriteAuthorizationTypeSafeAuthorization indicates authorization from a secret (Prometheus SafeAuthorization pattern). - // The secret key contains the credentials (e.g. a Bearer token). Use the safeAuthorization field. - RemoteWriteAuthorizationTypeSafeAuthorization RemoteWriteAuthorizationType = "SafeAuthorization" // RemoteWriteAuthorizationTypeServiceAccount indicates use of the pod's service account token for machine identity. // No additional field is required; the operator configures the token path. RemoteWriteAuthorizationTypeServiceAccount RemoteWriteAuthorizationType = "ServiceAccount" + + // --- TOMBSTONE --- + // RemoteWriteAuthorizationTypeBearerToken was a constant for bearer token authentication from a secret. + // It has been removed in favor of RemoteWriteAuthorizationTypeAuthorization. The constant name is reserved to prevent reuse. + // + // RemoteWriteAuthorizationTypeBearerToken RemoteWriteAuthorizationType = "BearerToken" + + // --- TOMBSTONE --- + // RemoteWriteAuthorizationTypeSafeAuthorization was a constant for authorization credentials from a secret (Prometheus SafeAuthorization pattern). + // It has been removed in favor of RemoteWriteAuthorizationTypeAuthorization. The constant name is reserved to prevent reuse. + // + // RemoteWriteAuthorizationTypeSafeAuthorization RemoteWriteAuthorizationType = "SafeAuthorization" ) // RemoteWriteAuthorization defines the authorization method for a remote write endpoint. -// Exactly one of the nested configs must be set according to the type discriminator. -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken, and forbidden otherwise" +// Nested config requirements depend on the type discriminator: Authorization requires authorization, +// BasicAuth requires basicAuth, OAuth2 requires oauth2, SigV4 requires sigv4, and ServiceAccount forbids all nested configs. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Authorization' ? has(self.authorization) : !has(self.authorization)",message="authorization is required when type is Authorization, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BasicAuth' ? has(self.basicAuth) : !has(self.basicAuth)",message="basicAuth is required when type is BasicAuth, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'OAuth2' ? has(self.oauth2) : !has(self.oauth2)",message="oauth2 is required when type is OAuth2, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'SigV4' ? has(self.sigv4) : !has(self.sigv4)",message="sigv4 is required when type is SigV4, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'SafeAuthorization' ? has(self.safeAuthorization) : !has(self.safeAuthorization)",message="safeAuthorization is required when type is SafeAuthorization, and forbidden otherwise" // +union type RemoteWriteAuthorization struct { // type specifies the authorization method to use. - // Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount. + // Allowed values are Authorization, BasicAuth, OAuth2, SigV4, and ServiceAccount. // - // When set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field. + // When set to Authorization, credentials are read from a single Secret key. The secret key typically contains a Bearer token. Use the authorization field. // // When set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set. // @@ -1694,22 +1704,16 @@ type RemoteWriteAuthorization struct { // // When set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set. // - // When set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field. - // // When set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path. // +unionDiscriminator // +required Type RemoteWriteAuthorizationType `json:"type,omitempty"` - // safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). - // Required when type is "SafeAuthorization", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace. - // +unionMember - // +optional - SafeAuthorization *v1.SecretKeySelector `json:"safeAuthorization,omitempty"` - // bearerToken defines the secret reference containing the bearer token. - // Required when type is "BearerToken", and forbidden otherwise. - // +unionMember + // authorization defines the secret reference containing the authorization credentials (e.g. Bearer token). + // Required when type is "Authorization", and forbidden otherwise. + // The secret must exist in the openshift-monitoring namespace. + // +unionMember=Authorization // +optional - BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` + Authorization SecretKeySelector `json:"authorization,omitempty,omitzero"` // basicAuth defines HTTP basic authentication credentials. // Required when type is "BasicAuth", and forbidden otherwise. // +unionMember @@ -1725,6 +1729,22 @@ type RemoteWriteAuthorization struct { // +unionMember // +optional Sigv4 Sigv4 `json:"sigv4,omitempty,omitzero"` + + // --- TOMBSTONE --- + // bearerToken was a field for bearer token authentication from a secret. + // It has been removed in favor of authorization. The field name is reserved to prevent reuse. + // + // +unionMember + // +optional + // BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` + + // --- TOMBSTONE --- + // safeAuthorization was a field for authorization credentials from a secret (Prometheus SafeAuthorization pattern). + // It has been removed in favor of authorization. The field name is reserved to prevent reuse. + // + // +unionMember + // +optional + // SafeAuthorization *v1.SecretKeySelector `json:"safeAuthorization,omitempty"` } // MetadataConfigSendPolicy defines whether to send metadata with platform defaults or with custom settings. diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index 7313338a3b..12dd0cd312 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -1755,12 +1755,7 @@ func (in *RelabelConfig) DeepCopy() *RelabelConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RemoteWriteAuthorization) DeepCopyInto(out *RemoteWriteAuthorization) { *out = *in - if in.SafeAuthorization != nil { - in, out := &in.SafeAuthorization, &out.SafeAuthorization - *out = new(v1.SecretKeySelector) - (*in).DeepCopyInto(*out) - } - out.BearerToken = in.BearerToken + out.Authorization = in.Authorization out.BasicAuth = in.BasicAuth in.OAuth2.DeepCopyInto(&out.OAuth2) out.Sigv4 = in.Sigv4 diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index 2194d79def..8f6cda1915 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -619,13 +619,12 @@ func (RelabelConfig) SwaggerDoc() map[string]string { } var map_RemoteWriteAuthorization = map[string]string{ - "": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", - "type": "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", - "safeAuthorization": "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", - "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", - "basicAuth": "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", - "oauth2": "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", - "sigv4": "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", + "": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Nested config requirements depend on the type discriminator: Authorization requires authorization, BasicAuth requires basicAuth, OAuth2 requires oauth2, SigV4 requires sigv4, and ServiceAccount forbids all nested configs.", + "type": "type specifies the authorization method to use. Allowed values are Authorization, BasicAuth, OAuth2, SigV4, and ServiceAccount.\n\nWhen set to Authorization, credentials are read from a single Secret key. The secret key typically contains a Bearer token. Use the authorization field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + "authorization": "authorization defines the secret reference containing the authorization credentials (e.g. Bearer token). Required when type is \"Authorization\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + "basicAuth": "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", + "oauth2": "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", + "sigv4": "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", } func (RemoteWriteAuthorization) SwaggerDoc() map[string]string { @@ -636,7 +635,7 @@ var map_RemoteWriteSpec = map[string]string{ "": "RemoteWriteSpec represents configuration for remote write endpoints.", "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", "name": "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", - "authorization": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + "authorization": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of Authorization, BasicAuth, OAuth2, SigV4, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", "headers": "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", "metadataConfig": "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", "proxyUrl": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index 2959484d4e..466f0a7bfa 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -10,6 +10,7 @@ | MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | | | | MultiArchInstallAzure| | | | | | | | | | ShortCertRotation| | | | | | | | | +| KarpenterOperator| | | | Enabled | | | | | | MutableTopology| | | | Enabled | | | | | | ClusterAPIComputeInstall| | | Enabled | Enabled | | | | | | ClusterAPIControlPlaneInstall| | | Enabled | Enabled | | | | | @@ -88,12 +89,11 @@ | TLSAdherence| | | Enabled | Enabled | | | Enabled | Enabled | | TLSGroupPreferences| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | | | Enabled | Enabled | -| VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereMultiVCenterDay2| | | Enabled | Enabled | | | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled | -| AWSServiceLBNetworkSecurityGroup| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled | | OSStreams| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled | | AWSClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| AWSServiceLBNetworkSecurityGroup| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | AzureClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | BootImageSkewEnforcement| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | @@ -120,5 +120,6 @@ | StoragePerformantSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | UpgradeStatus| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereHostVMGroupZonal| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| VSphereMixedNodeEnv| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/image/.codegen.yaml b/vendor/github.com/openshift/api/image/.codegen.yaml index ffa2c8d9b2..a2d9bd2000 100644 --- a/vendor/github.com/openshift/api/image/.codegen.yaml +++ b/vendor/github.com/openshift/api/image/.codegen.yaml @@ -1,2 +1,7 @@ swaggerdocs: commentPolicy: Warn +protobuf: + disabled: false + disabledVersions: + - "1.0" + - pre012 diff --git a/vendor/github.com/openshift/api/network/.codegen.yaml b/vendor/github.com/openshift/api/network/.codegen.yaml index ab56605cdc..e9a0f18976 100644 --- a/vendor/github.com/openshift/api/network/.codegen.yaml +++ b/vendor/github.com/openshift/api/network/.codegen.yaml @@ -1 +1,4 @@ -schemapatch: +protobuf: + disabled: false + disabledVersions: + - v1alpha1 diff --git a/vendor/github.com/openshift/api/networkoperator/.codegen.yaml b/vendor/github.com/openshift/api/networkoperator/.codegen.yaml index ffa2c8d9b2..f10357951b 100644 --- a/vendor/github.com/openshift/api/networkoperator/.codegen.yaml +++ b/vendor/github.com/openshift/api/networkoperator/.codegen.yaml @@ -1,2 +1,4 @@ swaggerdocs: commentPolicy: Warn +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/oauth/.codegen.yaml b/vendor/github.com/openshift/api/oauth/.codegen.yaml index ffa2c8d9b2..f10357951b 100644 --- a/vendor/github.com/openshift/api/oauth/.codegen.yaml +++ b/vendor/github.com/openshift/api/oauth/.codegen.yaml @@ -1,2 +1,4 @@ swaggerdocs: commentPolicy: Warn +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/openapi/openapi.json b/vendor/github.com/openshift/api/openapi/openapi.json index b3a2453c2d..3a8032c27c 100644 --- a/vendor/github.com/openshift/api/openapi/openapi.json +++ b/vendor/github.com/openshift/api/openapi/openapi.json @@ -14571,38 +14571,34 @@ } }, "com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization": { - "description": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", + "description": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Nested config requirements depend on the type discriminator: Authorization requires authorization, BasicAuth requires basicAuth, OAuth2 requires oauth2, SigV4 requires sigv4, and ServiceAccount forbids all nested configs.", "type": "object", "required": [ "type" ], "properties": { + "authorization": { + "description": "authorization defines the secret reference containing the authorization credentials (e.g. Bearer token). Required when type is \"Authorization\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, "basicAuth": { "description": "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BasicAuth" }, - "bearerToken": { - "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" - }, "oauth2": { "description": "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OAuth2" }, - "safeAuthorization": { - "description": "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" - }, "sigv4": { "description": "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Sigv4" }, "type": { - "description": "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + "description": "type specifies the authorization method to use. Allowed values are Authorization, BasicAuth, OAuth2, SigV4, and ServiceAccount.\n\nWhen set to Authorization, credentials are read from a single Secret key. The secret key typically contains a Bearer token. Use the authorization field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", "type": "string" } }, @@ -14610,10 +14606,9 @@ { "discriminator": "type", "fields-to-discriminateBy": { + "authorization": "Authorization", "basicAuth": "BasicAuth", - "bearerToken": "BearerToken", "oauth2": "OAuth2", - "safeAuthorization": "SafeAuthorization", "sigv4": "Sigv4" } } @@ -14628,7 +14623,7 @@ ], "properties": { "authorization": { - "description": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + "description": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of Authorization, BasicAuth, OAuth2, SigV4, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization" }, @@ -35635,6 +35630,10 @@ "type": "string", "default": "" }, + "nodeUID": { + "description": "nodeUID is the UID of the node. This field is used to detect that a node has been deleted and recreated with the same name. When the UID changes, it indicates the node is a new instance and the status should be reset.", + "type": "string" + }, "targetRevision": { "description": "targetRevision is the generation of the deployment we're trying to apply. Can not be set on creation of a nodeStatus.", "type": "integer", diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index 3a2141abb9..5e4e49dafc 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -3,6 +3,7 @@ package v1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" ) // MyOperatorResource is an example operator configuration type @@ -266,6 +267,12 @@ type NodeStatus struct { // +required NodeName string `json:"nodeName"` + // nodeUID is the UID of the node. + // This field is used to detect that a node has been deleted and recreated with the same name. + // When the UID changes, it indicates the node is a new instance and the status should be reset. + // +optional + NodeUID types.UID `json:"nodeUID,omitempty"` + // currentRevision is the generation of the most recently successful deployment. // Can not be set on creation of a nodeStatus. Updates must only increase the value. // +kubebuilder:validation:XValidation:rule="self >= oldSelf",message="must only increase" diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index a79189ffc2..7efea263c4 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -37,6 +37,7 @@ func (MyOperatorResource) SwaggerDoc() map[string]string { var map_NodeStatus = map[string]string{ "": "NodeStatus provides information about the current state of a particular node managed by this operator.", "nodeName": "nodeName is the name of the node", + "nodeUID": "nodeUID is the UID of the node. This field is used to detect that a node has been deleted and recreated with the same name. When the UID changes, it indicates the node is a new instance and the status should be reset.", "currentRevision": "currentRevision is the generation of the most recently successful deployment. Can not be set on creation of a nodeStatus. Updates must only increase the value.", "targetRevision": "targetRevision is the generation of the deployment we're trying to apply. Can not be set on creation of a nodeStatus.", "lastFailedRevision": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", diff --git a/vendor/github.com/openshift/api/project/.codegen.yaml b/vendor/github.com/openshift/api/project/.codegen.yaml new file mode 100644 index 0000000000..f7a37129a0 --- /dev/null +++ b/vendor/github.com/openshift/api/project/.codegen.yaml @@ -0,0 +1,2 @@ +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/quota/.codegen.yaml b/vendor/github.com/openshift/api/quota/.codegen.yaml new file mode 100644 index 0000000000..f7a37129a0 --- /dev/null +++ b/vendor/github.com/openshift/api/quota/.codegen.yaml @@ -0,0 +1,2 @@ +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/route/.codegen.yaml b/vendor/github.com/openshift/api/route/.codegen.yaml index 65cf5d814b..b003a5d6c9 100644 --- a/vendor/github.com/openshift/api/route/.codegen.yaml +++ b/vendor/github.com/openshift/api/route/.codegen.yaml @@ -1,3 +1,5 @@ schemapatch: swaggerdocs: commentPolicy: Warn +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/samples/.codegen.yaml b/vendor/github.com/openshift/api/samples/.codegen.yaml index ffa2c8d9b2..f10357951b 100644 --- a/vendor/github.com/openshift/api/samples/.codegen.yaml +++ b/vendor/github.com/openshift/api/samples/.codegen.yaml @@ -1,2 +1,4 @@ swaggerdocs: commentPolicy: Warn +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/security/.codegen.yaml b/vendor/github.com/openshift/api/security/.codegen.yaml new file mode 100644 index 0000000000..f7a37129a0 --- /dev/null +++ b/vendor/github.com/openshift/api/security/.codegen.yaml @@ -0,0 +1,2 @@ +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/template/.codegen.yaml b/vendor/github.com/openshift/api/template/.codegen.yaml new file mode 100644 index 0000000000..f7a37129a0 --- /dev/null +++ b/vendor/github.com/openshift/api/template/.codegen.yaml @@ -0,0 +1,2 @@ +protobuf: + disabled: false diff --git a/vendor/github.com/openshift/api/user/.codegen.yaml b/vendor/github.com/openshift/api/user/.codegen.yaml new file mode 100644 index 0000000000..f7a37129a0 --- /dev/null +++ b/vendor/github.com/openshift/api/user/.codegen.yaml @@ -0,0 +1,2 @@ +protobuf: + disabled: false diff --git a/vendor/modules.txt b/vendor/modules.txt index e7af0d047c..e9e5b2eda6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -86,7 +86,7 @@ github.com/modern-go/reflect2 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 ## explicit github.com/munnerz/goautoneg -# github.com/openshift/api v0.0.0-20260626094904-39631f42b31b +# github.com/openshift/api v0.0.0-20260626094904-39631f42b31b => github.com/bhperry/openshift-api v0.0.0-20260701172439-91ea97fb96d3 ## explicit; go 1.25.0 github.com/openshift/api github.com/openshift/api/apiextensions @@ -564,3 +564,4 @@ sigs.k8s.io/structured-merge-diff/v6/value # sigs.k8s.io/yaml v1.6.0 ## explicit; go 1.22 sigs.k8s.io/yaml +# github.com/openshift/api => github.com/bhperry/openshift-api v0.0.0-20260701172439-91ea97fb96d3