From cbfb16752c4958fbca9e3c186ca2cc0aa925dc45 Mon Sep 17 00:00:00 2001 From: Vadim Rutkovsky Date: Tue, 21 Nov 2023 18:50:27 +0100 Subject: [PATCH] Bump library-go --- go.mod | 2 +- go.sum | 4 +- ...00_70_cluster-network-operator_01_crd.yaml | 142 ++++++++++++++++++ ...0_cluster-network-operator_01_pki_crd.yaml | 2 +- .../pkg/operator/certrotation/cabundle.go | 6 + .../pkg/operator/certrotation/signer.go | 7 + .../generate-internal-groups.sh | 0 vendor/modules.txt | 4 +- 8 files changed, 161 insertions(+), 6 deletions(-) mode change 100644 => 100755 vendor/k8s.io/code-generator/generate-internal-groups.sh diff --git a/go.mod b/go.mod index bbf7bc836b..ea53d459f5 100644 --- a/go.mod +++ b/go.mod @@ -161,4 +161,4 @@ replace ( sigs.k8s.io/cluster-api-provider-openstack => github.com/openshift/cluster-api-provider-openstack v0.0.0-20220209101310-a384cbe0dfa0 ) -replace github.com/openshift/library-go => github.com/vrutkovs/library-go v0.0.0-20231121131535-e1bd74baaa67 +replace github.com/openshift/library-go => github.com/vrutkovs/library-go v0.0.0-20231121174927-d81d4821f4d7 diff --git a/go.sum b/go.sum index cc03303641..b9a2e30e01 100644 --- a/go.sum +++ b/go.sum @@ -352,8 +352,8 @@ github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:tw github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f h1:p4VB7kIXpOQvVn1ZaTIVp+3vuYAXFe3OJEvjbUYJLaA= github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/vrutkovs/library-go v0.0.0-20231121131535-e1bd74baaa67 h1:sE/OM//8ZdohoBl9HWI5buoyhtrc+TRaobYR65FGN78= -github.com/vrutkovs/library-go v0.0.0-20231121131535-e1bd74baaa67/go.mod h1:8UzmrBMCn7+GzouL8DVYkL9COBQTB1Ggd13/mHJQCUg= +github.com/vrutkovs/library-go v0.0.0-20231121174927-d81d4821f4d7 h1:4FfFXeqAycDXTNJULKjTSQqTHss0+2IEfp22iXo4aPc= +github.com/vrutkovs/library-go v0.0.0-20231121174927-d81d4821f4d7/go.mod h1:8UzmrBMCn7+GzouL8DVYkL9COBQTB1Ggd13/mHJQCUg= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/manifests/0000_70_cluster-network-operator_01_crd.yaml b/manifests/0000_70_cluster-network-operator_01_crd.yaml index ce087c1df8..31abc2d9e2 100644 --- a/manifests/0000_70_cluster-network-operator_01_crd.yaml +++ b/manifests/0000_70_cluster-network-operator_01_crd.yaml @@ -333,6 +333,148 @@ spec: field to "Global". The supported values are "Restricted" and "Global". type: string + ipv4: + description: ipv4 allows users to configure IP settings + for IPv4 connections. When omitted, this means no opinion + and the default configuration is used. Check individual + members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: internalMasqueradeSubnet contains the + masquerade addresses in IPV4 CIDR format used internally + by ovn-kubernetes to enable host to service traffic. + Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge + interface. The values can be changed after installation. + The subnet chosen should not overlap with other + networks specified for OVN-Kubernetes as well as + other networks used on the host. Additionally the + subnet must be large enough to accommodate 6 IPs + (maximum prefix length /29). When omitted, this + means no opinion and the platform is left to choose + a reasonable default which is subject to change + over time. The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: CIDR format must contain exactly one '/' + rule: self.indexOf('/') == self.lastIndexOf('/') + - message: subnet must be in the range /0 to /29 inclusive + rule: '[int(self.split(''/'')[1])].all(x, x <= 29 + && x >= 0)' + - message: a valid IPv4 address must contain 4 octets + rule: self.split('/')[0].split('.').size() == 4 + - message: first IP address octet must not contain + leading zeros, must be greater than 0 and less + or equal to 255 + rule: '[self.findAll(''[0-9]+'')[0]].all(x, x != + ''0'' && int(x) <= 255 && !x.startsWith(''0''))' + - message: IP address octets must not contain leading + zeros, and must be less or equal to 255 + rule: '[self.findAll(''[0-9]+'')[1], self.findAll(''[0-9]+'')[2], + self.findAll(''[0-9]+'')[3]].all(x, int(x) <= + 255 && (x == ''0'' || !x.startsWith(''0'')))' + type: object + ipv6: + description: ipv6 allows users to configure IP settings + for IPv6 connections. When omitted, this means no opinion + and the default configuration is used. Check individual + members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: internalMasqueradeSubnet contains the + masquerade addresses in IPV6 CIDR format used internally + by ovn-kubernetes to enable host to service traffic. + Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge + interface. The values can be changed after installation. + The subnet chosen should not overlap with other + networks specified for OVN-Kubernetes as well as + other networks used on the host. Additionally the + subnet must be large enough to accommodate 6 IPs + (maximum prefix length /125). When omitted, this + means no opinion and the platform is left to choose + a reasonable default which is subject to change + over time. The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: CIDR format must contain exactly one '/' + rule: self.indexOf('/') == self.lastIndexOf('/') + - message: subnet must be in the range /0 to /125 + inclusive + rule: self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, + x <= 125 && x >= 0) + - message: IPv6 addresses must contain at most one + '::' and may only be shortened once + rule: self.indexOf('::') == self.lastIndexOf('::') + - message: a valid IPv6 address must contain 8 segments + unless elided (::), in which case it must contain + at most 6 non-empty segments + rule: 'self.contains(''::'') ? self.split(''/'')[0].split('':'').size() + <= 8 : self.split(''/'')[0].split('':'').size() + == 8' + - message: each segment of an IPv6 address must be + a hexadecimal number between 0 and FFFF, failed + on segment 1 + rule: 'self.split(''/'')[0].split('':'').size() + >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, + x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) + : true' + - message: each segment of an IPv6 address must be + a hexadecimal number between 0 and FFFF, failed + on segment 2 + rule: 'self.split(''/'')[0].split('':'').size() + >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, + x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) + : true' + - message: each segment of an IPv6 address must be + a hexadecimal number between 0 and FFFF, failed + on segment 3 + rule: 'self.split(''/'')[0].split('':'').size() + >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, + x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) + : true' + - message: each segment of an IPv6 address must be + a hexadecimal number between 0 and FFFF, failed + on segment 4 + rule: 'self.split(''/'')[0].split('':'').size() + >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, + x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) + : true' + - message: each segment of an IPv6 address must be + a hexadecimal number between 0 and FFFF, failed + on segment 5 + rule: 'self.split(''/'')[0].split('':'').size() + >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, + x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) + : true' + - message: each segment of an IPv6 address must be + a hexadecimal number between 0 and FFFF, failed + on segment 6 + rule: 'self.split(''/'')[0].split('':'').size() + >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, + x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) + : true' + - message: each segment of an IPv6 address must be + a hexadecimal number between 0 and FFFF, failed + on segment 7 + rule: 'self.split(''/'')[0].split('':'').size() + >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, + x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) + : true' + - message: each segment of an IPv6 address must be + a hexadecimal number between 0 and FFFF, failed + on segment 8 + rule: 'self.split(''/'')[0].split('':'').size() + >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, + x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) + : true' + - message: IPv6 dual addresses are not permitted, + value should not contain `.` characters + rule: '!self.contains(''.'')' + type: object routingViaHost: default: false description: RoutingViaHost allows pod egress traffic diff --git a/manifests/0000_70_cluster-network-operator_01_pki_crd.yaml b/manifests/0000_70_cluster-network-operator_01_pki_crd.yaml index 75c0cf8754..30ae26c7ef 100644 --- a/manifests/0000_70_cluster-network-operator_01_pki_crd.yaml +++ b/manifests/0000_70_cluster-network-operator_01_pki_crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/cabundle.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/cabundle.go index d4ef322116..2397c9e4ec 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/cabundle.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/cabundle.go @@ -58,6 +58,12 @@ func (c CABundleConfigMap) ensureConfigMapCABundle(ctx context.Context, signingC ensureOwnerReference(&caBundleConfigMap.ObjectMeta, c.Owner) } ensureTLSMetadata(&caBundleConfigMap.ObjectMeta, c.JiraComponent, c.Description) + if !reflect.DeepEqual(originalCABundleConfigMap.ObjectMeta, caBundleConfigMap.ObjectMeta) { + _, _, err := resourceapply.ApplyConfigMap(ctx, c.Client, c.EventRecorder, caBundleConfigMap) + if err != nil { + return nil, err + } + } updatedCerts, err := manageCABundleConfigMap(caBundleConfigMap, signingCertKeyPair.Config.Certs[0]) if err != nil { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go index 7dabaca569..c883b9d213 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "fmt" + "reflect" "time" "github.com/openshift/api/annotations" @@ -73,6 +74,12 @@ func (c RotatedSigningCASecret) ensureSigningCertKeyPair(ctx context.Context) (* ensureOwnerReference(&signingCertKeyPairSecret.ObjectMeta, c.Owner) } ensureTLSMetadata(&signingCertKeyPairSecret.ObjectMeta, c.JiraComponent, c.Description) + if !reflect.DeepEqual(originalSigningCertKeyPairSecret.ObjectMeta, signingCertKeyPairSecret.ObjectMeta) { + _, _, err := resourceapply.ApplySecret(ctx, c.Client, c.EventRecorder, signingCertKeyPairSecret) + if err != nil { + return nil, err + } + } if needed, reason := needNewSigningCertKeyPair(signingCertKeyPairSecret.Annotations, c.Refresh, c.RefreshOnlyWhenExpired); needed { c.EventRecorder.Eventf("SignerUpdateRequired", "%q in %q requires a new signing cert/key pair: %v", c.Name, c.Namespace, reason) diff --git a/vendor/k8s.io/code-generator/generate-internal-groups.sh b/vendor/k8s.io/code-generator/generate-internal-groups.sh old mode 100644 new mode 100755 diff --git a/vendor/modules.txt b/vendor/modules.txt index 595162dd70..c7094121ff 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -333,7 +333,7 @@ github.com/openshift/client-go/operatorcontrolplane/listers/operatorcontrolplane ## explicit; go 1.18 github.com/openshift/hypershift/api/util/ipnet github.com/openshift/hypershift/api/v1beta1 -# github.com/openshift/library-go v0.0.0-20230503144409-4cb26a344c37 => github.com/vrutkovs/library-go v0.0.0-20231121131535-e1bd74baaa67 +# github.com/openshift/library-go v0.0.0-20230503144409-4cb26a344c37 => github.com/vrutkovs/library-go v0.0.0-20231121174927-d81d4821f4d7 ## explicit; go 1.20 github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer github.com/openshift/library-go/pkg/certs @@ -1598,4 +1598,4 @@ sigs.k8s.io/yaml # sigs.k8s.io/cluster-api => sigs.k8s.io/cluster-api v1.4.0-beta.2.0.20230601082946-9be885caa39f # sigs.k8s.io/cluster-api-provider-kubevirt => github.com/openshift/cluster-api-provider-kubevirt v0.0.0-20211223062810-ef64d5ff1cde # sigs.k8s.io/cluster-api-provider-openstack => github.com/openshift/cluster-api-provider-openstack v0.0.0-20220209101310-a384cbe0dfa0 -# github.com/openshift/library-go => github.com/vrutkovs/library-go v0.0.0-20231121131535-e1bd74baaa67 +# github.com/openshift/library-go => github.com/vrutkovs/library-go v0.0.0-20231121174927-d81d4821f4d7