diff --git a/config/applyconfigurations/config/v1/clusterimagepolicyspec.go b/config/applyconfigurations/config/v1/clusterimagepolicyspec.go
index 6c86d66d47..8cee680f27 100644
--- a/config/applyconfigurations/config/v1/clusterimagepolicyspec.go
+++ b/config/applyconfigurations/config/v1/clusterimagepolicyspec.go
@@ -9,8 +9,8 @@ import (
// ClusterImagePolicySpecApplyConfiguration represents a declarative configuration of the ClusterImagePolicySpec type for use
// with apply.
type ClusterImagePolicySpecApplyConfiguration struct {
- Scopes []configv1.ImageScope `json:"scopes,omitempty"`
- Policy *PolicyApplyConfiguration `json:"policy,omitempty"`
+ Scopes []configv1.ImageScope `json:"scopes,omitempty"`
+ Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"`
}
// ClusterImagePolicySpecApplyConfiguration constructs a declarative configuration of the ClusterImagePolicySpec type for use with
@@ -32,7 +32,7 @@ func (b *ClusterImagePolicySpecApplyConfiguration) WithScopes(values ...configv1
// WithPolicy sets the Policy field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Policy field is set to the value of the last call.
-func (b *ClusterImagePolicySpecApplyConfiguration) WithPolicy(value *PolicyApplyConfiguration) *ClusterImagePolicySpecApplyConfiguration {
+func (b *ClusterImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ClusterImagePolicySpecApplyConfiguration {
b.Policy = value
return b
}
diff --git a/config/applyconfigurations/config/v1/fulciocawithrekor.go b/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go
similarity index 57%
rename from config/applyconfigurations/config/v1/fulciocawithrekor.go
rename to config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go
index 48b553580d..a4c831fca0 100644
--- a/config/applyconfigurations/config/v1/fulciocawithrekor.go
+++ b/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go
@@ -2,24 +2,24 @@
package v1
-// FulcioCAWithRekorApplyConfiguration represents a declarative configuration of the FulcioCAWithRekor type for use
+// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use
// with apply.
-type FulcioCAWithRekorApplyConfiguration struct {
+type ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration struct {
FulcioCAData []byte `json:"fulcioCAData,omitempty"`
RekorKeyData []byte `json:"rekorKeyData,omitempty"`
FulcioSubject *PolicyFulcioSubjectApplyConfiguration `json:"fulcioSubject,omitempty"`
}
-// FulcioCAWithRekorApplyConfiguration constructs a declarative configuration of the FulcioCAWithRekor type for use with
+// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use with
// apply.
-func FulcioCAWithRekor() *FulcioCAWithRekorApplyConfiguration {
- return &FulcioCAWithRekorApplyConfiguration{}
+func ImagePolicyFulcioCAWithRekorRootOfTrust() *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration {
+ return &ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{}
}
// WithFulcioCAData adds the given value to the FulcioCAData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the FulcioCAData field.
-func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioCAData(values ...byte) *FulcioCAWithRekorApplyConfiguration {
+func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioCAData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration {
for i := range values {
b.FulcioCAData = append(b.FulcioCAData, values[i])
}
@@ -29,7 +29,7 @@ func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioCAData(values ...byte) *
// WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the RekorKeyData field.
-func (b *FulcioCAWithRekorApplyConfiguration) WithRekorKeyData(values ...byte) *FulcioCAWithRekorApplyConfiguration {
+func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration {
for i := range values {
b.RekorKeyData = append(b.RekorKeyData, values[i])
}
@@ -39,7 +39,7 @@ func (b *FulcioCAWithRekorApplyConfiguration) WithRekorKeyData(values ...byte) *
// WithFulcioSubject sets the FulcioSubject field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the FulcioSubject field is set to the value of the last call.
-func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioSubject(value *PolicyFulcioSubjectApplyConfiguration) *FulcioCAWithRekorApplyConfiguration {
+func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioSubject(value *PolicyFulcioSubjectApplyConfiguration) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration {
b.FulcioSubject = value
return b
}
diff --git a/config/applyconfigurations/config/v1/pki.go b/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go
similarity index 65%
rename from config/applyconfigurations/config/v1/pki.go
rename to config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go
index 65f27edf8e..9a0c257b7f 100644
--- a/config/applyconfigurations/config/v1/pki.go
+++ b/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go
@@ -2,24 +2,24 @@
package v1
-// PKIApplyConfiguration represents a declarative configuration of the PKI type for use
+// ImagePolicyPKIRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPKIRootOfTrust type for use
// with apply.
-type PKIApplyConfiguration struct {
+type ImagePolicyPKIRootOfTrustApplyConfiguration struct {
CertificateAuthorityRootsData []byte `json:"caRootsData,omitempty"`
CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"`
PKICertificateSubject *PKICertificateSubjectApplyConfiguration `json:"pkiCertificateSubject,omitempty"`
}
-// PKIApplyConfiguration constructs a declarative configuration of the PKI type for use with
+// ImagePolicyPKIRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPKIRootOfTrust type for use with
// apply.
-func PKI() *PKIApplyConfiguration {
- return &PKIApplyConfiguration{}
+func ImagePolicyPKIRootOfTrust() *ImagePolicyPKIRootOfTrustApplyConfiguration {
+ return &ImagePolicyPKIRootOfTrustApplyConfiguration{}
}
// WithCertificateAuthorityRootsData adds the given value to the CertificateAuthorityRootsData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the CertificateAuthorityRootsData field.
-func (b *PKIApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte) *PKIApplyConfiguration {
+func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration {
for i := range values {
b.CertificateAuthorityRootsData = append(b.CertificateAuthorityRootsData, values[i])
}
@@ -29,7 +29,7 @@ func (b *PKIApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte
// WithCertificateAuthorityIntermediatesData adds the given value to the CertificateAuthorityIntermediatesData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the CertificateAuthorityIntermediatesData field.
-func (b *PKIApplyConfiguration) WithCertificateAuthorityIntermediatesData(values ...byte) *PKIApplyConfiguration {
+func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityIntermediatesData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration {
for i := range values {
b.CertificateAuthorityIntermediatesData = append(b.CertificateAuthorityIntermediatesData, values[i])
}
@@ -39,7 +39,7 @@ func (b *PKIApplyConfiguration) WithCertificateAuthorityIntermediatesData(values
// WithPKICertificateSubject sets the PKICertificateSubject field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the PKICertificateSubject field is set to the value of the last call.
-func (b *PKIApplyConfiguration) WithPKICertificateSubject(value *PKICertificateSubjectApplyConfiguration) *PKIApplyConfiguration {
+func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithPKICertificateSubject(value *PKICertificateSubjectApplyConfiguration) *ImagePolicyPKIRootOfTrustApplyConfiguration {
b.PKICertificateSubject = value
return b
}
diff --git a/config/applyconfigurations/config/v1/publickey.go b/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go
similarity index 54%
rename from config/applyconfigurations/config/v1/publickey.go
rename to config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go
index c1073e882f..a144573097 100644
--- a/config/applyconfigurations/config/v1/publickey.go
+++ b/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go
@@ -2,23 +2,23 @@
package v1
-// PublicKeyApplyConfiguration represents a declarative configuration of the PublicKey type for use
+// ImagePolicyPublicKeyRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use
// with apply.
-type PublicKeyApplyConfiguration struct {
+type ImagePolicyPublicKeyRootOfTrustApplyConfiguration struct {
KeyData []byte `json:"keyData,omitempty"`
RekorKeyData []byte `json:"rekorKeyData,omitempty"`
}
-// PublicKeyApplyConfiguration constructs a declarative configuration of the PublicKey type for use with
+// ImagePolicyPublicKeyRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use with
// apply.
-func PublicKey() *PublicKeyApplyConfiguration {
- return &PublicKeyApplyConfiguration{}
+func ImagePolicyPublicKeyRootOfTrust() *ImagePolicyPublicKeyRootOfTrustApplyConfiguration {
+ return &ImagePolicyPublicKeyRootOfTrustApplyConfiguration{}
}
// WithKeyData adds the given value to the KeyData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the KeyData field.
-func (b *PublicKeyApplyConfiguration) WithKeyData(values ...byte) *PublicKeyApplyConfiguration {
+func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration {
for i := range values {
b.KeyData = append(b.KeyData, values[i])
}
@@ -28,7 +28,7 @@ func (b *PublicKeyApplyConfiguration) WithKeyData(values ...byte) *PublicKeyAppl
// WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the RekorKeyData field.
-func (b *PublicKeyApplyConfiguration) WithRekorKeyData(values ...byte) *PublicKeyApplyConfiguration {
+func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration {
for i := range values {
b.RekorKeyData = append(b.RekorKeyData, values[i])
}
diff --git a/config/applyconfigurations/config/v1/imagepolicyspec.go b/config/applyconfigurations/config/v1/imagepolicyspec.go
index b75165c8d0..3211964690 100644
--- a/config/applyconfigurations/config/v1/imagepolicyspec.go
+++ b/config/applyconfigurations/config/v1/imagepolicyspec.go
@@ -9,8 +9,8 @@ import (
// ImagePolicySpecApplyConfiguration represents a declarative configuration of the ImagePolicySpec type for use
// with apply.
type ImagePolicySpecApplyConfiguration struct {
- Scopes []configv1.ImageScope `json:"scopes,omitempty"`
- Policy *PolicyApplyConfiguration `json:"policy,omitempty"`
+ Scopes []configv1.ImageScope `json:"scopes,omitempty"`
+ Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"`
}
// ImagePolicySpecApplyConfiguration constructs a declarative configuration of the ImagePolicySpec type for use with
@@ -32,7 +32,7 @@ func (b *ImagePolicySpecApplyConfiguration) WithScopes(values ...configv1.ImageS
// WithPolicy sets the Policy field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Policy field is set to the value of the last call.
-func (b *ImagePolicySpecApplyConfiguration) WithPolicy(value *PolicyApplyConfiguration) *ImagePolicySpecApplyConfiguration {
+func (b *ImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ImagePolicySpecApplyConfiguration {
b.Policy = value
return b
}
diff --git a/config/applyconfigurations/config/v1/policy.go b/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go
similarity index 52%
rename from config/applyconfigurations/config/v1/policy.go
rename to config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go
index 3e29510bf1..6f0d5d2e7c 100644
--- a/config/applyconfigurations/config/v1/policy.go
+++ b/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go
@@ -2,23 +2,23 @@
package v1
-// PolicyApplyConfiguration represents a declarative configuration of the Policy type for use
+// ImageSigstoreVerificationPolicyApplyConfiguration represents a declarative configuration of the ImageSigstoreVerificationPolicy type for use
// with apply.
-type PolicyApplyConfiguration struct {
+type ImageSigstoreVerificationPolicyApplyConfiguration struct {
RootOfTrust *PolicyRootOfTrustApplyConfiguration `json:"rootOfTrust,omitempty"`
SignedIdentity *PolicyIdentityApplyConfiguration `json:"signedIdentity,omitempty"`
}
-// PolicyApplyConfiguration constructs a declarative configuration of the Policy type for use with
+// ImageSigstoreVerificationPolicyApplyConfiguration constructs a declarative configuration of the ImageSigstoreVerificationPolicy type for use with
// apply.
-func Policy() *PolicyApplyConfiguration {
- return &PolicyApplyConfiguration{}
+func ImageSigstoreVerificationPolicy() *ImageSigstoreVerificationPolicyApplyConfiguration {
+ return &ImageSigstoreVerificationPolicyApplyConfiguration{}
}
// WithRootOfTrust sets the RootOfTrust field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RootOfTrust field is set to the value of the last call.
-func (b *PolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApplyConfiguration) *PolicyApplyConfiguration {
+func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration {
b.RootOfTrust = value
return b
}
@@ -26,7 +26,7 @@ func (b *PolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApply
// WithSignedIdentity sets the SignedIdentity field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the SignedIdentity field is set to the value of the last call.
-func (b *PolicyApplyConfiguration) WithSignedIdentity(value *PolicyIdentityApplyConfiguration) *PolicyApplyConfiguration {
+func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithSignedIdentity(value *PolicyIdentityApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration {
b.SignedIdentity = value
return b
}
diff --git a/config/applyconfigurations/config/v1/policyrootoftrust.go b/config/applyconfigurations/config/v1/policyrootoftrust.go
index f1ff91ffbd..6b3e46f473 100644
--- a/config/applyconfigurations/config/v1/policyrootoftrust.go
+++ b/config/applyconfigurations/config/v1/policyrootoftrust.go
@@ -9,10 +9,10 @@ import (
// PolicyRootOfTrustApplyConfiguration represents a declarative configuration of the PolicyRootOfTrust type for use
// with apply.
type PolicyRootOfTrustApplyConfiguration struct {
- PolicyType *configv1.PolicyType `json:"policyType,omitempty"`
- PublicKey *PublicKeyApplyConfiguration `json:"publicKey,omitempty"`
- FulcioCAWithRekor *FulcioCAWithRekorApplyConfiguration `json:"fulcioCAWithRekor,omitempty"`
- PKI *PKIApplyConfiguration `json:"pki,omitempty"`
+ PolicyType *configv1.PolicyType `json:"policyType,omitempty"`
+ PublicKey *ImagePolicyPublicKeyRootOfTrustApplyConfiguration `json:"publicKey,omitempty"`
+ FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration `json:"fulcioCAWithRekor,omitempty"`
+ PKI *ImagePolicyPKIRootOfTrustApplyConfiguration `json:"pki,omitempty"`
}
// PolicyRootOfTrustApplyConfiguration constructs a declarative configuration of the PolicyRootOfTrust type for use with
@@ -32,7 +32,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithPolicyType(value configv1.Poli
// WithPublicKey sets the PublicKey field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the PublicKey field is set to the value of the last call.
-func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *PublicKeyApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
+func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
b.PublicKey = value
return b
}
@@ -40,7 +40,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *PublicKeyAppl
// WithFulcioCAWithRekor sets the FulcioCAWithRekor field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the FulcioCAWithRekor field is set to the value of the last call.
-func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *FulcioCAWithRekorApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
+func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
b.FulcioCAWithRekor = value
return b
}
@@ -48,7 +48,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *Fulci
// WithPKI sets the PKI field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the PKI field is set to the value of the last call.
-func (b *PolicyRootOfTrustApplyConfiguration) WithPKI(value *PKIApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
+func (b *PolicyRootOfTrustApplyConfiguration) WithPKI(value *ImagePolicyPKIRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
b.PKI = value
return b
}
diff --git a/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go b/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go
index e4a3470c45..e1c4c630ea 100644
--- a/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go
+++ b/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go
@@ -9,8 +9,8 @@ import (
// ClusterImagePolicySpecApplyConfiguration represents a declarative configuration of the ClusterImagePolicySpec type for use
// with apply.
type ClusterImagePolicySpecApplyConfiguration struct {
- Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"`
- Policy *PolicyApplyConfiguration `json:"policy,omitempty"`
+ Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"`
+ Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"`
}
// ClusterImagePolicySpecApplyConfiguration constructs a declarative configuration of the ClusterImagePolicySpec type for use with
@@ -32,7 +32,7 @@ func (b *ClusterImagePolicySpecApplyConfiguration) WithScopes(values ...configv1
// WithPolicy sets the Policy field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Policy field is set to the value of the last call.
-func (b *ClusterImagePolicySpecApplyConfiguration) WithPolicy(value *PolicyApplyConfiguration) *ClusterImagePolicySpecApplyConfiguration {
+func (b *ClusterImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ClusterImagePolicySpecApplyConfiguration {
b.Policy = value
return b
}
diff --git a/config/applyconfigurations/config/v1alpha1/fulciocawithrekor.go b/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go
similarity index 57%
rename from config/applyconfigurations/config/v1alpha1/fulciocawithrekor.go
rename to config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go
index 2a907a7e97..2fcaa36215 100644
--- a/config/applyconfigurations/config/v1alpha1/fulciocawithrekor.go
+++ b/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go
@@ -2,24 +2,24 @@
package v1alpha1
-// FulcioCAWithRekorApplyConfiguration represents a declarative configuration of the FulcioCAWithRekor type for use
+// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use
// with apply.
-type FulcioCAWithRekorApplyConfiguration struct {
+type ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration struct {
FulcioCAData []byte `json:"fulcioCAData,omitempty"`
RekorKeyData []byte `json:"rekorKeyData,omitempty"`
FulcioSubject *PolicyFulcioSubjectApplyConfiguration `json:"fulcioSubject,omitempty"`
}
-// FulcioCAWithRekorApplyConfiguration constructs a declarative configuration of the FulcioCAWithRekor type for use with
+// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use with
// apply.
-func FulcioCAWithRekor() *FulcioCAWithRekorApplyConfiguration {
- return &FulcioCAWithRekorApplyConfiguration{}
+func ImagePolicyFulcioCAWithRekorRootOfTrust() *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration {
+ return &ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{}
}
// WithFulcioCAData adds the given value to the FulcioCAData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the FulcioCAData field.
-func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioCAData(values ...byte) *FulcioCAWithRekorApplyConfiguration {
+func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioCAData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration {
for i := range values {
b.FulcioCAData = append(b.FulcioCAData, values[i])
}
@@ -29,7 +29,7 @@ func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioCAData(values ...byte) *
// WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the RekorKeyData field.
-func (b *FulcioCAWithRekorApplyConfiguration) WithRekorKeyData(values ...byte) *FulcioCAWithRekorApplyConfiguration {
+func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration {
for i := range values {
b.RekorKeyData = append(b.RekorKeyData, values[i])
}
@@ -39,7 +39,7 @@ func (b *FulcioCAWithRekorApplyConfiguration) WithRekorKeyData(values ...byte) *
// WithFulcioSubject sets the FulcioSubject field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the FulcioSubject field is set to the value of the last call.
-func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioSubject(value *PolicyFulcioSubjectApplyConfiguration) *FulcioCAWithRekorApplyConfiguration {
+func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioSubject(value *PolicyFulcioSubjectApplyConfiguration) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration {
b.FulcioSubject = value
return b
}
diff --git a/config/applyconfigurations/config/v1alpha1/pki.go b/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go
similarity index 65%
rename from config/applyconfigurations/config/v1alpha1/pki.go
rename to config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go
index 455abe02a2..a218867ea9 100644
--- a/config/applyconfigurations/config/v1alpha1/pki.go
+++ b/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go
@@ -2,24 +2,24 @@
package v1alpha1
-// PKIApplyConfiguration represents a declarative configuration of the PKI type for use
+// ImagePolicyPKIRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPKIRootOfTrust type for use
// with apply.
-type PKIApplyConfiguration struct {
+type ImagePolicyPKIRootOfTrustApplyConfiguration struct {
CertificateAuthorityRootsData []byte `json:"caRootsData,omitempty"`
CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"`
PKICertificateSubject *PKICertificateSubjectApplyConfiguration `json:"pkiCertificateSubject,omitempty"`
}
-// PKIApplyConfiguration constructs a declarative configuration of the PKI type for use with
+// ImagePolicyPKIRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPKIRootOfTrust type for use with
// apply.
-func PKI() *PKIApplyConfiguration {
- return &PKIApplyConfiguration{}
+func ImagePolicyPKIRootOfTrust() *ImagePolicyPKIRootOfTrustApplyConfiguration {
+ return &ImagePolicyPKIRootOfTrustApplyConfiguration{}
}
// WithCertificateAuthorityRootsData adds the given value to the CertificateAuthorityRootsData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the CertificateAuthorityRootsData field.
-func (b *PKIApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte) *PKIApplyConfiguration {
+func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration {
for i := range values {
b.CertificateAuthorityRootsData = append(b.CertificateAuthorityRootsData, values[i])
}
@@ -29,7 +29,7 @@ func (b *PKIApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte
// WithCertificateAuthorityIntermediatesData adds the given value to the CertificateAuthorityIntermediatesData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the CertificateAuthorityIntermediatesData field.
-func (b *PKIApplyConfiguration) WithCertificateAuthorityIntermediatesData(values ...byte) *PKIApplyConfiguration {
+func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityIntermediatesData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration {
for i := range values {
b.CertificateAuthorityIntermediatesData = append(b.CertificateAuthorityIntermediatesData, values[i])
}
@@ -39,7 +39,7 @@ func (b *PKIApplyConfiguration) WithCertificateAuthorityIntermediatesData(values
// WithPKICertificateSubject sets the PKICertificateSubject field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the PKICertificateSubject field is set to the value of the last call.
-func (b *PKIApplyConfiguration) WithPKICertificateSubject(value *PKICertificateSubjectApplyConfiguration) *PKIApplyConfiguration {
+func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithPKICertificateSubject(value *PKICertificateSubjectApplyConfiguration) *ImagePolicyPKIRootOfTrustApplyConfiguration {
b.PKICertificateSubject = value
return b
}
diff --git a/config/applyconfigurations/config/v1alpha1/publickey.go b/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go
similarity index 54%
rename from config/applyconfigurations/config/v1alpha1/publickey.go
rename to config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go
index 91665a90b7..22513de628 100644
--- a/config/applyconfigurations/config/v1alpha1/publickey.go
+++ b/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go
@@ -2,23 +2,23 @@
package v1alpha1
-// PublicKeyApplyConfiguration represents a declarative configuration of the PublicKey type for use
+// ImagePolicyPublicKeyRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use
// with apply.
-type PublicKeyApplyConfiguration struct {
+type ImagePolicyPublicKeyRootOfTrustApplyConfiguration struct {
KeyData []byte `json:"keyData,omitempty"`
RekorKeyData []byte `json:"rekorKeyData,omitempty"`
}
-// PublicKeyApplyConfiguration constructs a declarative configuration of the PublicKey type for use with
+// ImagePolicyPublicKeyRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use with
// apply.
-func PublicKey() *PublicKeyApplyConfiguration {
- return &PublicKeyApplyConfiguration{}
+func ImagePolicyPublicKeyRootOfTrust() *ImagePolicyPublicKeyRootOfTrustApplyConfiguration {
+ return &ImagePolicyPublicKeyRootOfTrustApplyConfiguration{}
}
// WithKeyData adds the given value to the KeyData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the KeyData field.
-func (b *PublicKeyApplyConfiguration) WithKeyData(values ...byte) *PublicKeyApplyConfiguration {
+func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration {
for i := range values {
b.KeyData = append(b.KeyData, values[i])
}
@@ -28,7 +28,7 @@ func (b *PublicKeyApplyConfiguration) WithKeyData(values ...byte) *PublicKeyAppl
// WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the RekorKeyData field.
-func (b *PublicKeyApplyConfiguration) WithRekorKeyData(values ...byte) *PublicKeyApplyConfiguration {
+func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration {
for i := range values {
b.RekorKeyData = append(b.RekorKeyData, values[i])
}
diff --git a/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go b/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go
index ac08e9cf4e..84969b600d 100644
--- a/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go
+++ b/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go
@@ -9,8 +9,8 @@ import (
// ImagePolicySpecApplyConfiguration represents a declarative configuration of the ImagePolicySpec type for use
// with apply.
type ImagePolicySpecApplyConfiguration struct {
- Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"`
- Policy *PolicyApplyConfiguration `json:"policy,omitempty"`
+ Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"`
+ Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"`
}
// ImagePolicySpecApplyConfiguration constructs a declarative configuration of the ImagePolicySpec type for use with
@@ -32,7 +32,7 @@ func (b *ImagePolicySpecApplyConfiguration) WithScopes(values ...configv1alpha1.
// WithPolicy sets the Policy field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Policy field is set to the value of the last call.
-func (b *ImagePolicySpecApplyConfiguration) WithPolicy(value *PolicyApplyConfiguration) *ImagePolicySpecApplyConfiguration {
+func (b *ImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ImagePolicySpecApplyConfiguration {
b.Policy = value
return b
}
diff --git a/config/applyconfigurations/config/v1alpha1/policy.go b/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go
similarity index 52%
rename from config/applyconfigurations/config/v1alpha1/policy.go
rename to config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go
index 61e4856642..64f9760e8b 100644
--- a/config/applyconfigurations/config/v1alpha1/policy.go
+++ b/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go
@@ -2,23 +2,23 @@
package v1alpha1
-// PolicyApplyConfiguration represents a declarative configuration of the Policy type for use
+// ImageSigstoreVerificationPolicyApplyConfiguration represents a declarative configuration of the ImageSigstoreVerificationPolicy type for use
// with apply.
-type PolicyApplyConfiguration struct {
+type ImageSigstoreVerificationPolicyApplyConfiguration struct {
RootOfTrust *PolicyRootOfTrustApplyConfiguration `json:"rootOfTrust,omitempty"`
SignedIdentity *PolicyIdentityApplyConfiguration `json:"signedIdentity,omitempty"`
}
-// PolicyApplyConfiguration constructs a declarative configuration of the Policy type for use with
+// ImageSigstoreVerificationPolicyApplyConfiguration constructs a declarative configuration of the ImageSigstoreVerificationPolicy type for use with
// apply.
-func Policy() *PolicyApplyConfiguration {
- return &PolicyApplyConfiguration{}
+func ImageSigstoreVerificationPolicy() *ImageSigstoreVerificationPolicyApplyConfiguration {
+ return &ImageSigstoreVerificationPolicyApplyConfiguration{}
}
// WithRootOfTrust sets the RootOfTrust field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RootOfTrust field is set to the value of the last call.
-func (b *PolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApplyConfiguration) *PolicyApplyConfiguration {
+func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration {
b.RootOfTrust = value
return b
}
@@ -26,7 +26,7 @@ func (b *PolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApply
// WithSignedIdentity sets the SignedIdentity field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the SignedIdentity field is set to the value of the last call.
-func (b *PolicyApplyConfiguration) WithSignedIdentity(value *PolicyIdentityApplyConfiguration) *PolicyApplyConfiguration {
+func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithSignedIdentity(value *PolicyIdentityApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration {
b.SignedIdentity = value
return b
}
diff --git a/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go b/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go
index 5de792be63..5122c82e0b 100644
--- a/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go
+++ b/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go
@@ -9,10 +9,10 @@ import (
// PolicyRootOfTrustApplyConfiguration represents a declarative configuration of the PolicyRootOfTrust type for use
// with apply.
type PolicyRootOfTrustApplyConfiguration struct {
- PolicyType *configv1alpha1.PolicyType `json:"policyType,omitempty"`
- PublicKey *PublicKeyApplyConfiguration `json:"publicKey,omitempty"`
- FulcioCAWithRekor *FulcioCAWithRekorApplyConfiguration `json:"fulcioCAWithRekor,omitempty"`
- PKI *PKIApplyConfiguration `json:"pki,omitempty"`
+ PolicyType *configv1alpha1.PolicyType `json:"policyType,omitempty"`
+ PublicKey *ImagePolicyPublicKeyRootOfTrustApplyConfiguration `json:"publicKey,omitempty"`
+ FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration `json:"fulcioCAWithRekor,omitempty"`
+ PKI *ImagePolicyPKIRootOfTrustApplyConfiguration `json:"pki,omitempty"`
}
// PolicyRootOfTrustApplyConfiguration constructs a declarative configuration of the PolicyRootOfTrust type for use with
@@ -32,7 +32,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithPolicyType(value configv1alpha
// WithPublicKey sets the PublicKey field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the PublicKey field is set to the value of the last call.
-func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *PublicKeyApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
+func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
b.PublicKey = value
return b
}
@@ -40,7 +40,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *PublicKeyAppl
// WithFulcioCAWithRekor sets the FulcioCAWithRekor field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the FulcioCAWithRekor field is set to the value of the last call.
-func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *FulcioCAWithRekorApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
+func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
b.FulcioCAWithRekor = value
return b
}
@@ -48,7 +48,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *Fulci
// WithPKI sets the PKI field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the PKI field is set to the value of the last call.
-func (b *PolicyRootOfTrustApplyConfiguration) WithPKI(value *PKIApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
+func (b *PolicyRootOfTrustApplyConfiguration) WithPKI(value *ImagePolicyPKIRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration {
b.PKI = value
return b
}
diff --git a/config/applyconfigurations/utils.go b/config/applyconfigurations/utils.go
index 048895c114..cb4249dcee 100644
--- a/config/applyconfigurations/utils.go
+++ b/config/applyconfigurations/utils.go
@@ -170,8 +170,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &configv1.FeatureGateSpecApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("FeatureGateStatus"):
return &configv1.FeatureGateStatusApplyConfiguration{}
- case v1.SchemeGroupVersion.WithKind("FulcioCAWithRekor"):
- return &configv1.FulcioCAWithRekorApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("GCPPlatformStatus"):
return &configv1.GCPPlatformStatusApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("GCPResourceLabel"):
@@ -216,10 +214,18 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &configv1.ImageLabelApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ImagePolicy"):
return &configv1.ImagePolicyApplyConfiguration{}
+ case v1.SchemeGroupVersion.WithKind("ImagePolicyFulcioCAWithRekorRootOfTrust"):
+ return &configv1.ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{}
+ case v1.SchemeGroupVersion.WithKind("ImagePolicyPKIRootOfTrust"):
+ return &configv1.ImagePolicyPKIRootOfTrustApplyConfiguration{}
+ case v1.SchemeGroupVersion.WithKind("ImagePolicyPublicKeyRootOfTrust"):
+ return &configv1.ImagePolicyPublicKeyRootOfTrustApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ImagePolicySpec"):
return &configv1.ImagePolicySpecApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ImagePolicyStatus"):
return &configv1.ImagePolicyStatusApplyConfiguration{}
+ case v1.SchemeGroupVersion.WithKind("ImageSigstoreVerificationPolicy"):
+ return &configv1.ImageSigstoreVerificationPolicyApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ImageSpec"):
return &configv1.ImageSpecApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ImageStatus"):
@@ -336,16 +342,12 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &configv1.OvirtPlatformLoadBalancerApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("OvirtPlatformStatus"):
return &configv1.OvirtPlatformStatusApplyConfiguration{}
- case v1.SchemeGroupVersion.WithKind("PKI"):
- return &configv1.PKIApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("PKICertificateSubject"):
return &configv1.PKICertificateSubjectApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("PlatformSpec"):
return &configv1.PlatformSpecApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("PlatformStatus"):
return &configv1.PlatformStatusApplyConfiguration{}
- case v1.SchemeGroupVersion.WithKind("Policy"):
- return &configv1.PolicyApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("PolicyFulcioSubject"):
return &configv1.PolicyFulcioSubjectApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("PolicyIdentity"):
@@ -378,8 +380,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &configv1.ProxySpecApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ProxyStatus"):
return &configv1.ProxyStatusApplyConfiguration{}
- case v1.SchemeGroupVersion.WithKind("PublicKey"):
- return &configv1.PublicKeyApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("RegistryLocation"):
return &configv1.RegistryLocationApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("RegistrySources"):
@@ -478,16 +478,22 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &configv1alpha1.ContainerResourceApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("EtcdBackupSpec"):
return &configv1alpha1.EtcdBackupSpecApplyConfiguration{}
- case v1alpha1.SchemeGroupVersion.WithKind("FulcioCAWithRekor"):
- return &configv1alpha1.FulcioCAWithRekorApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("GatherConfig"):
return &configv1alpha1.GatherConfigApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicy"):
return &configv1alpha1.ImagePolicyApplyConfiguration{}
+ case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyFulcioCAWithRekorRootOfTrust"):
+ return &configv1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{}
+ case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyPKIRootOfTrust"):
+ return &configv1alpha1.ImagePolicyPKIRootOfTrustApplyConfiguration{}
+ case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyPublicKeyRootOfTrust"):
+ return &configv1alpha1.ImagePolicyPublicKeyRootOfTrustApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicySpec"):
return &configv1alpha1.ImagePolicySpecApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyStatus"):
return &configv1alpha1.ImagePolicyStatusApplyConfiguration{}
+ case v1alpha1.SchemeGroupVersion.WithKind("ImageSigstoreVerificationPolicy"):
+ return &configv1alpha1.ImageSigstoreVerificationPolicyApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("InsightsDataGather"):
return &configv1alpha1.InsightsDataGatherApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("InsightsDataGatherSpec"):
@@ -498,12 +504,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &configv1alpha1.PersistentVolumeClaimReferenceApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("PersistentVolumeConfig"):
return &configv1alpha1.PersistentVolumeConfigApplyConfiguration{}
- case v1alpha1.SchemeGroupVersion.WithKind("PKI"):
- return &configv1alpha1.PKIApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("PKICertificateSubject"):
return &configv1alpha1.PKICertificateSubjectApplyConfiguration{}
- case v1alpha1.SchemeGroupVersion.WithKind("Policy"):
- return &configv1alpha1.PolicyApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("PolicyFulcioSubject"):
return &configv1alpha1.PolicyFulcioSubjectApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("PolicyIdentity"):
@@ -514,8 +516,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &configv1alpha1.PolicyMatchRemapIdentityApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("PolicyRootOfTrust"):
return &configv1alpha1.PolicyRootOfTrustApplyConfiguration{}
- case v1alpha1.SchemeGroupVersion.WithKind("PublicKey"):
- return &configv1alpha1.PublicKeyApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("RetentionNumberConfig"):
return &configv1alpha1.RetentionNumberConfigApplyConfiguration{}
case v1alpha1.SchemeGroupVersion.WithKind("RetentionPolicy"):
diff --git a/go.mod b/go.mod
index b673dfbeb5..20402b1653 100644
--- a/go.mod
+++ b/go.mod
@@ -66,3 +66,5 @@ retract v3.9.0+incompatible
// To make go aware of the retraction, we need to tag a new version that can be
// retracted by itself.
retract v0.0.1
+
+replace github.com/openshift/api => github.com/sanchezl/api v0.0.0-20251217211515-65b693c2242f
diff --git a/go.sum b/go.sum
index 96df6fd37f..eb6155499a 100644
--- a/go.sum
+++ b/go.sum
@@ -57,8 +57,6 @@ github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM
github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
-github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a h1:v/W0YkbADTv9bfubadSNIOftvDIA/JwN8zaK79K5Wyc=
-github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4=
github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -67,6 +65,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/sanchezl/api v0.0.0-20251217211515-65b693c2242f h1:xhRLt8q0qVX0Pq+K0RotL4uaBAU//Vu+WTWK2IRfnT8=
+github.com/sanchezl/api v0.0.0-20251217211515-65b693c2242f/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go
index ca604e05c5..491390098c 100644
--- a/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go
+++ b/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go
@@ -52,7 +52,7 @@ type ClusterImagePolicySpec struct {
// policy is a required field that contains configuration to allow scopes to be verified, and defines how
// images not matching the verification policy will be treated.
// +required
- Policy Policy `json:"policy"`
+ Policy ImageSigstoreVerificationPolicy `json:"policy"`
}
// +k8s:deepcopy-gen=true
diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go
index 169e29c5c5..e111d518ab 100644
--- a/vendor/github.com/openshift/api/config/v1/types_feature.go
+++ b/vendor/github.com/openshift/api/config/v1/types_feature.go
@@ -53,8 +53,12 @@ var (
// your cluster may fail in an unrecoverable way.
CustomNoUpgrade FeatureSet = "CustomNoUpgrade"
+ // OKD turns on features for OKD. Turning this feature set ON is supported for OKD clusters, but NOT for OpenShift clusters.
+ // Once enabled, this feature set cannot be changed back to Default, but can be changed to other feature sets and it allows upgrades.
+ OKD FeatureSet = "OKD"
+
// AllFixedFeatureSets are the featuresets that have known featuregates. Custom doesn't for instance. LatencySensitive is dead
- AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade}
+ AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade, OKD}
)
type FeatureGateSpec struct {
@@ -67,10 +71,11 @@ type FeatureGateSelection struct {
// Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
// +unionDiscriminator
// +optional
- // +kubebuilder:validation:Enum=CustomNoUpgrade;DevPreviewNoUpgrade;TechPreviewNoUpgrade;""
+ // +kubebuilder:validation:Enum=CustomNoUpgrade;DevPreviewNoUpgrade;TechPreviewNoUpgrade;OKD;""
// +kubebuilder:validation:XValidation:rule="oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true",message="CustomNoUpgrade may not be changed"
// +kubebuilder:validation:XValidation:rule="oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true",message="TechPreviewNoUpgrade may not be changed"
// +kubebuilder:validation:XValidation:rule="oldSelf == 'DevPreviewNoUpgrade' ? self == 'DevPreviewNoUpgrade' : true",message="DevPreviewNoUpgrade may not be changed"
+ // +kubebuilder:validation:XValidation:rule="oldSelf == 'OKD' ? self != '' : true",message="OKD cannot transition to Default"
FeatureSet FeatureSet `json:"featureSet,omitempty"`
// customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
diff --git a/vendor/github.com/openshift/api/config/v1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1/types_image_policy.go
index 54bd21adb4..3cc46141c9 100644
--- a/vendor/github.com/openshift/api/config/v1/types_image_policy.go
+++ b/vendor/github.com/openshift/api/config/v1/types_image_policy.go
@@ -51,7 +51,7 @@ type ImagePolicySpec struct {
// policy is a required field that contains configuration to allow scopes to be verified, and defines how
// images not matching the verification policy will be treated.
// +required
- Policy Policy `json:"policy"`
+ Policy ImageSigstoreVerificationPolicy `json:"policy"`
}
// +kubebuilder:validation:XValidation:rule="size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true",message="invalid image scope format, scope must contain a fully qualified domain name or 'localhost'"
@@ -60,8 +60,8 @@ type ImagePolicySpec struct {
// +kubebuilder:validation:MaxLength=512
type ImageScope string
-// Policy defines the verification policy for the items in the scopes list.
-type Policy struct {
+// ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.
+type ImageSigstoreVerificationPolicy struct {
// rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval.
// This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.
// +required
@@ -82,25 +82,25 @@ type PolicyRootOfTrust struct {
// Allowed values are "PublicKey", "FulcioCAWithRekor", and "PKI".
// When set to "PublicKey", the policy relies on a sigstore publicKey and may optionally use a Rekor verification.
// When set to "FulcioCAWithRekor", the policy is based on the Fulcio certification and incorporates a Rekor verification.
- // When set to "PKI", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.
+ // When set to "PKI", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).
// +unionDiscriminator
// +required
PolicyType PolicyType `json:"policyType"`
// publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification.
// publicKey is required when policyType is PublicKey, and forbidden otherwise.
// +optional
- PublicKey *PublicKey `json:"publicKey,omitempty"`
+ PublicKey *ImagePolicyPublicKeyRootOfTrust `json:"publicKey,omitempty"`
// fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key.
// fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise
// For more information about Fulcio and Rekor, please refer to the document at:
// https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor
// +optional
- FulcioCAWithRekor *FulcioCAWithRekor `json:"fulcioCAWithRekor,omitempty"`
+ FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrust `json:"fulcioCAWithRekor,omitempty"`
// pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.
// pki is required when policyType is PKI, and forbidden otherwise.
// +optional
// +openshift:enable:FeatureGate=SigstoreImageVerificationPKI
- PKI *PKI `json:"pki,omitempty"`
+ PKI *ImagePolicyPKIRootOfTrust `json:"pki,omitempty"`
}
// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=PublicKey;FulcioCAWithRekor
@@ -113,8 +113,8 @@ const (
PKIRootOfTrust PolicyType = "PKI"
)
-// PublicKey defines the root of trust based on a sigstore public key.
-type PublicKey struct {
+// ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.
+type ImagePolicyPublicKeyRootOfTrust struct {
// keyData is a required field contains inline base64-encoded data for the PEM format public key.
// keyData must be at most 8192 characters.
// +required
@@ -132,8 +132,8 @@ type PublicKey struct {
RekorKeyData []byte `json:"rekorKeyData,omitempty"`
}
-// FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.
-type FulcioCAWithRekor struct {
+// ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.
+type ImagePolicyFulcioCAWithRekorRootOfTrust struct {
// fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA.
// fulcioCAData must be at most 8192 characters.
// +required
@@ -172,8 +172,8 @@ type PolicyFulcioSubject struct {
SignedEmail string `json:"signedEmail"`
}
-// PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.
-type PKI struct {
+// ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.
+type ImagePolicyPKIRootOfTrust struct {
// caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.
// +required
// +kubebuilder:validation:MaxLength=8192
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
index fe8c112273..5652de79eb 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
@@ -2340,33 +2340,6 @@ func (in *FeatureGateTests) DeepCopy() *FeatureGateTests {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *FulcioCAWithRekor) DeepCopyInto(out *FulcioCAWithRekor) {
- *out = *in
- if in.FulcioCAData != nil {
- in, out := &in.FulcioCAData, &out.FulcioCAData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.RekorKeyData != nil {
- in, out := &in.RekorKeyData, &out.RekorKeyData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- out.FulcioSubject = in.FulcioSubject
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FulcioCAWithRekor.
-func (in *FulcioCAWithRekor) DeepCopy() *FulcioCAWithRekor {
- if in == nil {
- return nil
- }
- out := new(FulcioCAWithRekor)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GCPPlatformSpec) DeepCopyInto(out *GCPPlatformSpec) {
*out = *in
@@ -3067,6 +3040,33 @@ func (in *ImagePolicy) DeepCopyObject() runtime.Object {
return nil
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopyInto(out *ImagePolicyFulcioCAWithRekorRootOfTrust) {
+ *out = *in
+ if in.FulcioCAData != nil {
+ in, out := &in.FulcioCAData, &out.FulcioCAData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ if in.RekorKeyData != nil {
+ in, out := &in.RekorKeyData, &out.RekorKeyData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ out.FulcioSubject = in.FulcioSubject
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyFulcioCAWithRekorRootOfTrust.
+func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopy() *ImagePolicyFulcioCAWithRekorRootOfTrust {
+ if in == nil {
+ return nil
+ }
+ out := new(ImagePolicyFulcioCAWithRekorRootOfTrust)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ImagePolicyList) DeepCopyInto(out *ImagePolicyList) {
*out = *in
@@ -3100,6 +3100,59 @@ func (in *ImagePolicyList) DeepCopyObject() runtime.Object {
return nil
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ImagePolicyPKIRootOfTrust) DeepCopyInto(out *ImagePolicyPKIRootOfTrust) {
+ *out = *in
+ if in.CertificateAuthorityRootsData != nil {
+ in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ if in.CertificateAuthorityIntermediatesData != nil {
+ in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ out.PKICertificateSubject = in.PKICertificateSubject
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPKIRootOfTrust.
+func (in *ImagePolicyPKIRootOfTrust) DeepCopy() *ImagePolicyPKIRootOfTrust {
+ if in == nil {
+ return nil
+ }
+ out := new(ImagePolicyPKIRootOfTrust)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopyInto(out *ImagePolicyPublicKeyRootOfTrust) {
+ *out = *in
+ if in.KeyData != nil {
+ in, out := &in.KeyData, &out.KeyData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ if in.RekorKeyData != nil {
+ in, out := &in.RekorKeyData, &out.RekorKeyData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPublicKeyRootOfTrust.
+func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopy() *ImagePolicyPublicKeyRootOfTrust {
+ if in == nil {
+ return nil
+ }
+ out := new(ImagePolicyPublicKeyRootOfTrust)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ImagePolicySpec) DeepCopyInto(out *ImagePolicySpec) {
*out = *in
@@ -3145,6 +3198,28 @@ func (in *ImagePolicyStatus) DeepCopy() *ImagePolicyStatus {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ImageSigstoreVerificationPolicy) DeepCopyInto(out *ImageSigstoreVerificationPolicy) {
+ *out = *in
+ in.RootOfTrust.DeepCopyInto(&out.RootOfTrust)
+ if in.SignedIdentity != nil {
+ in, out := &in.SignedIdentity, &out.SignedIdentity
+ *out = new(PolicyIdentity)
+ (*in).DeepCopyInto(*out)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSigstoreVerificationPolicy.
+func (in *ImageSigstoreVerificationPolicy) DeepCopy() *ImageSigstoreVerificationPolicy {
+ if in == nil {
+ return nil
+ }
+ out := new(ImageSigstoreVerificationPolicy)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ImageSpec) DeepCopyInto(out *ImageSpec) {
*out = *in
@@ -4955,33 +5030,6 @@ func (in *OvirtPlatformStatus) DeepCopy() *OvirtPlatformStatus {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *PKI) DeepCopyInto(out *PKI) {
- *out = *in
- if in.CertificateAuthorityRootsData != nil {
- in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.CertificateAuthorityIntermediatesData != nil {
- in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- out.PKICertificateSubject = in.PKICertificateSubject
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKI.
-func (in *PKI) DeepCopy() *PKI {
- if in == nil {
- return nil
- }
- out := new(PKI)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) {
*out = *in
@@ -5170,28 +5218,6 @@ func (in *PlatformStatus) DeepCopy() *PlatformStatus {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Policy) DeepCopyInto(out *Policy) {
- *out = *in
- in.RootOfTrust.DeepCopyInto(&out.RootOfTrust)
- if in.SignedIdentity != nil {
- in, out := &in.SignedIdentity, &out.SignedIdentity
- *out = new(PolicyIdentity)
- (*in).DeepCopyInto(*out)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
-func (in *Policy) DeepCopy() *Policy {
- if in == nil {
- return nil
- }
- out := new(Policy)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyFulcioSubject) DeepCopyInto(out *PolicyFulcioSubject) {
*out = *in
@@ -5271,17 +5297,17 @@ func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) {
*out = *in
if in.PublicKey != nil {
in, out := &in.PublicKey, &out.PublicKey
- *out = new(PublicKey)
+ *out = new(ImagePolicyPublicKeyRootOfTrust)
(*in).DeepCopyInto(*out)
}
if in.FulcioCAWithRekor != nil {
in, out := &in.FulcioCAWithRekor, &out.FulcioCAWithRekor
- *out = new(FulcioCAWithRekor)
+ *out = new(ImagePolicyFulcioCAWithRekorRootOfTrust)
(*in).DeepCopyInto(*out)
}
if in.PKI != nil {
in, out := &in.PKI, &out.PKI
- *out = new(PKI)
+ *out = new(ImagePolicyPKIRootOfTrust)
(*in).DeepCopyInto(*out)
}
return
@@ -5597,32 +5623,6 @@ func (in *ProxyStatus) DeepCopy() *ProxyStatus {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *PublicKey) DeepCopyInto(out *PublicKey) {
- *out = *in
- if in.KeyData != nil {
- in, out := &in.KeyData, &out.KeyData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.RekorKeyData != nil {
- in, out := &in.RekorKeyData, &out.RekorKeyData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKey.
-func (in *PublicKey) DeepCopy() *PublicKey {
- if in == nil {
- return nil
- }
- out := new(PublicKey)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RegistryLocation) DeepCopyInto(out *RegistryLocation) {
*out = *in
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
index 778fed917c..5bb46b54ac 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
@@ -1214,17 +1214,6 @@ func (ImageDigestMirrors) SwaggerDoc() map[string]string {
return map_ImageDigestMirrors
}
-var map_FulcioCAWithRekor = map[string]string{
- "": "FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.",
- "fulcioCAData": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters. ",
- "rekorKeyData": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ",
- "fulcioSubject": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.",
-}
-
-func (FulcioCAWithRekor) SwaggerDoc() map[string]string {
- return map_FulcioCAWithRekor
-}
-
var map_ImagePolicy = map[string]string{
"": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
"metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
@@ -1236,6 +1225,17 @@ func (ImagePolicy) SwaggerDoc() map[string]string {
return map_ImagePolicy
}
+var map_ImagePolicyFulcioCAWithRekorRootOfTrust = map[string]string{
+ "": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.",
+ "fulcioCAData": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters. ",
+ "rekorKeyData": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ",
+ "fulcioSubject": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.",
+}
+
+func (ImagePolicyFulcioCAWithRekorRootOfTrust) SwaggerDoc() map[string]string {
+ return map_ImagePolicyFulcioCAWithRekorRootOfTrust
+}
+
var map_ImagePolicyList = map[string]string{
"": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
"metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
@@ -1246,6 +1246,27 @@ func (ImagePolicyList) SwaggerDoc() map[string]string {
return map_ImagePolicyList
}
+var map_ImagePolicyPKIRootOfTrust = map[string]string{
+ "": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.",
+ "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ",
+ "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ",
+ "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.",
+}
+
+func (ImagePolicyPKIRootOfTrust) SwaggerDoc() map[string]string {
+ return map_ImagePolicyPKIRootOfTrust
+}
+
+var map_ImagePolicyPublicKeyRootOfTrust = map[string]string{
+ "": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.",
+ "keyData": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters. ",
+ "rekorKeyData": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ",
+}
+
+func (ImagePolicyPublicKeyRootOfTrust) SwaggerDoc() map[string]string {
+ return map_ImagePolicyPublicKeyRootOfTrust
+}
+
var map_ImagePolicySpec = map[string]string{
"": "ImagePolicySpec is the specification of the ImagePolicy CRD.",
"scopes": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker",
@@ -1264,15 +1285,14 @@ func (ImagePolicyStatus) SwaggerDoc() map[string]string {
return map_ImagePolicyStatus
}
-var map_PKI = map[string]string{
- "": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.",
- "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ",
- "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ",
- "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.",
+var map_ImageSigstoreVerificationPolicy = map[string]string{
+ "": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.",
+ "rootOfTrust": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.",
+ "signedIdentity": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".",
}
-func (PKI) SwaggerDoc() map[string]string {
- return map_PKI
+func (ImageSigstoreVerificationPolicy) SwaggerDoc() map[string]string {
+ return map_ImageSigstoreVerificationPolicy
}
var map_PKICertificateSubject = map[string]string{
@@ -1285,16 +1305,6 @@ func (PKICertificateSubject) SwaggerDoc() map[string]string {
return map_PKICertificateSubject
}
-var map_Policy = map[string]string{
- "": "Policy defines the verification policy for the items in the scopes list.",
- "rootOfTrust": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.",
- "signedIdentity": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".",
-}
-
-func (Policy) SwaggerDoc() map[string]string {
- return map_Policy
-}
-
var map_PolicyFulcioSubject = map[string]string{
"": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.",
"oidcIssuer": "oidcIssuer is a required filed contains the expected OIDC issuer. The oidcIssuer must be a valid URL and at most 2048 characters in length. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"",
@@ -1335,7 +1345,7 @@ func (PolicyMatchRemapIdentity) SwaggerDoc() map[string]string {
var map_PolicyRootOfTrust = map[string]string{
"": "PolicyRootOfTrust defines the root of trust based on the selected policyType.",
- "policyType": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.",
+ "policyType": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).",
"publicKey": "publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification. publicKey is required when policyType is PublicKey, and forbidden otherwise.",
"fulcioCAWithRekor": "fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key. fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor",
"pki": "pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. pki is required when policyType is PKI, and forbidden otherwise.",
@@ -1345,16 +1355,6 @@ func (PolicyRootOfTrust) SwaggerDoc() map[string]string {
return map_PolicyRootOfTrust
}
-var map_PublicKey = map[string]string{
- "": "PublicKey defines the root of trust based on a sigstore public key.",
- "keyData": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters. ",
- "rekorKeyData": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ",
-}
-
-func (PublicKey) SwaggerDoc() map[string]string {
- return map_PublicKey
-}
-
var map_ImageTagMirrorSet = map[string]string{
"": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
"metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go
index 107b9e29a4..e8d7603d7b 100644
--- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go
+++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go
@@ -51,7 +51,7 @@ type ClusterImagePolicySpec struct {
// policy contains configuration to allow scopes to be verified, and defines how
// images not matching the verification policy will be treated.
// +required
- Policy Policy `json:"policy"`
+ Policy ImageSigstoreVerificationPolicy `json:"policy"`
}
// +k8s:deepcopy-gen=true
diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go
index 64a89e4a63..977ca3dde3 100644
--- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go
+++ b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go
@@ -50,7 +50,7 @@ type ImagePolicySpec struct {
// policy contains configuration to allow scopes to be verified, and defines how
// images not matching the verification policy will be treated.
// +required
- Policy Policy `json:"policy"`
+ Policy ImageSigstoreVerificationPolicy `json:"policy"`
}
// +kubebuilder:validation:XValidation:rule="size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true",message="invalid image scope format, scope must contain a fully qualified domain name or 'localhost'"
@@ -59,8 +59,8 @@ type ImagePolicySpec struct {
// +kubebuilder:validation:MaxLength=512
type ImageScope string
-// Policy defines the verification policy for the items in the scopes list.
-type Policy struct {
+// ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.
+type ImageSigstoreVerificationPolicy struct {
// rootOfTrust specifies the root of trust for the policy.
// +required
RootOfTrust PolicyRootOfTrust `json:"rootOfTrust"`
@@ -84,16 +84,16 @@ type PolicyRootOfTrust struct {
PolicyType PolicyType `json:"policyType"`
// publicKey defines the root of trust based on a sigstore public key.
// +optional
- PublicKey *PublicKey `json:"publicKey,omitempty"`
+ PublicKey *ImagePolicyPublicKeyRootOfTrust `json:"publicKey,omitempty"`
// fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.
// For more information about Fulcio and Rekor, please refer to the document at:
// https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor
// +optional
- FulcioCAWithRekor *FulcioCAWithRekor `json:"fulcioCAWithRekor,omitempty"`
+ FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrust `json:"fulcioCAWithRekor,omitempty"`
// pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.
// +optional
// +openshift:enable:FeatureGate=SigstoreImageVerificationPKI
- PKI *PKI `json:"pki,omitempty"`
+ PKI *ImagePolicyPKIRootOfTrust `json:"pki,omitempty"`
}
// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=PublicKey;FulcioCAWithRekor
@@ -106,8 +106,8 @@ const (
PKIRootOfTrust PolicyType = "PKI"
)
-// PublicKey defines the root of trust based on a sigstore public key.
-type PublicKey struct {
+// ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.
+type ImagePolicyPublicKeyRootOfTrust struct {
// keyData contains inline base64-encoded data for the PEM format public key.
// KeyData must be at most 8192 characters.
// +required
@@ -120,8 +120,8 @@ type PublicKey struct {
RekorKeyData []byte `json:"rekorKeyData,omitempty"`
}
-// FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.
-type FulcioCAWithRekor struct {
+// ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.
+type ImagePolicyFulcioCAWithRekorRootOfTrust struct {
// fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA.
// fulcioCAData must be at most 8192 characters.
// +required
@@ -151,8 +151,8 @@ type PolicyFulcioSubject struct {
SignedEmail string `json:"signedEmail"`
}
-// PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.
-type PKI struct {
+// ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.
+type ImagePolicyPKIRootOfTrust struct {
// caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.
// +required
// +kubebuilder:validation:MaxLength=8192
diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go
index 6549f6cbe4..9ead6aba26 100644
--- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go
@@ -429,33 +429,6 @@ func (in *EtcdBackupSpec) DeepCopy() *EtcdBackupSpec {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *FulcioCAWithRekor) DeepCopyInto(out *FulcioCAWithRekor) {
- *out = *in
- if in.FulcioCAData != nil {
- in, out := &in.FulcioCAData, &out.FulcioCAData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.RekorKeyData != nil {
- in, out := &in.RekorKeyData, &out.RekorKeyData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- out.FulcioSubject = in.FulcioSubject
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FulcioCAWithRekor.
-func (in *FulcioCAWithRekor) DeepCopy() *FulcioCAWithRekor {
- if in == nil {
- return nil
- }
- out := new(FulcioCAWithRekor)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GatherConfig) DeepCopyInto(out *GatherConfig) {
*out = *in
@@ -510,6 +483,33 @@ func (in *ImagePolicy) DeepCopyObject() runtime.Object {
return nil
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopyInto(out *ImagePolicyFulcioCAWithRekorRootOfTrust) {
+ *out = *in
+ if in.FulcioCAData != nil {
+ in, out := &in.FulcioCAData, &out.FulcioCAData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ if in.RekorKeyData != nil {
+ in, out := &in.RekorKeyData, &out.RekorKeyData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ out.FulcioSubject = in.FulcioSubject
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyFulcioCAWithRekorRootOfTrust.
+func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopy() *ImagePolicyFulcioCAWithRekorRootOfTrust {
+ if in == nil {
+ return nil
+ }
+ out := new(ImagePolicyFulcioCAWithRekorRootOfTrust)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ImagePolicyList) DeepCopyInto(out *ImagePolicyList) {
*out = *in
@@ -543,6 +543,59 @@ func (in *ImagePolicyList) DeepCopyObject() runtime.Object {
return nil
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ImagePolicyPKIRootOfTrust) DeepCopyInto(out *ImagePolicyPKIRootOfTrust) {
+ *out = *in
+ if in.CertificateAuthorityRootsData != nil {
+ in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ if in.CertificateAuthorityIntermediatesData != nil {
+ in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ out.PKICertificateSubject = in.PKICertificateSubject
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPKIRootOfTrust.
+func (in *ImagePolicyPKIRootOfTrust) DeepCopy() *ImagePolicyPKIRootOfTrust {
+ if in == nil {
+ return nil
+ }
+ out := new(ImagePolicyPKIRootOfTrust)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopyInto(out *ImagePolicyPublicKeyRootOfTrust) {
+ *out = *in
+ if in.KeyData != nil {
+ in, out := &in.KeyData, &out.KeyData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ if in.RekorKeyData != nil {
+ in, out := &in.RekorKeyData, &out.RekorKeyData
+ *out = make([]byte, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPublicKeyRootOfTrust.
+func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopy() *ImagePolicyPublicKeyRootOfTrust {
+ if in == nil {
+ return nil
+ }
+ out := new(ImagePolicyPublicKeyRootOfTrust)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ImagePolicySpec) DeepCopyInto(out *ImagePolicySpec) {
*out = *in
@@ -588,6 +641,24 @@ func (in *ImagePolicyStatus) DeepCopy() *ImagePolicyStatus {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ImageSigstoreVerificationPolicy) DeepCopyInto(out *ImageSigstoreVerificationPolicy) {
+ *out = *in
+ in.RootOfTrust.DeepCopyInto(&out.RootOfTrust)
+ in.SignedIdentity.DeepCopyInto(&out.SignedIdentity)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSigstoreVerificationPolicy.
+func (in *ImageSigstoreVerificationPolicy) DeepCopy() *ImageSigstoreVerificationPolicy {
+ if in == nil {
+ return nil
+ }
+ out := new(ImageSigstoreVerificationPolicy)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *InsightsDataGather) DeepCopyInto(out *InsightsDataGather) {
*out = *in
@@ -727,33 +798,6 @@ func (in *MetricsServerConfig) DeepCopy() *MetricsServerConfig {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *PKI) DeepCopyInto(out *PKI) {
- *out = *in
- if in.CertificateAuthorityRootsData != nil {
- in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.CertificateAuthorityIntermediatesData != nil {
- in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- out.PKICertificateSubject = in.PKICertificateSubject
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKI.
-func (in *PKI) DeepCopy() *PKI {
- if in == nil {
- return nil
- }
- out := new(PKI)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) {
*out = *in
@@ -803,24 +847,6 @@ func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Policy) DeepCopyInto(out *Policy) {
- *out = *in
- in.RootOfTrust.DeepCopyInto(&out.RootOfTrust)
- in.SignedIdentity.DeepCopyInto(&out.SignedIdentity)
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
-func (in *Policy) DeepCopy() *Policy {
- if in == nil {
- return nil
- }
- out := new(Policy)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyFulcioSubject) DeepCopyInto(out *PolicyFulcioSubject) {
*out = *in
@@ -900,17 +926,17 @@ func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) {
*out = *in
if in.PublicKey != nil {
in, out := &in.PublicKey, &out.PublicKey
- *out = new(PublicKey)
+ *out = new(ImagePolicyPublicKeyRootOfTrust)
(*in).DeepCopyInto(*out)
}
if in.FulcioCAWithRekor != nil {
in, out := &in.FulcioCAWithRekor, &out.FulcioCAWithRekor
- *out = new(FulcioCAWithRekor)
+ *out = new(ImagePolicyFulcioCAWithRekorRootOfTrust)
(*in).DeepCopyInto(*out)
}
if in.PKI != nil {
in, out := &in.PKI, &out.PKI
- *out = new(PKI)
+ *out = new(ImagePolicyPKIRootOfTrust)
(*in).DeepCopyInto(*out)
}
return
@@ -926,32 +952,6 @@ func (in *PolicyRootOfTrust) DeepCopy() *PolicyRootOfTrust {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *PublicKey) DeepCopyInto(out *PublicKey) {
- *out = *in
- if in.KeyData != nil {
- in, out := &in.KeyData, &out.KeyData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.RekorKeyData != nil {
- in, out := &in.RekorKeyData, &out.RekorKeyData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKey.
-func (in *PublicKey) DeepCopy() *PublicKey {
- if in == nil {
- return nil
- }
- out := new(PublicKey)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RetentionNumberConfig) DeepCopyInto(out *RetentionNumberConfig) {
*out = *in
diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go
index 6ba6ad11f4..59a5b37085 100644
--- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go
@@ -226,17 +226,6 @@ func (UserDefinedMonitoring) SwaggerDoc() map[string]string {
return map_UserDefinedMonitoring
}
-var map_FulcioCAWithRekor = map[string]string{
- "": "FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.",
- "fulcioCAData": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.",
- "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.",
- "fulcioSubject": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.",
-}
-
-func (FulcioCAWithRekor) SwaggerDoc() map[string]string {
- return map_FulcioCAWithRekor
-}
-
var map_ImagePolicy = map[string]string{
"": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
"metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
@@ -248,6 +237,17 @@ func (ImagePolicy) SwaggerDoc() map[string]string {
return map_ImagePolicy
}
+var map_ImagePolicyFulcioCAWithRekorRootOfTrust = map[string]string{
+ "": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.",
+ "fulcioCAData": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.",
+ "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.",
+ "fulcioSubject": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.",
+}
+
+func (ImagePolicyFulcioCAWithRekorRootOfTrust) SwaggerDoc() map[string]string {
+ return map_ImagePolicyFulcioCAWithRekorRootOfTrust
+}
+
var map_ImagePolicyList = map[string]string{
"": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
"metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
@@ -257,6 +257,27 @@ func (ImagePolicyList) SwaggerDoc() map[string]string {
return map_ImagePolicyList
}
+var map_ImagePolicyPKIRootOfTrust = map[string]string{
+ "": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.",
+ "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ",
+ "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ",
+ "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.",
+}
+
+func (ImagePolicyPKIRootOfTrust) SwaggerDoc() map[string]string {
+ return map_ImagePolicyPKIRootOfTrust
+}
+
+var map_ImagePolicyPublicKeyRootOfTrust = map[string]string{
+ "": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.",
+ "keyData": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.",
+ "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.",
+}
+
+func (ImagePolicyPublicKeyRootOfTrust) SwaggerDoc() map[string]string {
+ return map_ImagePolicyPublicKeyRootOfTrust
+}
+
var map_ImagePolicySpec = map[string]string{
"": "ImagePolicySpec is the specification of the ImagePolicy CRD.",
"scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker",
@@ -275,15 +296,14 @@ func (ImagePolicyStatus) SwaggerDoc() map[string]string {
return map_ImagePolicyStatus
}
-var map_PKI = map[string]string{
- "": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.",
- "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ",
- "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ",
- "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.",
+var map_ImageSigstoreVerificationPolicy = map[string]string{
+ "": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.",
+ "rootOfTrust": "rootOfTrust specifies the root of trust for the policy.",
+ "signedIdentity": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".",
}
-func (PKI) SwaggerDoc() map[string]string {
- return map_PKI
+func (ImageSigstoreVerificationPolicy) SwaggerDoc() map[string]string {
+ return map_ImageSigstoreVerificationPolicy
}
var map_PKICertificateSubject = map[string]string{
@@ -296,16 +316,6 @@ func (PKICertificateSubject) SwaggerDoc() map[string]string {
return map_PKICertificateSubject
}
-var map_Policy = map[string]string{
- "": "Policy defines the verification policy for the items in the scopes list.",
- "rootOfTrust": "rootOfTrust specifies the root of trust for the policy.",
- "signedIdentity": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".",
-}
-
-func (Policy) SwaggerDoc() map[string]string {
- return map_Policy
-}
-
var map_PolicyFulcioSubject = map[string]string{
"": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.",
"oidcIssuer": "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"",
@@ -356,16 +366,6 @@ func (PolicyRootOfTrust) SwaggerDoc() map[string]string {
return map_PolicyRootOfTrust
}
-var map_PublicKey = map[string]string{
- "": "PublicKey defines the root of trust based on a sigstore public key.",
- "keyData": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.",
- "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.",
-}
-
-func (PublicKey) SwaggerDoc() map[string]string {
- return map_PublicKey
-}
-
var map_GatherConfig = map[string]string{
"": "gatherConfig provides data gathering configuration options.",
"dataPolicy": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.",
diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md
index 7b858756db..056ae3719a 100644
--- a/vendor/github.com/openshift/api/features.md
+++ b/vendor/github.com/openshift/api/features.md
@@ -1,115 +1,114 @@
-| FeatureGate | Default on Hypershift | Default on SelfManagedHA | DevPreviewNoUpgrade on Hypershift | DevPreviewNoUpgrade on SelfManagedHA | TechPreviewNoUpgrade on Hypershift | TechPreviewNoUpgrade on SelfManagedHA |
-| ------ | --- | --- | --- | --- | --- | --- |
-| ClientsAllowCBOR| | | | | | |
-| ClusterAPIInstall| | | | | | |
-| EventedPLEG| | | | | | |
-| MachineAPIOperatorDisableMachineHealthCheckController| | | | | | |
-| MultiArchInstallAzure| | | | | | |
-| NewOLMBoxCutterRuntime| | | | | | |
-| ShortCertRotation| | | | | | |
-| ClusterAPIMachineManagementVSphere| | | Enabled | Enabled | | |
-| Example2| | | Enabled | Enabled | | |
-| ExternalSnapshotMetadata| | | Enabled | Enabled | | |
-| IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | | |
-| NewOLMCatalogdAPIV1Metas| | | | Enabled | | Enabled |
-| NewOLMOwnSingleNamespace| | | | Enabled | | Enabled |
-| NewOLMPreflightPermissionChecks| | | | Enabled | | Enabled |
-| NoRegistryClusterInstall| | | | Enabled | | Enabled |
-| ProvisioningRequestAvailable| | | Enabled | Enabled | | |
-| HyperShiftOnlyDynamicResourceAllocation| Enabled | | Enabled | | Enabled | |
-| NewOLM| | Enabled | | Enabled | | Enabled |
-| NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled |
-| AWSClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled |
-| AWSClusterHostedDNSInstall| | | Enabled | Enabled | Enabled | Enabled |
-| AWSDedicatedHosts| | | Enabled | Enabled | Enabled | Enabled |
-| AWSDualStackInstall| | | Enabled | Enabled | Enabled | Enabled |
-| AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | Enabled | Enabled |
-| AutomatedEtcdBackup| | | Enabled | Enabled | Enabled | Enabled |
-| AzureClusterHostedDNSInstall| | | Enabled | Enabled | Enabled | Enabled |
-| AzureDedicatedHosts| | | Enabled | Enabled | Enabled | Enabled |
-| AzureDualStackInstall| | | Enabled | Enabled | Enabled | Enabled |
-| AzureMultiDisk| | | Enabled | Enabled | Enabled | Enabled |
-| BootImageSkewEnforcement| | | Enabled | Enabled | Enabled | Enabled |
-| BootcNodeManagement| | | Enabled | Enabled | Enabled | Enabled |
-| CBORServingAndStorage| | | Enabled | Enabled | Enabled | Enabled |
-| CRDCompatibilityRequirementOperator| | | Enabled | Enabled | Enabled | Enabled |
-| ClientsPreferCBOR| | | Enabled | Enabled | Enabled | Enabled |
-| ClusterAPIInstallIBMCloud| | | Enabled | Enabled | Enabled | Enabled |
-| ClusterAPIMachineManagement| | | Enabled | Enabled | Enabled | Enabled |
-| ClusterMonitoringConfig| | | Enabled | Enabled | Enabled | Enabled |
-| ClusterVersionOperatorConfiguration| | | Enabled | Enabled | Enabled | Enabled |
-| DNSNameResolver| | | Enabled | Enabled | Enabled | Enabled |
-| DualReplica| | | Enabled | Enabled | Enabled | Enabled |
-| DyanmicServiceEndpointIBMCloud| | | Enabled | Enabled | Enabled | Enabled |
-| EtcdBackendQuota| | | Enabled | Enabled | Enabled | Enabled |
-| EventTTL| | | Enabled | Enabled | Enabled | Enabled |
-| Example| | | Enabled | Enabled | Enabled | Enabled |
-| GCPClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled |
-| GCPCustomAPIEndpoints| | | Enabled | Enabled | Enabled | Enabled |
-| GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | Enabled | Enabled |
-| GCPDualStackInstall| | | Enabled | Enabled | Enabled | Enabled |
-| ImageModeStatusReporting| | | Enabled | Enabled | Enabled | Enabled |
-| InsightsConfig| | | Enabled | Enabled | Enabled | Enabled |
-| InsightsOnDemandDataGather| | | Enabled | Enabled | Enabled | Enabled |
-| IrreconcilableMachineConfig| | | Enabled | Enabled | Enabled | Enabled |
-| KMSEncryptionProvider| | | Enabled | Enabled | Enabled | Enabled |
-| MachineAPIMigration| | | Enabled | Enabled | Enabled | Enabled |
-| ManagedBootImagesCPMS| | | Enabled | Enabled | Enabled | Enabled |
-| MaxUnavailableStatefulSet| | | Enabled | Enabled | Enabled | Enabled |
-| MinimumKubeletVersion| | | Enabled | Enabled | Enabled | Enabled |
-| MixedCPUsAllocation| | | Enabled | Enabled | Enabled | Enabled |
-| MultiDiskSetup| | | Enabled | Enabled | Enabled | Enabled |
-| MutableCSINodeAllocatableCount| | | Enabled | Enabled | Enabled | Enabled |
-| MutatingAdmissionPolicy| | | Enabled | Enabled | Enabled | Enabled |
-| NutanixMultiSubnets| | | Enabled | Enabled | Enabled | Enabled |
-| OSStreams| | | Enabled | Enabled | Enabled | Enabled |
-| OVNObservability| | | Enabled | Enabled | Enabled | Enabled |
-| OnPremDNSRecords| | | Enabled | Enabled | Enabled | Enabled |
-| SELinuxMount| | | Enabled | Enabled | Enabled | Enabled |
-| SignatureStores| | | Enabled | Enabled | Enabled | Enabled |
-| SigstoreImageVerificationPKI| | | Enabled | Enabled | Enabled | Enabled |
-| TranslateStreamCloseWebsocketRequests| | | Enabled | Enabled | Enabled | Enabled |
-| VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | Enabled | Enabled |
-| VSphereHostVMGroupZonal| | | Enabled | Enabled | Enabled | Enabled |
-| VSphereMixedNodeEnv| | | Enabled | Enabled | Enabled | Enabled |
-| VolumeGroupSnapshot| | | Enabled | Enabled | Enabled | Enabled |
-| AdditionalRoutingCapabilities| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| AlibabaPlatform| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| CPMSMachineNamePrefix| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ExternalOIDC| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ExternalOIDCWithUIDAndExtraClaimMappings| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| GCPClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ImageStreamImportMode| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ManagedBootImagesAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| NetworkSegmentation| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| PreconfiguredUDNAddresses| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ProcMountType| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| RouteAdvertisements| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| StoragePerformantSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| UpgradeStatus| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| UserNamespacesPodSecurityStandards| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| UserNamespacesSupport| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| VolumeAttributesClass| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| FeatureGate | Default on Hypershift | Default on SelfManagedHA | DevPreviewNoUpgrade on Hypershift | DevPreviewNoUpgrade on SelfManagedHA | OKD on Hypershift | OKD on SelfManagedHA | TechPreviewNoUpgrade on Hypershift | TechPreviewNoUpgrade on SelfManagedHA |
+| ------ | --- | --- | --- | --- | --- | --- | --- | --- |
+| ClientsAllowCBOR| | | | | | | | |
+| ClusterAPIInstall| | | | | | | | |
+| EventedPLEG| | | | | | | | |
+| MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | | |
+| MultiArchInstallAzure| | | | | | | | |
+| NewOLMBoxCutterRuntime| | | | | | | | |
+| ShortCertRotation| | | | | | | | |
+| ClusterAPIMachineManagementVSphere| | | Enabled | Enabled | | | | |
+| Example2| | | Enabled | Enabled | | | | |
+| ExternalSnapshotMetadata| | | Enabled | Enabled | | | | |
+| IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | | | | |
+| NewOLMCatalogdAPIV1Metas| | | | Enabled | | | | Enabled |
+| NewOLMOwnSingleNamespace| | | | Enabled | | | | Enabled |
+| NewOLMPreflightPermissionChecks| | | | Enabled | | | | Enabled |
+| NoRegistryClusterInstall| | | | Enabled | | | | Enabled |
+| ProvisioningRequestAvailable| | | Enabled | Enabled | | | | |
+| AWSClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled |
+| AWSClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled |
+| AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled |
+| AWSDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled |
+| AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | | | Enabled | Enabled |
+| AutomatedEtcdBackup| | | Enabled | Enabled | | | Enabled | Enabled |
+| AzureClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled |
+| AzureDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled |
+| AzureDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled |
+| AzureMultiDisk| | | Enabled | Enabled | | | Enabled | Enabled |
+| BootImageSkewEnforcement| | | Enabled | Enabled | | | Enabled | Enabled |
+| BootcNodeManagement| | | Enabled | Enabled | | | Enabled | Enabled |
+| CBORServingAndStorage| | | Enabled | Enabled | | | Enabled | Enabled |
+| CRDCompatibilityRequirementOperator| | | Enabled | Enabled | | | Enabled | Enabled |
+| ClientsPreferCBOR| | | Enabled | Enabled | | | Enabled | Enabled |
+| ClusterAPIInstallIBMCloud| | | Enabled | Enabled | | | Enabled | Enabled |
+| ClusterAPIMachineManagement| | | Enabled | Enabled | | | Enabled | Enabled |
+| ClusterMonitoringConfig| | | Enabled | Enabled | | | Enabled | Enabled |
+| ClusterVersionOperatorConfiguration| | | Enabled | Enabled | | | Enabled | Enabled |
+| DNSNameResolver| | | Enabled | Enabled | | | Enabled | Enabled |
+| DualReplica| | | Enabled | Enabled | | | Enabled | Enabled |
+| DyanmicServiceEndpointIBMCloud| | | Enabled | Enabled | | | Enabled | Enabled |
+| EtcdBackendQuota| | | Enabled | Enabled | | | Enabled | Enabled |
+| EventTTL| | | Enabled | Enabled | | | Enabled | Enabled |
+| Example| | | Enabled | Enabled | | | Enabled | Enabled |
+| GCPClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled |
+| GCPCustomAPIEndpoints| | | Enabled | Enabled | | | Enabled | Enabled |
+| GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | | | Enabled | Enabled |
+| GCPDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled |
+| HyperShiftOnlyDynamicResourceAllocation| Enabled | | Enabled | | Enabled | | Enabled | |
+| ImageModeStatusReporting| | | Enabled | Enabled | | | Enabled | Enabled |
+| InsightsConfig| | | Enabled | Enabled | | | Enabled | Enabled |
+| InsightsOnDemandDataGather| | | Enabled | Enabled | | | Enabled | Enabled |
+| IrreconcilableMachineConfig| | | Enabled | Enabled | | | Enabled | Enabled |
+| KMSEncryptionProvider| | | Enabled | Enabled | | | Enabled | Enabled |
+| MachineAPIMigration| | | Enabled | Enabled | | | Enabled | Enabled |
+| ManagedBootImagesCPMS| | | Enabled | Enabled | | | Enabled | Enabled |
+| MaxUnavailableStatefulSet| | | Enabled | Enabled | | | Enabled | Enabled |
+| MinimumKubeletVersion| | | Enabled | Enabled | | | Enabled | Enabled |
+| MixedCPUsAllocation| | | Enabled | Enabled | | | Enabled | Enabled |
+| MultiDiskSetup| | | Enabled | Enabled | | | Enabled | Enabled |
+| MutableCSINodeAllocatableCount| | | Enabled | Enabled | | | Enabled | Enabled |
+| MutatingAdmissionPolicy| | | Enabled | Enabled | | | Enabled | Enabled |
+| NewOLM| | Enabled | | Enabled | | Enabled | | Enabled |
+| NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled | | Enabled |
+| NutanixMultiSubnets| | | Enabled | Enabled | | | Enabled | Enabled |
+| OSStreams| | | Enabled | Enabled | | | Enabled | Enabled |
+| OVNObservability| | | Enabled | Enabled | | | Enabled | Enabled |
+| OnPremDNSRecords| | | Enabled | Enabled | | | Enabled | Enabled |
+| SELinuxMount| | | Enabled | Enabled | | | Enabled | Enabled |
+| SignatureStores| | | Enabled | Enabled | | | Enabled | Enabled |
+| VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | | | Enabled | Enabled |
+| VSphereHostVMGroupZonal| | | Enabled | Enabled | | | Enabled | Enabled |
+| VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled |
+| VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled |
+| AdditionalRoutingCapabilities| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| AlibabaPlatform| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| CPMSMachineNamePrefix| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ExternalOIDC| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ExternalOIDCWithUIDAndExtraClaimMappings| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| GCPClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ImageStreamImportMode| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ManagedBootImagesAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| NetworkSegmentation| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| PreconfiguredUDNAddresses| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ProcMountType| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| RouteAdvertisements| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| SigstoreImageVerificationPKI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| StoragePerformantSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| UpgradeStatus| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| UserNamespacesPodSecurityStandards| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| UserNamespacesSupport| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
+| VolumeAttributesClass| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go
index 0cc634a5fd..c6442186a0 100644
--- a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go
+++ b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go
@@ -115,13 +115,14 @@ type AWSMachineProviderConfig struct {
// +optional
MarketType MarketType `json:"marketType,omitempty"`
+ // Tombstone: This field was moved into the Placement struct to belong w/ the Tenancy field due to involvement with the setting.
// hostPlacement configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host
// for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL),
// and to gain visibility and control over instance placement on a physical server.
// When omitted, the instance is not constrained to a dedicated host.
// +openshift:enable:FeatureGate=AWSDedicatedHosts
// +optional
- HostPlacement *HostPlacement `json:"hostPlacement,omitempty"`
+ //HostPlacement *HostPlacement `json:"hostPlacement,omitempty"`
}
// AWSConfidentialComputePolicy represents the confidential compute configuration for the instance.
@@ -294,6 +295,7 @@ type AWSResourceReference struct {
}
// Placement indicates where to create the instance in AWS
+// +kubebuilder:validation:XValidation:rule="has(self.tenancy) && self.tenancy == 'host' ? true : !has(self.host)",message="host may only be specified when tenancy is host"
type Placement struct {
// region is the region to use to create the instance
// +optional
@@ -303,8 +305,19 @@ type Placement struct {
AvailabilityZone string `json:"availabilityZone,omitempty"`
// tenancy indicates if instance should run on shared or single-tenant hardware. There are
// supported 3 options: default, dedicated and host.
+ // When set to default Runs on shared multi-tenant hardware.
+ // When dedicated Runs on single-tenant hardware (any dedicated instance hardware).
+ // When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host.
+ // When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.
// +optional
Tenancy InstanceTenancy `json:"tenancy,omitempty"`
+ // host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host
+ // for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL),
+ // and to gain visibility and control over instance placement on a physical server.
+ // When omitted, the instance is not constrained to a dedicated host.
+ // +openshift:enable:FeatureGate=AWSDedicatedHosts
+ // +optional
+ Host *HostPlacement `json:"host,omitempty"`
}
// Filter is a filter used to identify an AWS resource
@@ -416,19 +429,20 @@ const (
)
// HostPlacement is the type that will be used to configure the placement of AWS instances.
-// +kubebuilder:validation:XValidation:rule="has(self.type) && self.affinity == 'DedicatedHost' ? has(self.dedicatedHost) : !has(self.dedicatedHost)",message="dedicatedHost is required when affinity is DedicatedHost, and forbidden otherwise"
+// +kubebuilder:validation:XValidation:rule="has(self.affinity) && self.affinity == 'DedicatedHost' ? has(self.dedicatedHost) : true",message="dedicatedHost is required when affinity is DedicatedHost, and optional otherwise"
// +union
type HostPlacement struct {
// affinity specifies the affinity setting for the instance.
// Allowed values are AnyAvailable and DedicatedHost.
// When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set.
// When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host.
+ // When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.
// +required
// +unionDiscriminator
Affinity *HostAffinity `json:"affinity,omitempty"`
// dedicatedHost specifies the exact host that an instance should be restarted on if stopped.
- // dedicatedHost is required when 'affinity' is set to DedicatedHost, and forbidden otherwise.
+ // dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.
// +optional
// +unionMember
DedicatedHost *DedicatedHost `json:"dedicatedHost,omitempty"`
diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go
index 0150060f46..d08906c7d8 100644
--- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go
@@ -61,7 +61,7 @@ func (in *AWSMachineProviderConfig) DeepCopyInto(out *AWSMachineProviderConfig)
}
}
in.Subnet.DeepCopyInto(&out.Subnet)
- out.Placement = in.Placement
+ in.Placement.DeepCopyInto(&out.Placement)
if in.LoadBalancers != nil {
in, out := &in.LoadBalancers, &out.LoadBalancers
*out = make([]LoadBalancerReference, len(*in))
@@ -85,11 +85,6 @@ func (in *AWSMachineProviderConfig) DeepCopyInto(out *AWSMachineProviderConfig)
*out = new(int32)
**out = **in
}
- if in.HostPlacement != nil {
- in, out := &in.HostPlacement, &out.HostPlacement
- *out = new(HostPlacement)
- (*in).DeepCopyInto(*out)
- }
return
}
@@ -1634,6 +1629,11 @@ func (in *ObjectMeta) DeepCopy() *ObjectMeta {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Placement) DeepCopyInto(out *Placement) {
*out = *in
+ if in.Host != nil {
+ in, out := &in.Host, &out.Host
+ *out = new(HostPlacement)
+ (*in).DeepCopyInto(*out)
+ }
return
}
diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go
index f03e5cc4ef..903faf94ba 100644
--- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go
@@ -35,7 +35,6 @@ var map_AWSMachineProviderConfig = map[string]string{
"placementGroupPartition": "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.",
"capacityReservationId": "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***",
"marketType": "marketType specifies the type of market for the EC2 instance. Valid values are OnDemand, Spot, CapacityBlock and omitted.\n\nDefaults to OnDemand. When SpotMarketOptions is provided, the marketType defaults to \"Spot\".\n\nWhen set to OnDemand the instance runs as a standard OnDemand instance. When set to Spot the instance runs as a Spot instance. When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. If this value is selected, capacityReservationID must be specified to identify the target reservation.",
- "hostPlacement": "hostPlacement configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.",
}
func (AWSMachineProviderConfig) SwaggerDoc() map[string]string {
@@ -129,8 +128,8 @@ func (Filter) SwaggerDoc() map[string]string {
var map_HostPlacement = map[string]string{
"": "HostPlacement is the type that will be used to configure the placement of AWS instances.",
- "affinity": "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host.",
- "dedicatedHost": "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and forbidden otherwise.",
+ "affinity": "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.",
+ "dedicatedHost": "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.",
}
func (HostPlacement) SwaggerDoc() map[string]string {
@@ -158,7 +157,8 @@ var map_Placement = map[string]string{
"": "Placement indicates where to create the instance in AWS",
"region": "region is the region to use to create the instance",
"availabilityZone": "availabilityZone is the availability zone of the instance",
- "tenancy": "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host.",
+ "tenancy": "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.",
+ "host": "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.",
}
func (Placement) SwaggerDoc() map[string]string {
diff --git a/vendor/github.com/openshift/api/openapi/openapi.json b/vendor/github.com/openshift/api/openapi/openapi.json
index e1ff54c9c1..495fcd99a6 100644
--- a/vendor/github.com/openshift/api/openapi/openapi.json
+++ b/vendor/github.com/openshift/api/openapi/openapi.json
@@ -14292,7 +14292,8 @@
"items": {
"type": "string",
"default": ""
- }
+ },
+ "x-kubernetes-list-type": "atomic"
},
"subnets": {
"description": "subnets is a list of subnets. It may contain up to 2 subnets. The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.",
@@ -22141,10 +22142,6 @@
"format": "int64",
"default": 0
},
- "hostPlacement": {
- "description": "hostPlacement configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.",
- "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.HostPlacement"
- },
"iamInstanceProfile": {
"description": "iamInstanceProfile is a reference to an IAM role to assign to the instance",
"$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference"
@@ -23232,11 +23229,11 @@
],
"properties": {
"affinity": {
- "description": "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host.",
+ "description": "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.",
"type": "string"
},
"dedicatedHost": {
- "description": "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and forbidden otherwise.",
+ "description": "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.",
"$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DedicatedHost"
}
},
@@ -24016,12 +24013,16 @@
"description": "availabilityZone is the availability zone of the instance",
"type": "string"
},
+ "host": {
+ "description": "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.",
+ "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.HostPlacement"
+ },
"region": {
"description": "region is the region to use to create the instance",
"type": "string"
},
"tenancy": {
- "description": "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host.",
+ "description": "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.",
"type": "string"
}
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index b2ac8ff484..ae8145671e 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -62,7 +62,7 @@ github.com/modern-go/reflect2
# github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
## explicit
github.com/munnerz/goautoneg
-# github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a
+# github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a => github.com/sanchezl/api v0.0.0-20251217211515-65b693c2242f
## explicit; go 1.24.0
github.com/openshift/api
github.com/openshift/api/apiserver
@@ -528,3 +528,4 @@ sigs.k8s.io/structured-merge-diff/v6/value
# sigs.k8s.io/yaml v1.6.0
## explicit; go 1.22
sigs.k8s.io/yaml
+# github.com/openshift/api => github.com/sanchezl/api v0.0.0-20251217211515-65b693c2242f