diff --git a/Gopkg.lock b/Gopkg.lock index 01bdbc2d58..e96d6fb39d 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -2,462 +2,333 @@ [[projects]] - digest = "1:5d72bbcc9c8667b11c3dc3cbe681c5a6f71e5096744c0bf7726ab5c6425d5dc4" name = "github.com/BurntSushi/toml" packages = ["."] - pruneopts = "NUT" revision = "3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005" version = "v0.3.1" [[projects]] - digest = "1:a26f8da48b22e6176c1c6a2459904bb30bd0c49ada04b2963c2c3a203e81a620" name = "github.com/Masterminds/semver" packages = ["."] - pruneopts = "NUT" revision = "c7af12943936e8c39859482e61f0574c2fd7fc75" version = "v1.4.2" [[projects]] - digest = "1:43f9a530dfe36fb355b05fbc7a5712f8149a7f6bdfd131bc0ccc634e25c4dd1e" name = "github.com/Masterminds/sprig" packages = ["."] - pruneopts = "NUT" revision = "6b2a58267f6a8b1dc8e2eb5519b984008fa85e8c" version = "v2.15.0" [[projects]] - digest = "1:2be791e7b333ff7c06f8fb3dc18a7d70580e9399dbdffd352621d067ff260b6e" name = "github.com/Microsoft/go-winio" packages = ["."] - pruneopts = "NUT" revision = "97e4973ce50b2ff5f09635a57e2b88a037aae829" version = "v0.4.11" [[projects]] branch = "go15" - digest = "1:8dab0033e231d02909f00a501a1f1ac01e63fd267dcb374a5de71b99ba1ee74f" name = "github.com/ajeddeloh/go-json" packages = ["."] - pruneopts = "NUT" revision = "6a2fe990e08303c82d966297ddb29a58678a4783" [[projects]] - digest = "1:dfc48e1a293a468126069586733806f62cbf485d87780881ea9106cdb68d38bb" - name = "github.com/ajeddeloh/yaml" - packages = ["."] - pruneopts = "NUT" - revision = "6b94386aeefd8c4b8470aee72bfca084c2f91da9" - -[[projects]] - branch = "master" - digest = "1:fdd419e104ec26bb5bd63cc62637c640453ed2929a7453f3afadbd9a0223da66" - name = "github.com/alecthomas/units" - packages = ["."] - pruneopts = "NUT" - revision = "2efee857e7cfd4f3d0138cc3cbb1b4966962b93a" - -[[projects]] - digest = "1:975108e8d4f5dab096fc991326e96a5716ee8d02e5e7386bb4796171afc4ab9a" name = "github.com/aokoli/goutils" packages = ["."] - pruneopts = "NUT" revision = "3391d3790d23d03408670993e957e8f408993c34" version = "v1.0.1" [[projects]] - digest = "1:1929b21a34400d463a99336f8e2908d2a154dc525c52411a8d99bb519942dc4c" name = "github.com/apparentlymart/go-cidr" packages = ["cidr"] - pruneopts = "NUT" revision = "b1115bf8e14a60131a196f908223e4506b0ddc35" version = "v1.0.0" [[projects]] - digest = "1:563d5933a25ebbd7e938e04d633bad92ae8f58cb88d70b55c3918857328376c6" name = "github.com/ashcrow/osrelease" packages = ["."] - pruneopts = "NUT" revision = "9b292693c55c791c79825cdce5b7e0b3b6da6e88" version = "v1" [[projects]] - digest = "1:aba270497eb2d49f5cba6f4162d524b9a1195a24cbce8be20bf56a0051f47deb" name = "github.com/blang/semver" packages = ["."] - pruneopts = "NUT" revision = "2ee87856327ba09384cabd113bc6b5d174e9ec0f" version = "v3.5.1" [[projects]] branch = "master" - digest = "1:b231af2081fbc401a79fa354f41812d4e975f78dab6c9603a2fa5e1c76456e57" name = "github.com/containerd/cgroups" packages = ["."] - pruneopts = "NUT" revision = "39b18af02c4120960f517a3a4c2588fabb61d02c" [[projects]] - digest = "1:e51434f97e46ce42b9f08ebb433e2416d0cb341f3cfb6c714ce12fbf57afab6b" name = "github.com/containers/image" packages = [ "docker/reference", "pkg/sysregistriesv2", - "types", + "types" ] - pruneopts = "NUT" revision = "1c10a197331c71709754037e2b7f7e7fc94c65cf" [[projects]] - digest = "1:490deff6409bd7c1e531e143c3adc5bf5e5ff39a7bad6a69f41d5efe95a7ec07" name = "github.com/containers/storage" packages = [ "pkg/config", "pkg/fileutils", "pkg/idtools", "pkg/mount", - "pkg/system", + "pkg/system" ] - pruneopts = "NUT" revision = "0b67c788f2d234c9fecc3d372d93160869381166" [[projects]] - digest = "1:beedaa1ce9cb1ddb4dc511a68d9d128773e6ada0a1bd8b9bc4b7d7026617b535" - name = "github.com/coreos/container-linux-config-transpiler" - packages = [ - "config", - "config/astyaml", - "config/platform", - "config/templating", - "config/types", - "config/types/util", - "internal/util", - ] - pruneopts = "NUT" - revision = "e2f6c9440215117e896cd70a0d489dc070080d37" - version = "v0.9.0" - -[[projects]] - digest = "1:0ef770954bca104ee99b3b6b7f9b240605ac03517d9f98cbc1893daa03f3c038" name = "github.com/coreos/go-semver" packages = ["semver"] - pruneopts = "NUT" revision = "8ab6407b697782a06568d4b7f1db25550ec2e4c6" version = "v0.2.0" [[projects]] - digest = "1:735a7ab64b89cbe555d53f8572e80e6c65755e5f034734d7c5e449528fe21de2" name = "github.com/coreos/go-systemd" packages = [ "dbus", - "unit", + "unit" ] - pruneopts = "NUT" revision = "39ca1b05acc7ad1220e09f133283b8859a8b71ab" version = "v17" [[projects]] - digest = "1:fb5b2aed0d774e210c1f2c0893e620cb3fa98957d3b925d0378f93b9613eb605" + branch = "master" name = "github.com/coreos/ignition" packages = [ + "config/merge", "config/shared/errors", "config/shared/validations", "config/util", - "config/v1", - "config/v1/types", - "config/v2_0", - "config/v2_0/types", - "config/v2_1", - "config/v2_1/types", - "config/v2_2", - "config/v2_2/types", - "config/v2_3_experimental/types", + "config/v3_0", + "config/v3_0/types", "config/validate", "config/validate/astjson", "config/validate/astnode", "config/validate/report", + "config/validate/util" ] - pruneopts = "NUT" - revision = "76107251acd117c6d3e5b4dae2b47f82f944984b" - version = "v0.26.0" + revision = "924e3fbee015ccd898b0c6ae8120a02cee982784" [[projects]] - digest = "1:a2c1d0e43bd3baaa071d1b9ed72c27d78169b2b269f71c105ac4ba34b1be4a39" name = "github.com/davecgh/go-spew" packages = ["spew"] - pruneopts = "NUT" revision = "346938d642f2ec3594ed81d874461961cd0faa76" version = "v1.1.0" [[projects]] - digest = "1:c18eb4734a9775d861238a8ca4920a57fa94fa608e07c0043196fefd00c13ecf" name = "github.com/docker/docker" packages = ["pkg/signal"] - pruneopts = "NUT" revision = "d3446258471733fe667f0abdf015ee3ebd2f3485" version = "v1.3.3" [[projects]] - digest = "1:4340101f42556a9cb2f7a360a0e95a019bfef6247d92e6c4c46f2433cf86a482" name = "github.com/docker/go-units" packages = ["."] - pruneopts = "NUT" revision = "47565b4f722fb6ceae66b95f853feed578a4a51c" version = "v0.3.3" [[projects]] - digest = "1:32598368f409bbee79deb9d43569fcd92b9fb27f39155f5e166b3371217f051f" name = "github.com/evanphx/json-patch" packages = ["."] - pruneopts = "NUT" revision = "72bf35d0ff611848c1dc9df0f976c81192392fa5" version = "v4.1.0" [[projects]] - digest = "1:81466b4218bf6adddac2572a30ac733a9255919bc2f470b4827a317bd4ee1756" name = "github.com/ghodss/yaml" packages = ["."] - pruneopts = "NUT" revision = "0ca9ea5df5451ffdf184b4428c902747c2c11cd7" version = "v1.0.0" [[projects]] - digest = "1:8d24ffb57bd977a9c44a7b0edae0fb80f2ccd2882f77364efdd8c84b8c86ef38" name = "github.com/go-log/log" packages = ["."] - pruneopts = "NUT" revision = "37e2e1f19306361e1fc152a1839f1236149cb4e4" version = "v0.1.0" [[projects]] - digest = "1:ca3369c0fc8d471d8698f85a37a4f8c98a847402681a31431fb87a84fa2e5373" name = "github.com/godbus/dbus" packages = ["."] - pruneopts = "NUT" revision = "a389bdde4dd695d414e47b755e95e72b7826432c" version = "v4.1.0" [[projects]] - digest = "1:cd4f86461732066e277335465962660cbf02999e18d5bbb5e9285eac4608b970" name = "github.com/gogo/protobuf" packages = [ "gogoproto", "proto", "protoc-gen-gogo/descriptor", - "sortkeys", + "sortkeys" ] - pruneopts = "NUT" revision = "636bf0302bc95575d69441b25a2603156ffdddf1" version = "v1.1.1" [[projects]] - digest = "1:78b8040ece2ff622580def2708b9eb0b2857711b6744c475439bf337e9c677ea" name = "github.com/golang/glog" packages = ["."] - pruneopts = "NUT" revision = "44145f04b68cf362d9c4df2182967c2275eaefed" [[projects]] branch = "master" - digest = "1:3fb07f8e222402962fa190eb060608b34eddfb64562a18e2167df2de0ece85d8" name = "github.com/golang/groupcache" packages = ["lru"] - pruneopts = "NUT" revision = "24b0969c4cb722950103eed87108c8d291a8df00" [[projects]] - digest = "1:03e14cff610a8a58b774e36bd337fa979482be86aab01be81fb8bbd6d0f07fc8" name = "github.com/golang/protobuf" packages = [ "proto", "ptypes", "ptypes/any", "ptypes/duration", - "ptypes/timestamp", + "ptypes/timestamp" ] - pruneopts = "NUT" revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265" version = "v1.1.0" [[projects]] branch = "master" - digest = "1:245bd4eb633039cd66106a5d340ae826d87f4e36a8602fcc940e14176fd26ea7" name = "github.com/google/btree" packages = ["."] - pruneopts = "NUT" revision = "e89373fe6b4a7413d7acd6da1725b83ef713e6e4" [[projects]] branch = "master" - digest = "1:52c5834e2bebac9030c97cc0798ac11c3aa8a39f098aeb419f142533da6cd3cc" name = "github.com/google/gofuzz" packages = ["."] - pruneopts = "NUT" revision = "24818f796faf91cd76ec7bddd72458fbced7a6c1" [[projects]] - digest = "1:dcb52a1496f6b1ceeb0c123c0a557bc04bd8f17071f45bc5492aa88ec2638401" name = "github.com/google/renameio" packages = ["."] - pruneopts = "NUT" revision = "f0e32980c006571efd537032e5f9cd8c1a92819e" version = "v0.1.0" [[projects]] - digest = "1:1bb197a3b5db4e06e00b7560f8e89836c486627f2a0338332ed37daa003d259e" name = "github.com/google/uuid" packages = ["."] - pruneopts = "NUT" revision = "064e2069ce9c359c118179501254f67d7d37ba24" version = "0.2" [[projects]] - digest = "1:06a7dadb7b760767341ffb6c8d377238d68a1226f2b21b5d497d2e3f6ecf6b4e" name = "github.com/googleapis/gnostic" packages = [ "OpenAPIv2", "compiler", - "extensions", + "extensions" ] - pruneopts = "NUT" revision = "7c663266750e7d82587642f65e60bc4083f1f84e" version = "v0.2.0" [[projects]] branch = "master" - digest = "1:7fdf3223c7372d1ced0b98bf53457c5e89d89aecbad9a77ba9fcc6e01f9e5621" name = "github.com/gregjones/httpcache" packages = [ ".", - "diskcache", + "diskcache" ] - pruneopts = "NUT" revision = "9cad4c3443a7200dd6400aef47183728de563a38" [[projects]] branch = "master" - digest = "1:13e2fa5735a82a5fb044f290cfd0dba633d1c5e516b27da0509e0dbb3515a18e" name = "github.com/hashicorp/golang-lru" packages = [ ".", - "simplelru", + "simplelru" ] - pruneopts = "NUT" revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3" [[projects]] - digest = "1:f5db19d350bd0b542d17f7e7cf4e7068bac416c08adb6a129b3c6d1db8211051" name = "github.com/huandu/xstrings" packages = ["."] - pruneopts = "NUT" revision = "2bf18b218c51864a87384c06996e40ff9dcff8e1" version = "v1.0.0" [[projects]] - digest = "1:65300ccc4bcb38b107b868155c303312978981e56bca707c81efec57575b5e06" name = "github.com/imdario/mergo" packages = ["."] - pruneopts = "NUT" revision = "9316a62528ac99aaecb4e47eadd6dc8aa6533d58" version = "v0.3.5" [[projects]] - digest = "1:406338ad39ab2e37b7f4452906442a3dbf0eb3379dd1f06aafb5c07e769a5fbb" name = "github.com/inconshreveable/mousetrap" packages = ["."] - pruneopts = "NUT" revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" version = "v1.0" [[projects]] - digest = "1:53ac4e911e12dde0ab68655e2006449d207a5a681f084974da2b06e5dbeaca72" name = "github.com/json-iterator/go" packages = ["."] - pruneopts = "" revision = "ab8a2e0c74be9d3be70b3184d9acc634935ded82" version = "1.1.4" [[projects]] - digest = "1:4059c14e87a2de3a434430340521b5feece186c1469eff0834c29a63870de3ed" name = "github.com/konsorten/go-windows-terminal-sequences" packages = ["."] - pruneopts = "NUT" revision = "5c8c8bd35d3832f5d134ae1e1e375b69a4d25242" version = "v1.0.1" [[projects]] branch = "release-1.12" - digest = "1:dcd7ddc83a6a34ba9cb0c98d8a849d5cc351e02e17c88056e6f2844b889a8ea5" name = "github.com/kubernetes-sigs/cri-o" packages = [ "oci", "pkg/config", "pkg/findprocess", - "utils", + "utils" ] - pruneopts = "NUT" revision = "0809b248a4691e5b82c192ad3c6c84d4705c1d89" [[projects]] - digest = "1:2f42fa12d6911c7b7659738758631bec870b7e9b4c6be5444f963cdcfccc191f" name = "github.com/modern-go/concurrent" packages = ["."] - pruneopts = "NUT" revision = "bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94" version = "1.0.3" [[projects]] - digest = "1:c6aca19413b13dc59c220ad7430329e2ec454cc310bc6d8de2c7e2b93c18a0f6" name = "github.com/modern-go/reflect2" packages = ["."] - pruneopts = "NUT" revision = "4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd" version = "1.0.1" [[projects]] - digest = "1:e0cc8395ea893c898ff5eb0850f4d9851c1f57c78c232304a026379a47a552d0" name = "github.com/opencontainers/go-digest" packages = ["."] - pruneopts = "NUT" revision = "279bed98673dd5bef374d3b6e4b09e2af76183bf" version = "v1.0.0-rc1" [[projects]] - digest = "1:11db38d694c130c800d0aefb502fb02519e514dc53d9804ce51d1ad25ec27db6" name = "github.com/opencontainers/image-spec" packages = [ "specs-go", - "specs-go/v1", + "specs-go/v1" ] - pruneopts = "NUT" revision = "d60099175f88c47cd379c4738d158884749ed235" version = "v1.0.1" [[projects]] - digest = "1:918dbd46ad099418ce9760291bb156ebf23d441aad4cb682dd9bf09e2d3c0c7b" name = "github.com/opencontainers/runc" packages = ["libcontainer/user"] - pruneopts = "NUT" revision = "baf6536d6259209c3edfa2b22237af82942d3dfa" version = "v0.1.1" [[projects]] - digest = "1:7a58202c5cdf3d2c1eb0621fe369315561cea7f036ad10f0f0479ac36bcc95eb" name = "github.com/opencontainers/runtime-spec" packages = ["specs-go"] - pruneopts = "NUT" revision = "29686dbc5559d93fb1ef402eeda3e35c38d75af4" [[projects]] branch = "master" - digest = "1:ff4400171f9d204cbf5d22e5bba044cb661bd0815375d8a55ab0da3e81596ef4" name = "github.com/openshift/api" packages = ["config/v1"] - pruneopts = "NUT" revision = "5e45fff0f89ec1edff19e0ee00a21ecbeb08d787" [[projects]] branch = "master" - digest = "1:78f51e0ae38cc19e6e118c47cc0556dd7bd0c0b6d5a4c5c86affbbdae78e30c8" name = "github.com/openshift/client-go" packages = [ "config/clientset/versioned", @@ -469,131 +340,95 @@ "config/informers/externalversions/config", "config/informers/externalversions/config/v1", "config/informers/externalversions/internalinterfaces", - "config/listers/config/v1", + "config/listers/config/v1" ] - pruneopts = "NUT" revision = "8ae2a9c33ba2a3d2ed5dc13d536ca935fc9625b9" [[projects]] - digest = "1:f7646c654e93258958dba300641f8f674d5a9ed015c11119793ba1156e2acbe9" name = "github.com/openshift/kubernetes-drain" packages = ["."] - pruneopts = "NUT" revision = "c2e51be1758efa30d71a4d30dc4e2db86b70a4df" [[projects]] branch = "master" - digest = "1:a32828cebfa63f79265d9062005c23f3c737def9e8a956ddd5dc3fd5f4caffe6" name = "github.com/openshift/library-go" packages = ["pkg/config/clusteroperator/v1helpers"] - pruneopts = "NUT" revision = "86f3eb4ba0e678146cf47f61010c34c638cea2d2" [[projects]] - digest = "1:cce3a18fb0b96b5015cd8ca03a57d20a662679de03c4dc4b6ff5f17ea2050fa6" name = "github.com/pborman/uuid" packages = ["."] - pruneopts = "NUT" revision = "e790cca94e6cc75c7064b1332e63811d4aae1a53" version = "v1.1" [[projects]] branch = "master" - digest = "1:3bf17a6e6eaa6ad24152148a631d18662f7212e21637c2699bff3369b7f00fa2" name = "github.com/petar/GoLLRB" packages = ["llrb"] - pruneopts = "NUT" revision = "53be0d36a84c2a886ca057d34b6aa4468df9ccb4" [[projects]] - digest = "1:6c6d91dc326ed6778783cff869c49fb2f61303cdd2ebbcf90abe53505793f3b6" name = "github.com/peterbourgon/diskv" packages = ["."] - pruneopts = "NUT" revision = "5f041e8faa004a95c88a202771f4cc3e991971e6" version = "v2.0.1" [[projects]] - digest = "1:5cf3f025cbee5951a4ee961de067c8a89fc95a5adabead774f82822efabab121" name = "github.com/pkg/errors" packages = ["."] - pruneopts = "NUT" revision = "645ef00459ed84a119197bfb8d8205042c6df63d" version = "v0.8.0" [[projects]] - digest = "1:0028cb19b2e4c3112225cd871870f2d9cf49b9b4276531f03438a88e94be86fe" name = "github.com/pmezard/go-difflib" packages = ["difflib"] - pruneopts = "NUT" revision = "792786c7400a136282c1664665ae0a8db921c6c2" version = "v1.0.0" [[projects]] - digest = "1:e256b859ab89f005f2f639f5ed9807d0873d9135e27c6382f419b840ff9abe71" name = "github.com/sirupsen/logrus" packages = ["."] - pruneopts = "NUT" revision = "e1e72e9de974bd926e5c56f83753fba2df402ce5" version = "v1.3.0" [[projects]] - digest = "1:343d44e06621142ab09ae0c76c1799104cdfddd3ffb445d78b1adf8dc3ffaf3d" name = "github.com/spf13/cobra" packages = ["."] - pruneopts = "NUT" revision = "ef82de70bb3f60c65fb8eebacbb2d122ef517385" version = "v0.0.3" [[projects]] - digest = "1:15e5c398fbd9d2c439b635a08ac161b13d04f0c2aa587fe256b65dc0c3efe8b7" name = "github.com/spf13/pflag" packages = ["."] - pruneopts = "NUT" revision = "583c0c0531f06d5278b7d917446061adc344b5cd" version = "v1.0.1" [[projects]] - digest = "1:85adecf1dbfae5769cc62a8bcea6498f8e9f0e2452e4e6686eb36fa4428a5a6e" name = "github.com/stretchr/testify" packages = [ "assert", - "require", + "require" ] - pruneopts = "NUT" revision = "ffdc059bfe9ce6a4e144ba849dbedead332c6053" version = "v1.3.0" [[projects]] - digest = "1:c9b456727ce4101594aabddaa816c80464cd21a1e5fcd145297a902303be0085" name = "github.com/vincent-petithory/dataurl" packages = ["."] - pruneopts = "NUT" revision = "9a301d65acbb728fcc3ace14f45f511a4cfeea9c" [[projects]] branch = "master" - digest = "1:91ed6116b126ec7fa7b9f9460356ee6b3005e5ed320b8e85510937f44d3d62d5" - name = "go4.org" - packages = ["errorutil"] - pruneopts = "NUT" - revision = "9599cf28b011184741f249bd9f9330756b506cbc" - -[[projects]] - branch = "master" - digest = "1:69b3fcb7a41b18436a85471cbdcfc70ad10ba3206f8c87563e1c773610e1bcad" name = "golang.org/x/crypto" packages = [ "pbkdf2", "scrypt", - "ssh/terminal", + "ssh/terminal" ] - pruneopts = "NUT" revision = "c126467f60eb25f8f27e5a981f32a87e3965053f" [[projects]] branch = "master" - digest = "1:416fe347569c8eaa3b91c877f8d1107ea4a23bbfff11c17b656cae327ced21a3" name = "golang.org/x/net" packages = [ "context", @@ -603,35 +438,29 @@ "http2/hpack", "idna", "internal/timeseries", - "trace", + "trace" ] - pruneopts = "NUT" revision = "3673e40ba22529d22c3fd7c93e97b0ce50fa7bdd" [[projects]] branch = "master" - digest = "1:9822dde4525c2bc0130c4b8d209cb08b3ab68d4865972b20fe213fc2f732d9db" name = "golang.org/x/oauth2" packages = [ ".", - "internal", + "internal" ] - pruneopts = "NUT" revision = "5dab4167f31cbd76b407f1486c86b40748bc5073" [[projects]] branch = "master" - digest = "1:a801d3c417117b67a96353daad340b250619780b75c29b652ea13697c946553e" name = "golang.org/x/sys" packages = [ "unix", - "windows", + "windows" ] - pruneopts = "NUT" revision = "e072cadbbdc8dd3d3ffa82b8b4b9304c261d9311" [[projects]] - digest = "1:e7071ed636b5422cc51c0e3a6cebc229d6c9fffc528814b519a980641422d619" name = "golang.org/x/text" packages = [ "collate", @@ -647,34 +476,28 @@ "unicode/bidi", "unicode/cldr", "unicode/norm", - "unicode/rangetable", + "unicode/rangetable" ] - pruneopts = "NUT" revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0" version = "v0.3.0" [[projects]] branch = "master" - digest = "1:c9e7a4b4d47c0ed205d257648b0e5b0440880cb728506e318f8ac7cd36270bc4" name = "golang.org/x/time" packages = ["rate"] - pruneopts = "NUT" revision = "fbb02b2291d28baffd63558aa44b4b56f178d650" [[projects]] branch = "master" - digest = "1:e1c96c8c8ce0af57da9dccb008e540b3d13b55ea04b530fb4fceb81706082bdd" name = "golang.org/x/tools" packages = [ "go/ast/astutil", "imports", - "internal/fastwalk", + "internal/fastwalk" ] - pruneopts = "NUT" revision = "0bf5a322479700bd87eed5ce5e010ba369fe7161" [[projects]] - digest = "1:34c10243da5972105edd1b4b883e2bd918fbb3f73fbe14d6af6929e547173494" name = "google.golang.org/appengine" packages = [ "internal", @@ -683,22 +506,18 @@ "internal/log", "internal/remote_api", "internal/urlfetch", - "urlfetch", + "urlfetch" ] - pruneopts = "NUT" revision = "e9657d882bb81064595ca3b56cbe2546bbabf7b1" version = "v1.4.0" [[projects]] branch = "master" - digest = "1:077c1c599507b3b3e9156d17d36e1e61928ee9b53a5b420f10f28ebd4a0b275c" name = "google.golang.org/genproto" packages = ["googleapis/rpc/status"] - pruneopts = "NUT" revision = "4b09977fb92221987e99d190c8f88f2c92727a29" [[projects]] - digest = "1:4837585442801f3c7ebd044a96fce852242529a73bdd96fcba2119ff74987b0b" name = "google.golang.org/grpc" packages = [ ".", @@ -731,30 +550,24 @@ "resolver/passthrough", "stats", "status", - "tap", + "tap" ] - pruneopts = "NUT" revision = "a02b0774206b209466313a0b525d2c738fe407eb" version = "v1.18.0" [[projects]] - digest = "1:2d1fbdc6777e5408cabeb02bf336305e724b925ff4546ded0fa8715a7267922a" name = "gopkg.in/inf.v0" packages = ["."] - pruneopts = "NUT" revision = "d2d2541c53f18d2a059457998ce2876cc8e67cbf" version = "v0.9.1" [[projects]] - digest = "1:7c95b35057a0ff2e19f707173cc1a947fa43a6eb5c4d300d196ece0334046082" name = "gopkg.in/yaml.v2" packages = ["."] - pruneopts = "NUT" revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183" version = "v2.2.1" [[projects]] - digest = "1:4485f6050feae6844efd79bce3f5b35e5ed4a21dd79ef6a2dbbee263531cea09" name = "k8s.io/api" packages = [ "admissionregistration/v1alpha1", @@ -787,14 +600,12 @@ "settings/v1alpha1", "storage/v1", "storage/v1alpha1", - "storage/v1beta1", + "storage/v1beta1" ] - pruneopts = "NUT" revision = "6db15a15d2d3874a6c3ddb2140ac9f3bc7058428" version = "kubernetes-1.12.5" [[projects]] - digest = "1:2443333d72c1d0eb9e023f73211e448c31bcb4c6dac90c6fbae3d1d9e01f0e3a" name = "k8s.io/apiextensions-apiserver" packages = [ "pkg/apis/apiextensions", @@ -807,14 +618,12 @@ "pkg/client/informers/externalversions/apiextensions/v1beta1", "pkg/client/informers/externalversions/internalinterfaces", "pkg/client/listers/apiextensions/v1beta1", - "pkg/features", + "pkg/features" ] - pruneopts = "NUT" revision = "a384d17938fe55d54a52d5668bf0ff40044daef0" version = "kubernetes-1.12.5" [[projects]] - digest = "1:7b19d7b2fca082a81e234b33077705bc2b871f588b65ba12a1050dccb855b7cd" name = "k8s.io/apimachinery" packages = [ "pkg/api/equality", @@ -862,25 +671,21 @@ "pkg/version", "pkg/watch", "third_party/forked/golang/json", - "third_party/forked/golang/reflect", + "third_party/forked/golang/reflect" ] - pruneopts = "NUT" revision = "49ce2735e5074ffc3f8190c8406cf51a96302dad" version = "kubernetes-1.12.5" [[projects]] - digest = "1:1a3edfee5fc152984cf5870d5f76bafc67519971908cfd49554418d63f62c0db" name = "k8s.io/apiserver" packages = [ "pkg/features", - "pkg/util/feature", + "pkg/util/feature" ] - pruneopts = "NUT" revision = "a748535592ba957da14f6279ebd43cfb2fe44463" version = "kubernetes-1.12.5" [[projects]] - digest = "1:01dea39f0993df6e0b4c53af8d434b12d2de09380dac8505df2ff85167b1dd18" name = "k8s.io/client-go" packages = [ "discovery", @@ -1049,14 +854,12 @@ "util/homedir", "util/integer", "util/retry", - "util/workqueue", + "util/workqueue" ] - pruneopts = "NUT" revision = "1638f8970cefaa404ff3a62950f88b08292b2696" version = "v9.0.0" [[projects]] - digest = "1:8108815d1aef9159daabdb3f0fcef04a88765536daf0c0cd29a31fdba135ee54" name = "k8s.io/code-generator" packages = [ "cmd/client-gen", @@ -1067,43 +870,35 @@ "cmd/client-gen/generators/util", "cmd/client-gen/path", "cmd/client-gen/types", - "pkg/util", + "pkg/util" ] - pruneopts = "" revision = "b1289fc74931d4b6b04bd1a259acfc88a2cb0a66" version = "kubernetes-1.12.5" [[projects]] - digest = "1:f3ce5a03c50cf794f17d331fa9d8741db6fd8aeb5ec07d2a68eb039619f22967" name = "k8s.io/gengo" packages = [ "args", "generator", "namer", "parser", - "types", + "types" ] - pruneopts = "" revision = "fdcf9f9480fdd5bf2b3c3df9bf4ecd22b25b87e2" [[projects]] branch = "master" - digest = "1:a2c842a1e0aed96fd732b535514556323a6f5edfded3b63e5e0ab1bce188aa54" name = "k8s.io/kube-openapi" packages = ["pkg/util/proto"] - pruneopts = "NUT" revision = "d8ea2fe547a448256204cfc68dfee7b26c720acb" [[projects]] - digest = "1:3779973ba544114a6c2b9799b1b4997f5e6e34253537f39b5baeff46d6b0131b" name = "k8s.io/kubelet" packages = ["config/v1beta1"] - pruneopts = "NUT" revision = "dbc73c1cf0484128518b1f3821cc2de24523de47" version = "kubernetes-1.12.5" [[projects]] - digest = "1:72e4d1d67d286cb07446cc4e91a485d76e9939cf33da804cf38c569c3b70bbfa" name = "k8s.io/kubernetes" packages = [ "pkg/apis/core", @@ -1116,117 +911,19 @@ "pkg/kubelet/apis/cri/runtime/v1alpha2", "pkg/kubelet/qos", "pkg/kubelet/types", - "pkg/master/ports", + "pkg/master/ports" ] - pruneopts = "NUT" revision = "v1.12.5" [[projects]] branch = "master" - digest = "1:ff54706d46de40c865b5fcfc4bde1087c02510cd12e0150de8e405ab427d9907" name = "k8s.io/utils" packages = ["pointer"] - pruneopts = "NUT" revision = "2b1ea019a3702bf220bab28c8e86b48cf0b05e5e" [solve-meta] analyzer-name = "dep" analyzer-version = 1 - input-imports = [ - "github.com/BurntSushi/toml", - "github.com/Masterminds/sprig", - "github.com/apparentlymart/go-cidr/cidr", - "github.com/ashcrow/osrelease", - "github.com/blang/semver", - "github.com/containers/image/docker/reference", - "github.com/containers/image/pkg/sysregistriesv2", - "github.com/containers/storage/pkg/config", - "github.com/coreos/container-linux-config-transpiler/config", - "github.com/coreos/container-linux-config-transpiler/config/types", - "github.com/coreos/ignition/config/v2_2", - "github.com/coreos/ignition/config/v2_2/types", - "github.com/coreos/ignition/config/validate", - "github.com/davecgh/go-spew/spew", - "github.com/ghodss/yaml", - "github.com/golang/glog", - "github.com/google/renameio", - "github.com/imdario/mergo", - "github.com/kubernetes-sigs/cri-o/pkg/config", - "github.com/openshift/api/config/v1", - "github.com/openshift/client-go/config/clientset/versioned", - "github.com/openshift/client-go/config/clientset/versioned/fake", - "github.com/openshift/client-go/config/clientset/versioned/scheme", - "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1", - "github.com/openshift/client-go/config/informers/externalversions", - "github.com/openshift/client-go/config/informers/externalversions/config/v1", - "github.com/openshift/client-go/config/listers/config/v1", - "github.com/openshift/kubernetes-drain", - "github.com/openshift/library-go/pkg/config/clusteroperator/v1helpers", - "github.com/pkg/errors", - "github.com/spf13/cobra", - "github.com/stretchr/testify/assert", - "github.com/stretchr/testify/require", - "github.com/vincent-petithory/dataurl", - "k8s.io/api/apps/v1", - "k8s.io/api/core/v1", - "k8s.io/api/rbac/v1", - "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1", - "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset", - "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1", - "k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions", - "k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions/apiextensions/v1beta1", - "k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1", - "k8s.io/apimachinery/pkg/api/equality", - "k8s.io/apimachinery/pkg/api/errors", - "k8s.io/apimachinery/pkg/api/meta", - "k8s.io/apimachinery/pkg/api/resource", - "k8s.io/apimachinery/pkg/apis/meta/v1", - "k8s.io/apimachinery/pkg/fields", - "k8s.io/apimachinery/pkg/labels", - "k8s.io/apimachinery/pkg/runtime", - "k8s.io/apimachinery/pkg/runtime/schema", - "k8s.io/apimachinery/pkg/runtime/serializer", - "k8s.io/apimachinery/pkg/types", - "k8s.io/apimachinery/pkg/util/diff", - "k8s.io/apimachinery/pkg/util/errors", - "k8s.io/apimachinery/pkg/util/intstr", - "k8s.io/apimachinery/pkg/util/jsonmergepatch", - "k8s.io/apimachinery/pkg/util/rand", - "k8s.io/apimachinery/pkg/util/runtime", - "k8s.io/apimachinery/pkg/util/strategicpatch", - "k8s.io/apimachinery/pkg/util/uuid", - "k8s.io/apimachinery/pkg/util/wait", - "k8s.io/apimachinery/pkg/util/yaml", - "k8s.io/apimachinery/pkg/watch", - "k8s.io/client-go/discovery", - "k8s.io/client-go/discovery/fake", - "k8s.io/client-go/informers", - "k8s.io/client-go/informers/apps/v1", - "k8s.io/client-go/informers/core/v1", - "k8s.io/client-go/informers/rbac/v1", - "k8s.io/client-go/kubernetes", - "k8s.io/client-go/kubernetes/fake", - "k8s.io/client-go/kubernetes/scheme", - "k8s.io/client-go/kubernetes/typed/apps/v1", - "k8s.io/client-go/kubernetes/typed/core/v1", - "k8s.io/client-go/kubernetes/typed/rbac/v1", - "k8s.io/client-go/listers/apps/v1", - "k8s.io/client-go/listers/core/v1", - "k8s.io/client-go/rest", - "k8s.io/client-go/testing", - "k8s.io/client-go/tools/cache", - "k8s.io/client-go/tools/clientcmd", - "k8s.io/client-go/tools/clientcmd/api/v1", - "k8s.io/client-go/tools/leaderelection", - "k8s.io/client-go/tools/leaderelection/resourcelock", - "k8s.io/client-go/tools/record", - "k8s.io/client-go/util/flowcontrol", - "k8s.io/client-go/util/retry", - "k8s.io/client-go/util/workqueue", - "k8s.io/code-generator/cmd/client-gen", - "k8s.io/gengo/types", - "k8s.io/kubelet/config/v1beta1", - "k8s.io/kubernetes/pkg/kubelet/apis/config/scheme", - ] + inputs-digest = "18864aa2ad8f2c9e36e24b09cb5c76b991cf40dc0c7b0152a2798cf14aafc472" solver-name = "gps-cdcl" solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml index 553ec66d6c..6cf4ec782b 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -59,13 +59,9 @@ required = [ name = "github.com/blang/semver" version = "v3.5.0" -[[constraint]] - name = "github.com/coreos/container-linux-config-transpiler" - version = "v0.9.0" - [[constraint]] name = "github.com/coreos/ignition" - version = "0.26.0" + branch = "master" [[constraint]] name = "github.com/ghodss/yaml" diff --git a/docs/MachineConfiguration.md b/docs/MachineConfiguration.md index e76c263b0e..457d1e046f 100644 --- a/docs/MachineConfiguration.md +++ b/docs/MachineConfiguration.md @@ -52,7 +52,7 @@ type MachineConfigSpec struct { // fetch the OS. This must be in the canonical $name@$digest format. OSImageURL string `json:"osImageURL"` // Config is a Ignition Config object. - Config ignv2_2.Config `json:"config"` + Config igntypes.Config `json:"config"` } ``` diff --git a/lib/resourceapply/machineconfig_test.go b/lib/resourceapply/machineconfig_test.go index 90e332695b..bd0fda207a 100644 --- a/lib/resourceapply/machineconfig_test.go +++ b/lib/resourceapply/machineconfig_test.go @@ -4,7 +4,7 @@ import ( "fmt" "testing" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" "github.com/davecgh/go-spew/spew" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" "github.com/openshift/machine-config-operator/pkg/generated/clientset/versioned/fake" @@ -16,6 +16,9 @@ import ( ) func TestApplyMachineConfig(t *testing.T) { + homeDir0 := "/home/dummy-prev" + homeDir1 := "/home/dummy" + tests := []struct { existing []runtime.Object input *mcfgv1.MachineConfig @@ -175,10 +178,10 @@ func TestApplyMachineConfig(t *testing.T) { input: &mcfgv1.MachineConfig{ ObjectMeta: metav1.ObjectMeta{Name: "foo"}, Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Passwd: ignv2_2types.Passwd{ - Users: []ignv2_2types.PasswdUser{{ - HomeDir: "/home/dummy", + Config: igntypes.Config{ + Passwd: igntypes.Passwd{ + Users: []igntypes.PasswdUser{{ + HomeDir: &homeDir1, }}, }, }, @@ -199,10 +202,10 @@ func TestApplyMachineConfig(t *testing.T) { expected := &mcfgv1.MachineConfig{ ObjectMeta: metav1.ObjectMeta{Name: "foo", Labels: map[string]string{"extra": "leave-alone"}}, Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Passwd: ignv2_2types.Passwd{ - Users: []ignv2_2types.PasswdUser{{ - HomeDir: "/home/dummy", + Config: igntypes.Config{ + Passwd: igntypes.Passwd{ + Users: []igntypes.PasswdUser{{ + HomeDir: &homeDir1, }}, }, }, @@ -218,10 +221,10 @@ func TestApplyMachineConfig(t *testing.T) { &mcfgv1.MachineConfig{ ObjectMeta: metav1.ObjectMeta{Name: "foo", Labels: map[string]string{"extra": "leave-alone"}}, Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Passwd: ignv2_2types.Passwd{ - Users: []ignv2_2types.PasswdUser{{ - HomeDir: "/home/dummy-prev", + Config: igntypes.Config{ + Passwd: igntypes.Passwd{ + Users: []igntypes.PasswdUser{{ + HomeDir: &homeDir0, }}, }, }, @@ -231,10 +234,10 @@ func TestApplyMachineConfig(t *testing.T) { input: &mcfgv1.MachineConfig{ ObjectMeta: metav1.ObjectMeta{Name: "foo"}, Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Passwd: ignv2_2types.Passwd{ - Users: []ignv2_2types.PasswdUser{{ - HomeDir: "/home/dummy", + Config: igntypes.Config{ + Passwd: igntypes.Passwd{ + Users: []igntypes.PasswdUser{{ + HomeDir: &homeDir1, }}, }, }, @@ -255,10 +258,10 @@ func TestApplyMachineConfig(t *testing.T) { expected := &mcfgv1.MachineConfig{ ObjectMeta: metav1.ObjectMeta{Name: "foo", Labels: map[string]string{"extra": "leave-alone"}}, Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Passwd: ignv2_2types.Passwd{ - Users: []ignv2_2types.PasswdUser{{ - HomeDir: "/home/dummy", + Config: igntypes.Config{ + Passwd: igntypes.Passwd{ + Users: []igntypes.PasswdUser{{ + HomeDir: &homeDir1, }}, }, }, diff --git a/pkg/apis/machineconfiguration.openshift.io/v1/helpers.go b/pkg/apis/machineconfiguration.openshift.io/v1/helpers.go index 3bdca61775..562685928c 100644 --- a/pkg/apis/machineconfiguration.openshift.io/v1/helpers.go +++ b/pkg/apis/machineconfiguration.openshift.io/v1/helpers.go @@ -4,7 +4,7 @@ import ( "fmt" "sort" - ignv2_2 "github.com/coreos/ignition/config/v2_2" + ign "github.com/coreos/ignition/config/v3_0" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -21,7 +21,7 @@ func MergeMachineConfigs(configs []*MachineConfig, osImageURL string) *MachineCo outIgn := configs[0].Spec.Config for idx := 1; idx < len(configs); idx++ { - outIgn = ignv2_2.Append(outIgn, configs[idx].Spec.Config) + outIgn = ign.Merge(outIgn, configs[idx].Spec.Config) } return &MachineConfig{ diff --git a/pkg/apis/machineconfiguration.openshift.io/v1/machineconfig.deepcopy.go b/pkg/apis/machineconfiguration.openshift.io/v1/machineconfig.deepcopy.go index fa05fa6255..4a876e3369 100644 --- a/pkg/apis/machineconfiguration.openshift.io/v1/machineconfig.deepcopy.go +++ b/pkg/apis/machineconfiguration.openshift.io/v1/machineconfig.deepcopy.go @@ -1,8 +1,8 @@ package v1 import ( - ignv2_2 "github.com/coreos/ignition/config/v2_2" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + ign "github.com/coreos/ignition/config/v3_0" + igntypes "github.com/coreos/ignition/config/v3_0/types" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -37,13 +37,12 @@ func (in *MachineConfigSpec) DeepCopyInto(out *MachineConfigSpec) { return } -func deepCopyIgnConfig(in ignv2_2types.Config) ignv2_2types.Config { - var out ignv2_2types.Config +func deepCopyIgnConfig(in igntypes.Config) igntypes.Config { + var out igntypes.Config - // https://github.com/coreos/ignition/blob/d19b2021cf397de7c31774c13805bbc3aa655646/config/v2_2/append.go#L41 out.Ignition.Version = in.Ignition.Version - return ignv2_2.Append(out, in) + return ign.Merge(out, in) } // DeepCopy copying the receiver, creating a new MachineConfigSpec. diff --git a/pkg/apis/machineconfiguration.openshift.io/v1/types.go b/pkg/apis/machineconfiguration.openshift.io/v1/types.go index 63f98179e8..159dc1e461 100644 --- a/pkg/apis/machineconfiguration.openshift.io/v1/types.go +++ b/pkg/apis/machineconfiguration.openshift.io/v1/types.go @@ -1,7 +1,7 @@ package v1 import ( - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -227,7 +227,7 @@ type MachineConfigSpec struct { // fetch the OS. OSImageURL string `json:"osImageURL"` // Config is a Ignition Config object. - Config ignv2_2types.Config `json:"config"` + Config igntypes.Config `json:"config"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/pkg/controller/common/helpers.go b/pkg/controller/common/helpers.go index 859aa88f82..1ffb9171e0 100644 --- a/pkg/controller/common/helpers.go +++ b/pkg/controller/common/helpers.go @@ -1,14 +1,23 @@ package common import ( - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" ) -// NewIgnConfig returns an empty ignition config with version set as 2.2.0 -func NewIgnConfig() ignv2_2types.Config { - return ignv2_2types.Config{ - Ignition: ignv2_2types.Ignition{ - Version: "2.2.0", +// NewIgnConfig returns an empty ignition config with version set as +// igntypes.MaxVersion.String() currently: 3.0.0 +func NewIgnConfig() igntypes.Config { + return igntypes.Config{ + Ignition: igntypes.Ignition{ + Version: igntypes.MaxVersion.String(), }, } } + +// StrFromStrPtr returns string value from string pointer or empty string if nil +func StrFromStrPtr(strptr *string) string { + if strptr == nil { + return "" + } + return *strptr +} diff --git a/pkg/controller/container-runtime-config/container_runtime_config_controller.go b/pkg/controller/container-runtime-config/container_runtime_config_controller.go index adbed7a8fa..57c4f6b20e 100644 --- a/pkg/controller/container-runtime-config/container_runtime_config_controller.go +++ b/pkg/controller/container-runtime-config/container_runtime_config_controller.go @@ -7,7 +7,7 @@ import ( "reflect" "time" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" "github.com/golang/glog" "github.com/vincent-petithory/dataurl" "k8s.io/api/core/v1" @@ -334,7 +334,7 @@ func (ctrl *Controller) handleImgErr(err error, key interface{}) { } // generateOriginalContainerRuntimeConfigs returns rendered default storage, and crio config files -func (ctrl *Controller) generateOriginalContainerRuntimeConfigs(role string) (*ignv2_2types.File, *ignv2_2types.File, *ignv2_2types.File, error) { +func (ctrl *Controller) generateOriginalContainerRuntimeConfigs(role string) (*igntypes.File, *igntypes.File, *igntypes.File, error) { cc, err := ctrl.ccLister.Get(ctrlcommon.ControllerConfigName) if err != nil { return nil, nil, nil, fmt.Errorf("could not get ControllerConfig %v", err) @@ -348,7 +348,7 @@ func (ctrl *Controller) generateOriginalContainerRuntimeConfigs(role string) (*i } // Find generated storage.config, and crio.config var ( - config, gmcStorageConfig, gmcCRIOConfig, gmcRegistriesConfig *ignv2_2types.File + config, gmcStorageConfig, gmcCRIOConfig, gmcRegistriesConfig *igntypes.File errStorage, errCRIO, errRegistries error ) // Find storage config @@ -493,7 +493,8 @@ func (ctrl *Controller) syncContainerRuntimeConfig(key string) error { } } if isNotFound { - mc = mtmpl.MachineConfigFromIgnConfig(role, managedKey, &ignv2_2types.Config{}) + igncfg := ctrlcommon.NewIgnConfig() + mc = mtmpl.MachineConfigFromIgnConfig(role, managedKey, &igncfg) } mc.Spec.Config = createNewCtrRuntimeConfigIgnition(storageTOML, crioTOML) mc.ObjectMeta.Annotations = map[string]string{ @@ -530,8 +531,12 @@ func (ctrl *Controller) syncContainerRuntimeConfig(key string) error { // mergeConfigChanges retrieves the original/default config data from the templates, decodes it and merges in the changes given by the Custom Resource. // It then encodes the new data and returns it. -func (ctrl *Controller) mergeConfigChanges(origFile *ignv2_2types.File, cfg *mcfgv1.ContainerRuntimeConfig, mc *mcfgv1.MachineConfig, role, managedKey string, isNotFound bool, update updateConfig) ([]byte, error) { - dataURL, err := dataurl.DecodeString(origFile.Contents.Source) +func (ctrl *Controller) mergeConfigChanges(origFile *igntypes.File, cfg *mcfgv1.ContainerRuntimeConfig, mc *mcfgv1.MachineConfig, role, managedKey string, isNotFound bool, update updateConfig) ([]byte, error) { + sourceData := ctrlcommon.StrFromStrPtr(origFile.Contents.Source) + if len(sourceData) == 0 { + sourceData = "data:," + } + dataURL, err := dataurl.DecodeString(sourceData) if err != nil { return nil, ctrl.syncStatusOnly(cfg, err, "could not decode original Container Runtime config: %v", err) } @@ -600,7 +605,11 @@ func (ctrl *Controller) syncImageConfig(key string) error { var registriesTOML []byte if insecureRegs != nil || blockedRegs != nil { - dataURL, err := dataurl.DecodeString(originalRegistriesIgn.Contents.Source) + sourceData := ctrlcommon.StrFromStrPtr(originalRegistriesIgn.Contents.Source) + if len(sourceData) == 0 { + sourceData = "data:," + } + dataURL, err := dataurl.DecodeString(sourceData) if err != nil { return fmt.Errorf("could not decode original registries config: %v", err) } @@ -625,7 +634,8 @@ func (ctrl *Controller) syncImageConfig(key string) error { } } if isNotFound { - mc = mtmpl.MachineConfigFromIgnConfig(role, managedKey, &ignv2_2types.Config{}) + igncfg := ctrlcommon.NewIgnConfig() + mc = mtmpl.MachineConfigFromIgnConfig(role, managedKey, &igncfg) } mc.Spec.Config = registriesIgn mc.ObjectMeta.Annotations = map[string]string{ diff --git a/pkg/controller/container-runtime-config/container_runtime_config_controller_test.go b/pkg/controller/container-runtime-config/container_runtime_config_controller_test.go index 2749fd97b0..85983e4707 100644 --- a/pkg/controller/container-runtime-config/container_runtime_config_controller_test.go +++ b/pkg/controller/container-runtime-config/container_runtime_config_controller_test.go @@ -23,13 +23,13 @@ import ( "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/record" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" apicfgv1 "github.com/openshift/api/config/v1" fakeconfigv1client "github.com/openshift/client-go/config/clientset/versioned/fake" configv1informer "github.com/openshift/client-go/config/informers/externalversions" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" - "github.com/openshift/machine-config-operator/pkg/generated/clientset/versioned/fake" "github.com/openshift/machine-config-operator/pkg/controller/common" + "github.com/openshift/machine-config-operator/pkg/generated/clientset/versioned/fake" informers "github.com/openshift/machine-config-operator/pkg/generated/informers/externalversions" ) @@ -86,7 +86,7 @@ func (f *fixture) validateActions() { } } -func newMachineConfig(name string, labels map[string]string, osurl string, files []ignv2_2types.File) *mcfgv1.MachineConfig { +func newMachineConfig(name string, labels map[string]string, osurl string, files []igntypes.File) *mcfgv1.MachineConfig { if labels == nil { labels = map[string]string{} } @@ -95,7 +95,7 @@ func newMachineConfig(name string, labels map[string]string, osurl string, files ObjectMeta: metav1.ObjectMeta{Name: name, Labels: labels, UID: types.UID(utilrand.String(5))}, Spec: mcfgv1.MachineConfigSpec{ OSImageURL: osurl, - Config: ignv2_2types.Config{Storage: ignv2_2types.Storage{Files: files}}, + Config: igntypes.Config{Storage: igntypes.Storage{Files: files}}, }, } } @@ -336,7 +336,7 @@ func TestContainerRuntimeConfigCreate(t *testing.T) { mcp := newMachineConfigPool("master", map[string]string{"custom-crio": "my-config"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "v0") mcp2 := newMachineConfigPool("worker", map[string]string{"custom-crio": "storage-config"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "worker"), "v0") ctrcfg1 := newContainerRuntimeConfig("set-log-level", &mcfgv1.ContainerRuntimeConfiguration{LogLevel: "debug", LogSizeMax: resource.MustParse("9k"), OverlaySize: resource.MustParse("3G")}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "custom-crio", "my-config")) - mcs1 := newMachineConfig(getManagedKeyCtrCfg(mcp, ctrcfg1), map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{{}}) + mcs1 := newMachineConfig(getManagedKeyCtrCfg(mcp, ctrcfg1), map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{{}}) f.ccLister = append(f.ccLister, cc) f.mcpLister = append(f.mcpLister, mcp) @@ -367,7 +367,7 @@ func TestContainerRuntimeConfigUpdate(t *testing.T) { mcp := newMachineConfigPool("master", map[string]string{"custom-crio": "my-config"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "v0") mcp2 := newMachineConfigPool("worker", map[string]string{"custom-crio": "storage-config"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "worker"), "v0") ctrcfg1 := newContainerRuntimeConfig("set-log-level", &mcfgv1.ContainerRuntimeConfiguration{LogLevel: "debug", LogSizeMax: resource.MustParse("9k"), OverlaySize: resource.MustParse("3G")}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "custom-crio", "my-config")) - mcs := newMachineConfig(getManagedKeyCtrCfg(mcp, ctrcfg1), map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{{}}) + mcs := newMachineConfig(getManagedKeyCtrCfg(mcp, ctrcfg1), map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{{}}) f.ccLister = append(f.ccLister, cc) f.mcpLister = append(f.mcpLister, mcp) @@ -443,8 +443,8 @@ func TestImageConfigCreate(t *testing.T) { mcp2 := newMachineConfigPool("worker", map[string]string{"custom-crio": "storage-config"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "worker"), "v0") imgcfg1 := newImageConfig("cluster", &apicfgv1.RegistrySources{InsecureRegistries: []string{"blah.io"}}) cvcfg1 := newClusterVersionConfig("version", "test.io/myuser/myimage:test") - mcs1 := newMachineConfig(getManagedKeyReg(mcp, imgcfg1), map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{{}}) - mcs2 := newMachineConfig(getManagedKeyReg(mcp2, imgcfg1), map[string]string{"node-role": "worker"}, "dummy://", []ignv2_2types.File{{}}) + mcs1 := newMachineConfig(getManagedKeyReg(mcp, imgcfg1), map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{{}}) + mcs2 := newMachineConfig(getManagedKeyReg(mcp2, imgcfg1), map[string]string{"node-role": "worker"}, "dummy://", []igntypes.File{{}}) f.ccLister = append(f.ccLister, cc) f.mcpLister = append(f.mcpLister, mcp) @@ -475,8 +475,8 @@ func TestImageConfigUpdate(t *testing.T) { mcp2 := newMachineConfigPool("worker", map[string]string{"custom-crio": "storage-config"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "worker"), "v0") imgcfg1 := newImageConfig("cluster", &apicfgv1.RegistrySources{InsecureRegistries: []string{"blah.io"}}) cvcfg1 := newClusterVersionConfig("version", "test.io/myuser/myimage:test") - mcs1 := newMachineConfig(getManagedKeyReg(mcp, imgcfg1), map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{{}}) - mcs2 := newMachineConfig(getManagedKeyReg(mcp2, imgcfg1), map[string]string{"node-role": "worker"}, "dummy://", []ignv2_2types.File{{}}) + mcs1 := newMachineConfig(getManagedKeyReg(mcp, imgcfg1), map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{{}}) + mcs2 := newMachineConfig(getManagedKeyReg(mcp2, imgcfg1), map[string]string{"node-role": "worker"}, "dummy://", []igntypes.File{{}}) f.ccLister = append(f.ccLister, cc) f.mcpLister = append(f.mcpLister, mcp) diff --git a/pkg/controller/container-runtime-config/helpers.go b/pkg/controller/container-runtime-config/helpers.go index 4c5321396a..8b26e3370c 100644 --- a/pkg/controller/container-runtime-config/helpers.go +++ b/pkg/controller/container-runtime-config/helpers.go @@ -10,7 +10,7 @@ import ( "github.com/containers/image/docker/reference" "github.com/containers/image/pkg/sysregistriesv2" storageconfig "github.com/containers/storage/pkg/config" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" crioconfig "github.com/kubernetes-sigs/cri-o/pkg/config" apicfgv1 "github.com/openshift/api/config/v1" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" @@ -61,22 +61,22 @@ type tomlConfigRegistries struct { type updateConfig func(data []byte, internal *mcfgv1.ContainerRuntimeConfiguration) ([]byte, error) -func createNewCtrRuntimeConfigIgnition(storageTOMLConfig, crioTOMLConfig []byte) ignv2_2types.Config { +func createNewCtrRuntimeConfigIgnition(storageTOMLConfig, crioTOMLConfig []byte) igntypes.Config { tempIgnConfig := ctrlcommon.NewIgnConfig() mode := 0644 // Create storage.conf ignition if storageTOMLConfig != nil { storagedu := dataurl.New(storageTOMLConfig, "text/plain") storagedu.Encoding = dataurl.EncodingASCII - storageTempFile := ignv2_2types.File{ - Node: ignv2_2types.Node{ - Filesystem: "root", - Path: storageConfigPath, + storageduString := storagedu.String() + storageTempFile := igntypes.File{ + Node: igntypes.Node{ + Path: storageConfigPath, }, - FileEmbedded1: ignv2_2types.FileEmbedded1{ + FileEmbedded1: igntypes.FileEmbedded1{ Mode: &mode, - Contents: ignv2_2types.FileContents{ - Source: storagedu.String(), + Contents: igntypes.FileContents{ + Source: &storageduString, }, }, } @@ -87,15 +87,15 @@ func createNewCtrRuntimeConfigIgnition(storageTOMLConfig, crioTOMLConfig []byte) if crioTOMLConfig != nil { criodu := dataurl.New(crioTOMLConfig, "text/plain") criodu.Encoding = dataurl.EncodingASCII - crioTempFile := ignv2_2types.File{ - Node: ignv2_2types.Node{ - Filesystem: "root", - Path: crioConfigPath, + crioduString := criodu.String() + crioTempFile := igntypes.File{ + Node: igntypes.Node{ + Path: crioConfigPath, }, - FileEmbedded1: ignv2_2types.FileEmbedded1{ + FileEmbedded1: igntypes.FileEmbedded1{ Mode: &mode, - Contents: ignv2_2types.FileContents{ - Source: criodu.String(), + Contents: igntypes.FileContents{ + Source: &crioduString, }, }, } @@ -105,22 +105,22 @@ func createNewCtrRuntimeConfigIgnition(storageTOMLConfig, crioTOMLConfig []byte) return tempIgnConfig } -func createNewRegistriesConfigIgnition(registriesTOMLConfig []byte) ignv2_2types.Config { +func createNewRegistriesConfigIgnition(registriesTOMLConfig []byte) igntypes.Config { tempIgnConfig := ctrlcommon.NewIgnConfig() mode := 0644 // Create Registries ignition if registriesTOMLConfig != nil { regdu := dataurl.New(registriesTOMLConfig, "text/plain") regdu.Encoding = dataurl.EncodingASCII - regTempFile := ignv2_2types.File{ - Node: ignv2_2types.Node{ - Filesystem: "root", - Path: registriesConfigPath, + regduString := regdu.String() + regTempFile := igntypes.File{ + Node: igntypes.Node{ + Path: registriesConfigPath, }, - FileEmbedded1: ignv2_2types.FileEmbedded1{ + FileEmbedded1: igntypes.FileEmbedded1{ Mode: &mode, - Contents: ignv2_2types.FileContents{ - Source: regdu.String(), + Contents: igntypes.FileContents{ + Source: ®duString, }, }, } @@ -129,7 +129,7 @@ func createNewRegistriesConfigIgnition(registriesTOMLConfig []byte) ignv2_2types return tempIgnConfig } -func findStorageConfig(mc *mcfgv1.MachineConfig) (*ignv2_2types.File, error) { +func findStorageConfig(mc *mcfgv1.MachineConfig) (*igntypes.File, error) { for _, c := range mc.Spec.Config.Storage.Files { if c.Path == storageConfigPath { return &c, nil @@ -138,7 +138,7 @@ func findStorageConfig(mc *mcfgv1.MachineConfig) (*ignv2_2types.File, error) { return nil, fmt.Errorf("could not find Storage Config") } -func findCRIOConfig(mc *mcfgv1.MachineConfig) (*ignv2_2types.File, error) { +func findCRIOConfig(mc *mcfgv1.MachineConfig) (*igntypes.File, error) { for _, c := range mc.Spec.Config.Storage.Files { if c.Path == crioConfigPath { return &c, nil @@ -147,7 +147,7 @@ func findCRIOConfig(mc *mcfgv1.MachineConfig) (*ignv2_2types.File, error) { return nil, fmt.Errorf("could not find CRI-O Config") } -func findRegistriesConfig(mc *mcfgv1.MachineConfig) (*ignv2_2types.File, error) { +func findRegistriesConfig(mc *mcfgv1.MachineConfig) (*igntypes.File, error) { for _, c := range mc.Spec.Config.Storage.Files { if c.Path == registriesConfigPath { return &c, nil diff --git a/pkg/controller/kubelet-config/helpers.go b/pkg/controller/kubelet-config/helpers.go index 2516ea3a7b..bd97224589 100644 --- a/pkg/controller/kubelet-config/helpers.go +++ b/pkg/controller/kubelet-config/helpers.go @@ -5,7 +5,7 @@ import ( "fmt" "reflect" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/vincent-petithory/dataurl" @@ -18,19 +18,19 @@ import ( kubeletconfigscheme "k8s.io/kubernetes/pkg/kubelet/apis/config/scheme" ) -func createNewKubeletIgnition(ymlconfig []byte) ignv2_2types.Config { +func createNewKubeletIgnition(ymlconfig []byte) igntypes.Config { mode := 0644 du := dataurl.New(ymlconfig, "text/plain") du.Encoding = dataurl.EncodingASCII - tempFile := ignv2_2types.File{ - Node: ignv2_2types.Node{ - Filesystem: "root", - Path: "/etc/kubernetes/kubelet.conf", + duString := du.String() + tempFile := igntypes.File{ + Node: igntypes.Node{ + Path: "/etc/kubernetes/kubelet.conf", }, - FileEmbedded1: ignv2_2types.FileEmbedded1{ + FileEmbedded1: igntypes.FileEmbedded1{ Mode: &mode, - Contents: ignv2_2types.FileContents{ - Source: du.String(), + Contents: igntypes.FileContents{ + Source: &duString, }, }, } @@ -39,7 +39,7 @@ func createNewKubeletIgnition(ymlconfig []byte) ignv2_2types.Config { return tempIgnConfig } -func findKubeletConfig(mc *mcfgv1.MachineConfig) (*ignv2_2types.File, error) { +func findKubeletConfig(mc *mcfgv1.MachineConfig) (*igntypes.File, error) { for _, c := range mc.Spec.Config.Storage.Files { if c.Path == "/etc/kubernetes/kubelet.conf" { return &c, nil diff --git a/pkg/controller/kubelet-config/kubelet_config_controller.go b/pkg/controller/kubelet-config/kubelet_config_controller.go index 33fa064ae8..09180d7249 100644 --- a/pkg/controller/kubelet-config/kubelet_config_controller.go +++ b/pkg/controller/kubelet-config/kubelet_config_controller.go @@ -7,7 +7,7 @@ import ( "reflect" "time" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" "github.com/golang/glog" "github.com/imdario/mergo" "github.com/vincent-petithory/dataurl" @@ -309,7 +309,7 @@ func (ctrl *Controller) handleFeatureErr(err error, key interface{}) { ctrl.featureQueue.AddAfter(key, 1*time.Minute) } -func (ctrl *Controller) generateOriginalKubeletConfig(role string) (*ignv2_2types.File, error) { +func (ctrl *Controller) generateOriginalKubeletConfig(role string) (*igntypes.File, error) { cc, err := ctrl.ccLister.Get(ctrlcommon.ControllerConfigName) if err != nil { return nil, fmt.Errorf("could not get ControllerConfig %v", err) @@ -429,7 +429,11 @@ func (ctrl *Controller) syncKubeletConfig(key string) error { if err != nil { return ctrl.syncStatusOnly(cfg, err, "could not generate the original Kubelet config: %v", err) } - dataURL, err := dataurl.DecodeString(originalKubeletIgn.Contents.Source) + sourceData := ctrlcommon.StrFromStrPtr(originalKubeletIgn.Contents.Source) + if len(sourceData) == 0 { + sourceData = "data:," + } + dataURL, err := dataurl.DecodeString(sourceData) if err != nil { return ctrl.syncStatusOnly(cfg, err, "could not decode the original Kubelet source string: %v", err) } diff --git a/pkg/controller/kubelet-config/kubelet_config_controller_test.go b/pkg/controller/kubelet-config/kubelet_config_controller_test.go index 9579244821..527c4821fe 100644 --- a/pkg/controller/kubelet-config/kubelet_config_controller_test.go +++ b/pkg/controller/kubelet-config/kubelet_config_controller_test.go @@ -25,7 +25,7 @@ import ( osev1 "github.com/openshift/api/config/v1" oseinformersv1 "github.com/openshift/client-go/config/informers/externalversions" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" oseconfigfake "github.com/openshift/client-go/config/clientset/versioned/fake" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" "github.com/openshift/machine-config-operator/pkg/controller/common" @@ -85,7 +85,7 @@ func (f *fixture) validateActions() { } } -func newMachineConfig(name string, labels map[string]string, osurl string, files []ignv2_2types.File) *mcfgv1.MachineConfig { +func newMachineConfig(name string, labels map[string]string, osurl string, files []igntypes.File) *mcfgv1.MachineConfig { if labels == nil { labels = map[string]string{} } @@ -94,7 +94,7 @@ func newMachineConfig(name string, labels map[string]string, osurl string, files ObjectMeta: metav1.ObjectMeta{Name: name, Labels: labels, UID: types.UID(utilrand.String(5))}, Spec: mcfgv1.MachineConfigSpec{ OSImageURL: osurl, - Config: ignv2_2types.Config{Storage: ignv2_2types.Storage{Files: files}}, + Config: igntypes.Config{Storage: igntypes.Storage{Files: files}}, }, } } @@ -318,7 +318,7 @@ func TestKubeletConfigCreate(t *testing.T) { mcp := newMachineConfigPool("master", map[string]string{"kubeletType": "small-pods"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "v0") mcp2 := newMachineConfigPool("worker", map[string]string{"kubeletType": "large-pods"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "worker"), "v0") kc1 := newKubeletConfig("smaller-max-pods", &kubeletconfigv1beta1.KubeletConfiguration{MaxPods: 100}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "kubeletType", "small-pods")) - mcs := newMachineConfig(getManagedKubeletConfigKey(mcp), map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{{}}) + mcs := newMachineConfig(getManagedKubeletConfigKey(mcp), map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{{}}) f.ccLister = append(f.ccLister, cc) f.mcpLister = append(f.mcpLister, mcp) @@ -345,7 +345,7 @@ func TestKubeletConfigUpdates(t *testing.T) { mcp := newMachineConfigPool("master", map[string]string{"kubeletType": "small-pods"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "v0") mcp2 := newMachineConfigPool("worker", map[string]string{"kubeletType": "large-pods"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "worker"), "v0") kc1 := newKubeletConfig("smaller-max-pods", &kubeletconfigv1beta1.KubeletConfiguration{MaxPods: 100}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "kubeletType", "small-pods")) - mcs := newMachineConfig(getManagedKubeletConfigKey(mcp), map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{{}}) + mcs := newMachineConfig(getManagedKubeletConfigKey(mcp), map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{{}}) f.ccLister = append(f.ccLister, cc) f.mcpLister = append(f.mcpLister, mcp) @@ -490,7 +490,7 @@ func TestKubeletFeatureExists(t *testing.T) { mcp := newMachineConfigPool("master", map[string]string{"kubeletType": "small-pods"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "v0") mcp2 := newMachineConfigPool("worker", map[string]string{"kubeletType": "large-pods"}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "worker"), "v0") kc1 := newKubeletConfig("smaller-max-pods", &kubeletconfigv1beta1.KubeletConfiguration{MaxPods: 100}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "kubeletType", "small-pods")) - mcs := newMachineConfig(getManagedKubeletConfigKey(mcp), map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{{}}) + mcs := newMachineConfig(getManagedKubeletConfigKey(mcp), map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{{}}) f.ccLister = append(f.ccLister, cc) f.mcpLister = append(f.mcpLister, mcp) diff --git a/pkg/controller/kubelet-config/kubelet_config_features.go b/pkg/controller/kubelet-config/kubelet_config_features.go index 2d45133def..6b1adb7b48 100644 --- a/pkg/controller/kubelet-config/kubelet_config_features.go +++ b/pkg/controller/kubelet-config/kubelet_config_features.go @@ -95,7 +95,11 @@ func (ctrl *Controller) syncFeatureHandler(key string) error { if err != nil { return err } - dataURL, err := dataurl.DecodeString(originalKubeletIgn.Contents.Source) + sourceData := ctrlcommon.StrFromStrPtr(originalKubeletIgn.Contents.Source) + if len(sourceData) == 0 { + sourceData = "data:," + } + dataURL, err := dataurl.DecodeString(sourceData) if err != nil { return err } diff --git a/pkg/controller/render/render_controller_test.go b/pkg/controller/render/render_controller_test.go index 758901f8c9..de2d3f1724 100644 --- a/pkg/controller/render/render_controller_test.go +++ b/pkg/controller/render/render_controller_test.go @@ -6,7 +6,7 @@ import ( "testing" "time" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/openshift/machine-config-operator/pkg/generated/clientset/versioned/fake" @@ -65,7 +65,7 @@ func newMachineConfigPool(name string, selector *metav1.LabelSelector, currentMa } } -func newMachineConfig(name string, labels map[string]string, osurl string, files []ignv2_2types.File) *mcfgv1.MachineConfig { +func newMachineConfig(name string, labels map[string]string, osurl string, files []igntypes.File) *mcfgv1.MachineConfig { if labels == nil { labels = map[string]string{} } @@ -241,12 +241,12 @@ func newControllerConfig(name string) *mcfgv1.ControllerConfig { ObjectMeta: metav1.ObjectMeta{Name: name, UID: types.UID(utilrand.String(5))}, Spec: mcfgv1.ControllerConfigSpec{ EtcdDiscoveryDomain: fmt.Sprintf("%s.tt.testing", name), - OSImageURL: "dummy", + OSImageURL: "dummy", }, Status: mcfgv1.ControllerConfigStatus{ Conditions: []mcfgv1.ControllerConfigStatusCondition{ { - Type: mcfgv1.TemplateContollerCompleted, + Type: mcfgv1.TemplateContollerCompleted, Status: corev1.ConditionTrue, }, }, @@ -257,18 +257,18 @@ func newControllerConfig(name string) *mcfgv1.ControllerConfig { func TestCreatesGeneratedMachineConfig(t *testing.T) { f := newFixture(t) mcp := newMachineConfigPool("test-cluster-master", metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "") - files := []ignv2_2types.File{{ - Node: ignv2_2types.Node{ + files := []igntypes.File{{ + Node: igntypes.Node{ Path: "/dummy/0", }, }, { - Node: ignv2_2types.Node{ + Node: igntypes.Node{ Path: "/dummy/1", }, }} mcs := []*mcfgv1.MachineConfig{ - newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{files[0]}), - newMachineConfig("05-extra-master", map[string]string{"node-role": "master"}, "dummy://1", []ignv2_2types.File{files[1]}), + newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{files[0]}), + newMachineConfig("05-extra-master", map[string]string{"node-role": "master"}, "dummy://1", []igntypes.File{files[1]}), } cc := newControllerConfig(ctrlcommon.ControllerConfigName) @@ -285,18 +285,18 @@ func TestCreatesGeneratedMachineConfig(t *testing.T) { // generateRenderedMachineConfig should return an error when one of the MCs in configs contains an invalid ignconfig. func TestIgnValidationGenerateRenderedMachineConfig(t *testing.T) { mcp := newMachineConfigPool("test-cluster-master", metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "") - files := []ignv2_2types.File{{ - Node: ignv2_2types.Node{ + files := []igntypes.File{{ + Node: igntypes.Node{ Path: "/dummy/0", }, }, { - Node: ignv2_2types.Node{ + Node: igntypes.Node{ Path: "/dummy/1", }, }} mcs := []*mcfgv1.MachineConfig{ - newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{files[0]}), - newMachineConfig("05-extra-master", map[string]string{"node-role": "master"}, "dummy://1", []ignv2_2types.File{files[1]}), + newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{files[0]}), + newMachineConfig("05-extra-master", map[string]string{"node-role": "master"}, "dummy://1", []igntypes.File{files[1]}), } cc := newControllerConfig(ctrlcommon.ControllerConfigName) @@ -305,7 +305,7 @@ func TestIgnValidationGenerateRenderedMachineConfig(t *testing.T) { t.Fatalf("expected no error. Got: %v", err) } - mcs[1].Spec.Config.Ignition.Version = "" + mcs[1].Spec.Config.Ignition.Version = "2.2.0" _, err = generateRenderedMachineConfig(mcp, mcs, cc) if err == nil { t.Fatalf("expected error. mcs contains a machine config with invalid ignconfig version") @@ -315,18 +315,18 @@ func TestIgnValidationGenerateRenderedMachineConfig(t *testing.T) { func TestUpdatesGeneratedMachineConfig(t *testing.T) { f := newFixture(t) mcp := newMachineConfigPool("test-cluster-master", metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "") - files := []ignv2_2types.File{{ - Node: ignv2_2types.Node{ + files := []igntypes.File{{ + Node: igntypes.Node{ Path: "/dummy/0", }, }, { - Node: ignv2_2types.Node{ + Node: igntypes.Node{ Path: "/dummy/1", }, }} mcs := []*mcfgv1.MachineConfig{ - newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{files[0]}), - newMachineConfig("05-extra-master", map[string]string{"node-role": "master"}, "dummy://1", []ignv2_2types.File{files[1]}), + newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{files[0]}), + newMachineConfig("05-extra-master", map[string]string{"node-role": "master"}, "dummy://1", []igntypes.File{files[1]}), } cc := newControllerConfig(ctrlcommon.ControllerConfigName) @@ -362,8 +362,8 @@ func TestUpdatesGeneratedMachineConfig(t *testing.T) { func TestGenerateMachineConfigNoOverrideOSImageURL(t *testing.T) { mcp := newMachineConfigPool("test-cluster-master", metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "") mcs := []*mcfgv1.MachineConfig{ - newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy-test-1", []ignv2_2types.File{}), - newMachineConfig("00-test-cluster-master-0", map[string]string{"node-role": "master"}, "dummy-change", []ignv2_2types.File{}), + newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy-test-1", []igntypes.File{}), + newMachineConfig("00-test-cluster-master-0", map[string]string{"node-role": "master"}, "dummy-change", []igntypes.File{}), } cc := newControllerConfig(ctrlcommon.ControllerConfigName) @@ -378,18 +378,18 @@ func TestGenerateMachineConfigNoOverrideOSImageURL(t *testing.T) { func TestDoNothing(t *testing.T) { f := newFixture(t) mcp := newMachineConfigPool("test-cluster-master", metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "") - files := []ignv2_2types.File{{ - Node: ignv2_2types.Node{ + files := []igntypes.File{{ + Node: igntypes.Node{ Path: "/dummy/0", }, }, { - Node: ignv2_2types.Node{ + Node: igntypes.Node{ Path: "/dummy/1", }, }} mcs := []*mcfgv1.MachineConfig{ - newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{files[0]}), - newMachineConfig("05-extra-master", map[string]string{"node-role": "master"}, "dummy://1", []ignv2_2types.File{files[1]}), + newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{files[0]}), + newMachineConfig("05-extra-master", map[string]string{"node-role": "master"}, "dummy://1", []igntypes.File{files[1]}), } cc := newControllerConfig(ctrlcommon.ControllerConfigName) @@ -417,23 +417,23 @@ func TestDoNothing(t *testing.T) { func TestGetMachineConfigsForPool(t *testing.T) { masterPool := newMachineConfigPool("test-cluster-master", metav1.AddLabelToSelector(&metav1.LabelSelector{}, "node-role", "master"), "") - files := []ignv2_2types.File{{ - Node: ignv2_2types.Node{ + files := []igntypes.File{{ + Node: igntypes.Node{ Path: "/dummy/0", }, }, { - Node: ignv2_2types.Node{ + Node: igntypes.Node{ Path: "/dummy/1", }, }, { - Node: ignv2_2types.Node{ + Node: igntypes.Node{ Path: "/dummy/2", }, }} mcs := []*mcfgv1.MachineConfig{ - newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy://", []ignv2_2types.File{files[0]}), - newMachineConfig("05-extra-master", map[string]string{"node-role": "master"}, "dummy://1", []ignv2_2types.File{files[1]}), - newMachineConfig("00-test-cluster-worker", map[string]string{"node-role": "worker"}, "dummy://2", []ignv2_2types.File{files[2]}), + newMachineConfig("00-test-cluster-master", map[string]string{"node-role": "master"}, "dummy://", []igntypes.File{files[0]}), + newMachineConfig("05-extra-master", map[string]string{"node-role": "master"}, "dummy://1", []igntypes.File{files[1]}), + newMachineConfig("00-test-cluster-worker", map[string]string{"node-role": "worker"}, "dummy://2", []igntypes.File{files[2]}), } masterConfigs, err := getMachineConfigsForPool(masterPool, mcs) if err != nil { diff --git a/pkg/controller/template/render.go b/pkg/controller/template/render.go index 7d94ea05fe..f0942bcd00 100644 --- a/pkg/controller/template/render.go +++ b/pkg/controller/template/render.go @@ -12,14 +12,13 @@ import ( "text/template" "github.com/Masterminds/sprig" - ctconfig "github.com/coreos/container-linux-config-transpiler/config" - cttypes "github.com/coreos/container-linux-config-transpiler/config/types" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" "github.com/ghodss/yaml" "github.com/golang/glog" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" - "github.com/openshift/machine-config-operator/pkg/controller/common" + ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/openshift/machine-config-operator/pkg/version" + "github.com/vincent-petithory/dataurl" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -82,7 +81,7 @@ func generateTemplateMachineConfigs(config *RenderConfig, templateDir string) ([ if cfg.Annotations == nil { cfg.Annotations = map[string]string{} } - cfg.Annotations[common.GeneratedByControllerVersionAnnotationKey] = version.Version.String() + cfg.Annotations[ctrlcommon.GeneratedByControllerVersionAnnotationKey] = version.Version.String() } return cfgs, nil @@ -226,7 +225,7 @@ func generateMachineConfigForName(config *RenderConfig, role, name, path string) ignCfg, err := transpileToIgn(keySortVals(files), keySortVals(units)) if err != nil { - return nil, fmt.Errorf("error transpiling ct config to Ignition config: %v", err) + return nil, fmt.Errorf("error transpiling to Ignition config: %v", err) } mcfg := MachineConfigFromIgnConfig(role, name, ignCfg) @@ -241,7 +240,7 @@ const ( ) // MachineConfigFromIgnConfig creates a MachineConfig with the provided Ignition config -func MachineConfigFromIgnConfig(role string, name string, ignCfg *ignv2_2types.Config) *mcfgv1.MachineConfig { +func MachineConfigFromIgnConfig(role string, name string, ignCfg *igntypes.Config) *mcfgv1.MachineConfig { labels := map[string]string{ machineConfigRoleLabelKey: role, } @@ -257,33 +256,37 @@ func MachineConfigFromIgnConfig(role string, name string, ignCfg *ignv2_2types.C } } -func transpileToIgn(files, units []string) (*ignv2_2types.Config, error) { - var ctCfg cttypes.Config +// transpileToIgn takes yaml snippets and returns and Ignition Config with the unmarshaled +// ignition types. Note that the source in the yaml are the literal contents +// and are not url encoded +func transpileToIgn(files, units []string) (*igntypes.Config, error) { + ignCfg := ctrlcommon.NewIgnConfig() + overwriteTrue := true // Convert data to Ignition resources for _, d := range files { - f := new(cttypes.File) - if err := yaml.Unmarshal([]byte(d), f); err != nil { + var f igntypes.File + if err := yaml.Unmarshal([]byte(d), &f); err != nil { return nil, fmt.Errorf("failed to unmarshal file into struct: %v", err) } + regdu := dataurl.New([]byte(*f.Contents.Source), "text/plain") + regdu.Encoding = dataurl.EncodingASCII + regduString := regdu.String() + f.Contents.Source = ®duString + // in ignition v3 File.Overwrite has default false + f.Overwrite = &overwriteTrue // Add the file to the config - ctCfg.Storage.Files = append(ctCfg.Storage.Files, *f) + ignCfg.Storage.Files = append(ignCfg.Storage.Files, f) } for _, d := range units { - u := new(cttypes.SystemdUnit) - if err := yaml.Unmarshal([]byte(d), u); err != nil { + var u igntypes.Unit + if err := yaml.Unmarshal([]byte(d), &u); err != nil { return nil, fmt.Errorf("failed to unmarshal systemd unit into struct: %v", err) } - // Add the unit to the config - ctCfg.Systemd.Units = append(ctCfg.Systemd.Units, *u) - } - - ignCfg, rep := ctconfig.Convert(ctCfg, "", nil) - if rep.IsFatal() { - return nil, fmt.Errorf("failed to convert config to Ignition config %s", rep) + ignCfg.Systemd.Units = append(ignCfg.Systemd.Units, u) } return &ignCfg, nil diff --git a/pkg/controller/template/render_test.go b/pkg/controller/template/render_test.go index 5226d4b1d0..3ea87bd2a2 100644 --- a/pkg/controller/template/render_test.go +++ b/pkg/controller/template/render_test.go @@ -11,7 +11,7 @@ import ( "strings" "testing" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" "github.com/ghodss/yaml" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" "k8s.io/client-go/kubernetes/scheme" @@ -268,7 +268,7 @@ func controllerConfigFromFile(path string) (*mcfgv1.ControllerConfig, error) { return cc, nil } -func verifyIgnFiles(files []ignv2_2types.File, dir string, update bool, t *testing.T) { +func verifyIgnFiles(files []igntypes.File, dir string, update bool, t *testing.T) { var actual [][]byte for _, f := range files { @@ -298,7 +298,7 @@ func verifyIgnFiles(files []ignv2_2types.File, dir string, update bool, t *testi verifyIgn(actual, dir, t) } -func verifyIgnUnits(units []ignv2_2types.Unit, dir string, update bool, t *testing.T) { +func verifyIgnUnits(units []igntypes.Unit, dir string, update bool, t *testing.T) { var actual [][]byte for _, u := range units { j, err := json.MarshalIndent(u, "", " ") diff --git a/pkg/controller/template/template_controller_test.go b/pkg/controller/template/template_controller_test.go index d13acdc52c..9fd0952e23 100644 --- a/pkg/controller/template/template_controller_test.go +++ b/pkg/controller/template/template_controller_test.go @@ -9,8 +9,8 @@ import ( "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/record" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" + ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/openshift/machine-config-operator/pkg/generated/clientset/versioned/fake" informers "github.com/openshift/machine-config-operator/pkg/generated/informers/externalversions" corev1 "k8s.io/api/core/v1" @@ -369,8 +369,7 @@ func TestUpdateMachineConfig(t *testing.T) { t.Fatal(err) } //update machineconfig - mcs[len(mcs)-1].Spec.Config = ignv2_2types.Config{} - + mcs[len(mcs)-1].Spec.Config = ctrlcommon.NewIgnConfig() f.ccLister = append(f.ccLister, cc) f.kubeobjects = append(f.kubeobjects, ps) f.objects = append(f.objects, cc) diff --git a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-ca.crt index 93e18c9420..85160e00fb 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy index 745cb9e5d9..25ae417ef8 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy +++ b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy @@ -1,6 +1,8 @@ contents: - source: data:, + source: data:text/plain, verification: {} -filesystem: root +group: {} mode: 493 +overwrite: true path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-manifests-etcd-member.yaml b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-manifests-etcd-member.yaml index 101a6bd98f..da65782dfd 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-manifests-etcd-member.yaml +++ b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-manifests-etcd-member.yaml @@ -1,6 +1,8 @@ contents: - source: data:,apiVersion%3A%20v1%0Akind%3A%20Pod%0Ametadata%3A%0A%20%20name%3A%20etcd-member%0A%20%20namespace%3A%20kube-system%0A%20%20labels%3A%0A%20%20%20%20k8s-app%3A%20etcd%0Aspec%3A%0A%20%20initContainers%3A%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20image%3A%20%22image%2FsetupEtcdEnv%3A1%22%0A%20%20%20%20args%3A%0A%20%20%20%20-%20%22run%22%0A%20%20%20%20-%20%22--discovery-srv%3Dmy-test-cluster.installer.team.coreos.systems%22%0A%20%20%20%20-%20%22--output-file%3D%2Frun%2Fetcd%2Fenvironment%22%0A%20%20%20%20-%20%22--v%3D4%22%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20-%20name%3A%20certs%0A%20%20%20%20image%3A%20%22image%2FkubeClientAgentImage%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-servers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3Dlocalhost%2Cetcd.kube-system.svc%2Cetcd.kube-system.svc.cluster.local%2C%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%2C127.0.0.1%20%5C%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-peers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3D%24%7BETCD_DNS_NAME%7D%2Cmy-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%20%5C%0A%20%20%20%20%20%20%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20containers%3A%0A%20%20-%20name%3A%20etcd-member%0A%20%20%20%20image%3A%20%22image%2Fetcd%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20etcd%20%5C%0A%20%20%20%20%20%20%20%20--discovery-srv%20my-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20--initial-advertise-peer-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2380%20%5C%0A%20%20%20%20%20%20%20%20--cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--peer-cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--peer-trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--advertise-client-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-client-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-peer-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2380%20%5C%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20resources%3A%0A%20%20%20%20%20%20requests%3A%0A%20%20%20%20%20%20%20%20memory%3A%20600Mi%0A%20%20%20%20%20%20%20%20cpu%3A%20300m%0A%20%20%20%20terminationMessagePolicy%3A%20FallbackToLogsOnError%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20data-dir%0A%20%20%20%20%20%20mountPath%3A%20%2Fvar%2Flib%2Fetcd%2F%0A%20%20%20%20env%3A%0A%20%20%20%20-%20name%3A%20ETCD_DATA_DIR%0A%20%20%20%20%20%20value%3A%20%22%2Fvar%2Flib%2Fetcd%22%0A%20%20%20%20-%20name%3A%20ETCD_NAME%0A%20%20%20%20%20%20valueFrom%3A%0A%20%20%20%20%20%20%20%20fieldRef%3A%0A%20%20%20%20%20%20%20%20%20%20fieldPath%3A%20metadata.name%0A%20%20%20%20ports%3A%0A%20%20%20%20-%20name%3A%20peer%0A%20%20%20%20%20%20containerPort%3A%202380%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20%20%20-%20name%3A%20server%0A%20%20%20%20%20%20containerPort%3A%202379%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20hostNetwork%3A%20true%0A%20%20priorityClassName%3A%20system-node-critical%0A%20%20tolerations%3A%0A%20%20-%20operator%3A%20%22Exists%22%0A%20%20restartPolicy%3A%20Always%0A%20%20volumes%3A%0A%20%20-%20name%3A%20certs%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fstatic-pod-resources%2Fetcd-member%0A%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Frun%2Fetcd%0A%20%20-%20name%3A%20data-dir%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fvar%2Flib%2Fetcd%0A + source: data:text/plain,apiVersion%3A%20v1%0Akind%3A%20Pod%0Ametadata%3A%0A%20%20name%3A%20etcd-member%0A%20%20namespace%3A%20kube-system%0A%20%20labels%3A%0A%20%20%20%20k8s-app%3A%20etcd%0Aspec%3A%0A%20%20initContainers%3A%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20image%3A%20%22image%2FsetupEtcdEnv%3A1%22%0A%20%20%20%20args%3A%0A%20%20%20%20-%20%22run%22%0A%20%20%20%20-%20%22--discovery-srv%3Dmy-test-cluster.installer.team.coreos.systems%22%0A%20%20%20%20-%20%22--output-file%3D%2Frun%2Fetcd%2Fenvironment%22%0A%20%20%20%20-%20%22--v%3D4%22%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20-%20name%3A%20certs%0A%20%20%20%20image%3A%20%22image%2FkubeClientAgentImage%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-servers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3Dlocalhost%2Cetcd.kube-system.svc%2Cetcd.kube-system.svc.cluster.local%2C%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%2C127.0.0.1%20%5C%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-peers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3D%24%7BETCD_DNS_NAME%7D%2Cmy-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%20%5C%0A%20%20%20%20%20%20%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20containers%3A%0A%20%20-%20name%3A%20etcd-member%0A%20%20%20%20image%3A%20%22image%2Fetcd%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20etcd%20%5C%0A%20%20%20%20%20%20%20%20--discovery-srv%20my-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20--initial-advertise-peer-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2380%20%5C%0A%20%20%20%20%20%20%20%20--cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--peer-cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--peer-trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--advertise-client-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-client-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-peer-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2380%20%5C%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20resources%3A%0A%20%20%20%20%20%20requests%3A%0A%20%20%20%20%20%20%20%20memory%3A%20600Mi%0A%20%20%20%20%20%20%20%20cpu%3A%20300m%0A%20%20%20%20terminationMessagePolicy%3A%20FallbackToLogsOnError%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20data-dir%0A%20%20%20%20%20%20mountPath%3A%20%2Fvar%2Flib%2Fetcd%2F%0A%20%20%20%20env%3A%0A%20%20%20%20-%20name%3A%20ETCD_DATA_DIR%0A%20%20%20%20%20%20value%3A%20%22%2Fvar%2Flib%2Fetcd%22%0A%20%20%20%20-%20name%3A%20ETCD_NAME%0A%20%20%20%20%20%20valueFrom%3A%0A%20%20%20%20%20%20%20%20fieldRef%3A%0A%20%20%20%20%20%20%20%20%20%20fieldPath%3A%20metadata.name%0A%20%20%20%20ports%3A%0A%20%20%20%20-%20name%3A%20peer%0A%20%20%20%20%20%20containerPort%3A%202380%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20%20%20-%20name%3A%20server%0A%20%20%20%20%20%20containerPort%3A%202379%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20hostNetwork%3A%20true%0A%20%20priorityClassName%3A%20system-node-critical%0A%20%20tolerations%3A%0A%20%20-%20operator%3A%20%22Exists%22%0A%20%20restartPolicy%3A%20Always%0A%20%20volumes%3A%0A%20%20-%20name%3A%20certs%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fstatic-pod-resources%2Fetcd-member%0A%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Frun%2Fetcd%0A%20%20-%20name%3A%20data-dir%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fvar%2Flib%2Fetcd%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/manifests/etcd-member.yaml +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt index 32bcd5d94d..0e81fdb8b6 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20etcd-ca%0A + source: data:text/plain,dummy%20etcd-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/static-pod-resources/etcd-member/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt index cb1bec649c..9f9885e5dd 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/static-pod-resources/etcd-member/root-ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-sysconfig-crio-network b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-sysconfig-crio-network index a56f445be7..9f47fa7018 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-sysconfig-crio-network +++ b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-sysconfig-crio-network @@ -1,6 +1,8 @@ contents: - source: data:,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A + source: data:text/plain,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysconfig/crio-network +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-sysctl.d-forward.conf b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-sysctl.d-forward.conf index dc3f2dc75d..808b447f78 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-sysctl.d-forward.conf +++ b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-etc-sysctl.d-forward.conf @@ -1,6 +1,8 @@ contents: - source: data:,net.ipv4.ip_forward%20%3D%201%0A + source: data:text/plain,net.ipv4.ip_forward%20%3D%201%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysctl.d/forward.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-var-lib-kubelet-config.json b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-var-lib-kubelet-config.json index 0ba6c19e6a..13e9f8eb0f 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/aws/files/-var-lib-kubelet-config.json +++ b/pkg/controller/template/test_data/templates/master/00-master/aws/files/-var-lib-kubelet-config.json @@ -1,6 +1,8 @@ contents: - source: data:,%7B%22dummy%22%3A%22dummy%22%7D%0A + source: data:text/plain,%7B%22dummy%22%3A%22dummy%22%7D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /var/lib/kubelet/config.json +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-ca.crt index 93e18c9420..85160e00fb 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy index 745cb9e5d9..25ae417ef8 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy +++ b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy @@ -1,6 +1,8 @@ contents: - source: data:, + source: data:text/plain, verification: {} -filesystem: root +group: {} mode: 493 +overwrite: true path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-manifests-etcd-member.yaml b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-manifests-etcd-member.yaml index 101a6bd98f..da65782dfd 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-manifests-etcd-member.yaml +++ b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-manifests-etcd-member.yaml @@ -1,6 +1,8 @@ contents: - source: data:,apiVersion%3A%20v1%0Akind%3A%20Pod%0Ametadata%3A%0A%20%20name%3A%20etcd-member%0A%20%20namespace%3A%20kube-system%0A%20%20labels%3A%0A%20%20%20%20k8s-app%3A%20etcd%0Aspec%3A%0A%20%20initContainers%3A%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20image%3A%20%22image%2FsetupEtcdEnv%3A1%22%0A%20%20%20%20args%3A%0A%20%20%20%20-%20%22run%22%0A%20%20%20%20-%20%22--discovery-srv%3Dmy-test-cluster.installer.team.coreos.systems%22%0A%20%20%20%20-%20%22--output-file%3D%2Frun%2Fetcd%2Fenvironment%22%0A%20%20%20%20-%20%22--v%3D4%22%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20-%20name%3A%20certs%0A%20%20%20%20image%3A%20%22image%2FkubeClientAgentImage%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-servers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3Dlocalhost%2Cetcd.kube-system.svc%2Cetcd.kube-system.svc.cluster.local%2C%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%2C127.0.0.1%20%5C%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-peers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3D%24%7BETCD_DNS_NAME%7D%2Cmy-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%20%5C%0A%20%20%20%20%20%20%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20containers%3A%0A%20%20-%20name%3A%20etcd-member%0A%20%20%20%20image%3A%20%22image%2Fetcd%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20etcd%20%5C%0A%20%20%20%20%20%20%20%20--discovery-srv%20my-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20--initial-advertise-peer-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2380%20%5C%0A%20%20%20%20%20%20%20%20--cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--peer-cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--peer-trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--advertise-client-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-client-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-peer-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2380%20%5C%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20resources%3A%0A%20%20%20%20%20%20requests%3A%0A%20%20%20%20%20%20%20%20memory%3A%20600Mi%0A%20%20%20%20%20%20%20%20cpu%3A%20300m%0A%20%20%20%20terminationMessagePolicy%3A%20FallbackToLogsOnError%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20data-dir%0A%20%20%20%20%20%20mountPath%3A%20%2Fvar%2Flib%2Fetcd%2F%0A%20%20%20%20env%3A%0A%20%20%20%20-%20name%3A%20ETCD_DATA_DIR%0A%20%20%20%20%20%20value%3A%20%22%2Fvar%2Flib%2Fetcd%22%0A%20%20%20%20-%20name%3A%20ETCD_NAME%0A%20%20%20%20%20%20valueFrom%3A%0A%20%20%20%20%20%20%20%20fieldRef%3A%0A%20%20%20%20%20%20%20%20%20%20fieldPath%3A%20metadata.name%0A%20%20%20%20ports%3A%0A%20%20%20%20-%20name%3A%20peer%0A%20%20%20%20%20%20containerPort%3A%202380%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20%20%20-%20name%3A%20server%0A%20%20%20%20%20%20containerPort%3A%202379%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20hostNetwork%3A%20true%0A%20%20priorityClassName%3A%20system-node-critical%0A%20%20tolerations%3A%0A%20%20-%20operator%3A%20%22Exists%22%0A%20%20restartPolicy%3A%20Always%0A%20%20volumes%3A%0A%20%20-%20name%3A%20certs%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fstatic-pod-resources%2Fetcd-member%0A%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Frun%2Fetcd%0A%20%20-%20name%3A%20data-dir%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fvar%2Flib%2Fetcd%0A + source: data:text/plain,apiVersion%3A%20v1%0Akind%3A%20Pod%0Ametadata%3A%0A%20%20name%3A%20etcd-member%0A%20%20namespace%3A%20kube-system%0A%20%20labels%3A%0A%20%20%20%20k8s-app%3A%20etcd%0Aspec%3A%0A%20%20initContainers%3A%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20image%3A%20%22image%2FsetupEtcdEnv%3A1%22%0A%20%20%20%20args%3A%0A%20%20%20%20-%20%22run%22%0A%20%20%20%20-%20%22--discovery-srv%3Dmy-test-cluster.installer.team.coreos.systems%22%0A%20%20%20%20-%20%22--output-file%3D%2Frun%2Fetcd%2Fenvironment%22%0A%20%20%20%20-%20%22--v%3D4%22%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20-%20name%3A%20certs%0A%20%20%20%20image%3A%20%22image%2FkubeClientAgentImage%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-servers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3Dlocalhost%2Cetcd.kube-system.svc%2Cetcd.kube-system.svc.cluster.local%2C%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%2C127.0.0.1%20%5C%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-peers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3D%24%7BETCD_DNS_NAME%7D%2Cmy-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%20%5C%0A%20%20%20%20%20%20%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20containers%3A%0A%20%20-%20name%3A%20etcd-member%0A%20%20%20%20image%3A%20%22image%2Fetcd%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20etcd%20%5C%0A%20%20%20%20%20%20%20%20--discovery-srv%20my-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20--initial-advertise-peer-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2380%20%5C%0A%20%20%20%20%20%20%20%20--cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--peer-cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--peer-trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--advertise-client-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-client-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-peer-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2380%20%5C%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20resources%3A%0A%20%20%20%20%20%20requests%3A%0A%20%20%20%20%20%20%20%20memory%3A%20600Mi%0A%20%20%20%20%20%20%20%20cpu%3A%20300m%0A%20%20%20%20terminationMessagePolicy%3A%20FallbackToLogsOnError%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20data-dir%0A%20%20%20%20%20%20mountPath%3A%20%2Fvar%2Flib%2Fetcd%2F%0A%20%20%20%20env%3A%0A%20%20%20%20-%20name%3A%20ETCD_DATA_DIR%0A%20%20%20%20%20%20value%3A%20%22%2Fvar%2Flib%2Fetcd%22%0A%20%20%20%20-%20name%3A%20ETCD_NAME%0A%20%20%20%20%20%20valueFrom%3A%0A%20%20%20%20%20%20%20%20fieldRef%3A%0A%20%20%20%20%20%20%20%20%20%20fieldPath%3A%20metadata.name%0A%20%20%20%20ports%3A%0A%20%20%20%20-%20name%3A%20peer%0A%20%20%20%20%20%20containerPort%3A%202380%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20%20%20-%20name%3A%20server%0A%20%20%20%20%20%20containerPort%3A%202379%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20hostNetwork%3A%20true%0A%20%20priorityClassName%3A%20system-node-critical%0A%20%20tolerations%3A%0A%20%20-%20operator%3A%20%22Exists%22%0A%20%20restartPolicy%3A%20Always%0A%20%20volumes%3A%0A%20%20-%20name%3A%20certs%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fstatic-pod-resources%2Fetcd-member%0A%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Frun%2Fetcd%0A%20%20-%20name%3A%20data-dir%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fvar%2Flib%2Fetcd%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/manifests/etcd-member.yaml +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt index 32bcd5d94d..0e81fdb8b6 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20etcd-ca%0A + source: data:text/plain,dummy%20etcd-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/static-pod-resources/etcd-member/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt index cb1bec649c..9f9885e5dd 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/static-pod-resources/etcd-member/root-ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-sysconfig-crio-network b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-sysconfig-crio-network index a56f445be7..9f47fa7018 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-sysconfig-crio-network +++ b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-sysconfig-crio-network @@ -1,6 +1,8 @@ contents: - source: data:,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A + source: data:text/plain,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysconfig/crio-network +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-sysctl.d-forward.conf b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-sysctl.d-forward.conf index dc3f2dc75d..808b447f78 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-sysctl.d-forward.conf +++ b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-etc-sysctl.d-forward.conf @@ -1,6 +1,8 @@ contents: - source: data:,net.ipv4.ip_forward%20%3D%201%0A + source: data:text/plain,net.ipv4.ip_forward%20%3D%201%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysctl.d/forward.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-var-lib-kubelet-config.json b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-var-lib-kubelet-config.json index 0ba6c19e6a..13e9f8eb0f 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-var-lib-kubelet-config.json +++ b/pkg/controller/template/test_data/templates/master/00-master/libvirt/files/-var-lib-kubelet-config.json @@ -1,6 +1,8 @@ contents: - source: data:,%7B%22dummy%22%3A%22dummy%22%7D%0A + source: data:text/plain,%7B%22dummy%22%3A%22dummy%22%7D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /var/lib/kubelet/config.json +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-ca.crt index 93e18c9420..85160e00fb 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy index 745cb9e5d9..25ae417ef8 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy +++ b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy @@ -1,6 +1,8 @@ contents: - source: data:, + source: data:text/plain, verification: {} -filesystem: root +group: {} mode: 493 +overwrite: true path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-manifests-etcd-member.yaml b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-manifests-etcd-member.yaml index 101a6bd98f..da65782dfd 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-manifests-etcd-member.yaml +++ b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-manifests-etcd-member.yaml @@ -1,6 +1,8 @@ contents: - source: data:,apiVersion%3A%20v1%0Akind%3A%20Pod%0Ametadata%3A%0A%20%20name%3A%20etcd-member%0A%20%20namespace%3A%20kube-system%0A%20%20labels%3A%0A%20%20%20%20k8s-app%3A%20etcd%0Aspec%3A%0A%20%20initContainers%3A%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20image%3A%20%22image%2FsetupEtcdEnv%3A1%22%0A%20%20%20%20args%3A%0A%20%20%20%20-%20%22run%22%0A%20%20%20%20-%20%22--discovery-srv%3Dmy-test-cluster.installer.team.coreos.systems%22%0A%20%20%20%20-%20%22--output-file%3D%2Frun%2Fetcd%2Fenvironment%22%0A%20%20%20%20-%20%22--v%3D4%22%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20-%20name%3A%20certs%0A%20%20%20%20image%3A%20%22image%2FkubeClientAgentImage%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-servers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3Dlocalhost%2Cetcd.kube-system.svc%2Cetcd.kube-system.svc.cluster.local%2C%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%2C127.0.0.1%20%5C%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-peers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3D%24%7BETCD_DNS_NAME%7D%2Cmy-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%20%5C%0A%20%20%20%20%20%20%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20containers%3A%0A%20%20-%20name%3A%20etcd-member%0A%20%20%20%20image%3A%20%22image%2Fetcd%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20etcd%20%5C%0A%20%20%20%20%20%20%20%20--discovery-srv%20my-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20--initial-advertise-peer-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2380%20%5C%0A%20%20%20%20%20%20%20%20--cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--peer-cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--peer-trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--advertise-client-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-client-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-peer-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2380%20%5C%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20resources%3A%0A%20%20%20%20%20%20requests%3A%0A%20%20%20%20%20%20%20%20memory%3A%20600Mi%0A%20%20%20%20%20%20%20%20cpu%3A%20300m%0A%20%20%20%20terminationMessagePolicy%3A%20FallbackToLogsOnError%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20data-dir%0A%20%20%20%20%20%20mountPath%3A%20%2Fvar%2Flib%2Fetcd%2F%0A%20%20%20%20env%3A%0A%20%20%20%20-%20name%3A%20ETCD_DATA_DIR%0A%20%20%20%20%20%20value%3A%20%22%2Fvar%2Flib%2Fetcd%22%0A%20%20%20%20-%20name%3A%20ETCD_NAME%0A%20%20%20%20%20%20valueFrom%3A%0A%20%20%20%20%20%20%20%20fieldRef%3A%0A%20%20%20%20%20%20%20%20%20%20fieldPath%3A%20metadata.name%0A%20%20%20%20ports%3A%0A%20%20%20%20-%20name%3A%20peer%0A%20%20%20%20%20%20containerPort%3A%202380%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20%20%20-%20name%3A%20server%0A%20%20%20%20%20%20containerPort%3A%202379%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20hostNetwork%3A%20true%0A%20%20priorityClassName%3A%20system-node-critical%0A%20%20tolerations%3A%0A%20%20-%20operator%3A%20%22Exists%22%0A%20%20restartPolicy%3A%20Always%0A%20%20volumes%3A%0A%20%20-%20name%3A%20certs%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fstatic-pod-resources%2Fetcd-member%0A%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Frun%2Fetcd%0A%20%20-%20name%3A%20data-dir%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fvar%2Flib%2Fetcd%0A + source: data:text/plain,apiVersion%3A%20v1%0Akind%3A%20Pod%0Ametadata%3A%0A%20%20name%3A%20etcd-member%0A%20%20namespace%3A%20kube-system%0A%20%20labels%3A%0A%20%20%20%20k8s-app%3A%20etcd%0Aspec%3A%0A%20%20initContainers%3A%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20image%3A%20%22image%2FsetupEtcdEnv%3A1%22%0A%20%20%20%20args%3A%0A%20%20%20%20-%20%22run%22%0A%20%20%20%20-%20%22--discovery-srv%3Dmy-test-cluster.installer.team.coreos.systems%22%0A%20%20%20%20-%20%22--output-file%3D%2Frun%2Fetcd%2Fenvironment%22%0A%20%20%20%20-%20%22--v%3D4%22%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20-%20name%3A%20certs%0A%20%20%20%20image%3A%20%22image%2FkubeClientAgentImage%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-servers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3Dlocalhost%2Cetcd.kube-system.svc%2Cetcd.kube-system.svc.cluster.local%2C%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%2C127.0.0.1%20%5C%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-peers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3D%24%7BETCD_DNS_NAME%7D%2Cmy-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%20%5C%0A%20%20%20%20%20%20%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20containers%3A%0A%20%20-%20name%3A%20etcd-member%0A%20%20%20%20image%3A%20%22image%2Fetcd%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20etcd%20%5C%0A%20%20%20%20%20%20%20%20--discovery-srv%20my-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20--initial-advertise-peer-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2380%20%5C%0A%20%20%20%20%20%20%20%20--cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--peer-cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--peer-trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--advertise-client-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-client-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-peer-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2380%20%5C%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20resources%3A%0A%20%20%20%20%20%20requests%3A%0A%20%20%20%20%20%20%20%20memory%3A%20600Mi%0A%20%20%20%20%20%20%20%20cpu%3A%20300m%0A%20%20%20%20terminationMessagePolicy%3A%20FallbackToLogsOnError%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20data-dir%0A%20%20%20%20%20%20mountPath%3A%20%2Fvar%2Flib%2Fetcd%2F%0A%20%20%20%20env%3A%0A%20%20%20%20-%20name%3A%20ETCD_DATA_DIR%0A%20%20%20%20%20%20value%3A%20%22%2Fvar%2Flib%2Fetcd%22%0A%20%20%20%20-%20name%3A%20ETCD_NAME%0A%20%20%20%20%20%20valueFrom%3A%0A%20%20%20%20%20%20%20%20fieldRef%3A%0A%20%20%20%20%20%20%20%20%20%20fieldPath%3A%20metadata.name%0A%20%20%20%20ports%3A%0A%20%20%20%20-%20name%3A%20peer%0A%20%20%20%20%20%20containerPort%3A%202380%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20%20%20-%20name%3A%20server%0A%20%20%20%20%20%20containerPort%3A%202379%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20hostNetwork%3A%20true%0A%20%20priorityClassName%3A%20system-node-critical%0A%20%20tolerations%3A%0A%20%20-%20operator%3A%20%22Exists%22%0A%20%20restartPolicy%3A%20Always%0A%20%20volumes%3A%0A%20%20-%20name%3A%20certs%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fstatic-pod-resources%2Fetcd-member%0A%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Frun%2Fetcd%0A%20%20-%20name%3A%20data-dir%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fvar%2Flib%2Fetcd%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/manifests/etcd-member.yaml +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt index 32bcd5d94d..0e81fdb8b6 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20etcd-ca%0A + source: data:text/plain,dummy%20etcd-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/static-pod-resources/etcd-member/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt index cb1bec649c..9f9885e5dd 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/static-pod-resources/etcd-member/root-ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-sysconfig-crio-network b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-sysconfig-crio-network index a56f445be7..9f47fa7018 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-sysconfig-crio-network +++ b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-sysconfig-crio-network @@ -1,6 +1,8 @@ contents: - source: data:,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A + source: data:text/plain,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysconfig/crio-network +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-sysctl.d-forward.conf b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-sysctl.d-forward.conf index dc3f2dc75d..808b447f78 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-sysctl.d-forward.conf +++ b/pkg/controller/template/test_data/templates/master/00-master/none/files/-etc-sysctl.d-forward.conf @@ -1,6 +1,8 @@ contents: - source: data:,net.ipv4.ip_forward%20%3D%201%0A + source: data:text/plain,net.ipv4.ip_forward%20%3D%201%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysctl.d/forward.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/none/files/-var-lib-kubelet-config.json b/pkg/controller/template/test_data/templates/master/00-master/none/files/-var-lib-kubelet-config.json index 0ba6c19e6a..13e9f8eb0f 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/none/files/-var-lib-kubelet-config.json +++ b/pkg/controller/template/test_data/templates/master/00-master/none/files/-var-lib-kubelet-config.json @@ -1,6 +1,8 @@ contents: - source: data:,%7B%22dummy%22%3A%22dummy%22%7D%0A + source: data:text/plain,%7B%22dummy%22%3A%22dummy%22%7D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /var/lib/kubelet/config.json +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-ca.crt index 93e18c9420..85160e00fb 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy index 745cb9e5d9..25ae417ef8 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy +++ b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy @@ -1,6 +1,8 @@ contents: - source: data:, + source: data:text/plain, verification: {} -filesystem: root +group: {} mode: 493 +overwrite: true path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-manifests-etcd-member.yaml b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-manifests-etcd-member.yaml index 101a6bd98f..da65782dfd 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-manifests-etcd-member.yaml +++ b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-manifests-etcd-member.yaml @@ -1,6 +1,8 @@ contents: - source: data:,apiVersion%3A%20v1%0Akind%3A%20Pod%0Ametadata%3A%0A%20%20name%3A%20etcd-member%0A%20%20namespace%3A%20kube-system%0A%20%20labels%3A%0A%20%20%20%20k8s-app%3A%20etcd%0Aspec%3A%0A%20%20initContainers%3A%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20image%3A%20%22image%2FsetupEtcdEnv%3A1%22%0A%20%20%20%20args%3A%0A%20%20%20%20-%20%22run%22%0A%20%20%20%20-%20%22--discovery-srv%3Dmy-test-cluster.installer.team.coreos.systems%22%0A%20%20%20%20-%20%22--output-file%3D%2Frun%2Fetcd%2Fenvironment%22%0A%20%20%20%20-%20%22--v%3D4%22%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20-%20name%3A%20certs%0A%20%20%20%20image%3A%20%22image%2FkubeClientAgentImage%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-servers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3Dlocalhost%2Cetcd.kube-system.svc%2Cetcd.kube-system.svc.cluster.local%2C%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%2C127.0.0.1%20%5C%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-peers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3D%24%7BETCD_DNS_NAME%7D%2Cmy-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%20%5C%0A%20%20%20%20%20%20%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20containers%3A%0A%20%20-%20name%3A%20etcd-member%0A%20%20%20%20image%3A%20%22image%2Fetcd%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20etcd%20%5C%0A%20%20%20%20%20%20%20%20--discovery-srv%20my-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20--initial-advertise-peer-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2380%20%5C%0A%20%20%20%20%20%20%20%20--cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--peer-cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--peer-trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--advertise-client-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-client-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-peer-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2380%20%5C%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20resources%3A%0A%20%20%20%20%20%20requests%3A%0A%20%20%20%20%20%20%20%20memory%3A%20600Mi%0A%20%20%20%20%20%20%20%20cpu%3A%20300m%0A%20%20%20%20terminationMessagePolicy%3A%20FallbackToLogsOnError%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20data-dir%0A%20%20%20%20%20%20mountPath%3A%20%2Fvar%2Flib%2Fetcd%2F%0A%20%20%20%20env%3A%0A%20%20%20%20-%20name%3A%20ETCD_DATA_DIR%0A%20%20%20%20%20%20value%3A%20%22%2Fvar%2Flib%2Fetcd%22%0A%20%20%20%20-%20name%3A%20ETCD_NAME%0A%20%20%20%20%20%20valueFrom%3A%0A%20%20%20%20%20%20%20%20fieldRef%3A%0A%20%20%20%20%20%20%20%20%20%20fieldPath%3A%20metadata.name%0A%20%20%20%20ports%3A%0A%20%20%20%20-%20name%3A%20peer%0A%20%20%20%20%20%20containerPort%3A%202380%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20%20%20-%20name%3A%20server%0A%20%20%20%20%20%20containerPort%3A%202379%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20hostNetwork%3A%20true%0A%20%20priorityClassName%3A%20system-node-critical%0A%20%20tolerations%3A%0A%20%20-%20operator%3A%20%22Exists%22%0A%20%20restartPolicy%3A%20Always%0A%20%20volumes%3A%0A%20%20-%20name%3A%20certs%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fstatic-pod-resources%2Fetcd-member%0A%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Frun%2Fetcd%0A%20%20-%20name%3A%20data-dir%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fvar%2Flib%2Fetcd%0A + source: data:text/plain,apiVersion%3A%20v1%0Akind%3A%20Pod%0Ametadata%3A%0A%20%20name%3A%20etcd-member%0A%20%20namespace%3A%20kube-system%0A%20%20labels%3A%0A%20%20%20%20k8s-app%3A%20etcd%0Aspec%3A%0A%20%20initContainers%3A%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20image%3A%20%22image%2FsetupEtcdEnv%3A1%22%0A%20%20%20%20args%3A%0A%20%20%20%20-%20%22run%22%0A%20%20%20%20-%20%22--discovery-srv%3Dmy-test-cluster.installer.team.coreos.systems%22%0A%20%20%20%20-%20%22--output-file%3D%2Frun%2Fetcd%2Fenvironment%22%0A%20%20%20%20-%20%22--v%3D4%22%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20-%20name%3A%20certs%0A%20%20%20%20image%3A%20%22image%2FkubeClientAgentImage%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-servers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3Dlocalhost%2Cetcd.kube-system.svc%2Cetcd.kube-system.svc.cluster.local%2C%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%2C127.0.0.1%20%5C%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-peers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3D%24%7BETCD_DNS_NAME%7D%2Cmy-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%20%5C%0A%20%20%20%20%20%20%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20containers%3A%0A%20%20-%20name%3A%20etcd-member%0A%20%20%20%20image%3A%20%22image%2Fetcd%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20etcd%20%5C%0A%20%20%20%20%20%20%20%20--discovery-srv%20my-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20--initial-advertise-peer-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2380%20%5C%0A%20%20%20%20%20%20%20%20--cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--peer-cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--peer-trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--advertise-client-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-client-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-peer-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2380%20%5C%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20resources%3A%0A%20%20%20%20%20%20requests%3A%0A%20%20%20%20%20%20%20%20memory%3A%20600Mi%0A%20%20%20%20%20%20%20%20cpu%3A%20300m%0A%20%20%20%20terminationMessagePolicy%3A%20FallbackToLogsOnError%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20data-dir%0A%20%20%20%20%20%20mountPath%3A%20%2Fvar%2Flib%2Fetcd%2F%0A%20%20%20%20env%3A%0A%20%20%20%20-%20name%3A%20ETCD_DATA_DIR%0A%20%20%20%20%20%20value%3A%20%22%2Fvar%2Flib%2Fetcd%22%0A%20%20%20%20-%20name%3A%20ETCD_NAME%0A%20%20%20%20%20%20valueFrom%3A%0A%20%20%20%20%20%20%20%20fieldRef%3A%0A%20%20%20%20%20%20%20%20%20%20fieldPath%3A%20metadata.name%0A%20%20%20%20ports%3A%0A%20%20%20%20-%20name%3A%20peer%0A%20%20%20%20%20%20containerPort%3A%202380%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20%20%20-%20name%3A%20server%0A%20%20%20%20%20%20containerPort%3A%202379%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20hostNetwork%3A%20true%0A%20%20priorityClassName%3A%20system-node-critical%0A%20%20tolerations%3A%0A%20%20-%20operator%3A%20%22Exists%22%0A%20%20restartPolicy%3A%20Always%0A%20%20volumes%3A%0A%20%20-%20name%3A%20certs%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fstatic-pod-resources%2Fetcd-member%0A%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Frun%2Fetcd%0A%20%20-%20name%3A%20data-dir%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fvar%2Flib%2Fetcd%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/manifests/etcd-member.yaml +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt index 32bcd5d94d..0e81fdb8b6 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20etcd-ca%0A + source: data:text/plain,dummy%20etcd-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/static-pod-resources/etcd-member/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt index cb1bec649c..9f9885e5dd 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/static-pod-resources/etcd-member/root-ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-sysconfig-crio-network b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-sysconfig-crio-network index a56f445be7..9f47fa7018 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-sysconfig-crio-network +++ b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-sysconfig-crio-network @@ -1,6 +1,8 @@ contents: - source: data:,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A + source: data:text/plain,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysconfig/crio-network +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-sysctl.d-forward.conf b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-sysctl.d-forward.conf index dc3f2dc75d..808b447f78 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-sysctl.d-forward.conf +++ b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-etc-sysctl.d-forward.conf @@ -1,6 +1,8 @@ contents: - source: data:,net.ipv4.ip_forward%20%3D%201%0A + source: data:text/plain,net.ipv4.ip_forward%20%3D%201%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysctl.d/forward.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-var-lib-kubelet-config.json b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-var-lib-kubelet-config.json index 0ba6c19e6a..13e9f8eb0f 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-var-lib-kubelet-config.json +++ b/pkg/controller/template/test_data/templates/master/00-master/openstack/files/-var-lib-kubelet-config.json @@ -1,6 +1,8 @@ contents: - source: data:,%7B%22dummy%22%3A%22dummy%22%7D%0A + source: data:text/plain,%7B%22dummy%22%3A%22dummy%22%7D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /var/lib/kubelet/config.json +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-ca.crt index 93e18c9420..85160e00fb 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy index 745cb9e5d9..25ae417ef8 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy +++ b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy @@ -1,6 +1,8 @@ contents: - source: data:, + source: data:text/plain, verification: {} -filesystem: root +group: {} mode: 493 +overwrite: true path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-manifests-etcd-member.yaml b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-manifests-etcd-member.yaml index 101a6bd98f..da65782dfd 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-manifests-etcd-member.yaml +++ b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-manifests-etcd-member.yaml @@ -1,6 +1,8 @@ contents: - source: data:,apiVersion%3A%20v1%0Akind%3A%20Pod%0Ametadata%3A%0A%20%20name%3A%20etcd-member%0A%20%20namespace%3A%20kube-system%0A%20%20labels%3A%0A%20%20%20%20k8s-app%3A%20etcd%0Aspec%3A%0A%20%20initContainers%3A%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20image%3A%20%22image%2FsetupEtcdEnv%3A1%22%0A%20%20%20%20args%3A%0A%20%20%20%20-%20%22run%22%0A%20%20%20%20-%20%22--discovery-srv%3Dmy-test-cluster.installer.team.coreos.systems%22%0A%20%20%20%20-%20%22--output-file%3D%2Frun%2Fetcd%2Fenvironment%22%0A%20%20%20%20-%20%22--v%3D4%22%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20-%20name%3A%20certs%0A%20%20%20%20image%3A%20%22image%2FkubeClientAgentImage%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-servers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3Dlocalhost%2Cetcd.kube-system.svc%2Cetcd.kube-system.svc.cluster.local%2C%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%2C127.0.0.1%20%5C%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-peers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3D%24%7BETCD_DNS_NAME%7D%2Cmy-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%20%5C%0A%20%20%20%20%20%20%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20containers%3A%0A%20%20-%20name%3A%20etcd-member%0A%20%20%20%20image%3A%20%22image%2Fetcd%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20etcd%20%5C%0A%20%20%20%20%20%20%20%20--discovery-srv%20my-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20--initial-advertise-peer-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2380%20%5C%0A%20%20%20%20%20%20%20%20--cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--peer-cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--peer-trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--advertise-client-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-client-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-peer-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2380%20%5C%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20resources%3A%0A%20%20%20%20%20%20requests%3A%0A%20%20%20%20%20%20%20%20memory%3A%20600Mi%0A%20%20%20%20%20%20%20%20cpu%3A%20300m%0A%20%20%20%20terminationMessagePolicy%3A%20FallbackToLogsOnError%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20data-dir%0A%20%20%20%20%20%20mountPath%3A%20%2Fvar%2Flib%2Fetcd%2F%0A%20%20%20%20env%3A%0A%20%20%20%20-%20name%3A%20ETCD_DATA_DIR%0A%20%20%20%20%20%20value%3A%20%22%2Fvar%2Flib%2Fetcd%22%0A%20%20%20%20-%20name%3A%20ETCD_NAME%0A%20%20%20%20%20%20valueFrom%3A%0A%20%20%20%20%20%20%20%20fieldRef%3A%0A%20%20%20%20%20%20%20%20%20%20fieldPath%3A%20metadata.name%0A%20%20%20%20ports%3A%0A%20%20%20%20-%20name%3A%20peer%0A%20%20%20%20%20%20containerPort%3A%202380%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20%20%20-%20name%3A%20server%0A%20%20%20%20%20%20containerPort%3A%202379%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20hostNetwork%3A%20true%0A%20%20priorityClassName%3A%20system-node-critical%0A%20%20tolerations%3A%0A%20%20-%20operator%3A%20%22Exists%22%0A%20%20restartPolicy%3A%20Always%0A%20%20volumes%3A%0A%20%20-%20name%3A%20certs%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fstatic-pod-resources%2Fetcd-member%0A%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Frun%2Fetcd%0A%20%20-%20name%3A%20data-dir%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fvar%2Flib%2Fetcd%0A + source: data:text/plain,apiVersion%3A%20v1%0Akind%3A%20Pod%0Ametadata%3A%0A%20%20name%3A%20etcd-member%0A%20%20namespace%3A%20kube-system%0A%20%20labels%3A%0A%20%20%20%20k8s-app%3A%20etcd%0Aspec%3A%0A%20%20initContainers%3A%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20image%3A%20%22image%2FsetupEtcdEnv%3A1%22%0A%20%20%20%20args%3A%0A%20%20%20%20-%20%22run%22%0A%20%20%20%20-%20%22--discovery-srv%3Dmy-test-cluster.installer.team.coreos.systems%22%0A%20%20%20%20-%20%22--output-file%3D%2Frun%2Fetcd%2Fenvironment%22%0A%20%20%20%20-%20%22--v%3D4%22%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20-%20name%3A%20certs%0A%20%20%20%20image%3A%20%22image%2FkubeClientAgentImage%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-servers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3Dlocalhost%2Cetcd.kube-system.svc%2Cetcd.kube-system.svc.cluster.local%2C%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%2C127.0.0.1%20%5C%0A%0A%20%20%20%20%20%20%5B%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20-a%20%5C%0A%20%20%20%20%20%20%20%20-e%20%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5D%20%7C%7C%20%5C%0A%20%20%20%20%20%20%20%20kube-client-agent%20%5C%0A%20%20%20%20%20%20%20%20%20%20request%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--kubeconfig%3D%2Fetc%2Fkubernetes%2Fkubeconfig%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--orgname%3Dsystem%3Aetcd-peers%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--assetsdir%3D%2Fetc%2Fssl%2Fetcd%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--dnsnames%3D%24%7BETCD_DNS_NAME%7D%2Cmy-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--commonname%3Dsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D%20%5C%0A%20%20%20%20%20%20%20%20%20%20%20%20--ipaddrs%3D%24%7BETCD_IPV4_ADDRESS%7D%20%5C%0A%20%20%20%20%20%20%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20containers%3A%0A%20%20-%20name%3A%20etcd-member%0A%20%20%20%20image%3A%20%22image%2Fetcd%3A1%22%0A%20%20%20%20command%3A%0A%20%20%20%20-%20%2Fbin%2Fsh%0A%20%20%20%20-%20-c%0A%20%20%20%20-%20%7C%0A%20%20%20%20%20%20%23!%2Fbin%2Fsh%0A%20%20%20%20%20%20set%20-euo%20pipefail%0A%0A%20%20%20%20%20%20source%20%2Frun%2Fetcd%2Fenvironment%0A%0A%20%20%20%20%20%20etcd%20%5C%0A%20%20%20%20%20%20%20%20--discovery-srv%20my-test-cluster.installer.team.coreos.systems%20%5C%0A%20%20%20%20%20%20%20%20--initial-advertise-peer-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2380%20%5C%0A%20%20%20%20%20%20%20%20--cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-server%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--peer-cert-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-key-file%3D%2Fetc%2Fssl%2Fetcd%2Fsystem%3Aetcd-peer%3A%24%7BETCD_DNS_NAME%7D.key%20%5C%0A%20%20%20%20%20%20%20%20--peer-trusted-ca-file%3D%2Fetc%2Fssl%2Fetcd%2Fca.crt%20%5C%0A%20%20%20%20%20%20%20%20--peer-client-cert-auth%3Dtrue%20%5C%0A%20%20%20%20%20%20%20%20--advertise-client-urls%3Dhttps%3A%2F%2F%24%7BETCD_IPV4_ADDRESS%7D%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-client-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2379%20%5C%0A%20%20%20%20%20%20%20%20--listen-peer-urls%3Dhttps%3A%2F%2F0.0.0.0%3A2380%20%5C%0A%20%20%20%20securityContext%3A%0A%20%20%20%20%20%20priviledged%3A%20true%0A%20%20%20%20resources%3A%0A%20%20%20%20%20%20requests%3A%0A%20%20%20%20%20%20%20%20memory%3A%20600Mi%0A%20%20%20%20%20%20%20%20cpu%3A%20300m%0A%20%20%20%20terminationMessagePolicy%3A%20FallbackToLogsOnError%0A%20%20%20%20volumeMounts%3A%0A%20%20%20%20-%20name%3A%20discovery%0A%20%20%20%20%20%20mountPath%3A%20%2Frun%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20certs%0A%20%20%20%20%20%20mountPath%3A%20%2Fetc%2Fssl%2Fetcd%2F%0A%20%20%20%20-%20name%3A%20data-dir%0A%20%20%20%20%20%20mountPath%3A%20%2Fvar%2Flib%2Fetcd%2F%0A%20%20%20%20env%3A%0A%20%20%20%20-%20name%3A%20ETCD_DATA_DIR%0A%20%20%20%20%20%20value%3A%20%22%2Fvar%2Flib%2Fetcd%22%0A%20%20%20%20-%20name%3A%20ETCD_NAME%0A%20%20%20%20%20%20valueFrom%3A%0A%20%20%20%20%20%20%20%20fieldRef%3A%0A%20%20%20%20%20%20%20%20%20%20fieldPath%3A%20metadata.name%0A%20%20%20%20ports%3A%0A%20%20%20%20-%20name%3A%20peer%0A%20%20%20%20%20%20containerPort%3A%202380%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20%20%20-%20name%3A%20server%0A%20%20%20%20%20%20containerPort%3A%202379%0A%20%20%20%20%20%20protocol%3A%20TCP%0A%20%20hostNetwork%3A%20true%0A%20%20priorityClassName%3A%20system-node-critical%0A%20%20tolerations%3A%0A%20%20-%20operator%3A%20%22Exists%22%0A%20%20restartPolicy%3A%20Always%0A%20%20volumes%3A%0A%20%20-%20name%3A%20certs%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fstatic-pod-resources%2Fetcd-member%0A%20%20-%20name%3A%20kubeconfig%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fetc%2Fkubernetes%2Fkubeconfig%0A%20%20-%20name%3A%20discovery%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Frun%2Fetcd%0A%20%20-%20name%3A%20data-dir%0A%20%20%20%20hostPath%3A%0A%20%20%20%20%20%20path%3A%20%2Fvar%2Flib%2Fetcd%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/manifests/etcd-member.yaml +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt index 32bcd5d94d..0e81fdb8b6 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-static-pod-resources-etcd-member-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20etcd-ca%0A + source: data:text/plain,dummy%20etcd-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/static-pod-resources/etcd-member/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt index cb1bec649c..9f9885e5dd 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt +++ b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-kubernetes-static-pod-resources-etcd-member-root-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/static-pod-resources/etcd-member/root-ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-sysconfig-crio-network b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-sysconfig-crio-network index a56f445be7..9f47fa7018 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-sysconfig-crio-network +++ b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-sysconfig-crio-network @@ -1,6 +1,8 @@ contents: - source: data:,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A + source: data:text/plain,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysconfig/crio-network +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-sysctl.d-forward.conf b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-sysctl.d-forward.conf index dc3f2dc75d..808b447f78 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-sysctl.d-forward.conf +++ b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-etc-sysctl.d-forward.conf @@ -1,6 +1,8 @@ contents: - source: data:,net.ipv4.ip_forward%20%3D%201%0A + source: data:text/plain,net.ipv4.ip_forward%20%3D%201%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysctl.d/forward.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-var-lib-kubelet-config.json b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-var-lib-kubelet-config.json index 0ba6c19e6a..13e9f8eb0f 100644 --- a/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-var-lib-kubelet-config.json +++ b/pkg/controller/template/test_data/templates/master/00-master/vsphere/files/-var-lib-kubelet-config.json @@ -1,6 +1,8 @@ contents: - source: data:,%7B%22dummy%22%3A%22dummy%22%7D%0A + source: data:text/plain,%7B%22dummy%22%3A%22dummy%22%7D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /var/lib/kubelet/config.json +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-containers-registries.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-containers-registries.conf index 53c1015d88..500d6539c2 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-containers-registries.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-containers-registries.conf @@ -1,6 +1,8 @@ contents: - source: data:,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A + source: data:text/plain,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/registries.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-containers-storage.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-containers-storage.conf index f955c08a3e..f6731301e6 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-containers-storage.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-containers-storage.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A + source: data:text/plain,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/storage.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-crio-crio.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-crio-crio.conf index 689a72157a..c91fc97858 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-crio-crio.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/aws/files/-etc-crio-crio.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A + source: data:text/plain,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/crio/crio.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-containers-registries.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-containers-registries.conf index 53c1015d88..500d6539c2 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-containers-registries.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-containers-registries.conf @@ -1,6 +1,8 @@ contents: - source: data:,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A + source: data:text/plain,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/registries.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-containers-storage.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-containers-storage.conf index f955c08a3e..f6731301e6 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-containers-storage.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-containers-storage.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A + source: data:text/plain,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/storage.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-crio-crio.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-crio-crio.conf index 689a72157a..c91fc97858 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-crio-crio.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/libvirt/files/-etc-crio-crio.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A + source: data:text/plain,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/crio/crio.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-containers-registries.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-containers-registries.conf index 53c1015d88..500d6539c2 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-containers-registries.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-containers-registries.conf @@ -1,6 +1,8 @@ contents: - source: data:,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A + source: data:text/plain,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/registries.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-containers-storage.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-containers-storage.conf index f955c08a3e..f6731301e6 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-containers-storage.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-containers-storage.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A + source: data:text/plain,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/storage.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-crio-crio.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-crio-crio.conf index 689a72157a..c91fc97858 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-crio-crio.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/none/files/-etc-crio-crio.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A + source: data:text/plain,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/crio/crio.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-containers-registries.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-containers-registries.conf index 53c1015d88..500d6539c2 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-containers-registries.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-containers-registries.conf @@ -1,6 +1,8 @@ contents: - source: data:,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A + source: data:text/plain,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/registries.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-containers-storage.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-containers-storage.conf index f955c08a3e..f6731301e6 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-containers-storage.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-containers-storage.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A + source: data:text/plain,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/storage.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-crio-crio.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-crio-crio.conf index 689a72157a..c91fc97858 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-crio-crio.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/openstack/files/-etc-crio-crio.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A + source: data:text/plain,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/crio/crio.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-containers-registries.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-containers-registries.conf index 53c1015d88..500d6539c2 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-containers-registries.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-containers-registries.conf @@ -1,6 +1,8 @@ contents: - source: data:,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A + source: data:text/plain,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/registries.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-containers-storage.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-containers-storage.conf index f955c08a3e..f6731301e6 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-containers-storage.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-containers-storage.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A + source: data:text/plain,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/storage.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-crio-crio.conf b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-crio-crio.conf index 689a72157a..c91fc97858 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-crio-crio.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-container-runtime/vsphere/files/-etc-crio-crio.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A + source: data:text/plain,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/crio/crio.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-kubelet/aws/files/-etc-kubernetes-kubelet.conf b/pkg/controller/template/test_data/templates/master/01-master-kubelet/aws/files/-etc-kubernetes-kubelet.conf index 9cdc597762..96193d7c7c 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-kubelet/aws/files/-etc-kubernetes-kubelet.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-kubelet/aws/files/-etc-kubernetes-kubelet.conf @@ -1,6 +1,8 @@ contents: - source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A + source: data:text/plain,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/kubelet.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-kubelet/libvirt/files/-etc-kubernetes-kubelet.conf b/pkg/controller/template/test_data/templates/master/01-master-kubelet/libvirt/files/-etc-kubernetes-kubelet.conf index 9cdc597762..96193d7c7c 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-kubelet/libvirt/files/-etc-kubernetes-kubelet.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-kubelet/libvirt/files/-etc-kubernetes-kubelet.conf @@ -1,6 +1,8 @@ contents: - source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A + source: data:text/plain,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/kubelet.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-kubelet/none/files/-etc-kubernetes-kubelet.conf b/pkg/controller/template/test_data/templates/master/01-master-kubelet/none/files/-etc-kubernetes-kubelet.conf index 9cdc597762..96193d7c7c 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-kubelet/none/files/-etc-kubernetes-kubelet.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-kubelet/none/files/-etc-kubernetes-kubelet.conf @@ -1,6 +1,8 @@ contents: - source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A + source: data:text/plain,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/kubelet.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-kubelet/openstack/files/-etc-kubernetes-kubelet.conf b/pkg/controller/template/test_data/templates/master/01-master-kubelet/openstack/files/-etc-kubernetes-kubelet.conf index 9cdc597762..96193d7c7c 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-kubelet/openstack/files/-etc-kubernetes-kubelet.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-kubelet/openstack/files/-etc-kubernetes-kubelet.conf @@ -1,6 +1,8 @@ contents: - source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A + source: data:text/plain,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/kubelet.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/master/01-master-kubelet/vsphere/files/-etc-kubernetes-kubelet.conf b/pkg/controller/template/test_data/templates/master/01-master-kubelet/vsphere/files/-etc-kubernetes-kubelet.conf index 9cdc597762..96193d7c7c 100644 --- a/pkg/controller/template/test_data/templates/master/01-master-kubelet/vsphere/files/-etc-kubernetes-kubelet.conf +++ b/pkg/controller/template/test_data/templates/master/01-master-kubelet/vsphere/files/-etc-kubernetes-kubelet.conf @@ -1,6 +1,8 @@ contents: - source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A + source: data:text/plain,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/kubelet.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-kubernetes-ca.crt b/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-kubernetes-ca.crt index 93e18c9420..85160e00fb 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-kubernetes-ca.crt +++ b/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-kubernetes-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy b/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy index 745cb9e5d9..25ae417ef8 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy +++ b/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy @@ -1,6 +1,8 @@ contents: - source: data:, + source: data:text/plain, verification: {} -filesystem: root +group: {} mode: 493 +overwrite: true path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-sysconfig-crio-network b/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-sysconfig-crio-network index a56f445be7..9f47fa7018 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-sysconfig-crio-network +++ b/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-sysconfig-crio-network @@ -1,6 +1,8 @@ contents: - source: data:,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A + source: data:text/plain,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysconfig/crio-network +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-sysctl.d-forward.conf b/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-sysctl.d-forward.conf index dc3f2dc75d..808b447f78 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-sysctl.d-forward.conf +++ b/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-etc-sysctl.d-forward.conf @@ -1,6 +1,8 @@ contents: - source: data:,net.ipv4.ip_forward%20%3D%201%0A + source: data:text/plain,net.ipv4.ip_forward%20%3D%201%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysctl.d/forward.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-var-lib-kubelet-config.json b/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-var-lib-kubelet-config.json index 0ba6c19e6a..13e9f8eb0f 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-var-lib-kubelet-config.json +++ b/pkg/controller/template/test_data/templates/worker/00-worker/aws/files/-var-lib-kubelet-config.json @@ -1,6 +1,8 @@ contents: - source: data:,%7B%22dummy%22%3A%22dummy%22%7D%0A + source: data:text/plain,%7B%22dummy%22%3A%22dummy%22%7D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /var/lib/kubelet/config.json +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-kubernetes-ca.crt b/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-kubernetes-ca.crt index 93e18c9420..85160e00fb 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-kubernetes-ca.crt +++ b/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-kubernetes-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy b/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy index 745cb9e5d9..25ae417ef8 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy +++ b/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy @@ -1,6 +1,8 @@ contents: - source: data:, + source: data:text/plain, verification: {} -filesystem: root +group: {} mode: 493 +overwrite: true path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-sysconfig-crio-network b/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-sysconfig-crio-network index a56f445be7..9f47fa7018 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-sysconfig-crio-network +++ b/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-sysconfig-crio-network @@ -1,6 +1,8 @@ contents: - source: data:,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A + source: data:text/plain,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysconfig/crio-network +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-sysctl.d-forward.conf b/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-sysctl.d-forward.conf index dc3f2dc75d..808b447f78 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-sysctl.d-forward.conf +++ b/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-etc-sysctl.d-forward.conf @@ -1,6 +1,8 @@ contents: - source: data:,net.ipv4.ip_forward%20%3D%201%0A + source: data:text/plain,net.ipv4.ip_forward%20%3D%201%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysctl.d/forward.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-var-lib-kubelet-config.json b/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-var-lib-kubelet-config.json index 0ba6c19e6a..13e9f8eb0f 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-var-lib-kubelet-config.json +++ b/pkg/controller/template/test_data/templates/worker/00-worker/libvirt/files/-var-lib-kubelet-config.json @@ -1,6 +1,8 @@ contents: - source: data:,%7B%22dummy%22%3A%22dummy%22%7D%0A + source: data:text/plain,%7B%22dummy%22%3A%22dummy%22%7D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /var/lib/kubelet/config.json +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-kubernetes-ca.crt b/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-kubernetes-ca.crt index 93e18c9420..85160e00fb 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-kubernetes-ca.crt +++ b/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-kubernetes-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy b/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy index 745cb9e5d9..25ae417ef8 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy +++ b/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy @@ -1,6 +1,8 @@ contents: - source: data:, + source: data:text/plain, verification: {} -filesystem: root +group: {} mode: 493 +overwrite: true path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-sysconfig-crio-network b/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-sysconfig-crio-network index a56f445be7..9f47fa7018 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-sysconfig-crio-network +++ b/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-sysconfig-crio-network @@ -1,6 +1,8 @@ contents: - source: data:,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A + source: data:text/plain,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysconfig/crio-network +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-sysctl.d-forward.conf b/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-sysctl.d-forward.conf index dc3f2dc75d..808b447f78 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-sysctl.d-forward.conf +++ b/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-etc-sysctl.d-forward.conf @@ -1,6 +1,8 @@ contents: - source: data:,net.ipv4.ip_forward%20%3D%201%0A + source: data:text/plain,net.ipv4.ip_forward%20%3D%201%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysctl.d/forward.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-var-lib-kubelet-config.json b/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-var-lib-kubelet-config.json index 0ba6c19e6a..13e9f8eb0f 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-var-lib-kubelet-config.json +++ b/pkg/controller/template/test_data/templates/worker/00-worker/none/files/-var-lib-kubelet-config.json @@ -1,6 +1,8 @@ contents: - source: data:,%7B%22dummy%22%3A%22dummy%22%7D%0A + source: data:text/plain,%7B%22dummy%22%3A%22dummy%22%7D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /var/lib/kubelet/config.json +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-kubernetes-ca.crt b/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-kubernetes-ca.crt index 93e18c9420..85160e00fb 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-kubernetes-ca.crt +++ b/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-kubernetes-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy b/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy index 745cb9e5d9..25ae417ef8 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy +++ b/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy @@ -1,6 +1,8 @@ contents: - source: data:, + source: data:text/plain, verification: {} -filesystem: root +group: {} mode: 493 +overwrite: true path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-sysconfig-crio-network b/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-sysconfig-crio-network index a56f445be7..9f47fa7018 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-sysconfig-crio-network +++ b/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-sysconfig-crio-network @@ -1,6 +1,8 @@ contents: - source: data:,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A + source: data:text/plain,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysconfig/crio-network +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-sysctl.d-forward.conf b/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-sysctl.d-forward.conf index dc3f2dc75d..808b447f78 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-sysctl.d-forward.conf +++ b/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-etc-sysctl.d-forward.conf @@ -1,6 +1,8 @@ contents: - source: data:,net.ipv4.ip_forward%20%3D%201%0A + source: data:text/plain,net.ipv4.ip_forward%20%3D%201%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysctl.d/forward.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-var-lib-kubelet-config.json b/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-var-lib-kubelet-config.json index 0ba6c19e6a..13e9f8eb0f 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-var-lib-kubelet-config.json +++ b/pkg/controller/template/test_data/templates/worker/00-worker/openstack/files/-var-lib-kubelet-config.json @@ -1,6 +1,8 @@ contents: - source: data:,%7B%22dummy%22%3A%22dummy%22%7D%0A + source: data:text/plain,%7B%22dummy%22%3A%22dummy%22%7D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /var/lib/kubelet/config.json +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-kubernetes-ca.crt b/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-kubernetes-ca.crt index 93e18c9420..85160e00fb 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-kubernetes-ca.crt +++ b/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-kubernetes-ca.crt @@ -1,6 +1,8 @@ contents: - source: data:,dummy%20root-ca%0A + source: data:text/plain,dummy%20root-ca%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/ca.crt +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy b/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy index 745cb9e5d9..25ae417ef8 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy +++ b/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-kubernetes-kubelet-plugins-volume-exec-.dummy @@ -1,6 +1,8 @@ contents: - source: data:, + source: data:text/plain, verification: {} -filesystem: root +group: {} mode: 493 +overwrite: true path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-sysconfig-crio-network b/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-sysconfig-crio-network index a56f445be7..9f47fa7018 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-sysconfig-crio-network +++ b/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-sysconfig-crio-network @@ -1,6 +1,8 @@ contents: - source: data:,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A + source: data:text/plain,CRIO_NETWORK_OPTIONS%3D%22--cni-config-dir%3D%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%20--cni-plugin-dir%3D%2Fvar%2Flib%2Fcni%2Fbin%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysconfig/crio-network +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-sysctl.d-forward.conf b/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-sysctl.d-forward.conf index dc3f2dc75d..808b447f78 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-sysctl.d-forward.conf +++ b/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-etc-sysctl.d-forward.conf @@ -1,6 +1,8 @@ contents: - source: data:,net.ipv4.ip_forward%20%3D%201%0A + source: data:text/plain,net.ipv4.ip_forward%20%3D%201%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/sysctl.d/forward.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-var-lib-kubelet-config.json b/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-var-lib-kubelet-config.json index 0ba6c19e6a..13e9f8eb0f 100644 --- a/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-var-lib-kubelet-config.json +++ b/pkg/controller/template/test_data/templates/worker/00-worker/vsphere/files/-var-lib-kubelet-config.json @@ -1,6 +1,8 @@ contents: - source: data:,%7B%22dummy%22%3A%22dummy%22%7D%0A + source: data:text/plain,%7B%22dummy%22%3A%22dummy%22%7D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /var/lib/kubelet/config.json +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-containers-registries.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-containers-registries.conf index 53c1015d88..500d6539c2 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-containers-registries.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-containers-registries.conf @@ -1,6 +1,8 @@ contents: - source: data:,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A + source: data:text/plain,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/registries.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-containers-storage.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-containers-storage.conf index f955c08a3e..f6731301e6 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-containers-storage.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-containers-storage.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A + source: data:text/plain,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/storage.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-crio-crio.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-crio-crio.conf index 689a72157a..c91fc97858 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-crio-crio.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/aws/files/-etc-crio-crio.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A + source: data:text/plain,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/crio/crio.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-containers-registries.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-containers-registries.conf index 53c1015d88..500d6539c2 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-containers-registries.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-containers-registries.conf @@ -1,6 +1,8 @@ contents: - source: data:,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A + source: data:text/plain,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/registries.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-containers-storage.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-containers-storage.conf index f955c08a3e..f6731301e6 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-containers-storage.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-containers-storage.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A + source: data:text/plain,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/storage.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-crio-crio.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-crio-crio.conf index 689a72157a..c91fc97858 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-crio-crio.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/libvirt/files/-etc-crio-crio.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A + source: data:text/plain,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/crio/crio.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-containers-registries.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-containers-registries.conf index 53c1015d88..500d6539c2 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-containers-registries.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-containers-registries.conf @@ -1,6 +1,8 @@ contents: - source: data:,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A + source: data:text/plain,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/registries.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-containers-storage.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-containers-storage.conf index f955c08a3e..f6731301e6 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-containers-storage.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-containers-storage.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A + source: data:text/plain,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/storage.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-crio-crio.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-crio-crio.conf index 689a72157a..c91fc97858 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-crio-crio.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/none/files/-etc-crio-crio.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A + source: data:text/plain,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/crio/crio.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-containers-registries.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-containers-registries.conf index 53c1015d88..500d6539c2 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-containers-registries.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-containers-registries.conf @@ -1,6 +1,8 @@ contents: - source: data:,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A + source: data:text/plain,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/registries.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-containers-storage.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-containers-storage.conf index f955c08a3e..f6731301e6 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-containers-storage.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-containers-storage.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A + source: data:text/plain,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/storage.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-crio-crio.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-crio-crio.conf index 689a72157a..c91fc97858 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-crio-crio.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/openstack/files/-etc-crio-crio.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A + source: data:text/plain,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/crio/crio.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-containers-registries.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-containers-registries.conf index 53c1015d88..500d6539c2 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-containers-registries.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-containers-registries.conf @@ -1,6 +1,8 @@ contents: - source: data:,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A + source: data:text/plain,%5Bregistries.search%5D%0Aregistries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A%0A%5Bregistries.insecure%5D%0Aregistries%20%3D%20%5B%5D%0A%0A%5Bregistries.block%5D%0Aregistries%20%3D%20%5B%5D%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/registries.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-containers-storage.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-containers-storage.conf index f955c08a3e..f6731301e6 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-containers-storage.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-containers-storage.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A + source: data:text/plain,%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/containers/storage.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-crio-crio.conf b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-crio-crio.conf index 689a72157a..c91fc97858 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-crio-crio.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-container-runtime/vsphere/files/-etc-crio-crio.conf @@ -1,6 +1,8 @@ contents: - source: data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A + source: data:text/plain,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22image%2FinfraImage%3A1%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/crio/crio.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/aws/files/-etc-kubernetes-kubelet.conf b/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/aws/files/-etc-kubernetes-kubelet.conf index c2b5912b8f..8b282b55f9 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/aws/files/-etc-kubernetes-kubelet.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/aws/files/-etc-kubernetes-kubelet.conf @@ -1,6 +1,8 @@ contents: - source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0ArotateCertificates%3A%20true%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A + source: data:text/plain,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0ArotateCertificates%3A%20true%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/kubelet.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/libvirt/files/-etc-kubernetes-kubelet.conf b/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/libvirt/files/-etc-kubernetes-kubelet.conf index c2b5912b8f..8b282b55f9 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/libvirt/files/-etc-kubernetes-kubelet.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/libvirt/files/-etc-kubernetes-kubelet.conf @@ -1,6 +1,8 @@ contents: - source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0ArotateCertificates%3A%20true%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A + source: data:text/plain,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0ArotateCertificates%3A%20true%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/kubelet.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/none/files/-etc-kubernetes-kubelet.conf b/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/none/files/-etc-kubernetes-kubelet.conf index c2b5912b8f..8b282b55f9 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/none/files/-etc-kubernetes-kubelet.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/none/files/-etc-kubernetes-kubelet.conf @@ -1,6 +1,8 @@ contents: - source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0ArotateCertificates%3A%20true%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A + source: data:text/plain,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0ArotateCertificates%3A%20true%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/kubelet.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/openstack/files/-etc-kubernetes-kubelet.conf b/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/openstack/files/-etc-kubernetes-kubelet.conf index c2b5912b8f..8b282b55f9 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/openstack/files/-etc-kubernetes-kubelet.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/openstack/files/-etc-kubernetes-kubelet.conf @@ -1,6 +1,8 @@ contents: - source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0ArotateCertificates%3A%20true%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A + source: data:text/plain,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0ArotateCertificates%3A%20true%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/kubelet.conf +user: {} diff --git a/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/vsphere/files/-etc-kubernetes-kubelet.conf b/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/vsphere/files/-etc-kubernetes-kubelet.conf index c2b5912b8f..8b282b55f9 100644 --- a/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/vsphere/files/-etc-kubernetes-kubelet.conf +++ b/pkg/controller/template/test_data/templates/worker/01-worker-kubelet/vsphere/files/-etc-kubernetes-kubelet.conf @@ -1,6 +1,8 @@ contents: - source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0ArotateCertificates%3A%20true%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A + source: data:text/plain,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0AcgroupDriver%3A%20systemd%0AclusterDNS%3A%0A%20%20-%2010.3.0.10%0AclusterDomain%3A%20cluster.local%0AmaxPods%3A%20250%0ArotateCertificates%3A%20true%0AruntimeRequestTimeout%3A%2010m%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%20500Mi%0AfeatureGates%3A%0A%20%20RotateKubeletServerCertificate%3A%20true%0AserverTLSBootstrap%3A%20true%0A verification: {} -filesystem: root +group: {} mode: 420 +overwrite: true path: /etc/kubernetes/kubelet.conf +user: {} diff --git a/pkg/daemon/daemon.go b/pkg/daemon/daemon.go index 4666bc196d..89937e4d79 100644 --- a/pkg/daemon/daemon.go +++ b/pkg/daemon/daemon.go @@ -15,12 +15,13 @@ import ( "time" imgref "github.com/containers/image/docker/reference" - ignv2 "github.com/coreos/ignition/config/v2_2" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + ign "github.com/coreos/ignition/config/v3_0" + igntypes "github.com/coreos/ignition/config/v3_0/types" "github.com/golang/glog" drain "github.com/openshift/kubernetes-drain" "github.com/openshift/machine-config-operator/lib/resourceread" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" + ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/openshift/machine-config-operator/pkg/daemon/constants" mcfgclientset "github.com/openshift/machine-config-operator/pkg/generated/clientset/versioned" mcfginformersv1 "github.com/openshift/machine-config-operator/pkg/generated/informers/externalversions/machineconfiguration.openshift.io/v1" @@ -98,7 +99,7 @@ type Daemon struct { node *corev1.Node // remove the funcs below once proper e2e testing is done for updating ssh keys - atomicSSHKeysWriter func(ignv2_2types.PasswdUser, string) error + atomicSSHKeysWriter func(igntypes.PasswdUser, string) error queue workqueue.RateLimitingInterface enqueueNode func(*corev1.Node) @@ -449,9 +450,9 @@ func (dn *Daemon) runOnceFrom() error { return err } switch configi.(type) { - case ignv2_2types.Config: + case igntypes.Config: glog.V(2).Info("Daemon running directly from Ignition") - return dn.runOnceFromIgnition(configi.(ignv2_2types.Config)) + return dn.runOnceFromIgnition(configi.(igntypes.Config)) case mcfgv1.MachineConfig: glog.V(2).Info("Daemon running directly from MachineConfig") return dn.runOnceFromMachineConfig(configi.(mcfgv1.MachineConfig), contentFrom) @@ -866,7 +867,7 @@ func (dn *Daemon) runOnceFromMachineConfig(machineConfig mcfgv1.MachineConfig, c } // runOnceFromIgnition executes MCD's subset of Ignition functionality in onceFrom mode -func (dn *Daemon) runOnceFromIgnition(ignConfig ignv2_2types.Config) error { +func (dn *Daemon) runOnceFromIgnition(ignConfig igntypes.Config) error { // Execute update without hitting the cluster if err := dn.writeFiles(ignConfig.Storage.Files); err != nil { return err @@ -1046,21 +1047,22 @@ func (dn *Daemon) checkOS(osImageURL string) (bool, error) { // checkUnits validates the contents of all the units in the // target config and retursn true if they match. -func checkUnits(units []ignv2_2types.Unit) bool { +func checkUnits(units []igntypes.Unit) bool { for _, u := range units { for j := range u.Dropins { path := filepath.Join(pathSystemd, u.Name+".d", u.Dropins[j].Name) - if status := checkFileContentsAndMode(path, []byte(u.Dropins[j].Contents), defaultFilePermissions); !status { + if status := checkFileContentsAndMode(path, []byte(ctrlcommon.StrFromStrPtr(u.Dropins[j].Contents)), + defaultFilePermissions); !status { return false } } - if u.Contents == "" { + if ctrlcommon.StrFromStrPtr(u.Contents) == "" { continue } path := filepath.Join(pathSystemd, u.Name) - if u.Mask { + if u.Mask != nil && *u.Mask { link, err := filepath.EvalSymlinks(path) if err != nil { glog.Errorf("state validation: error while evaluation symlink for path: %q, err: %v", path, err) @@ -1071,7 +1073,7 @@ func checkUnits(units []ignv2_2types.Unit) bool { return false } } - if status := checkFileContentsAndMode(path, []byte(u.Contents), defaultFilePermissions); !status { + if status := checkFileContentsAndMode(path, []byte(ctrlcommon.StrFromStrPtr(u.Contents)), defaultFilePermissions); !status { return false } @@ -1081,7 +1083,7 @@ func checkUnits(units []ignv2_2types.Unit) bool { // checkFiles validates the contents of all the files in the // target config. -func checkFiles(files []ignv2_2types.File) bool { +func checkFiles(files []igntypes.File) bool { checkedFiles := make(map[string]bool) for i := len(files) - 1; i >= 0; i-- { f := files[i] @@ -1093,7 +1095,11 @@ func checkFiles(files []ignv2_2types.File) bool { if f.Mode != nil { mode = os.FileMode(*f.Mode) } - contents, err := dataurl.DecodeString(f.Contents.Source) + sourceData := ctrlcommon.StrFromStrPtr(f.Contents.Source) + if len(sourceData) == 0 { + sourceData = "data:," + } + contents, err := dataurl.DecodeString(sourceData) if err != nil { glog.Errorf("couldn't parse file: %v", err) return false @@ -1183,7 +1189,7 @@ func (dn *Daemon) senseAndLoadOnceFrom() (interface{}, onceFromOrigin, error) { } // Try each supported parser - ignConfig, _, err := ignv2.Parse(content) + ignConfig, _, err := ign.Parse(content) if err == nil && ignConfig.Ignition.Version != "" { glog.V(2).Info("onceFrom file is of type Ignition") return ignConfig, contentFrom, nil diff --git a/pkg/daemon/daemon_test.go b/pkg/daemon/daemon_test.go index b0a41fcd9e..daad6ab8f9 100644 --- a/pkg/daemon/daemon_test.go +++ b/pkg/daemon/daemon_test.go @@ -5,7 +5,7 @@ import ( "strconv" "testing" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" "github.com/stretchr/testify/require" "github.com/vincent-petithory/dataurl" @@ -39,16 +39,18 @@ func TestOverwrittenFile(t *testing.T) { t.Errorf("Could not Lstat file: %v", err) } fileMode := int(fi.Mode().Perm()) + contentsSource1 := dataurl.EncodeBytes([]byte("hello world\n")) + contentsSource2 := dataurl.EncodeBytes([]byte("hello\n")) // validate single file - files := []ignv2_2types.File{ + files := []igntypes.File{ { - Node: ignv2_2types.Node{ + Node: igntypes.Node{ Path: "fixtures/test1.txt", }, - FileEmbedded1: ignv2_2types.FileEmbedded1{ - Contents: ignv2_2types.FileContents{ - Source: dataurl.EncodeBytes([]byte("hello world\n")), + FileEmbedded1: igntypes.FileEmbedded1{ + Contents: igntypes.FileContents{ + Source: &contentsSource1, }, Mode: &fileMode, }, @@ -60,25 +62,25 @@ func TestOverwrittenFile(t *testing.T) { } // validate overwritten file - files = []ignv2_2types.File{ + files = []igntypes.File{ { - Node: ignv2_2types.Node{ + Node: igntypes.Node{ Path: "fixtures/test1.txt", }, - FileEmbedded1: ignv2_2types.FileEmbedded1{ - Contents: ignv2_2types.FileContents{ - Source: dataurl.EncodeBytes([]byte("hello\n")), + FileEmbedded1: igntypes.FileEmbedded1{ + Contents: igntypes.FileContents{ + Source: &contentsSource2, }, Mode: &fileMode, }, }, { - Node: ignv2_2types.Node{ + Node: igntypes.Node{ Path: "fixtures/test1.txt", }, - FileEmbedded1: ignv2_2types.FileEmbedded1{ - Contents: ignv2_2types.FileContents{ - Source: dataurl.EncodeBytes([]byte("hello world\n")), + FileEmbedded1: igntypes.FileEmbedded1{ + Contents: igntypes.FileContents{ + Source: &contentsSource1, }, Mode: &fileMode, }, diff --git a/pkg/daemon/update.go b/pkg/daemon/update.go index 6001616f84..6354a89722 100644 --- a/pkg/daemon/update.go +++ b/pkg/daemon/update.go @@ -15,12 +15,13 @@ import ( "syscall" "time" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" "github.com/coreos/ignition/config/validate" "github.com/golang/glog" "github.com/google/renameio" drain "github.com/openshift/kubernetes-drain" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" + ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/openshift/machine-config-operator/pkg/daemon/constants" errors "github.com/pkg/errors" "github.com/vincent-petithory/dataurl" @@ -277,14 +278,6 @@ func (dn *Daemon) reconcilable(oldConfig, newConfig *mcfgv1.MachineConfig) error // resources, and the mcc should've fully rendered those out before the // config gets here. - // Networkd section - - // we don't currently configure the network in place. we can't fix it if - // something changed here. - if !reflect.DeepEqual(oldIgn.Networkd, newIgn.Networkd) { - return errors.New("ignition networkd section contains changes") - } - // Passwd section // we don't currently configure Groups in place. we don't configure Users except @@ -341,7 +334,7 @@ func (dn *Daemon) reconcilable(oldConfig, newConfig *mcfgv1.MachineConfig) error // Special case files append: if the new config wants us to append, then we // have to force a reprovision since it's not idempotent for _, f := range newIgn.Storage.Files { - if f.Append { + if len(f.Append) != 0 { return fmt.Errorf("ignition file %v includes append", f.Path) } } @@ -360,8 +353,8 @@ func (dn *Daemon) reconcilable(oldConfig, newConfig *mcfgv1.MachineConfig) error // Otherwise, an error will be returned and the proposed config will not be reconcilable. // At this time we do not support non-"core" users or any changes to the "core" user // outside of SSHAuthorizedKeys. -func verifyUserFields(pwdUser ignv2_2types.PasswdUser) error { - emptyUser := ignv2_2types.PasswdUser{} +func verifyUserFields(pwdUser igntypes.PasswdUser) error { + emptyUser := igntypes.PasswdUser{} tempUser := pwdUser if tempUser.Name == coreUserName && len(tempUser.SSHAuthorizedKeys) >= 1 { tempUser.Name = "" @@ -483,7 +476,7 @@ func (dn *Daemon) deleteStaleData(oldConfig, newConfig *mcfgv1.MachineConfig) er } // enableUnit enables a systemd unit via symlink -func (dn *Daemon) enableUnit(unit ignv2_2types.Unit) error { +func (dn *Daemon) enableUnit(unit igntypes.Unit) error { // The link location wantsPath := filepath.Join(wantsPathSystemd, unit.Name) // sanity check that we don't return an error when the link already exists @@ -504,7 +497,7 @@ func (dn *Daemon) enableUnit(unit ignv2_2types.Unit) error { } // disableUnit disables a systemd unit via symlink removal -func (dn *Daemon) disableUnit(unit ignv2_2types.Unit) error { +func (dn *Daemon) disableUnit(unit igntypes.Unit) error { // The link location wantsPath := filepath.Join(wantsPathSystemd, unit.Name) // sanity check so we don't return an error when the unit was already disabled @@ -518,20 +511,20 @@ func (dn *Daemon) disableUnit(unit ignv2_2types.Unit) error { } // writeUnits writes the systemd units to disk -func (dn *Daemon) writeUnits(units []ignv2_2types.Unit) error { +func (dn *Daemon) writeUnits(units []igntypes.Unit) error { for _, u := range units { // write the dropin to disk for i := range u.Dropins { glog.Infof("Writing systemd unit dropin %q", u.Dropins[i].Name) dpath := filepath.Join(pathSystemd, u.Name+".d", u.Dropins[i].Name) - if err := writeFileAtomicallyWithDefaults(dpath, []byte(u.Dropins[i].Contents)); err != nil { + if err := writeFileAtomicallyWithDefaults(dpath, []byte(ctrlcommon.StrFromStrPtr(u.Dropins[i].Contents))); err != nil { return fmt.Errorf("failed to write systemd unit dropin %q: %v", u.Dropins[i].Name, err) } glog.V(2).Infof("Wrote systemd unit dropin at %s", dpath) } - if u.Contents == "" { + if ctrlcommon.StrFromStrPtr(u.Contents) == "" { continue } @@ -541,7 +534,7 @@ func (dn *Daemon) writeUnits(units []ignv2_2types.Unit) error { // check if the unit is masked. if it is, we write a symlink to // /dev/null and continue - if u.Mask { + if u.Mask != nil && *u.Mask { glog.V(2).Info("Systemd unit masked") if err := os.RemoveAll(fpath); err != nil { return fmt.Errorf("failed to remove unit %q: %v", u.Name, err) @@ -557,7 +550,7 @@ func (dn *Daemon) writeUnits(units []ignv2_2types.Unit) error { } // write the unit to disk - if err := writeFileAtomicallyWithDefaults(fpath, []byte(u.Contents)); err != nil { + if err := writeFileAtomicallyWithDefaults(fpath, []byte(ctrlcommon.StrFromStrPtr(u.Contents))); err != nil { return fmt.Errorf("failed to write systemd unit %q: %v", u.Name, err) } @@ -571,12 +564,6 @@ func (dn *Daemon) writeUnits(units []ignv2_2types.Unit) error { // be fine as disableUnit is idempotent. // Note: we have to check for legacy unit.Enable and honor it glog.Infof("Enabling systemd unit %q", u.Name) - if u.Enable { - if err := dn.enableUnit(u); err != nil { - return err - } - glog.V(2).Infof("Enabled systemd unit %q", u.Name) - } if u.Enabled != nil { if *u.Enabled { if err := dn.enableUnit(u); err != nil { @@ -596,11 +583,10 @@ func (dn *Daemon) writeUnits(units []ignv2_2types.Unit) error { // writeFiles writes the given files to disk. // it doesn't fetch remote files and expects a flattened config file. -func (dn *Daemon) writeFiles(files []ignv2_2types.File) error { +func (dn *Daemon) writeFiles(files []igntypes.File) error { for _, file := range files { glog.Infof("Writing file %q", file.Path) - - contents, err := dataurl.DecodeString(file.Contents.Source) + contents, err := dataurl.DecodeString(ctrlcommon.StrFromStrPtr(file.Contents.Source)) if err != nil { return err } @@ -612,7 +598,7 @@ func (dn *Daemon) writeFiles(files []ignv2_2types.File) error { uid, gid = -1, -1 ) // set chown if file information is provided - if file.User != nil || file.Group != nil { + if !reflect.DeepEqual(file.User, igntypes.NodeUser{}) || !reflect.DeepEqual(file.Group, igntypes.NodeGroup{}) { uid, gid, err = getFileOwnership(file) if err != nil { return fmt.Errorf("failed to retrieve file ownership for file %q: %v", file.Path, err) @@ -626,37 +612,37 @@ func (dn *Daemon) writeFiles(files []ignv2_2types.File) error { } // This is essentially ResolveNodeUidAndGid() from Ignition; XXX should dedupe -func getFileOwnership(file ignv2_2types.File) (int, int, error) { +func getFileOwnership(file igntypes.File) (int, int, error) { uid, gid := 0, 0 // default to root - if file.User != nil { + if (file.User != igntypes.NodeUser{}) { if file.User.ID != nil { uid = *file.User.ID - } else if file.User.Name != "" { - osUser, err := user.Lookup(file.User.Name) + } else if ctrlcommon.StrFromStrPtr(file.User.Name) != "" { + osUser, err := user.Lookup(ctrlcommon.StrFromStrPtr(file.User.Name)) if err != nil { - return uid, gid, fmt.Errorf("failed to retrieve UserID for username: %s", file.User.Name) + return uid, gid, fmt.Errorf("failed to retrieve UserID for username: %s", *file.User.Name) } - glog.V(2).Infof("Retrieved UserId: %s for username: %s", osUser.Uid, file.User.Name) + glog.V(2).Infof("Retrieved UserId: %s for username: %s", osUser.Uid, *file.User.Name) uid, _ = strconv.Atoi(osUser.Uid) } } - if file.Group != nil { + if (file.Group != igntypes.NodeGroup{}) { if file.Group.ID != nil { gid = *file.Group.ID - } else if file.Group.Name != "" { - osGroup, err := user.LookupGroup(file.Group.Name) + } else if ctrlcommon.StrFromStrPtr(file.Group.Name) != "" { + osGroup, err := user.LookupGroup(ctrlcommon.StrFromStrPtr(file.Group.Name)) if err != nil { - return uid, gid, fmt.Errorf("failed to retrieve GroupID for group: %s", file.Group.Name) + return uid, gid, fmt.Errorf("failed to retrieve GroupID for group: %s", *file.Group.Name) } - glog.V(2).Infof("Retrieved GroupID: %s for group: %s", osGroup.Gid, file.Group.Name) + glog.V(2).Infof("Retrieved GroupID: %s for group: %s", osGroup.Gid, *file.Group.Name) gid, _ = strconv.Atoi(osGroup.Gid) } } return uid, gid, nil } -func (dn *Daemon) atomicallyWriteSSHKey(newUser ignv2_2types.PasswdUser, keys string) error { - authKeyPath := filepath.Join(coreUserSSHPath, "authorized_keys") +func (dn *Daemon) atomicallyWriteSSHKey(newUser igntypes.PasswdUser, keys string) error { + authKeyPath := filepath.Join(coreUserSSHPath, "authorized_keys.d", "ignition") // Keys should only be written to "/home/core/.ssh" // Once Users are supported fully this should be writing to PasswdUser.HomeDir @@ -672,7 +658,7 @@ func (dn *Daemon) atomicallyWriteSSHKey(newUser ignv2_2types.PasswdUser, keys st } // Update a given PasswdUser's SSHKey -func (dn *Daemon) updateSSHKeys(newUsers []ignv2_2types.PasswdUser) error { +func (dn *Daemon) updateSSHKeys(newUsers []igntypes.PasswdUser) error { if len(newUsers) == 0 { return nil } diff --git a/pkg/daemon/update_test.go b/pkg/daemon/update_test.go index 9b0a33c3c2..880915ad74 100644 --- a/pkg/daemon/update_test.go +++ b/pkg/daemon/update_test.go @@ -4,8 +4,9 @@ import ( "fmt" "testing" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" + ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/stretchr/testify/assert" k8sfake "k8s.io/client-go/kubernetes/fake" ) @@ -71,55 +72,32 @@ func TestReconcilable(t *testing.T) { // oldConfig is the current config of the fake system oldConfig := &mcfgv1.MachineConfig{ Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Ignition: ignv2_2types.Ignition{ - Version: "2.0.0", - }, - }, + Config: ctrlcommon.NewIgnConfig(), }, } // newConfig is the config that is being requested to apply to the system newConfig := &mcfgv1.MachineConfig{ Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Ignition: ignv2_2types.Ignition{ - Version: "2.2.0", - }, - }, + Config: ctrlcommon.NewIgnConfig(), }, } // Verify Ignition version changes react as expected + oldConfig.Spec.Config.Ignition.Version = "2.0.0" isReconcilable := d.reconcilable(oldConfig, newConfig) checkIrreconcilableResults(t, "Ignition", isReconcilable) - // Match ignition versions - oldConfig.Spec.Config.Ignition.Version = "2.2.0" + // Match valid ignition versions - this is the only case where ign + // versions should be reconcilable + oldConfig.Spec.Config.Ignition.Version = igntypes.MaxVersion.String() + newConfig.Spec.Config.Ignition.Version = igntypes.MaxVersion.String() isReconcilable = d.reconcilable(oldConfig, newConfig) checkReconcilableResults(t, "Ignition", isReconcilable) - // Verify Networkd unit changes react as expected - oldConfig.Spec.Config.Networkd = ignv2_2types.Networkd{} - newConfig.Spec.Config.Networkd = ignv2_2types.Networkd{ - Units: []ignv2_2types.Networkdunit{ - ignv2_2types.Networkdunit{ - Name: "test.network", - }, - }, - } - isReconcilable = d.reconcilable(oldConfig, newConfig) - checkIrreconcilableResults(t, "Networkd", isReconcilable) - - // Match Networkd - oldConfig.Spec.Config.Networkd = newConfig.Spec.Config.Networkd - - isReconcilable = d.reconcilable(oldConfig, newConfig) - checkReconcilableResults(t, "Networkd", isReconcilable) - // Verify Disk changes react as expected - oldConfig.Spec.Config.Storage.Disks = []ignv2_2types.Disk{ - ignv2_2types.Disk{ + oldConfig.Spec.Config.Storage.Disks = []igntypes.Disk{ + igntypes.Disk{ Device: "/one", }, } @@ -133,11 +111,11 @@ func TestReconcilable(t *testing.T) { checkReconcilableResults(t, "Disk", isReconcilable) // Verify Filesystems changes react as expected - oldFSPath := "/foo/bar" - oldConfig.Spec.Config.Storage.Filesystems = []ignv2_2types.Filesystem{ - ignv2_2types.Filesystem{ - Name: "user", - Path: &oldFSPath, + oldConfig.Spec.Config.Storage.Filesystems = []igntypes.Filesystem{ + igntypes.Filesystem{ + Path: returnStrPtr("/foo/bar"), + Format: returnStrPtr("ext4"), + Device: "/my_device", }, } @@ -150,8 +128,8 @@ func TestReconcilable(t *testing.T) { checkReconcilableResults(t, "Filesystem", isReconcilable) // Verify Raid changes react as expected - oldConfig.Spec.Config.Storage.Raid = []ignv2_2types.Raid{ - ignv2_2types.Raid{ + oldConfig.Spec.Config.Storage.Raid = []igntypes.Raid{ + igntypes.Raid{ Name: "data", Level: "stripe", }, @@ -167,12 +145,12 @@ func TestReconcilable(t *testing.T) { // Verify Passwd Groups changes unsupported oldConfig = &mcfgv1.MachineConfig{} - tempGroup := ignv2_2types.PasswdGroup{Name: "testGroup"} + tempGroup := igntypes.PasswdGroup{Name: "testGroup"} newMcfg := &mcfgv1.MachineConfig{ Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Passwd: ignv2_2types.Passwd{ - Groups: []ignv2_2types.PasswdGroup{tempGroup}, + Config: igntypes.Config{ + Passwd: igntypes.Passwd{ + Groups: []igntypes.PasswdGroup{tempGroup}, }, }, }, @@ -208,58 +186,49 @@ func TestReconcilableSSH(t *testing.T) { } // Check that updating SSH Key of user core supported - //tempUser1 := ignv2_2types.PasswdUser{Name: "core", SSHAuthorizedKeys: []ignv2_2types.SSHAuthorizedKey{"1234"}} + //tempUser1 := igntypes.PasswdUser{Name: "core", SSHAuthorizedKeys: []igntypes.SSHAuthorizedKey{"1234"}} oldMcfg := &mcfgv1.MachineConfig{ Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Ignition: ignv2_2types.Ignition{ - Version: "2.2.0", - }, - }, + Config: ctrlcommon.NewIgnConfig(), }, } - tempUser1 := ignv2_2types.PasswdUser{Name: "core", SSHAuthorizedKeys: []ignv2_2types.SSHAuthorizedKey{"5678", "abc"}} + + tempUser1 := igntypes.PasswdUser{Name: "core", SSHAuthorizedKeys: []igntypes.SSHAuthorizedKey{"5678", "abc"}} newMcfg := &mcfgv1.MachineConfig{ Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Ignition: ignv2_2types.Ignition{ - Version: "2.2.0", - }, - Passwd: ignv2_2types.Passwd{ - Users: []ignv2_2types.PasswdUser{tempUser1}, - }, - }, + Config: ctrlcommon.NewIgnConfig(), }, } + newMcfg.Spec.Config.Passwd.Users = []igntypes.PasswdUser{tempUser1} errMsg := d.reconcilable(oldMcfg, newMcfg) checkReconcilableResults(t, "SSH", errMsg) // Check that updating User with User that is not core is not supported - tempUser2 := ignv2_2types.PasswdUser{Name: "core", SSHAuthorizedKeys: []ignv2_2types.SSHAuthorizedKey{"1234"}} + tempUser2 := igntypes.PasswdUser{Name: "core", SSHAuthorizedKeys: []igntypes.SSHAuthorizedKey{"1234"}} oldMcfg.Spec.Config.Passwd.Users = append(oldMcfg.Spec.Config.Passwd.Users, tempUser2) - tempUser3 := ignv2_2types.PasswdUser{Name: "another user", SSHAuthorizedKeys: []ignv2_2types.SSHAuthorizedKey{"5678"}} + tempUser3 := igntypes.PasswdUser{Name: "another user", SSHAuthorizedKeys: []igntypes.SSHAuthorizedKey{"5678"}} newMcfg.Spec.Config.Passwd.Users[0] = tempUser3 errMsg = d.reconcilable(oldMcfg, newMcfg) checkIrreconcilableResults(t, "SSH", errMsg) // check that we cannot make updates if any other Passwd.User field is changed. - tempUser4 := ignv2_2types.PasswdUser{Name: "core", SSHAuthorizedKeys: []ignv2_2types.SSHAuthorizedKey{"5678"}, HomeDir: "somedir"} + tempUser4 := igntypes.PasswdUser{Name: "core", SSHAuthorizedKeys: []igntypes.SSHAuthorizedKey{"5678"}, HomeDir: returnStrPtr("somedir")} newMcfg.Spec.Config.Passwd.Users[0] = tempUser4 errMsg = d.reconcilable(oldMcfg, newMcfg) checkIrreconcilableResults(t, "SSH", errMsg) // check that we cannot add a user or have len(Passwd.Users)> 1 - tempUser5 := ignv2_2types.PasswdUser{Name: "some user", SSHAuthorizedKeys: []ignv2_2types.SSHAuthorizedKey{"5678"}} + tempUser5 := igntypes.PasswdUser{Name: "some user", SSHAuthorizedKeys: []igntypes.SSHAuthorizedKey{"5678"}} newMcfg.Spec.Config.Passwd.Users = append(newMcfg.Spec.Config.Passwd.Users, tempUser5) errMsg = d.reconcilable(oldMcfg, newMcfg) checkIrreconcilableResults(t, "SSH", errMsg) // check that user is not attempting to remove the only sshkey from core user - tempUser6 := ignv2_2types.PasswdUser{Name: "core", SSHAuthorizedKeys: []ignv2_2types.SSHAuthorizedKey{}} + tempUser6 := igntypes.PasswdUser{Name: "core", SSHAuthorizedKeys: []igntypes.SSHAuthorizedKey{}} newMcfg.Spec.Config.Passwd.Users[0] = tempUser6 newMcfg.Spec.Config.Passwd.Users = newMcfg.Spec.Config.Passwd.Users[:len(newMcfg.Spec.Config.Passwd.Users)-1] @@ -297,19 +266,19 @@ func TestUpdateSSHKeys(t *testing.T) { bootedOSImageURL: "test", } // Set up machineconfigs that are identical except for SSH keys - tempUser := ignv2_2types.PasswdUser{Name: "core", SSHAuthorizedKeys: []ignv2_2types.SSHAuthorizedKey{"1234", "4567"}} + tempUser := igntypes.PasswdUser{Name: "core", SSHAuthorizedKeys: []igntypes.SSHAuthorizedKey{"1234", "4567"}} newMcfg := &mcfgv1.MachineConfig{ Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Passwd: ignv2_2types.Passwd{ - Users: []ignv2_2types.PasswdUser{tempUser}, + Config: igntypes.Config{ + Passwd: igntypes.Passwd{ + Users: []igntypes.PasswdUser{tempUser}, }, }, }, } - d.atomicSSHKeysWriter = func(user ignv2_2types.PasswdUser, keys string) error { return nil } + d.atomicSSHKeysWriter = func(user igntypes.PasswdUser, keys string) error { return nil } err := d.updateSSHKeys(newMcfg.Spec.Config.Passwd.Users) if err != nil { @@ -349,34 +318,19 @@ func TestInvalidIgnConfig(t *testing.T) { rootMount: "/", bootedOSImageURL: "test", } - - oldMcfg := &mcfgv1.MachineConfig{ - Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Ignition: ignv2_2types.Ignition{ - Version: "2.2.0", - }, - }, - }, - } + oldIgnConfig := ctrlcommon.NewIgnConfig() + oldMcfg := &mcfgv1.MachineConfig{Spec: mcfgv1.MachineConfigSpec{Config: oldIgnConfig}} // create file to write that contains an impermissable relative path - tempFileContents := ignv2_2types.FileContents{Source: "data:,hello%20world%0A"} + tempFileContents := igntypes.FileContents{Source: returnStrPtr("data:,hello%20world%0A")} tempMode := 420 - newMcfg := &mcfgv1.MachineConfig{ - Spec: mcfgv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Ignition: ignv2_2types.Ignition{ - Version: "2.2.0", - }, - Storage: ignv2_2types.Storage{ - Files: []ignv2_2types.File{ - {Node: ignv2_2types.Node{Path: "home/core/test", Filesystem: "root"}, - FileEmbedded1: ignv2_2types.FileEmbedded1{Contents: tempFileContents, Mode: &tempMode}}, - }, - }, - }, - }, + newIgnConfig := ctrlcommon.NewIgnConfig() + newIgnFile := igntypes.File{ + Node: igntypes.Node{Path: "home/core/test"}, + FileEmbedded1: igntypes.FileEmbedded1{Contents: tempFileContents, Mode: &tempMode}, } + newIgnConfig.Storage.Files = append(newIgnConfig.Storage.Files, newIgnFile) + newMcfg := &mcfgv1.MachineConfig{Spec: mcfgv1.MachineConfigSpec{Config: newIgnConfig}} + err := d.reconcilable(oldMcfg, newMcfg) assert.NotNil(t, err, "Expected error. Relative Paths should fail general ignition validation") @@ -384,6 +338,14 @@ func TestInvalidIgnConfig(t *testing.T) { err = d.reconcilable(oldMcfg, newMcfg) assert.Nil(t, err, "Expected no error. Absolute paths should not fail general ignition validation") + // Verify that Ignition validation works, ie Ignition versions that are + // not 3.0.0 will always fail even if they match + oldMcfg.Spec.Config.Ignition.Version = "2.0.0" + newMcfg.Spec.Config.Ignition.Version = "2.0.0" + err = d.reconcilable(oldMcfg, newMcfg) + assert.NotNil(t, err, "Expected error. Non-%v versions of Ignition should fail even if they match", + igntypes.MaxVersion.String()) + } // checkReconcilableResults is a shortcut for verifying results that should be reconcilable @@ -399,3 +361,7 @@ func checkIrreconcilableResults(t *testing.T, key string, reconcilableError erro t.Errorf("Different %s values should not be reconcilable.", key) } } + +func returnStrPtr(somestring string) *string { + return &somestring +} diff --git a/pkg/server/api_test.go b/pkg/server/api_test.go index c4d179bdce..ea7a153aae 100644 --- a/pkg/server/api_test.go +++ b/pkg/server/api_test.go @@ -7,14 +7,14 @@ import ( "net/http/httptest" "testing" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" ) type mockServer struct { - GetConfigFn func(poolRequest) (*ignv2_2types.Config, error) + GetConfigFn func(poolRequest) (*igntypes.Config, error) } -func (ms *mockServer) GetConfig(pr poolRequest) (*ignv2_2types.Config, error) { +func (ms *mockServer) GetConfig(pr poolRequest) (*igntypes.Config, error) { return ms.GetConfigFn(pr) } @@ -23,7 +23,7 @@ type checkResponse func(t *testing.T, response *http.Response) type scenario struct { name string request *http.Request - serverFunc func(poolRequest) (*ignv2_2types.Config, error) + serverFunc func(poolRequest) (*igntypes.Config, error) checkResponse checkResponse } @@ -32,8 +32,8 @@ func TestAPIHandler(t *testing.T) { { name: "get config path that does not exist", request: httptest.NewRequest(http.MethodGet, "http://testrequest/config/does-not-exist", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), fmt.Errorf("not acceptable") + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), fmt.Errorf("not acceptable") }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusInternalServerError) @@ -44,34 +44,34 @@ func TestAPIHandler(t *testing.T) { { name: "get config path that exists", request: httptest.NewRequest(http.MethodGet, "http://testrequest/config/master", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusOK) checkContentType(t, response, "application/json") - checkContentLength(t, response, 114) - checkBodyLength(t, response, 114) + checkContentLength(t, response, 143) + checkBodyLength(t, response, 143) }, }, { name: "head config path that exists", request: httptest.NewRequest(http.MethodHead, "http://testrequest/config/master", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusOK) checkContentType(t, response, "application/json") - checkContentLength(t, response, 114) + checkContentLength(t, response, 143) checkBodyLength(t, response, 0) }, }, { name: "post config path that exists", request: httptest.NewRequest(http.MethodPost, "http://testrequest/config/master", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusMethodNotAllowed) @@ -102,8 +102,8 @@ func TestHealthzHandler(t *testing.T) { { name: "get healthz", request: httptest.NewRequest(http.MethodGet, "http://testrequest/healthz", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusNoContent) @@ -114,8 +114,8 @@ func TestHealthzHandler(t *testing.T) { { name: "head healthz", request: httptest.NewRequest(http.MethodHead, "http://testrequest/healthz", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusNoContent) @@ -126,8 +126,8 @@ func TestHealthzHandler(t *testing.T) { { name: "post healthz", request: httptest.NewRequest(http.MethodPost, "http://testrequest/healthz", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusMethodNotAllowed) @@ -154,8 +154,8 @@ func TestDefaultHandler(t *testing.T) { { name: "get root", request: httptest.NewRequest(http.MethodGet, "http://testrequest/", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusNotFound) @@ -166,8 +166,8 @@ func TestDefaultHandler(t *testing.T) { { name: "head root", request: httptest.NewRequest(http.MethodHead, "http://testrequest/", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusNotFound) @@ -178,8 +178,8 @@ func TestDefaultHandler(t *testing.T) { { name: "post root", request: httptest.NewRequest(http.MethodPost, "http://testrequest/", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusMethodNotAllowed) @@ -206,8 +206,8 @@ func TestAPIServer(t *testing.T) { { name: "get config path that does not exist", request: httptest.NewRequest(http.MethodGet, "http://testrequest/config/does-not-exist", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), fmt.Errorf("not acceptable") + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), fmt.Errorf("not acceptable") }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusInternalServerError) @@ -218,34 +218,34 @@ func TestAPIServer(t *testing.T) { { name: "get config path that exists", request: httptest.NewRequest(http.MethodGet, "http://testrequest/config/master", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusOK) checkContentType(t, response, "application/json") - checkContentLength(t, response, 114) - checkBodyLength(t, response, 114) + checkContentLength(t, response, 143) + checkBodyLength(t, response, 143) }, }, { name: "head config path that exists", request: httptest.NewRequest(http.MethodHead, "http://testrequest/config/master", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusOK) checkContentType(t, response, "application/json") - checkContentLength(t, response, 114) + checkContentLength(t, response, 143) checkBodyLength(t, response, 0) }, }, { name: "post config path that exists", request: httptest.NewRequest(http.MethodPost, "http://testrequest/config/master", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusMethodNotAllowed) @@ -256,8 +256,8 @@ func TestAPIServer(t *testing.T) { { name: "get healthz", request: httptest.NewRequest(http.MethodGet, "http://testrequest/healthz", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusNoContent) @@ -268,8 +268,8 @@ func TestAPIServer(t *testing.T) { { name: "head healthz", request: httptest.NewRequest(http.MethodHead, "http://testrequest/healthz", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusNoContent) @@ -280,8 +280,8 @@ func TestAPIServer(t *testing.T) { { name: "post healthz", request: httptest.NewRequest(http.MethodPost, "http://testrequest/healthz", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusMethodNotAllowed) @@ -292,8 +292,8 @@ func TestAPIServer(t *testing.T) { { name: "get root", request: httptest.NewRequest(http.MethodGet, "http://testrequest/", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusNotFound) @@ -304,8 +304,8 @@ func TestAPIServer(t *testing.T) { { name: "head root", request: httptest.NewRequest(http.MethodHead, "http://testrequest/", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusNotFound) @@ -316,8 +316,8 @@ func TestAPIServer(t *testing.T) { { name: "post root", request: httptest.NewRequest(http.MethodPost, "http://testrequest/", nil), - serverFunc: func(poolRequest) (*ignv2_2types.Config, error) { - return new(ignv2_2types.Config), nil + serverFunc: func(poolRequest) (*igntypes.Config, error) { + return new(igntypes.Config), nil }, checkResponse: func(t *testing.T, response *http.Response) { checkStatus(t, response, http.StatusMethodNotAllowed) diff --git a/pkg/server/bootstrap_server.go b/pkg/server/bootstrap_server.go index e394ea6e32..623e0983ae 100644 --- a/pkg/server/bootstrap_server.go +++ b/pkg/server/bootstrap_server.go @@ -6,7 +6,7 @@ import ( "os" "path" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" yaml "github.com/ghodss/yaml" "github.com/golang/glog" clientcmd "k8s.io/client-go/tools/clientcmd/api/v1" @@ -56,7 +56,7 @@ func NewBootstrapServer(dir, kubeconfig string) (Server, error) { // 3. Load the machine config. // 4. Append the machine annotations file. // 5. Append the KubeConfig file. -func (bsc *bootstrapServer) GetConfig(cr poolRequest) (*ignv2_2types.Config, error) { +func (bsc *bootstrapServer) GetConfig(cr poolRequest) (*igntypes.Config, error) { // 1. Read the Machine Config Pool object. fileName := path.Join(bsc.serverBaseDir, "machine-pools", cr.machineConfigPool+".yaml") diff --git a/pkg/server/cluster_server.go b/pkg/server/cluster_server.go index 9cd0db4002..7476d7aec6 100644 --- a/pkg/server/cluster_server.go +++ b/pkg/server/cluster_server.go @@ -5,7 +5,7 @@ import ( "io/ioutil" "path/filepath" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" yaml "github.com/ghodss/yaml" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -57,7 +57,7 @@ func NewClusterServer(kubeConfig, apiserverURL string) (Server, error) { // GetConfig fetches the machine config(type - Ignition) from the cluster, // based on the pool request. -func (cs *clusterServer) GetConfig(cr poolRequest) (*ignv2_2types.Config, error) { +func (cs *clusterServer) GetConfig(cr poolRequest) (*igntypes.Config, error) { mp, err := cs.machineClient.MachineConfigPools().Get(cr.machineConfigPool, metav1.GetOptions{}) if err != nil { return nil, fmt.Errorf("could not fetch pool. err: %v", err) diff --git a/pkg/server/server.go b/pkg/server/server.go index 776252a437..ccd1735627 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -6,7 +6,7 @@ import ( "io/ioutil" "net/url" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" daemonconsts "github.com/openshift/machine-config-operator/pkg/daemon/constants" "github.com/vincent-petithory/dataurl" ) @@ -18,33 +18,28 @@ const ( // From https://github.com/openshift/pivot/pull/25/commits/c77788a35d7ee4058d1410e89e6c7937bca89f6c#diff-04c6e90faac2675aa89e2176d2eec7d8R44 pivotRebootNeeded = "/run/pivot/reboot-needed" - - // defaultFileSystem defines the default file system to be - // used for writing the ignition files created by the - // server. - defaultFileSystem = "root" ) // kubeconfigFunc fetches the kubeconfig that needs to be served. type kubeconfigFunc func() (kubeconfigData []byte, rootCAData []byte, err error) // appenderFunc appends Config. -type appenderFunc func(*ignv2_2types.Config) error +type appenderFunc func(*igntypes.Config) error // Server defines the interface that is implemented by different // machine config server implementations. type Server interface { - GetConfig(poolRequest) (*ignv2_2types.Config, error) + GetConfig(poolRequest) (*igntypes.Config, error) } func getAppenders(cr poolRequest, currMachineConfig string, f kubeconfigFunc, osimageurl string) []appenderFunc { appenders := []appenderFunc{ // append machine annotations file. - func(config *ignv2_2types.Config) error { return appendNodeAnnotations(config, currMachineConfig) }, + func(config *igntypes.Config) error { return appendNodeAnnotations(config, currMachineConfig) }, // append pivot - func(config *ignv2_2types.Config) error { return appendInitialPivot(config, osimageurl) }, + func(config *igntypes.Config) error { return appendInitialPivot(config, osimageurl) }, // append kubeconfig. - func(config *ignv2_2types.Config) error { return appendKubeConfig(config, f) }, + func(config *igntypes.Config) error { return appendKubeConfig(config, f) }, } return appenders } @@ -54,35 +49,37 @@ func boolToPtr(b bool) *bool { return &b } -func appendInitialPivot(conf *ignv2_2types.Config, osimageurl string) error { +func appendInitialPivot(conf *igntypes.Config, osimageurl string) error { if osimageurl == "" { return nil } // Tell pivot.service to pivot early - appendFileToIgnition(conf, daemonconsts.EtcPivotFile, osimageurl + "\n") + appendFileToIgnition(conf, daemonconsts.EtcPivotFile, osimageurl+"\n") // Awful hack to create a file in /run // https://github.com/openshift/machine-config-operator/pull/363#issuecomment-463397373 // "So one gotcha here is that Ignition will actually write `/run/pivot/image-pullspec` to the filesystem rather than the `/run` tmpfs" if len(conf.Systemd.Units) == 0 { - conf.Systemd.Units = make([]ignv2_2types.Unit, 0) + conf.Systemd.Units = make([]igntypes.Unit, 0) + } + unitContents := `[Unit] + Before=pivot.service + ConditionFirstBoot=true + [Service] + ExecStart=/bin/sh -c 'mkdir /run/pivot && touch /run/pivot/reboot-needed' + [Install] + WantedBy=multi-user.target + ` + unit := igntypes.Unit{ + Name: "mcd-write-pivot-reboot.service", + Enabled: boolToPtr(true), + Contents: &unitContents, } - unit := ignv2_2types.Unit { - Name: "mcd-write-pivot-reboot.service", - Enabled: boolToPtr(true), - Contents: `[Unit] -Before=pivot.service -ConditionFirstBoot=true -[Service] -ExecStart=/bin/sh -c 'mkdir /run/pivot && touch /run/pivot/reboot-needed' -[Install] -WantedBy=multi-user.target -`,} conf.Systemd.Units = append(conf.Systemd.Units, unit) return nil } -func appendKubeConfig(conf *ignv2_2types.Config, f kubeconfigFunc) error { +func appendKubeConfig(conf *igntypes.Config, f kubeconfigFunc) error { kcData, _, err := f() if err != nil { return err @@ -91,7 +88,7 @@ func appendKubeConfig(conf *ignv2_2types.Config, f kubeconfigFunc) error { return nil } -func appendNodeAnnotations(conf *ignv2_2types.Config, currConf string) error { +func appendNodeAnnotations(conf *igntypes.Config, currConf string) error { anno, err := getNodeAnnotation(currConf) if err != nil { return err @@ -113,7 +110,7 @@ func getNodeAnnotation(conf string) (string, error) { return string(contents), nil } -func copyFileToIgnition(conf *ignv2_2types.Config, outPath, srcPath string) error { +func copyFileToIgnition(conf *igntypes.Config, outPath, srcPath string) error { contents, err := ioutil.ReadFile(srcPath) if err != nil { return fmt.Errorf("could not read file from: %s, err: %v", srcPath, err) @@ -122,22 +119,22 @@ func copyFileToIgnition(conf *ignv2_2types.Config, outPath, srcPath string) erro return nil } -func appendFileToIgnition(conf *ignv2_2types.Config, outPath, contents string) { +func appendFileToIgnition(conf *igntypes.Config, outPath, contents string) { fileMode := int(420) - file := ignv2_2types.File{ - Node: ignv2_2types.Node{ - Filesystem: defaultFileSystem, - Path: outPath, + encodedContents := getEncodedContent(contents) + file := igntypes.File{ + Node: igntypes.Node{ + Path: outPath, }, - FileEmbedded1: ignv2_2types.FileEmbedded1{ - Contents: ignv2_2types.FileContents{ - Source: getEncodedContent(contents), + FileEmbedded1: igntypes.FileEmbedded1{ + Contents: igntypes.FileContents{ + Source: &encodedContents, }, Mode: &fileMode, }, } if len(conf.Storage.Files) == 0 { - conf.Storage.Files = make([]ignv2_2types.File, 0) + conf.Storage.Files = make([]igntypes.File, 0) } conf.Storage.Files = append(conf.Storage.Files, file) } diff --git a/pkg/server/server_test.go b/pkg/server/server_test.go index 89d7fb7adb..266edd143a 100644 --- a/pkg/server/server_test.go +++ b/pkg/server/server_test.go @@ -8,7 +8,7 @@ import ( "reflect" "testing" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" yaml "github.com/ghodss/yaml" "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" daemonconsts "github.com/openshift/machine-config-operator/pkg/daemon/constants" @@ -187,7 +187,7 @@ func getKubeConfigContent(t *testing.T) ([]byte, []byte, error) { return []byte("dummy-kubeconfig"), []byte("dummy-root-ca"), nil } -func validateIgnitionFiles(t *testing.T, exp, got []ignv2_2types.File) { +func validateIgnitionFiles(t *testing.T, exp, got []igntypes.File) { expMap := createFileMap(exp) gotMap := createFileMap(got) @@ -202,7 +202,7 @@ func validateIgnitionFiles(t *testing.T, exp, got []ignv2_2types.File) { } } -func validateIgnitionSystemd(t *testing.T, exp, got []ignv2_2types.Unit) { +func validateIgnitionSystemd(t *testing.T, exp, got []igntypes.Unit) { expMap := createUnitMap(exp) gotMap := createUnitMap(got) @@ -217,18 +217,18 @@ func validateIgnitionSystemd(t *testing.T, exp, got []ignv2_2types.Unit) { } } -func createUnitMap(units []ignv2_2types.Unit) map[string]ignv2_2types.Unit { - m := make(map[string]ignv2_2types.Unit) +func createUnitMap(units []igntypes.Unit) map[string]igntypes.Unit { + m := make(map[string]igntypes.Unit) for i := range units { m[units[i].Name] = units[i] } return m } -func createFileMap(files []ignv2_2types.File) map[string]ignv2_2types.File { - m := make(map[string]ignv2_2types.File) +func createFileMap(files []igntypes.File) map[string]igntypes.File { + m := make(map[string]igntypes.File) for i := range files { - file := path.Join(files[i].Filesystem, files[i].Path) + file := files[i].Path m[file] = files[i] } return m diff --git a/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml b/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml index 33f3088940..783b7a3442 100644 --- a/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml +++ b/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml @@ -1,8 +1,7 @@ -filesystem: "root" mode: 0644 path: "/etc/kubernetes/manifests/etcd-member.yaml" contents: - inline: | + source: | apiVersion: v1 kind: Pod metadata: diff --git a/templates/master/00-master/_base/files/etc-sysconfig-crio-network.yaml b/templates/master/00-master/_base/files/etc-sysconfig-crio-network.yaml index 91ff44b55e..6f44373ee5 100644 --- a/templates/master/00-master/_base/files/etc-sysconfig-crio-network.yaml +++ b/templates/master/00-master/_base/files/etc-sysconfig-crio-network.yaml @@ -1,6 +1,5 @@ -filesystem: "root" mode: 0644 path: "/etc/sysconfig/crio-network" contents: - inline: | + source: | CRIO_NETWORK_OPTIONS="--cni-config-dir=/etc/kubernetes/cni/net.d --cni-plugin-dir=/var/lib/cni/bin" diff --git a/templates/master/00-master/_base/files/etcd-ca.yaml b/templates/master/00-master/_base/files/etcd-ca.yaml index cb78eb841b..8762583669 100644 --- a/templates/master/00-master/_base/files/etcd-ca.yaml +++ b/templates/master/00-master/_base/files/etcd-ca.yaml @@ -1,6 +1,5 @@ -filesystem: "root" mode: 0644 path: "/etc/kubernetes/static-pod-resources/etcd-member/ca.crt" contents: - inline: | + source: | {{.EtcdCAData | toString | indent 4}} diff --git a/templates/master/00-master/_base/files/etcd-root-ca.yaml b/templates/master/00-master/_base/files/etcd-root-ca.yaml index 58a3edec6b..2b401bfc6e 100644 --- a/templates/master/00-master/_base/files/etcd-root-ca.yaml +++ b/templates/master/00-master/_base/files/etcd-root-ca.yaml @@ -1,6 +1,5 @@ -filesystem: "root" mode: 0644 path: "/etc/kubernetes/static-pod-resources/etcd-member/root-ca.crt" contents: - inline: | + source: | {{.RootCAData | toString | indent 4}} diff --git a/templates/master/00-master/_base/files/pull-secret.yaml b/templates/master/00-master/_base/files/pull-secret.yaml index 9d66b713bc..f3f1811eab 100644 --- a/templates/master/00-master/_base/files/pull-secret.yaml +++ b/templates/master/00-master/_base/files/pull-secret.yaml @@ -1,6 +1,5 @@ -filesystem: "root" mode: 0644 path: "/var/lib/kubelet/config.json" contents: - inline: | + source: | {{.PullSecret}} diff --git a/templates/master/00-master/_base/files/root-ca.yaml b/templates/master/00-master/_base/files/root-ca.yaml index dde0eade6c..3fbaf9822b 100644 --- a/templates/master/00-master/_base/files/root-ca.yaml +++ b/templates/master/00-master/_base/files/root-ca.yaml @@ -1,6 +1,5 @@ -filesystem: "root" mode: 0644 path: "/etc/kubernetes/ca.crt" contents: - inline: | + source: | {{.RootCAData | toString | indent 4}} diff --git a/templates/master/00-master/_base/files/sysctl-forward-conf.yaml b/templates/master/00-master/_base/files/sysctl-forward-conf.yaml index f5f3dcfb88..0f35a8b868 100644 --- a/templates/master/00-master/_base/files/sysctl-forward-conf.yaml +++ b/templates/master/00-master/_base/files/sysctl-forward-conf.yaml @@ -1,7 +1,6 @@ -filesystem: "root" mode: 0644 path: "/etc/sysctl.d/forward.conf" contents: - inline: | + source: | net.ipv4.ip_forward = 1 diff --git a/templates/master/00-master/_base/files/volume-plugins.yaml b/templates/master/00-master/_base/files/volume-plugins.yaml index d73d1ea1bb..0dc0856290 100644 --- a/templates/master/00-master/_base/files/volume-plugins.yaml +++ b/templates/master/00-master/_base/files/volume-plugins.yaml @@ -1,5 +1,4 @@ -filesystem: "root" mode: 0755 path: "/etc/kubernetes/kubelet-plugins/volume/exec/.dummy" contents: - inline: | + source: | diff --git a/templates/master/01-master-container-runtime/_base/files/container-registries.yaml b/templates/master/01-master-container-runtime/_base/files/container-registries.yaml index 98f2bf7b8a..acb0d34c1f 100644 --- a/templates/master/01-master-container-runtime/_base/files/container-registries.yaml +++ b/templates/master/01-master-container-runtime/_base/files/container-registries.yaml @@ -1,8 +1,7 @@ -filesystem: "root" mode: 0644 path: "/etc/containers/registries.conf" contents: - inline: | + source: | [registries.search] registries = ['registry.access.redhat.com', 'docker.io'] diff --git a/templates/master/01-master-container-runtime/_base/files/container-storage.yaml b/templates/master/01-master-container-runtime/_base/files/container-storage.yaml index bc398da318..5c6f188482 100644 --- a/templates/master/01-master-container-runtime/_base/files/container-storage.yaml +++ b/templates/master/01-master-container-runtime/_base/files/container-storage.yaml @@ -1,8 +1,7 @@ -filesystem: "root" mode: 0644 path: "/etc/containers/storage.conf" contents: - inline: | + source: | # storage.conf is the configuration file for all tools # that share the containers/storage libraries # See man 5 containers-storage.conf for more information diff --git a/templates/master/01-master-container-runtime/_base/files/crio.yaml b/templates/master/01-master-container-runtime/_base/files/crio.yaml index 6981525763..d887115e1b 100644 --- a/templates/master/01-master-container-runtime/_base/files/crio.yaml +++ b/templates/master/01-master-container-runtime/_base/files/crio.yaml @@ -1,8 +1,7 @@ -filesystem: "root" mode: 0644 path: "/etc/crio/crio.conf" contents: - inline: | + source: | # The "crio" table contains all of the server options. [crio] diff --git a/templates/master/01-master-kubelet/_base/files/kubelet.yaml b/templates/master/01-master-kubelet/_base/files/kubelet.yaml index 5f0c83a388..e705a20ae4 100644 --- a/templates/master/01-master-kubelet/_base/files/kubelet.yaml +++ b/templates/master/01-master-kubelet/_base/files/kubelet.yaml @@ -1,8 +1,7 @@ -filesystem: "root" mode: 0644 path: "/etc/kubernetes/kubelet.conf" contents: - inline: | + source: | kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 cgroupDriver: systemd diff --git a/templates/worker/00-worker/_base/files/etc-sysconfig-crio-network.yaml b/templates/worker/00-worker/_base/files/etc-sysconfig-crio-network.yaml index 91ff44b55e..0fa3208510 100644 --- a/templates/worker/00-worker/_base/files/etc-sysconfig-crio-network.yaml +++ b/templates/worker/00-worker/_base/files/etc-sysconfig-crio-network.yaml @@ -2,5 +2,5 @@ filesystem: "root" mode: 0644 path: "/etc/sysconfig/crio-network" contents: - inline: | + source: | CRIO_NETWORK_OPTIONS="--cni-config-dir=/etc/kubernetes/cni/net.d --cni-plugin-dir=/var/lib/cni/bin" diff --git a/templates/worker/00-worker/_base/files/pull-secret.yaml b/templates/worker/00-worker/_base/files/pull-secret.yaml index 9d66b713bc..948327a0a7 100644 --- a/templates/worker/00-worker/_base/files/pull-secret.yaml +++ b/templates/worker/00-worker/_base/files/pull-secret.yaml @@ -2,5 +2,5 @@ filesystem: "root" mode: 0644 path: "/var/lib/kubelet/config.json" contents: - inline: | + source: | {{.PullSecret}} diff --git a/templates/worker/00-worker/_base/files/root-ca.yaml b/templates/worker/00-worker/_base/files/root-ca.yaml index dde0eade6c..56e0db2199 100644 --- a/templates/worker/00-worker/_base/files/root-ca.yaml +++ b/templates/worker/00-worker/_base/files/root-ca.yaml @@ -2,5 +2,5 @@ filesystem: "root" mode: 0644 path: "/etc/kubernetes/ca.crt" contents: - inline: | + source: | {{.RootCAData | toString | indent 4}} diff --git a/templates/worker/00-worker/_base/files/sysctl-forward-conf.yaml b/templates/worker/00-worker/_base/files/sysctl-forward-conf.yaml index f5f3dcfb88..779aea33c1 100644 --- a/templates/worker/00-worker/_base/files/sysctl-forward-conf.yaml +++ b/templates/worker/00-worker/_base/files/sysctl-forward-conf.yaml @@ -2,6 +2,6 @@ filesystem: "root" mode: 0644 path: "/etc/sysctl.d/forward.conf" contents: - inline: | + source: | net.ipv4.ip_forward = 1 diff --git a/templates/worker/00-worker/_base/files/volume-plugins.yaml b/templates/worker/00-worker/_base/files/volume-plugins.yaml index d73d1ea1bb..84c3b5acd8 100644 --- a/templates/worker/00-worker/_base/files/volume-plugins.yaml +++ b/templates/worker/00-worker/_base/files/volume-plugins.yaml @@ -2,4 +2,4 @@ filesystem: "root" mode: 0755 path: "/etc/kubernetes/kubelet-plugins/volume/exec/.dummy" contents: - inline: | + source: | diff --git a/templates/worker/01-worker-container-runtime/_base/files/container-registries.yaml b/templates/worker/01-worker-container-runtime/_base/files/container-registries.yaml index 98f2bf7b8a..b61c4e0c53 100644 --- a/templates/worker/01-worker-container-runtime/_base/files/container-registries.yaml +++ b/templates/worker/01-worker-container-runtime/_base/files/container-registries.yaml @@ -2,7 +2,7 @@ filesystem: "root" mode: 0644 path: "/etc/containers/registries.conf" contents: - inline: | + source: | [registries.search] registries = ['registry.access.redhat.com', 'docker.io'] diff --git a/templates/worker/01-worker-container-runtime/_base/files/container-storage.yaml b/templates/worker/01-worker-container-runtime/_base/files/container-storage.yaml index bc398da318..a5b991369c 100644 --- a/templates/worker/01-worker-container-runtime/_base/files/container-storage.yaml +++ b/templates/worker/01-worker-container-runtime/_base/files/container-storage.yaml @@ -2,7 +2,7 @@ filesystem: "root" mode: 0644 path: "/etc/containers/storage.conf" contents: - inline: | + source: | # storage.conf is the configuration file for all tools # that share the containers/storage libraries # See man 5 containers-storage.conf for more information diff --git a/templates/worker/01-worker-container-runtime/_base/files/crio.yaml b/templates/worker/01-worker-container-runtime/_base/files/crio.yaml index 6981525763..e78819db38 100644 --- a/templates/worker/01-worker-container-runtime/_base/files/crio.yaml +++ b/templates/worker/01-worker-container-runtime/_base/files/crio.yaml @@ -2,7 +2,7 @@ filesystem: "root" mode: 0644 path: "/etc/crio/crio.conf" contents: - inline: | + source: | # The "crio" table contains all of the server options. [crio] diff --git a/templates/worker/01-worker-kubelet/_base/files/kubelet.yaml b/templates/worker/01-worker-kubelet/_base/files/kubelet.yaml index 113ef314b4..000f382329 100644 --- a/templates/worker/01-worker-kubelet/_base/files/kubelet.yaml +++ b/templates/worker/01-worker-kubelet/_base/files/kubelet.yaml @@ -2,7 +2,7 @@ filesystem: "root" mode: 0644 path: "/etc/kubernetes/kubelet.conf" contents: - inline: | + source: | kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 cgroupDriver: systemd diff --git a/test/e2e/mcd_test.go b/test/e2e/mcd_test.go index 36459d5d14..54f3aa1209 100644 --- a/test/e2e/mcd_test.go +++ b/test/e2e/mcd_test.go @@ -7,8 +7,9 @@ import ( "testing" "time" - ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + igntypes "github.com/coreos/ignition/config/v3_0/types" mcv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" + ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/openshift/machine-config-operator/pkg/daemon/constants" "github.com/openshift/machine-config-operator/test/e2e/framework" "k8s.io/api/core/v1" @@ -51,22 +52,21 @@ func mcLabelForWorkers() map[string]string { return mcLabels } -func createIgnFile(path, content, fs string, mode int) ignv2_2types.File { - return ignv2_2types.File{ - FileEmbedded1: ignv2_2types.FileEmbedded1{ - Contents: ignv2_2types.FileContents{ - Source: content, +func createIgnFile(path, content string, mode int) igntypes.File { + return igntypes.File{ + FileEmbedded1: igntypes.FileEmbedded1{ + Contents: igntypes.FileContents{ + Source: &content, }, Mode: &mode, }, - Node: ignv2_2types.Node{ - Filesystem: fs, - Path: path, + Node: igntypes.Node{ + Path: path, }, } } -func createMCToAddFile(name, filename, data, fs string) *mcv1.MachineConfig { +func createMCToAddFile(name, filename, data string) *mcv1.MachineConfig { // create a dummy MC mcName := fmt.Sprintf("%s-%s", name, uuid.NewUUID()) mcadd := &mcv1.MachineConfig{} @@ -75,18 +75,11 @@ func createMCToAddFile(name, filename, data, fs string) *mcv1.MachineConfig { // TODO(runcom): hardcoded to workers for safety Labels: mcLabelForWorkers(), } - mcadd.Spec = mcv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Ignition: ignv2_2types.Ignition{ - Version: "2.2.0", - }, - Storage: ignv2_2types.Storage{ - Files: []ignv2_2types.File{ - createIgnFile(filename, "data:,"+data, fs, 420), - }, - }, - }, - } + ignConfig := ctrlcommon.NewIgnConfig() + ignFile := createIgnFile(filename, "data:,"+data, 420) + ignConfig.Storage.Files = append(ignConfig.Storage.Files, ignFile) + mcadd.Spec.Config = ignConfig + return mcadd } @@ -94,7 +87,7 @@ func TestMCDeployed(t *testing.T) { cs := framework.NewClientSet("") for i := 0; i < 10; i++ { - mcadd := createMCToAddFile("add-a-file", fmt.Sprintf("/etc/mytestconf%d", i), "test", "root") + mcadd := createMCToAddFile("add-a-file", fmt.Sprintf("/etc/mytestconf%d", i), "test") // create the dummy MC now _, err := cs.MachineConfigs().Create(mcadd) @@ -156,23 +149,17 @@ func TestUpdateSSH(t *testing.T) { Labels: mcLabelForWorkers(), } // create a new MC that adds a valid user & ssh keys - tempUser := ignv2_2types.PasswdUser{ + tempUser := igntypes.PasswdUser{ Name: "core", - SSHAuthorizedKeys: []ignv2_2types.SSHAuthorizedKey{ + SSHAuthorizedKeys: []igntypes.SSHAuthorizedKey{ "1234_test", "abc_test", }, } - mcadd.Spec = mcv1.MachineConfigSpec{ - Config: ignv2_2types.Config{ - Ignition: ignv2_2types.Ignition{ - Version: "2.2.0", - }, - Passwd: ignv2_2types.Passwd{ - Users: []ignv2_2types.PasswdUser{tempUser}, - }, - }, - } + ignConfig := ctrlcommon.NewIgnConfig() + ignConfig.Passwd.Users = append(ignConfig.Passwd.Users, tempUser) + mcadd.Spec.Config = ignConfig + _, err := cs.MachineConfigs().Create(mcadd) if err != nil { t.Errorf("failed to create machine config %v", err) @@ -266,7 +253,7 @@ func TestReconcileAfterBadMC(t *testing.T) { cs := framework.NewClientSet("") // create a bad MC w/o a filesystem field which is going to fail reconciling - mcadd := createMCToAddFile("add-a-file", "/etc/mytestconfs", "test", "") + mcadd := createMCToAddFile("add-a-file", "/etc/mytestconfs", "test") // grab the initial machineconfig used by the worker pool // this MC is gonna be the one which is going to be reapplied once the bad MC is deleted diff --git a/vendor/github.com/ajeddeloh/yaml/LICENSE b/vendor/github.com/ajeddeloh/yaml/LICENSE deleted file mode 100644 index 8dada3edaf..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/ajeddeloh/yaml/LICENSE.libyaml b/vendor/github.com/ajeddeloh/yaml/LICENSE.libyaml deleted file mode 100644 index 8da58fbf6f..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/LICENSE.libyaml +++ /dev/null @@ -1,31 +0,0 @@ -The following files were ported to Go from C files of libyaml, and thus -are still covered by their original copyright and license: - - apic.go - emitterc.go - parserc.go - readerc.go - scannerc.go - writerc.go - yamlh.go - yamlprivateh.go - -Copyright (c) 2006 Kirill Simonov - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/ajeddeloh/yaml/apic.go b/vendor/github.com/ajeddeloh/yaml/apic.go deleted file mode 100644 index 95ec014e8c..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/apic.go +++ /dev/null @@ -1,742 +0,0 @@ -package yaml - -import ( - "io" - "os" -) - -func yaml_insert_token(parser *yaml_parser_t, pos int, token *yaml_token_t) { - //fmt.Println("yaml_insert_token", "pos:", pos, "typ:", token.typ, "head:", parser.tokens_head, "len:", len(parser.tokens)) - - // Check if we can move the queue at the beginning of the buffer. - if parser.tokens_head > 0 && len(parser.tokens) == cap(parser.tokens) { - if parser.tokens_head != len(parser.tokens) { - copy(parser.tokens, parser.tokens[parser.tokens_head:]) - } - parser.tokens = parser.tokens[:len(parser.tokens)-parser.tokens_head] - parser.tokens_head = 0 - } - parser.tokens = append(parser.tokens, *token) - if pos < 0 { - return - } - copy(parser.tokens[parser.tokens_head+pos+1:], parser.tokens[parser.tokens_head+pos:]) - parser.tokens[parser.tokens_head+pos] = *token -} - -// Create a new parser object. -func yaml_parser_initialize(parser *yaml_parser_t) bool { - *parser = yaml_parser_t{ - raw_buffer: make([]byte, 0, input_raw_buffer_size), - buffer: make([]byte, 0, input_buffer_size), - } - return true -} - -// Destroy a parser object. -func yaml_parser_delete(parser *yaml_parser_t) { - *parser = yaml_parser_t{} -} - -// String read handler. -func yaml_string_read_handler(parser *yaml_parser_t, buffer []byte) (n int, err error) { - if parser.input_pos == len(parser.input) { - return 0, io.EOF - } - n = copy(buffer, parser.input[parser.input_pos:]) - parser.input_pos += n - return n, nil -} - -// File read handler. -func yaml_file_read_handler(parser *yaml_parser_t, buffer []byte) (n int, err error) { - return parser.input_file.Read(buffer) -} - -// Set a string input. -func yaml_parser_set_input_string(parser *yaml_parser_t, input []byte) { - if parser.read_handler != nil { - panic("must set the input source only once") - } - parser.read_handler = yaml_string_read_handler - parser.input = input - parser.input_pos = 0 -} - -// Set a file input. -func yaml_parser_set_input_file(parser *yaml_parser_t, file *os.File) { - if parser.read_handler != nil { - panic("must set the input source only once") - } - parser.read_handler = yaml_file_read_handler - parser.input_file = file -} - -// Set the source encoding. -func yaml_parser_set_encoding(parser *yaml_parser_t, encoding yaml_encoding_t) { - if parser.encoding != yaml_ANY_ENCODING { - panic("must set the encoding only once") - } - parser.encoding = encoding -} - -// Create a new emitter object. -func yaml_emitter_initialize(emitter *yaml_emitter_t) bool { - *emitter = yaml_emitter_t{ - buffer: make([]byte, output_buffer_size), - raw_buffer: make([]byte, 0, output_raw_buffer_size), - states: make([]yaml_emitter_state_t, 0, initial_stack_size), - events: make([]yaml_event_t, 0, initial_queue_size), - } - return true -} - -// Destroy an emitter object. -func yaml_emitter_delete(emitter *yaml_emitter_t) { - *emitter = yaml_emitter_t{} -} - -// String write handler. -func yaml_string_write_handler(emitter *yaml_emitter_t, buffer []byte) error { - *emitter.output_buffer = append(*emitter.output_buffer, buffer...) - return nil -} - -// File write handler. -func yaml_file_write_handler(emitter *yaml_emitter_t, buffer []byte) error { - _, err := emitter.output_file.Write(buffer) - return err -} - -// Set a string output. -func yaml_emitter_set_output_string(emitter *yaml_emitter_t, output_buffer *[]byte) { - if emitter.write_handler != nil { - panic("must set the output target only once") - } - emitter.write_handler = yaml_string_write_handler - emitter.output_buffer = output_buffer -} - -// Set a file output. -func yaml_emitter_set_output_file(emitter *yaml_emitter_t, file io.Writer) { - if emitter.write_handler != nil { - panic("must set the output target only once") - } - emitter.write_handler = yaml_file_write_handler - emitter.output_file = file -} - -// Set the output encoding. -func yaml_emitter_set_encoding(emitter *yaml_emitter_t, encoding yaml_encoding_t) { - if emitter.encoding != yaml_ANY_ENCODING { - panic("must set the output encoding only once") - } - emitter.encoding = encoding -} - -// Set the canonical output style. -func yaml_emitter_set_canonical(emitter *yaml_emitter_t, canonical bool) { - emitter.canonical = canonical -} - -//// Set the indentation increment. -func yaml_emitter_set_indent(emitter *yaml_emitter_t, indent int) { - if indent < 2 || indent > 9 { - indent = 2 - } - emitter.best_indent = indent -} - -// Set the preferred line width. -func yaml_emitter_set_width(emitter *yaml_emitter_t, width int) { - if width < 0 { - width = -1 - } - emitter.best_width = width -} - -// Set if unescaped non-ASCII characters are allowed. -func yaml_emitter_set_unicode(emitter *yaml_emitter_t, unicode bool) { - emitter.unicode = unicode -} - -// Set the preferred line break character. -func yaml_emitter_set_break(emitter *yaml_emitter_t, line_break yaml_break_t) { - emitter.line_break = line_break -} - -///* -// * Destroy a token object. -// */ -// -//YAML_DECLARE(void) -//yaml_token_delete(yaml_token_t *token) -//{ -// assert(token); // Non-NULL token object expected. -// -// switch (token.type) -// { -// case YAML_TAG_DIRECTIVE_TOKEN: -// yaml_free(token.data.tag_directive.handle); -// yaml_free(token.data.tag_directive.prefix); -// break; -// -// case YAML_ALIAS_TOKEN: -// yaml_free(token.data.alias.value); -// break; -// -// case YAML_ANCHOR_TOKEN: -// yaml_free(token.data.anchor.value); -// break; -// -// case YAML_TAG_TOKEN: -// yaml_free(token.data.tag.handle); -// yaml_free(token.data.tag.suffix); -// break; -// -// case YAML_SCALAR_TOKEN: -// yaml_free(token.data.scalar.value); -// break; -// -// default: -// break; -// } -// -// memset(token, 0, sizeof(yaml_token_t)); -//} -// -///* -// * Check if a string is a valid UTF-8 sequence. -// * -// * Check 'reader.c' for more details on UTF-8 encoding. -// */ -// -//static int -//yaml_check_utf8(yaml_char_t *start, size_t length) -//{ -// yaml_char_t *end = start+length; -// yaml_char_t *pointer = start; -// -// while (pointer < end) { -// unsigned char octet; -// unsigned int width; -// unsigned int value; -// size_t k; -// -// octet = pointer[0]; -// width = (octet & 0x80) == 0x00 ? 1 : -// (octet & 0xE0) == 0xC0 ? 2 : -// (octet & 0xF0) == 0xE0 ? 3 : -// (octet & 0xF8) == 0xF0 ? 4 : 0; -// value = (octet & 0x80) == 0x00 ? octet & 0x7F : -// (octet & 0xE0) == 0xC0 ? octet & 0x1F : -// (octet & 0xF0) == 0xE0 ? octet & 0x0F : -// (octet & 0xF8) == 0xF0 ? octet & 0x07 : 0; -// if (!width) return 0; -// if (pointer+width > end) return 0; -// for (k = 1; k < width; k ++) { -// octet = pointer[k]; -// if ((octet & 0xC0) != 0x80) return 0; -// value = (value << 6) + (octet & 0x3F); -// } -// if (!((width == 1) || -// (width == 2 && value >= 0x80) || -// (width == 3 && value >= 0x800) || -// (width == 4 && value >= 0x10000))) return 0; -// -// pointer += width; -// } -// -// return 1; -//} -// - -// Create STREAM-START. -func yaml_stream_start_event_initialize(event *yaml_event_t, encoding yaml_encoding_t) bool { - *event = yaml_event_t{ - typ: yaml_STREAM_START_EVENT, - encoding: encoding, - } - return true -} - -// Create STREAM-END. -func yaml_stream_end_event_initialize(event *yaml_event_t) bool { - *event = yaml_event_t{ - typ: yaml_STREAM_END_EVENT, - } - return true -} - -// Create DOCUMENT-START. -func yaml_document_start_event_initialize(event *yaml_event_t, version_directive *yaml_version_directive_t, - tag_directives []yaml_tag_directive_t, implicit bool) bool { - *event = yaml_event_t{ - typ: yaml_DOCUMENT_START_EVENT, - version_directive: version_directive, - tag_directives: tag_directives, - implicit: implicit, - } - return true -} - -// Create DOCUMENT-END. -func yaml_document_end_event_initialize(event *yaml_event_t, implicit bool) bool { - *event = yaml_event_t{ - typ: yaml_DOCUMENT_END_EVENT, - implicit: implicit, - } - return true -} - -///* -// * Create ALIAS. -// */ -// -//YAML_DECLARE(int) -//yaml_alias_event_initialize(event *yaml_event_t, anchor *yaml_char_t) -//{ -// mark yaml_mark_t = { 0, 0, 0 } -// anchor_copy *yaml_char_t = NULL -// -// assert(event) // Non-NULL event object is expected. -// assert(anchor) // Non-NULL anchor is expected. -// -// if (!yaml_check_utf8(anchor, strlen((char *)anchor))) return 0 -// -// anchor_copy = yaml_strdup(anchor) -// if (!anchor_copy) -// return 0 -// -// ALIAS_EVENT_INIT(*event, anchor_copy, mark, mark) -// -// return 1 -//} - -// Create SCALAR. -func yaml_scalar_event_initialize(event *yaml_event_t, anchor, tag, value []byte, plain_implicit, quoted_implicit bool, style yaml_scalar_style_t) bool { - *event = yaml_event_t{ - typ: yaml_SCALAR_EVENT, - anchor: anchor, - tag: tag, - value: value, - implicit: plain_implicit, - quoted_implicit: quoted_implicit, - style: yaml_style_t(style), - } - return true -} - -// Create SEQUENCE-START. -func yaml_sequence_start_event_initialize(event *yaml_event_t, anchor, tag []byte, implicit bool, style yaml_sequence_style_t) bool { - *event = yaml_event_t{ - typ: yaml_SEQUENCE_START_EVENT, - anchor: anchor, - tag: tag, - implicit: implicit, - style: yaml_style_t(style), - } - return true -} - -// Create SEQUENCE-END. -func yaml_sequence_end_event_initialize(event *yaml_event_t) bool { - *event = yaml_event_t{ - typ: yaml_SEQUENCE_END_EVENT, - } - return true -} - -// Create MAPPING-START. -func yaml_mapping_start_event_initialize(event *yaml_event_t, anchor, tag []byte, implicit bool, style yaml_mapping_style_t) bool { - *event = yaml_event_t{ - typ: yaml_MAPPING_START_EVENT, - anchor: anchor, - tag: tag, - implicit: implicit, - style: yaml_style_t(style), - } - return true -} - -// Create MAPPING-END. -func yaml_mapping_end_event_initialize(event *yaml_event_t) bool { - *event = yaml_event_t{ - typ: yaml_MAPPING_END_EVENT, - } - return true -} - -// Destroy an event object. -func yaml_event_delete(event *yaml_event_t) { - *event = yaml_event_t{} -} - -///* -// * Create a document object. -// */ -// -//YAML_DECLARE(int) -//yaml_document_initialize(document *yaml_document_t, -// version_directive *yaml_version_directive_t, -// tag_directives_start *yaml_tag_directive_t, -// tag_directives_end *yaml_tag_directive_t, -// start_implicit int, end_implicit int) -//{ -// struct { -// error yaml_error_type_t -// } context -// struct { -// start *yaml_node_t -// end *yaml_node_t -// top *yaml_node_t -// } nodes = { NULL, NULL, NULL } -// version_directive_copy *yaml_version_directive_t = NULL -// struct { -// start *yaml_tag_directive_t -// end *yaml_tag_directive_t -// top *yaml_tag_directive_t -// } tag_directives_copy = { NULL, NULL, NULL } -// value yaml_tag_directive_t = { NULL, NULL } -// mark yaml_mark_t = { 0, 0, 0 } -// -// assert(document) // Non-NULL document object is expected. -// assert((tag_directives_start && tag_directives_end) || -// (tag_directives_start == tag_directives_end)) -// // Valid tag directives are expected. -// -// if (!STACK_INIT(&context, nodes, INITIAL_STACK_SIZE)) goto error -// -// if (version_directive) { -// version_directive_copy = yaml_malloc(sizeof(yaml_version_directive_t)) -// if (!version_directive_copy) goto error -// version_directive_copy.major = version_directive.major -// version_directive_copy.minor = version_directive.minor -// } -// -// if (tag_directives_start != tag_directives_end) { -// tag_directive *yaml_tag_directive_t -// if (!STACK_INIT(&context, tag_directives_copy, INITIAL_STACK_SIZE)) -// goto error -// for (tag_directive = tag_directives_start -// tag_directive != tag_directives_end; tag_directive ++) { -// assert(tag_directive.handle) -// assert(tag_directive.prefix) -// if (!yaml_check_utf8(tag_directive.handle, -// strlen((char *)tag_directive.handle))) -// goto error -// if (!yaml_check_utf8(tag_directive.prefix, -// strlen((char *)tag_directive.prefix))) -// goto error -// value.handle = yaml_strdup(tag_directive.handle) -// value.prefix = yaml_strdup(tag_directive.prefix) -// if (!value.handle || !value.prefix) goto error -// if (!PUSH(&context, tag_directives_copy, value)) -// goto error -// value.handle = NULL -// value.prefix = NULL -// } -// } -// -// DOCUMENT_INIT(*document, nodes.start, nodes.end, version_directive_copy, -// tag_directives_copy.start, tag_directives_copy.top, -// start_implicit, end_implicit, mark, mark) -// -// return 1 -// -//error: -// STACK_DEL(&context, nodes) -// yaml_free(version_directive_copy) -// while (!STACK_EMPTY(&context, tag_directives_copy)) { -// value yaml_tag_directive_t = POP(&context, tag_directives_copy) -// yaml_free(value.handle) -// yaml_free(value.prefix) -// } -// STACK_DEL(&context, tag_directives_copy) -// yaml_free(value.handle) -// yaml_free(value.prefix) -// -// return 0 -//} -// -///* -// * Destroy a document object. -// */ -// -//YAML_DECLARE(void) -//yaml_document_delete(document *yaml_document_t) -//{ -// struct { -// error yaml_error_type_t -// } context -// tag_directive *yaml_tag_directive_t -// -// context.error = YAML_NO_ERROR // Eliminate a compliler warning. -// -// assert(document) // Non-NULL document object is expected. -// -// while (!STACK_EMPTY(&context, document.nodes)) { -// node yaml_node_t = POP(&context, document.nodes) -// yaml_free(node.tag) -// switch (node.type) { -// case YAML_SCALAR_NODE: -// yaml_free(node.data.scalar.value) -// break -// case YAML_SEQUENCE_NODE: -// STACK_DEL(&context, node.data.sequence.items) -// break -// case YAML_MAPPING_NODE: -// STACK_DEL(&context, node.data.mapping.pairs) -// break -// default: -// assert(0) // Should not happen. -// } -// } -// STACK_DEL(&context, document.nodes) -// -// yaml_free(document.version_directive) -// for (tag_directive = document.tag_directives.start -// tag_directive != document.tag_directives.end -// tag_directive++) { -// yaml_free(tag_directive.handle) -// yaml_free(tag_directive.prefix) -// } -// yaml_free(document.tag_directives.start) -// -// memset(document, 0, sizeof(yaml_document_t)) -//} -// -///** -// * Get a document node. -// */ -// -//YAML_DECLARE(yaml_node_t *) -//yaml_document_get_node(document *yaml_document_t, index int) -//{ -// assert(document) // Non-NULL document object is expected. -// -// if (index > 0 && document.nodes.start + index <= document.nodes.top) { -// return document.nodes.start + index - 1 -// } -// return NULL -//} -// -///** -// * Get the root object. -// */ -// -//YAML_DECLARE(yaml_node_t *) -//yaml_document_get_root_node(document *yaml_document_t) -//{ -// assert(document) // Non-NULL document object is expected. -// -// if (document.nodes.top != document.nodes.start) { -// return document.nodes.start -// } -// return NULL -//} -// -///* -// * Add a scalar node to a document. -// */ -// -//YAML_DECLARE(int) -//yaml_document_add_scalar(document *yaml_document_t, -// tag *yaml_char_t, value *yaml_char_t, length int, -// style yaml_scalar_style_t) -//{ -// struct { -// error yaml_error_type_t -// } context -// mark yaml_mark_t = { 0, 0, 0 } -// tag_copy *yaml_char_t = NULL -// value_copy *yaml_char_t = NULL -// node yaml_node_t -// -// assert(document) // Non-NULL document object is expected. -// assert(value) // Non-NULL value is expected. -// -// if (!tag) { -// tag = (yaml_char_t *)YAML_DEFAULT_SCALAR_TAG -// } -// -// if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error -// tag_copy = yaml_strdup(tag) -// if (!tag_copy) goto error -// -// if (length < 0) { -// length = strlen((char *)value) -// } -// -// if (!yaml_check_utf8(value, length)) goto error -// value_copy = yaml_malloc(length+1) -// if (!value_copy) goto error -// memcpy(value_copy, value, length) -// value_copy[length] = '\0' -// -// SCALAR_NODE_INIT(node, tag_copy, value_copy, length, style, mark, mark) -// if (!PUSH(&context, document.nodes, node)) goto error -// -// return document.nodes.top - document.nodes.start -// -//error: -// yaml_free(tag_copy) -// yaml_free(value_copy) -// -// return 0 -//} -// -///* -// * Add a sequence node to a document. -// */ -// -//YAML_DECLARE(int) -//yaml_document_add_sequence(document *yaml_document_t, -// tag *yaml_char_t, style yaml_sequence_style_t) -//{ -// struct { -// error yaml_error_type_t -// } context -// mark yaml_mark_t = { 0, 0, 0 } -// tag_copy *yaml_char_t = NULL -// struct { -// start *yaml_node_item_t -// end *yaml_node_item_t -// top *yaml_node_item_t -// } items = { NULL, NULL, NULL } -// node yaml_node_t -// -// assert(document) // Non-NULL document object is expected. -// -// if (!tag) { -// tag = (yaml_char_t *)YAML_DEFAULT_SEQUENCE_TAG -// } -// -// if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error -// tag_copy = yaml_strdup(tag) -// if (!tag_copy) goto error -// -// if (!STACK_INIT(&context, items, INITIAL_STACK_SIZE)) goto error -// -// SEQUENCE_NODE_INIT(node, tag_copy, items.start, items.end, -// style, mark, mark) -// if (!PUSH(&context, document.nodes, node)) goto error -// -// return document.nodes.top - document.nodes.start -// -//error: -// STACK_DEL(&context, items) -// yaml_free(tag_copy) -// -// return 0 -//} -// -///* -// * Add a mapping node to a document. -// */ -// -//YAML_DECLARE(int) -//yaml_document_add_mapping(document *yaml_document_t, -// tag *yaml_char_t, style yaml_mapping_style_t) -//{ -// struct { -// error yaml_error_type_t -// } context -// mark yaml_mark_t = { 0, 0, 0 } -// tag_copy *yaml_char_t = NULL -// struct { -// start *yaml_node_pair_t -// end *yaml_node_pair_t -// top *yaml_node_pair_t -// } pairs = { NULL, NULL, NULL } -// node yaml_node_t -// -// assert(document) // Non-NULL document object is expected. -// -// if (!tag) { -// tag = (yaml_char_t *)YAML_DEFAULT_MAPPING_TAG -// } -// -// if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error -// tag_copy = yaml_strdup(tag) -// if (!tag_copy) goto error -// -// if (!STACK_INIT(&context, pairs, INITIAL_STACK_SIZE)) goto error -// -// MAPPING_NODE_INIT(node, tag_copy, pairs.start, pairs.end, -// style, mark, mark) -// if (!PUSH(&context, document.nodes, node)) goto error -// -// return document.nodes.top - document.nodes.start -// -//error: -// STACK_DEL(&context, pairs) -// yaml_free(tag_copy) -// -// return 0 -//} -// -///* -// * Append an item to a sequence node. -// */ -// -//YAML_DECLARE(int) -//yaml_document_append_sequence_item(document *yaml_document_t, -// sequence int, item int) -//{ -// struct { -// error yaml_error_type_t -// } context -// -// assert(document) // Non-NULL document is required. -// assert(sequence > 0 -// && document.nodes.start + sequence <= document.nodes.top) -// // Valid sequence id is required. -// assert(document.nodes.start[sequence-1].type == YAML_SEQUENCE_NODE) -// // A sequence node is required. -// assert(item > 0 && document.nodes.start + item <= document.nodes.top) -// // Valid item id is required. -// -// if (!PUSH(&context, -// document.nodes.start[sequence-1].data.sequence.items, item)) -// return 0 -// -// return 1 -//} -// -///* -// * Append a pair of a key and a value to a mapping node. -// */ -// -//YAML_DECLARE(int) -//yaml_document_append_mapping_pair(document *yaml_document_t, -// mapping int, key int, value int) -//{ -// struct { -// error yaml_error_type_t -// } context -// -// pair yaml_node_pair_t -// -// assert(document) // Non-NULL document is required. -// assert(mapping > 0 -// && document.nodes.start + mapping <= document.nodes.top) -// // Valid mapping id is required. -// assert(document.nodes.start[mapping-1].type == YAML_MAPPING_NODE) -// // A mapping node is required. -// assert(key > 0 && document.nodes.start + key <= document.nodes.top) -// // Valid key id is required. -// assert(value > 0 && document.nodes.start + value <= document.nodes.top) -// // Valid value id is required. -// -// pair.key = key -// pair.value = value -// -// if (!PUSH(&context, -// document.nodes.start[mapping-1].data.mapping.pairs, pair)) -// return 0 -// -// return 1 -//} -// -// diff --git a/vendor/github.com/ajeddeloh/yaml/decode.go b/vendor/github.com/ajeddeloh/yaml/decode.go deleted file mode 100644 index b087c7f3d9..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/decode.go +++ /dev/null @@ -1,685 +0,0 @@ -package yaml - -import ( - "encoding" - "encoding/base64" - "fmt" - "math" - "reflect" - "strconv" - "time" -) - -const ( - DocumentNode = 1 << iota - MappingNode - SequenceNode - ScalarNode - AliasNode -) - -type Node struct { - Kind int - Line, Column int - Tag string - Value string - Implicit bool - Children []*Node - Anchors map[string]*Node -} - -// ---------------------------------------------------------------------------- -// Parser, produces a Node tree out of a libyaml event stream. - -type parser struct { - parser yaml_parser_t - event yaml_event_t - doc *Node -} - -func newParser(b []byte) *parser { - p := parser{} - if !yaml_parser_initialize(&p.parser) { - panic("failed to initialize YAML emitter") - } - - if len(b) == 0 { - b = []byte{'\n'} - } - - yaml_parser_set_input_string(&p.parser, b) - - p.skip() - if p.event.typ != yaml_STREAM_START_EVENT { - panic("expected stream start event, got " + strconv.Itoa(int(p.event.typ))) - } - p.skip() - return &p -} - -func (p *parser) destroy() { - if p.event.typ != yaml_NO_EVENT { - yaml_event_delete(&p.event) - } - yaml_parser_delete(&p.parser) -} - -func (p *parser) skip() { - if p.event.typ != yaml_NO_EVENT { - if p.event.typ == yaml_STREAM_END_EVENT { - failf("attempted to go past the end of stream; corrupted value?") - } - yaml_event_delete(&p.event) - } - if !yaml_parser_parse(&p.parser, &p.event) { - p.fail() - } -} - -func (p *parser) fail() { - var where string - var line int - if p.parser.problem_mark.line != 0 { - line = p.parser.problem_mark.line - } else if p.parser.context_mark.line != 0 { - line = p.parser.context_mark.line - } - if line != 0 { - where = "line " + strconv.Itoa(line) + ": " - } - var msg string - if len(p.parser.problem) > 0 { - msg = p.parser.problem - } else { - msg = "unknown problem parsing YAML content" - } - failf("%s%s", where, msg) -} - -func (p *parser) anchor(n *Node, anchor []byte) { - if anchor != nil { - p.doc.Anchors[string(anchor)] = n - } -} - -func (p *parser) parse() *Node { - switch p.event.typ { - case yaml_SCALAR_EVENT: - return p.scalar() - case yaml_ALIAS_EVENT: - return p.alias() - case yaml_MAPPING_START_EVENT: - return p.mapping() - case yaml_SEQUENCE_START_EVENT: - return p.sequence() - case yaml_DOCUMENT_START_EVENT: - return p.document() - case yaml_STREAM_END_EVENT: - // Happens when attempting to decode an empty buffer. - return nil - default: - panic("attempted to parse unknown event: " + strconv.Itoa(int(p.event.typ))) - } -} - -func (p *parser) Node(kind int) *Node { - return &Node{ - Kind: kind, - Line: p.event.start_mark.line, - Column: p.event.start_mark.column, - } -} - -func (p *parser) document() *Node { - n := p.Node(DocumentNode) - n.Anchors = make(map[string]*Node) - p.doc = n - p.skip() - n.Children = append(n.Children, p.parse()) - if p.event.typ != yaml_DOCUMENT_END_EVENT { - panic("expected end of document event but got " + strconv.Itoa(int(p.event.typ))) - } - p.skip() - return n -} - -func (p *parser) alias() *Node { - n := p.Node(AliasNode) - n.Value = string(p.event.anchor) - p.skip() - return n -} - -func (p *parser) scalar() *Node { - n := p.Node(ScalarNode) - n.Value = string(p.event.value) - n.Tag = string(p.event.tag) - n.Implicit = p.event.implicit - p.anchor(n, p.event.anchor) - p.skip() - return n -} - -func (p *parser) sequence() *Node { - n := p.Node(SequenceNode) - p.anchor(n, p.event.anchor) - p.skip() - for p.event.typ != yaml_SEQUENCE_END_EVENT { - n.Children = append(n.Children, p.parse()) - } - p.skip() - return n -} - -func (p *parser) mapping() *Node { - n := p.Node(MappingNode) - p.anchor(n, p.event.anchor) - p.skip() - for p.event.typ != yaml_MAPPING_END_EVENT { - n.Children = append(n.Children, p.parse(), p.parse()) - } - p.skip() - return n -} - -// ---------------------------------------------------------------------------- -// Decoder, unmarshals a Node into a provided value. - -type decoder struct { - doc *Node - aliases map[string]bool - mapType reflect.Type - terrors []string - strict bool -} - -var ( - mapItemType = reflect.TypeOf(MapItem{}) - durationType = reflect.TypeOf(time.Duration(0)) - defaultMapType = reflect.TypeOf(map[interface{}]interface{}{}) - ifaceType = defaultMapType.Elem() -) - -func newDecoder(strict bool) *decoder { - d := &decoder{mapType: defaultMapType, strict: strict} - d.aliases = make(map[string]bool) - return d -} - -func (d *decoder) terror(n *Node, tag string, out reflect.Value) { - if n.Tag != "" { - tag = n.Tag - } - value := n.Value - if tag != yaml_SEQ_TAG && tag != yaml_MAP_TAG { - if len(value) > 10 { - value = " `" + value[:7] + "...`" - } else { - value = " `" + value + "`" - } - } - d.terrors = append(d.terrors, fmt.Sprintf("line %d: cannot unmarshal %s%s into %s", n.Line+1, shortTag(tag), value, out.Type())) -} - -func (d *decoder) callUnmarshaler(n *Node, u Unmarshaler) (good bool) { - terrlen := len(d.terrors) - err := u.UnmarshalYAML(func(v interface{}) (err error) { - defer handleErr(&err) - d.unmarshal(n, reflect.ValueOf(v)) - if len(d.terrors) > terrlen { - issues := d.terrors[terrlen:] - d.terrors = d.terrors[:terrlen] - return &TypeError{issues} - } - return nil - }) - if e, ok := err.(*TypeError); ok { - d.terrors = append(d.terrors, e.Errors...) - return false - } - if err != nil { - fail(err) - } - return true -} - -// d.prepare initializes and dereferences pointers and calls UnmarshalYAML -// if a value is found to implement it. -// It returns the initialized and dereferenced out value, whether -// unmarshalling was already done by UnmarshalYAML, and if so whether -// its types unmarshalled appropriately. -// -// If n holds a null value, prepare returns before doing anything. -func (d *decoder) prepare(n *Node, out reflect.Value) (newout reflect.Value, unmarshaled, good bool) { - if n.Tag == yaml_NULL_TAG || n.Kind == ScalarNode && n.Tag == "" && (n.Value == "null" || n.Value == "" && n.Implicit) { - return out, false, false - } - again := true - for again { - again = false - if out.Kind() == reflect.Ptr { - if out.IsNil() { - out.Set(reflect.New(out.Type().Elem())) - } - out = out.Elem() - again = true - } - if out.CanAddr() { - if u, ok := out.Addr().Interface().(Unmarshaler); ok { - good = d.callUnmarshaler(n, u) - return out, true, good - } - } - } - return out, false, false -} - -func (d *decoder) unmarshal(n *Node, out reflect.Value) (good bool) { - switch n.Kind { - case DocumentNode: - return d.document(n, out) - case AliasNode: - return d.alias(n, out) - } - out, unmarshaled, good := d.prepare(n, out) - if unmarshaled { - return good - } - switch n.Kind { - case ScalarNode: - good = d.scalar(n, out) - case MappingNode: - good = d.mapping(n, out) - case SequenceNode: - good = d.sequence(n, out) - default: - panic("internal error: unknown Node kind: " + strconv.Itoa(n.Kind)) - } - return good -} - -func (d *decoder) document(n *Node, out reflect.Value) (good bool) { - if len(n.Children) == 1 { - d.doc = n - d.unmarshal(n.Children[0], out) - return true - } - return false -} - -func (d *decoder) alias(n *Node, out reflect.Value) (good bool) { - an, ok := d.doc.Anchors[n.Value] - if !ok { - failf("unknown anchor '%s' referenced", n.Value) - } - if d.aliases[n.Value] { - failf("anchor '%s' value contains itself", n.Value) - } - d.aliases[n.Value] = true - good = d.unmarshal(an, out) - delete(d.aliases, n.Value) - return good -} - -var zeroValue reflect.Value - -func resetMap(out reflect.Value) { - for _, k := range out.MapKeys() { - out.SetMapIndex(k, zeroValue) - } -} - -func (d *decoder) scalar(n *Node, out reflect.Value) (good bool) { - var tag string - var resolved interface{} - if n.Tag == "" && !n.Implicit { - tag = yaml_STR_TAG - resolved = n.Value - } else { - tag, resolved = resolve(n.Tag, n.Value) - if tag == yaml_BINARY_TAG { - data, err := base64.StdEncoding.DecodeString(resolved.(string)) - if err != nil { - failf("!!binary value contains invalid base64 data") - } - resolved = string(data) - } - } - if resolved == nil { - if out.Kind() == reflect.Map && !out.CanAddr() { - resetMap(out) - } else { - out.Set(reflect.Zero(out.Type())) - } - return true - } - if s, ok := resolved.(string); ok && out.CanAddr() { - if u, ok := out.Addr().Interface().(encoding.TextUnmarshaler); ok { - err := u.UnmarshalText([]byte(s)) - if err != nil { - fail(err) - } - return true - } - } - switch out.Kind() { - case reflect.String: - if tag == yaml_BINARY_TAG { - out.SetString(resolved.(string)) - good = true - } else if resolved != nil { - out.SetString(n.Value) - good = true - } - case reflect.Interface: - if resolved == nil { - out.Set(reflect.Zero(out.Type())) - } else { - out.Set(reflect.ValueOf(resolved)) - } - good = true - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - switch resolved := resolved.(type) { - case int: - if !out.OverflowInt(int64(resolved)) { - out.SetInt(int64(resolved)) - good = true - } - case int64: - if !out.OverflowInt(resolved) { - out.SetInt(resolved) - good = true - } - case uint64: - if resolved <= math.MaxInt64 && !out.OverflowInt(int64(resolved)) { - out.SetInt(int64(resolved)) - good = true - } - case float64: - if resolved <= math.MaxInt64 && !out.OverflowInt(int64(resolved)) { - out.SetInt(int64(resolved)) - good = true - } - case string: - if out.Type() == durationType { - d, err := time.ParseDuration(resolved) - if err == nil { - out.SetInt(int64(d)) - good = true - } - } - } - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - switch resolved := resolved.(type) { - case int: - if resolved >= 0 && !out.OverflowUint(uint64(resolved)) { - out.SetUint(uint64(resolved)) - good = true - } - case int64: - if resolved >= 0 && !out.OverflowUint(uint64(resolved)) { - out.SetUint(uint64(resolved)) - good = true - } - case uint64: - if !out.OverflowUint(uint64(resolved)) { - out.SetUint(uint64(resolved)) - good = true - } - case float64: - if resolved <= math.MaxUint64 && !out.OverflowUint(uint64(resolved)) { - out.SetUint(uint64(resolved)) - good = true - } - } - case reflect.Bool: - switch resolved := resolved.(type) { - case bool: - out.SetBool(resolved) - good = true - } - case reflect.Float32, reflect.Float64: - switch resolved := resolved.(type) { - case int: - out.SetFloat(float64(resolved)) - good = true - case int64: - out.SetFloat(float64(resolved)) - good = true - case uint64: - out.SetFloat(float64(resolved)) - good = true - case float64: - out.SetFloat(resolved) - good = true - } - case reflect.Ptr: - if out.Type().Elem() == reflect.TypeOf(resolved) { - // TODO DOes this make sense? When is out a Ptr except when decoding a nil value? - elem := reflect.New(out.Type().Elem()) - elem.Elem().Set(reflect.ValueOf(resolved)) - out.Set(elem) - good = true - } - } - if !good { - d.terror(n, tag, out) - } - return good -} - -func settableValueOf(i interface{}) reflect.Value { - v := reflect.ValueOf(i) - sv := reflect.New(v.Type()).Elem() - sv.Set(v) - return sv -} - -func (d *decoder) sequence(n *Node, out reflect.Value) (good bool) { - l := len(n.Children) - - var iface reflect.Value - switch out.Kind() { - case reflect.Slice: - out.Set(reflect.MakeSlice(out.Type(), l, l)) - case reflect.Interface: - // No type hints. Will have to use a generic sequence. - iface = out - out = settableValueOf(make([]interface{}, l)) - default: - d.terror(n, yaml_SEQ_TAG, out) - return false - } - et := out.Type().Elem() - - j := 0 - for i := 0; i < l; i++ { - e := reflect.New(et).Elem() - if ok := d.unmarshal(n.Children[i], e); ok { - out.Index(j).Set(e) - j++ - } - } - out.Set(out.Slice(0, j)) - if iface.IsValid() { - iface.Set(out) - } - return true -} - -func (d *decoder) mapping(n *Node, out reflect.Value) (good bool) { - switch out.Kind() { - case reflect.Struct: - return d.mappingStruct(n, out) - case reflect.Slice: - return d.mappingSlice(n, out) - case reflect.Map: - // okay - case reflect.Interface: - if d.mapType.Kind() == reflect.Map { - iface := out - out = reflect.MakeMap(d.mapType) - iface.Set(out) - } else { - slicev := reflect.New(d.mapType).Elem() - if !d.mappingSlice(n, slicev) { - return false - } - out.Set(slicev) - return true - } - default: - d.terror(n, yaml_MAP_TAG, out) - return false - } - outt := out.Type() - kt := outt.Key() - et := outt.Elem() - - mapType := d.mapType - if outt.Key() == ifaceType && outt.Elem() == ifaceType { - d.mapType = outt - } - - if out.IsNil() { - out.Set(reflect.MakeMap(outt)) - } - l := len(n.Children) - for i := 0; i < l; i += 2 { - if isMerge(n.Children[i]) { - d.merge(n.Children[i+1], out) - continue - } - k := reflect.New(kt).Elem() - if d.unmarshal(n.Children[i], k) { - kkind := k.Kind() - if kkind == reflect.Interface { - kkind = k.Elem().Kind() - } - if kkind == reflect.Map || kkind == reflect.Slice { - failf("invalid map key: %#v", k.Interface()) - } - e := reflect.New(et).Elem() - if d.unmarshal(n.Children[i+1], e) { - out.SetMapIndex(k, e) - } - } - } - d.mapType = mapType - return true -} - -func (d *decoder) mappingSlice(n *Node, out reflect.Value) (good bool) { - outt := out.Type() - if outt.Elem() != mapItemType { - d.terror(n, yaml_MAP_TAG, out) - return false - } - - mapType := d.mapType - d.mapType = outt - - var slice []MapItem - var l = len(n.Children) - for i := 0; i < l; i += 2 { - if isMerge(n.Children[i]) { - d.merge(n.Children[i+1], out) - continue - } - item := MapItem{} - k := reflect.ValueOf(&item.Key).Elem() - if d.unmarshal(n.Children[i], k) { - v := reflect.ValueOf(&item.Value).Elem() - if d.unmarshal(n.Children[i+1], v) { - slice = append(slice, item) - } - } - } - out.Set(reflect.ValueOf(slice)) - d.mapType = mapType - return true -} - -func (d *decoder) mappingStruct(n *Node, out reflect.Value) (good bool) { - sinfo, err := getStructInfo(out.Type()) - if err != nil { - panic(err) - } - name := settableValueOf("") - l := len(n.Children) - - var inlineMap reflect.Value - var elemType reflect.Type - if sinfo.InlineMap != -1 { - inlineMap = out.Field(sinfo.InlineMap) - inlineMap.Set(reflect.New(inlineMap.Type()).Elem()) - elemType = inlineMap.Type().Elem() - } - - for i := 0; i < l; i += 2 { - ni := n.Children[i] - if isMerge(ni) { - d.merge(n.Children[i+1], out) - continue - } - if !d.unmarshal(ni, name) { - continue - } - if info, ok := sinfo.FieldsMap[name.String()]; ok { - var field reflect.Value - if info.Inline == nil { - field = out.Field(info.Num) - } else { - field = out.FieldByIndex(info.Inline) - } - d.unmarshal(n.Children[i+1], field) - } else if sinfo.InlineMap != -1 { - if inlineMap.IsNil() { - inlineMap.Set(reflect.MakeMap(inlineMap.Type())) - } - value := reflect.New(elemType).Elem() - d.unmarshal(n.Children[i+1], value) - inlineMap.SetMapIndex(name, value) - } else if d.strict { - d.terrors = append(d.terrors, fmt.Sprintf("line %d: field %s not found in struct %s", n.Line+1, name.String(), out.Type())) - } - } - return true -} - -func failWantMap() { - failf("map merge requires map or sequence of maps as the value") -} - -func (d *decoder) merge(n *Node, out reflect.Value) { - switch n.Kind { - case MappingNode: - d.unmarshal(n, out) - case AliasNode: - an, ok := d.doc.Anchors[n.Value] - if ok && an.Kind != MappingNode { - failWantMap() - } - d.unmarshal(n, out) - case SequenceNode: - // Step backwards as earlier Nodes take precedence. - for i := len(n.Children) - 1; i >= 0; i-- { - ni := n.Children[i] - if ni.Kind == AliasNode { - an, ok := d.doc.Anchors[ni.Value] - if ok && an.Kind != MappingNode { - failWantMap() - } - } else if ni.Kind != MappingNode { - failWantMap() - } - d.unmarshal(ni, out) - } - default: - failWantMap() - } -} - -func isMerge(n *Node) bool { - return n.Kind == ScalarNode && n.Value == "<<" && (n.Implicit == true || n.Tag == yaml_MERGE_TAG) -} diff --git a/vendor/github.com/ajeddeloh/yaml/emitterc.go b/vendor/github.com/ajeddeloh/yaml/emitterc.go deleted file mode 100644 index 41de8b856c..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/emitterc.go +++ /dev/null @@ -1,1684 +0,0 @@ -package yaml - -import ( - "bytes" -) - -// Flush the buffer if needed. -func flush(emitter *yaml_emitter_t) bool { - if emitter.buffer_pos+5 >= len(emitter.buffer) { - return yaml_emitter_flush(emitter) - } - return true -} - -// Put a character to the output buffer. -func put(emitter *yaml_emitter_t, value byte) bool { - if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) { - return false - } - emitter.buffer[emitter.buffer_pos] = value - emitter.buffer_pos++ - emitter.column++ - return true -} - -// Put a line break to the output buffer. -func put_break(emitter *yaml_emitter_t) bool { - if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) { - return false - } - switch emitter.line_break { - case yaml_CR_BREAK: - emitter.buffer[emitter.buffer_pos] = '\r' - emitter.buffer_pos += 1 - case yaml_LN_BREAK: - emitter.buffer[emitter.buffer_pos] = '\n' - emitter.buffer_pos += 1 - case yaml_CRLN_BREAK: - emitter.buffer[emitter.buffer_pos+0] = '\r' - emitter.buffer[emitter.buffer_pos+1] = '\n' - emitter.buffer_pos += 2 - default: - panic("unknown line break setting") - } - emitter.column = 0 - emitter.line++ - return true -} - -// Copy a character from a string into buffer. -func write(emitter *yaml_emitter_t, s []byte, i *int) bool { - if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) { - return false - } - p := emitter.buffer_pos - w := width(s[*i]) - switch w { - case 4: - emitter.buffer[p+3] = s[*i+3] - fallthrough - case 3: - emitter.buffer[p+2] = s[*i+2] - fallthrough - case 2: - emitter.buffer[p+1] = s[*i+1] - fallthrough - case 1: - emitter.buffer[p+0] = s[*i+0] - default: - panic("unknown character width") - } - emitter.column++ - emitter.buffer_pos += w - *i += w - return true -} - -// Write a whole string into buffer. -func write_all(emitter *yaml_emitter_t, s []byte) bool { - for i := 0; i < len(s); { - if !write(emitter, s, &i) { - return false - } - } - return true -} - -// Copy a line break character from a string into buffer. -func write_break(emitter *yaml_emitter_t, s []byte, i *int) bool { - if s[*i] == '\n' { - if !put_break(emitter) { - return false - } - *i++ - } else { - if !write(emitter, s, i) { - return false - } - emitter.column = 0 - emitter.line++ - } - return true -} - -// Set an emitter error and return false. -func yaml_emitter_set_emitter_error(emitter *yaml_emitter_t, problem string) bool { - emitter.error = yaml_EMITTER_ERROR - emitter.problem = problem - return false -} - -// Emit an event. -func yaml_emitter_emit(emitter *yaml_emitter_t, event *yaml_event_t) bool { - emitter.events = append(emitter.events, *event) - for !yaml_emitter_need_more_events(emitter) { - event := &emitter.events[emitter.events_head] - if !yaml_emitter_analyze_event(emitter, event) { - return false - } - if !yaml_emitter_state_machine(emitter, event) { - return false - } - yaml_event_delete(event) - emitter.events_head++ - } - return true -} - -// Check if we need to accumulate more events before emitting. -// -// We accumulate extra -// - 1 event for DOCUMENT-START -// - 2 events for SEQUENCE-START -// - 3 events for MAPPING-START -// -func yaml_emitter_need_more_events(emitter *yaml_emitter_t) bool { - if emitter.events_head == len(emitter.events) { - return true - } - var accumulate int - switch emitter.events[emitter.events_head].typ { - case yaml_DOCUMENT_START_EVENT: - accumulate = 1 - break - case yaml_SEQUENCE_START_EVENT: - accumulate = 2 - break - case yaml_MAPPING_START_EVENT: - accumulate = 3 - break - default: - return false - } - if len(emitter.events)-emitter.events_head > accumulate { - return false - } - var level int - for i := emitter.events_head; i < len(emitter.events); i++ { - switch emitter.events[i].typ { - case yaml_STREAM_START_EVENT, yaml_DOCUMENT_START_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT: - level++ - case yaml_STREAM_END_EVENT, yaml_DOCUMENT_END_EVENT, yaml_SEQUENCE_END_EVENT, yaml_MAPPING_END_EVENT: - level-- - } - if level == 0 { - return false - } - } - return true -} - -// Append a directive to the directives stack. -func yaml_emitter_append_tag_directive(emitter *yaml_emitter_t, value *yaml_tag_directive_t, allow_duplicates bool) bool { - for i := 0; i < len(emitter.tag_directives); i++ { - if bytes.Equal(value.handle, emitter.tag_directives[i].handle) { - if allow_duplicates { - return true - } - return yaml_emitter_set_emitter_error(emitter, "duplicate %TAG directive") - } - } - - // [Go] Do we actually need to copy this given garbage collection - // and the lack of deallocating destructors? - tag_copy := yaml_tag_directive_t{ - handle: make([]byte, len(value.handle)), - prefix: make([]byte, len(value.prefix)), - } - copy(tag_copy.handle, value.handle) - copy(tag_copy.prefix, value.prefix) - emitter.tag_directives = append(emitter.tag_directives, tag_copy) - return true -} - -// Increase the indentation level. -func yaml_emitter_increase_indent(emitter *yaml_emitter_t, flow, indentless bool) bool { - emitter.indents = append(emitter.indents, emitter.indent) - if emitter.indent < 0 { - if flow { - emitter.indent = emitter.best_indent - } else { - emitter.indent = 0 - } - } else if !indentless { - emitter.indent += emitter.best_indent - } - return true -} - -// State dispatcher. -func yaml_emitter_state_machine(emitter *yaml_emitter_t, event *yaml_event_t) bool { - switch emitter.state { - default: - case yaml_EMIT_STREAM_START_STATE: - return yaml_emitter_emit_stream_start(emitter, event) - - case yaml_EMIT_FIRST_DOCUMENT_START_STATE: - return yaml_emitter_emit_document_start(emitter, event, true) - - case yaml_EMIT_DOCUMENT_START_STATE: - return yaml_emitter_emit_document_start(emitter, event, false) - - case yaml_EMIT_DOCUMENT_CONTENT_STATE: - return yaml_emitter_emit_document_content(emitter, event) - - case yaml_EMIT_DOCUMENT_END_STATE: - return yaml_emitter_emit_document_end(emitter, event) - - case yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE: - return yaml_emitter_emit_flow_sequence_item(emitter, event, true) - - case yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE: - return yaml_emitter_emit_flow_sequence_item(emitter, event, false) - - case yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE: - return yaml_emitter_emit_flow_mapping_key(emitter, event, true) - - case yaml_EMIT_FLOW_MAPPING_KEY_STATE: - return yaml_emitter_emit_flow_mapping_key(emitter, event, false) - - case yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE: - return yaml_emitter_emit_flow_mapping_value(emitter, event, true) - - case yaml_EMIT_FLOW_MAPPING_VALUE_STATE: - return yaml_emitter_emit_flow_mapping_value(emitter, event, false) - - case yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE: - return yaml_emitter_emit_block_sequence_item(emitter, event, true) - - case yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE: - return yaml_emitter_emit_block_sequence_item(emitter, event, false) - - case yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE: - return yaml_emitter_emit_block_mapping_key(emitter, event, true) - - case yaml_EMIT_BLOCK_MAPPING_KEY_STATE: - return yaml_emitter_emit_block_mapping_key(emitter, event, false) - - case yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE: - return yaml_emitter_emit_block_mapping_value(emitter, event, true) - - case yaml_EMIT_BLOCK_MAPPING_VALUE_STATE: - return yaml_emitter_emit_block_mapping_value(emitter, event, false) - - case yaml_EMIT_END_STATE: - return yaml_emitter_set_emitter_error(emitter, "expected nothing after STREAM-END") - } - panic("invalid emitter state") -} - -// Expect STREAM-START. -func yaml_emitter_emit_stream_start(emitter *yaml_emitter_t, event *yaml_event_t) bool { - if event.typ != yaml_STREAM_START_EVENT { - return yaml_emitter_set_emitter_error(emitter, "expected STREAM-START") - } - if emitter.encoding == yaml_ANY_ENCODING { - emitter.encoding = event.encoding - if emitter.encoding == yaml_ANY_ENCODING { - emitter.encoding = yaml_UTF8_ENCODING - } - } - if emitter.best_indent < 2 || emitter.best_indent > 9 { - emitter.best_indent = 2 - } - if emitter.best_width >= 0 && emitter.best_width <= emitter.best_indent*2 { - emitter.best_width = 80 - } - if emitter.best_width < 0 { - emitter.best_width = 1<<31 - 1 - } - if emitter.line_break == yaml_ANY_BREAK { - emitter.line_break = yaml_LN_BREAK - } - - emitter.indent = -1 - emitter.line = 0 - emitter.column = 0 - emitter.whitespace = true - emitter.indention = true - - if emitter.encoding != yaml_UTF8_ENCODING { - if !yaml_emitter_write_bom(emitter) { - return false - } - } - emitter.state = yaml_EMIT_FIRST_DOCUMENT_START_STATE - return true -} - -// Expect DOCUMENT-START or STREAM-END. -func yaml_emitter_emit_document_start(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool { - - if event.typ == yaml_DOCUMENT_START_EVENT { - - if event.version_directive != nil { - if !yaml_emitter_analyze_version_directive(emitter, event.version_directive) { - return false - } - } - - for i := 0; i < len(event.tag_directives); i++ { - tag_directive := &event.tag_directives[i] - if !yaml_emitter_analyze_tag_directive(emitter, tag_directive) { - return false - } - if !yaml_emitter_append_tag_directive(emitter, tag_directive, false) { - return false - } - } - - for i := 0; i < len(default_tag_directives); i++ { - tag_directive := &default_tag_directives[i] - if !yaml_emitter_append_tag_directive(emitter, tag_directive, true) { - return false - } - } - - implicit := event.implicit - if !first || emitter.canonical { - implicit = false - } - - if emitter.open_ended && (event.version_directive != nil || len(event.tag_directives) > 0) { - if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) { - return false - } - if !yaml_emitter_write_indent(emitter) { - return false - } - } - - if event.version_directive != nil { - implicit = false - if !yaml_emitter_write_indicator(emitter, []byte("%YAML"), true, false, false) { - return false - } - if !yaml_emitter_write_indicator(emitter, []byte("1.1"), true, false, false) { - return false - } - if !yaml_emitter_write_indent(emitter) { - return false - } - } - - if len(event.tag_directives) > 0 { - implicit = false - for i := 0; i < len(event.tag_directives); i++ { - tag_directive := &event.tag_directives[i] - if !yaml_emitter_write_indicator(emitter, []byte("%TAG"), true, false, false) { - return false - } - if !yaml_emitter_write_tag_handle(emitter, tag_directive.handle) { - return false - } - if !yaml_emitter_write_tag_content(emitter, tag_directive.prefix, true) { - return false - } - if !yaml_emitter_write_indent(emitter) { - return false - } - } - } - - if yaml_emitter_check_empty_document(emitter) { - implicit = false - } - if !implicit { - if !yaml_emitter_write_indent(emitter) { - return false - } - if !yaml_emitter_write_indicator(emitter, []byte("---"), true, false, false) { - return false - } - if emitter.canonical { - if !yaml_emitter_write_indent(emitter) { - return false - } - } - } - - emitter.state = yaml_EMIT_DOCUMENT_CONTENT_STATE - return true - } - - if event.typ == yaml_STREAM_END_EVENT { - if emitter.open_ended { - if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) { - return false - } - if !yaml_emitter_write_indent(emitter) { - return false - } - } - if !yaml_emitter_flush(emitter) { - return false - } - emitter.state = yaml_EMIT_END_STATE - return true - } - - return yaml_emitter_set_emitter_error(emitter, "expected DOCUMENT-START or STREAM-END") -} - -// Expect the root node. -func yaml_emitter_emit_document_content(emitter *yaml_emitter_t, event *yaml_event_t) bool { - emitter.states = append(emitter.states, yaml_EMIT_DOCUMENT_END_STATE) - return yaml_emitter_emit_node(emitter, event, true, false, false, false) -} - -// Expect DOCUMENT-END. -func yaml_emitter_emit_document_end(emitter *yaml_emitter_t, event *yaml_event_t) bool { - if event.typ != yaml_DOCUMENT_END_EVENT { - return yaml_emitter_set_emitter_error(emitter, "expected DOCUMENT-END") - } - if !yaml_emitter_write_indent(emitter) { - return false - } - if !event.implicit { - // [Go] Allocate the slice elsewhere. - if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) { - return false - } - if !yaml_emitter_write_indent(emitter) { - return false - } - } - if !yaml_emitter_flush(emitter) { - return false - } - emitter.state = yaml_EMIT_DOCUMENT_START_STATE - emitter.tag_directives = emitter.tag_directives[:0] - return true -} - -// Expect a flow item node. -func yaml_emitter_emit_flow_sequence_item(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool { - if first { - if !yaml_emitter_write_indicator(emitter, []byte{'['}, true, true, false) { - return false - } - if !yaml_emitter_increase_indent(emitter, true, false) { - return false - } - emitter.flow_level++ - } - - if event.typ == yaml_SEQUENCE_END_EVENT { - emitter.flow_level-- - emitter.indent = emitter.indents[len(emitter.indents)-1] - emitter.indents = emitter.indents[:len(emitter.indents)-1] - if emitter.canonical && !first { - if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) { - return false - } - if !yaml_emitter_write_indent(emitter) { - return false - } - } - if !yaml_emitter_write_indicator(emitter, []byte{']'}, false, false, false) { - return false - } - emitter.state = emitter.states[len(emitter.states)-1] - emitter.states = emitter.states[:len(emitter.states)-1] - - return true - } - - if !first { - if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) { - return false - } - } - - if emitter.canonical || emitter.column > emitter.best_width { - if !yaml_emitter_write_indent(emitter) { - return false - } - } - emitter.states = append(emitter.states, yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE) - return yaml_emitter_emit_node(emitter, event, false, true, false, false) -} - -// Expect a flow key node. -func yaml_emitter_emit_flow_mapping_key(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool { - if first { - if !yaml_emitter_write_indicator(emitter, []byte{'{'}, true, true, false) { - return false - } - if !yaml_emitter_increase_indent(emitter, true, false) { - return false - } - emitter.flow_level++ - } - - if event.typ == yaml_MAPPING_END_EVENT { - emitter.flow_level-- - emitter.indent = emitter.indents[len(emitter.indents)-1] - emitter.indents = emitter.indents[:len(emitter.indents)-1] - if emitter.canonical && !first { - if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) { - return false - } - if !yaml_emitter_write_indent(emitter) { - return false - } - } - if !yaml_emitter_write_indicator(emitter, []byte{'}'}, false, false, false) { - return false - } - emitter.state = emitter.states[len(emitter.states)-1] - emitter.states = emitter.states[:len(emitter.states)-1] - return true - } - - if !first { - if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) { - return false - } - } - if emitter.canonical || emitter.column > emitter.best_width { - if !yaml_emitter_write_indent(emitter) { - return false - } - } - - if !emitter.canonical && yaml_emitter_check_simple_key(emitter) { - emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE) - return yaml_emitter_emit_node(emitter, event, false, false, true, true) - } - if !yaml_emitter_write_indicator(emitter, []byte{'?'}, true, false, false) { - return false - } - emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_VALUE_STATE) - return yaml_emitter_emit_node(emitter, event, false, false, true, false) -} - -// Expect a flow value node. -func yaml_emitter_emit_flow_mapping_value(emitter *yaml_emitter_t, event *yaml_event_t, simple bool) bool { - if simple { - if !yaml_emitter_write_indicator(emitter, []byte{':'}, false, false, false) { - return false - } - } else { - if emitter.canonical || emitter.column > emitter.best_width { - if !yaml_emitter_write_indent(emitter) { - return false - } - } - if !yaml_emitter_write_indicator(emitter, []byte{':'}, true, false, false) { - return false - } - } - emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_KEY_STATE) - return yaml_emitter_emit_node(emitter, event, false, false, true, false) -} - -// Expect a block item node. -func yaml_emitter_emit_block_sequence_item(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool { - if first { - if !yaml_emitter_increase_indent(emitter, false, emitter.mapping_context && !emitter.indention) { - return false - } - } - if event.typ == yaml_SEQUENCE_END_EVENT { - emitter.indent = emitter.indents[len(emitter.indents)-1] - emitter.indents = emitter.indents[:len(emitter.indents)-1] - emitter.state = emitter.states[len(emitter.states)-1] - emitter.states = emitter.states[:len(emitter.states)-1] - return true - } - if !yaml_emitter_write_indent(emitter) { - return false - } - if !yaml_emitter_write_indicator(emitter, []byte{'-'}, true, false, true) { - return false - } - emitter.states = append(emitter.states, yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE) - return yaml_emitter_emit_node(emitter, event, false, true, false, false) -} - -// Expect a block key node. -func yaml_emitter_emit_block_mapping_key(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool { - if first { - if !yaml_emitter_increase_indent(emitter, false, false) { - return false - } - } - if event.typ == yaml_MAPPING_END_EVENT { - emitter.indent = emitter.indents[len(emitter.indents)-1] - emitter.indents = emitter.indents[:len(emitter.indents)-1] - emitter.state = emitter.states[len(emitter.states)-1] - emitter.states = emitter.states[:len(emitter.states)-1] - return true - } - if !yaml_emitter_write_indent(emitter) { - return false - } - if yaml_emitter_check_simple_key(emitter) { - emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE) - return yaml_emitter_emit_node(emitter, event, false, false, true, true) - } - if !yaml_emitter_write_indicator(emitter, []byte{'?'}, true, false, true) { - return false - } - emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_VALUE_STATE) - return yaml_emitter_emit_node(emitter, event, false, false, true, false) -} - -// Expect a block value node. -func yaml_emitter_emit_block_mapping_value(emitter *yaml_emitter_t, event *yaml_event_t, simple bool) bool { - if simple { - if !yaml_emitter_write_indicator(emitter, []byte{':'}, false, false, false) { - return false - } - } else { - if !yaml_emitter_write_indent(emitter) { - return false - } - if !yaml_emitter_write_indicator(emitter, []byte{':'}, true, false, true) { - return false - } - } - emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_KEY_STATE) - return yaml_emitter_emit_node(emitter, event, false, false, true, false) -} - -// Expect a node. -func yaml_emitter_emit_node(emitter *yaml_emitter_t, event *yaml_event_t, - root bool, sequence bool, mapping bool, simple_key bool) bool { - - emitter.root_context = root - emitter.sequence_context = sequence - emitter.mapping_context = mapping - emitter.simple_key_context = simple_key - - switch event.typ { - case yaml_ALIAS_EVENT: - return yaml_emitter_emit_alias(emitter, event) - case yaml_SCALAR_EVENT: - return yaml_emitter_emit_scalar(emitter, event) - case yaml_SEQUENCE_START_EVENT: - return yaml_emitter_emit_sequence_start(emitter, event) - case yaml_MAPPING_START_EVENT: - return yaml_emitter_emit_mapping_start(emitter, event) - default: - return yaml_emitter_set_emitter_error(emitter, - "expected SCALAR, SEQUENCE-START, MAPPING-START, or ALIAS") - } -} - -// Expect ALIAS. -func yaml_emitter_emit_alias(emitter *yaml_emitter_t, event *yaml_event_t) bool { - if !yaml_emitter_process_anchor(emitter) { - return false - } - emitter.state = emitter.states[len(emitter.states)-1] - emitter.states = emitter.states[:len(emitter.states)-1] - return true -} - -// Expect SCALAR. -func yaml_emitter_emit_scalar(emitter *yaml_emitter_t, event *yaml_event_t) bool { - if !yaml_emitter_select_scalar_style(emitter, event) { - return false - } - if !yaml_emitter_process_anchor(emitter) { - return false - } - if !yaml_emitter_process_tag(emitter) { - return false - } - if !yaml_emitter_increase_indent(emitter, true, false) { - return false - } - if !yaml_emitter_process_scalar(emitter) { - return false - } - emitter.indent = emitter.indents[len(emitter.indents)-1] - emitter.indents = emitter.indents[:len(emitter.indents)-1] - emitter.state = emitter.states[len(emitter.states)-1] - emitter.states = emitter.states[:len(emitter.states)-1] - return true -} - -// Expect SEQUENCE-START. -func yaml_emitter_emit_sequence_start(emitter *yaml_emitter_t, event *yaml_event_t) bool { - if !yaml_emitter_process_anchor(emitter) { - return false - } - if !yaml_emitter_process_tag(emitter) { - return false - } - if emitter.flow_level > 0 || emitter.canonical || event.sequence_style() == yaml_FLOW_SEQUENCE_STYLE || - yaml_emitter_check_empty_sequence(emitter) { - emitter.state = yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE - } else { - emitter.state = yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE - } - return true -} - -// Expect MAPPING-START. -func yaml_emitter_emit_mapping_start(emitter *yaml_emitter_t, event *yaml_event_t) bool { - if !yaml_emitter_process_anchor(emitter) { - return false - } - if !yaml_emitter_process_tag(emitter) { - return false - } - if emitter.flow_level > 0 || emitter.canonical || event.mapping_style() == yaml_FLOW_MAPPING_STYLE || - yaml_emitter_check_empty_mapping(emitter) { - emitter.state = yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE - } else { - emitter.state = yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE - } - return true -} - -// Check if the document content is an empty scalar. -func yaml_emitter_check_empty_document(emitter *yaml_emitter_t) bool { - return false // [Go] Huh? -} - -// Check if the next events represent an empty sequence. -func yaml_emitter_check_empty_sequence(emitter *yaml_emitter_t) bool { - if len(emitter.events)-emitter.events_head < 2 { - return false - } - return emitter.events[emitter.events_head].typ == yaml_SEQUENCE_START_EVENT && - emitter.events[emitter.events_head+1].typ == yaml_SEQUENCE_END_EVENT -} - -// Check if the next events represent an empty mapping. -func yaml_emitter_check_empty_mapping(emitter *yaml_emitter_t) bool { - if len(emitter.events)-emitter.events_head < 2 { - return false - } - return emitter.events[emitter.events_head].typ == yaml_MAPPING_START_EVENT && - emitter.events[emitter.events_head+1].typ == yaml_MAPPING_END_EVENT -} - -// Check if the next node can be expressed as a simple key. -func yaml_emitter_check_simple_key(emitter *yaml_emitter_t) bool { - length := 0 - switch emitter.events[emitter.events_head].typ { - case yaml_ALIAS_EVENT: - length += len(emitter.anchor_data.anchor) - case yaml_SCALAR_EVENT: - if emitter.scalar_data.multiline { - return false - } - length += len(emitter.anchor_data.anchor) + - len(emitter.tag_data.handle) + - len(emitter.tag_data.suffix) + - len(emitter.scalar_data.value) - case yaml_SEQUENCE_START_EVENT: - if !yaml_emitter_check_empty_sequence(emitter) { - return false - } - length += len(emitter.anchor_data.anchor) + - len(emitter.tag_data.handle) + - len(emitter.tag_data.suffix) - case yaml_MAPPING_START_EVENT: - if !yaml_emitter_check_empty_mapping(emitter) { - return false - } - length += len(emitter.anchor_data.anchor) + - len(emitter.tag_data.handle) + - len(emitter.tag_data.suffix) - default: - return false - } - return length <= 128 -} - -// Determine an acceptable scalar style. -func yaml_emitter_select_scalar_style(emitter *yaml_emitter_t, event *yaml_event_t) bool { - - no_tag := len(emitter.tag_data.handle) == 0 && len(emitter.tag_data.suffix) == 0 - if no_tag && !event.implicit && !event.quoted_implicit { - return yaml_emitter_set_emitter_error(emitter, "neither tag nor implicit flags are specified") - } - - style := event.scalar_style() - if style == yaml_ANY_SCALAR_STYLE { - style = yaml_PLAIN_SCALAR_STYLE - } - if emitter.canonical { - style = yaml_DOUBLE_QUOTED_SCALAR_STYLE - } - if emitter.simple_key_context && emitter.scalar_data.multiline { - style = yaml_DOUBLE_QUOTED_SCALAR_STYLE - } - - if style == yaml_PLAIN_SCALAR_STYLE { - if emitter.flow_level > 0 && !emitter.scalar_data.flow_plain_allowed || - emitter.flow_level == 0 && !emitter.scalar_data.block_plain_allowed { - style = yaml_SINGLE_QUOTED_SCALAR_STYLE - } - if len(emitter.scalar_data.value) == 0 && (emitter.flow_level > 0 || emitter.simple_key_context) { - style = yaml_SINGLE_QUOTED_SCALAR_STYLE - } - if no_tag && !event.implicit { - style = yaml_SINGLE_QUOTED_SCALAR_STYLE - } - } - if style == yaml_SINGLE_QUOTED_SCALAR_STYLE { - if !emitter.scalar_data.single_quoted_allowed { - style = yaml_DOUBLE_QUOTED_SCALAR_STYLE - } - } - if style == yaml_LITERAL_SCALAR_STYLE || style == yaml_FOLDED_SCALAR_STYLE { - if !emitter.scalar_data.block_allowed || emitter.flow_level > 0 || emitter.simple_key_context { - style = yaml_DOUBLE_QUOTED_SCALAR_STYLE - } - } - - if no_tag && !event.quoted_implicit && style != yaml_PLAIN_SCALAR_STYLE { - emitter.tag_data.handle = []byte{'!'} - } - emitter.scalar_data.style = style - return true -} - -// Write an achor. -func yaml_emitter_process_anchor(emitter *yaml_emitter_t) bool { - if emitter.anchor_data.anchor == nil { - return true - } - c := []byte{'&'} - if emitter.anchor_data.alias { - c[0] = '*' - } - if !yaml_emitter_write_indicator(emitter, c, true, false, false) { - return false - } - return yaml_emitter_write_anchor(emitter, emitter.anchor_data.anchor) -} - -// Write a tag. -func yaml_emitter_process_tag(emitter *yaml_emitter_t) bool { - if len(emitter.tag_data.handle) == 0 && len(emitter.tag_data.suffix) == 0 { - return true - } - if len(emitter.tag_data.handle) > 0 { - if !yaml_emitter_write_tag_handle(emitter, emitter.tag_data.handle) { - return false - } - if len(emitter.tag_data.suffix) > 0 { - if !yaml_emitter_write_tag_content(emitter, emitter.tag_data.suffix, false) { - return false - } - } - } else { - // [Go] Allocate these slices elsewhere. - if !yaml_emitter_write_indicator(emitter, []byte("!<"), true, false, false) { - return false - } - if !yaml_emitter_write_tag_content(emitter, emitter.tag_data.suffix, false) { - return false - } - if !yaml_emitter_write_indicator(emitter, []byte{'>'}, false, false, false) { - return false - } - } - return true -} - -// Write a scalar. -func yaml_emitter_process_scalar(emitter *yaml_emitter_t) bool { - switch emitter.scalar_data.style { - case yaml_PLAIN_SCALAR_STYLE: - return yaml_emitter_write_plain_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context) - - case yaml_SINGLE_QUOTED_SCALAR_STYLE: - return yaml_emitter_write_single_quoted_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context) - - case yaml_DOUBLE_QUOTED_SCALAR_STYLE: - return yaml_emitter_write_double_quoted_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context) - - case yaml_LITERAL_SCALAR_STYLE: - return yaml_emitter_write_literal_scalar(emitter, emitter.scalar_data.value) - - case yaml_FOLDED_SCALAR_STYLE: - return yaml_emitter_write_folded_scalar(emitter, emitter.scalar_data.value) - } - panic("unknown scalar style") -} - -// Check if a %YAML directive is valid. -func yaml_emitter_analyze_version_directive(emitter *yaml_emitter_t, version_directive *yaml_version_directive_t) bool { - if version_directive.major != 1 || version_directive.minor != 1 { - return yaml_emitter_set_emitter_error(emitter, "incompatible %YAML directive") - } - return true -} - -// Check if a %TAG directive is valid. -func yaml_emitter_analyze_tag_directive(emitter *yaml_emitter_t, tag_directive *yaml_tag_directive_t) bool { - handle := tag_directive.handle - prefix := tag_directive.prefix - if len(handle) == 0 { - return yaml_emitter_set_emitter_error(emitter, "tag handle must not be empty") - } - if handle[0] != '!' { - return yaml_emitter_set_emitter_error(emitter, "tag handle must start with '!'") - } - if handle[len(handle)-1] != '!' { - return yaml_emitter_set_emitter_error(emitter, "tag handle must end with '!'") - } - for i := 1; i < len(handle)-1; i += width(handle[i]) { - if !is_alpha(handle, i) { - return yaml_emitter_set_emitter_error(emitter, "tag handle must contain alphanumerical characters only") - } - } - if len(prefix) == 0 { - return yaml_emitter_set_emitter_error(emitter, "tag prefix must not be empty") - } - return true -} - -// Check if an anchor is valid. -func yaml_emitter_analyze_anchor(emitter *yaml_emitter_t, anchor []byte, alias bool) bool { - if len(anchor) == 0 { - problem := "anchor value must not be empty" - if alias { - problem = "alias value must not be empty" - } - return yaml_emitter_set_emitter_error(emitter, problem) - } - for i := 0; i < len(anchor); i += width(anchor[i]) { - if !is_alpha(anchor, i) { - problem := "anchor value must contain alphanumerical characters only" - if alias { - problem = "alias value must contain alphanumerical characters only" - } - return yaml_emitter_set_emitter_error(emitter, problem) - } - } - emitter.anchor_data.anchor = anchor - emitter.anchor_data.alias = alias - return true -} - -// Check if a tag is valid. -func yaml_emitter_analyze_tag(emitter *yaml_emitter_t, tag []byte) bool { - if len(tag) == 0 { - return yaml_emitter_set_emitter_error(emitter, "tag value must not be empty") - } - for i := 0; i < len(emitter.tag_directives); i++ { - tag_directive := &emitter.tag_directives[i] - if bytes.HasPrefix(tag, tag_directive.prefix) { - emitter.tag_data.handle = tag_directive.handle - emitter.tag_data.suffix = tag[len(tag_directive.prefix):] - return true - } - } - emitter.tag_data.suffix = tag - return true -} - -// Check if a scalar is valid. -func yaml_emitter_analyze_scalar(emitter *yaml_emitter_t, value []byte) bool { - var ( - block_indicators = false - flow_indicators = false - line_breaks = false - special_characters = false - - leading_space = false - leading_break = false - trailing_space = false - trailing_break = false - break_space = false - space_break = false - - preceded_by_whitespace = false - followed_by_whitespace = false - previous_space = false - previous_break = false - ) - - emitter.scalar_data.value = value - - if len(value) == 0 { - emitter.scalar_data.multiline = false - emitter.scalar_data.flow_plain_allowed = false - emitter.scalar_data.block_plain_allowed = true - emitter.scalar_data.single_quoted_allowed = true - emitter.scalar_data.block_allowed = false - return true - } - - if len(value) >= 3 && ((value[0] == '-' && value[1] == '-' && value[2] == '-') || (value[0] == '.' && value[1] == '.' && value[2] == '.')) { - block_indicators = true - flow_indicators = true - } - - preceded_by_whitespace = true - for i, w := 0, 0; i < len(value); i += w { - w = width(value[i]) - followed_by_whitespace = i+w >= len(value) || is_blank(value, i+w) - - if i == 0 { - switch value[i] { - case '#', ',', '[', ']', '{', '}', '&', '*', '!', '|', '>', '\'', '"', '%', '@', '`': - flow_indicators = true - block_indicators = true - case '?', ':': - flow_indicators = true - if followed_by_whitespace { - block_indicators = true - } - case '-': - if followed_by_whitespace { - flow_indicators = true - block_indicators = true - } - } - } else { - switch value[i] { - case ',', '?', '[', ']', '{', '}': - flow_indicators = true - case ':': - flow_indicators = true - if followed_by_whitespace { - block_indicators = true - } - case '#': - if preceded_by_whitespace { - flow_indicators = true - block_indicators = true - } - } - } - - if !is_printable(value, i) || !is_ascii(value, i) && !emitter.unicode { - special_characters = true - } - if is_space(value, i) { - if i == 0 { - leading_space = true - } - if i+width(value[i]) == len(value) { - trailing_space = true - } - if previous_break { - break_space = true - } - previous_space = true - previous_break = false - } else if is_break(value, i) { - line_breaks = true - if i == 0 { - leading_break = true - } - if i+width(value[i]) == len(value) { - trailing_break = true - } - if previous_space { - space_break = true - } - previous_space = false - previous_break = true - } else { - previous_space = false - previous_break = false - } - - // [Go]: Why 'z'? Couldn't be the end of the string as that's the loop condition. - preceded_by_whitespace = is_blankz(value, i) - } - - emitter.scalar_data.multiline = line_breaks - emitter.scalar_data.flow_plain_allowed = true - emitter.scalar_data.block_plain_allowed = true - emitter.scalar_data.single_quoted_allowed = true - emitter.scalar_data.block_allowed = true - - if leading_space || leading_break || trailing_space || trailing_break { - emitter.scalar_data.flow_plain_allowed = false - emitter.scalar_data.block_plain_allowed = false - } - if trailing_space { - emitter.scalar_data.block_allowed = false - } - if break_space { - emitter.scalar_data.flow_plain_allowed = false - emitter.scalar_data.block_plain_allowed = false - emitter.scalar_data.single_quoted_allowed = false - } - if space_break || special_characters { - emitter.scalar_data.flow_plain_allowed = false - emitter.scalar_data.block_plain_allowed = false - emitter.scalar_data.single_quoted_allowed = false - emitter.scalar_data.block_allowed = false - } - if line_breaks { - emitter.scalar_data.flow_plain_allowed = false - emitter.scalar_data.block_plain_allowed = false - } - if flow_indicators { - emitter.scalar_data.flow_plain_allowed = false - } - if block_indicators { - emitter.scalar_data.block_plain_allowed = false - } - return true -} - -// Check if the event data is valid. -func yaml_emitter_analyze_event(emitter *yaml_emitter_t, event *yaml_event_t) bool { - - emitter.anchor_data.anchor = nil - emitter.tag_data.handle = nil - emitter.tag_data.suffix = nil - emitter.scalar_data.value = nil - - switch event.typ { - case yaml_ALIAS_EVENT: - if !yaml_emitter_analyze_anchor(emitter, event.anchor, true) { - return false - } - - case yaml_SCALAR_EVENT: - if len(event.anchor) > 0 { - if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) { - return false - } - } - if len(event.tag) > 0 && (emitter.canonical || (!event.implicit && !event.quoted_implicit)) { - if !yaml_emitter_analyze_tag(emitter, event.tag) { - return false - } - } - if !yaml_emitter_analyze_scalar(emitter, event.value) { - return false - } - - case yaml_SEQUENCE_START_EVENT: - if len(event.anchor) > 0 { - if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) { - return false - } - } - if len(event.tag) > 0 && (emitter.canonical || !event.implicit) { - if !yaml_emitter_analyze_tag(emitter, event.tag) { - return false - } - } - - case yaml_MAPPING_START_EVENT: - if len(event.anchor) > 0 { - if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) { - return false - } - } - if len(event.tag) > 0 && (emitter.canonical || !event.implicit) { - if !yaml_emitter_analyze_tag(emitter, event.tag) { - return false - } - } - } - return true -} - -// Write the BOM character. -func yaml_emitter_write_bom(emitter *yaml_emitter_t) bool { - if !flush(emitter) { - return false - } - pos := emitter.buffer_pos - emitter.buffer[pos+0] = '\xEF' - emitter.buffer[pos+1] = '\xBB' - emitter.buffer[pos+2] = '\xBF' - emitter.buffer_pos += 3 - return true -} - -func yaml_emitter_write_indent(emitter *yaml_emitter_t) bool { - indent := emitter.indent - if indent < 0 { - indent = 0 - } - if !emitter.indention || emitter.column > indent || (emitter.column == indent && !emitter.whitespace) { - if !put_break(emitter) { - return false - } - } - for emitter.column < indent { - if !put(emitter, ' ') { - return false - } - } - emitter.whitespace = true - emitter.indention = true - return true -} - -func yaml_emitter_write_indicator(emitter *yaml_emitter_t, indicator []byte, need_whitespace, is_whitespace, is_indention bool) bool { - if need_whitespace && !emitter.whitespace { - if !put(emitter, ' ') { - return false - } - } - if !write_all(emitter, indicator) { - return false - } - emitter.whitespace = is_whitespace - emitter.indention = (emitter.indention && is_indention) - emitter.open_ended = false - return true -} - -func yaml_emitter_write_anchor(emitter *yaml_emitter_t, value []byte) bool { - if !write_all(emitter, value) { - return false - } - emitter.whitespace = false - emitter.indention = false - return true -} - -func yaml_emitter_write_tag_handle(emitter *yaml_emitter_t, value []byte) bool { - if !emitter.whitespace { - if !put(emitter, ' ') { - return false - } - } - if !write_all(emitter, value) { - return false - } - emitter.whitespace = false - emitter.indention = false - return true -} - -func yaml_emitter_write_tag_content(emitter *yaml_emitter_t, value []byte, need_whitespace bool) bool { - if need_whitespace && !emitter.whitespace { - if !put(emitter, ' ') { - return false - } - } - for i := 0; i < len(value); { - var must_write bool - switch value[i] { - case ';', '/', '?', ':', '@', '&', '=', '+', '$', ',', '_', '.', '~', '*', '\'', '(', ')', '[', ']': - must_write = true - default: - must_write = is_alpha(value, i) - } - if must_write { - if !write(emitter, value, &i) { - return false - } - } else { - w := width(value[i]) - for k := 0; k < w; k++ { - octet := value[i] - i++ - if !put(emitter, '%') { - return false - } - - c := octet >> 4 - if c < 10 { - c += '0' - } else { - c += 'A' - 10 - } - if !put(emitter, c) { - return false - } - - c = octet & 0x0f - if c < 10 { - c += '0' - } else { - c += 'A' - 10 - } - if !put(emitter, c) { - return false - } - } - } - } - emitter.whitespace = false - emitter.indention = false - return true -} - -func yaml_emitter_write_plain_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool { - if !emitter.whitespace { - if !put(emitter, ' ') { - return false - } - } - - spaces := false - breaks := false - for i := 0; i < len(value); { - if is_space(value, i) { - if allow_breaks && !spaces && emitter.column > emitter.best_width && !is_space(value, i+1) { - if !yaml_emitter_write_indent(emitter) { - return false - } - i += width(value[i]) - } else { - if !write(emitter, value, &i) { - return false - } - } - spaces = true - } else if is_break(value, i) { - if !breaks && value[i] == '\n' { - if !put_break(emitter) { - return false - } - } - if !write_break(emitter, value, &i) { - return false - } - emitter.indention = true - breaks = true - } else { - if breaks { - if !yaml_emitter_write_indent(emitter) { - return false - } - } - if !write(emitter, value, &i) { - return false - } - emitter.indention = false - spaces = false - breaks = false - } - } - - emitter.whitespace = false - emitter.indention = false - if emitter.root_context { - emitter.open_ended = true - } - - return true -} - -func yaml_emitter_write_single_quoted_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool { - - if !yaml_emitter_write_indicator(emitter, []byte{'\''}, true, false, false) { - return false - } - - spaces := false - breaks := false - for i := 0; i < len(value); { - if is_space(value, i) { - if allow_breaks && !spaces && emitter.column > emitter.best_width && i > 0 && i < len(value)-1 && !is_space(value, i+1) { - if !yaml_emitter_write_indent(emitter) { - return false - } - i += width(value[i]) - } else { - if !write(emitter, value, &i) { - return false - } - } - spaces = true - } else if is_break(value, i) { - if !breaks && value[i] == '\n' { - if !put_break(emitter) { - return false - } - } - if !write_break(emitter, value, &i) { - return false - } - emitter.indention = true - breaks = true - } else { - if breaks { - if !yaml_emitter_write_indent(emitter) { - return false - } - } - if value[i] == '\'' { - if !put(emitter, '\'') { - return false - } - } - if !write(emitter, value, &i) { - return false - } - emitter.indention = false - spaces = false - breaks = false - } - } - if !yaml_emitter_write_indicator(emitter, []byte{'\''}, false, false, false) { - return false - } - emitter.whitespace = false - emitter.indention = false - return true -} - -func yaml_emitter_write_double_quoted_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool { - spaces := false - if !yaml_emitter_write_indicator(emitter, []byte{'"'}, true, false, false) { - return false - } - - for i := 0; i < len(value); { - if !is_printable(value, i) || (!emitter.unicode && !is_ascii(value, i)) || - is_bom(value, i) || is_break(value, i) || - value[i] == '"' || value[i] == '\\' { - - octet := value[i] - - var w int - var v rune - switch { - case octet&0x80 == 0x00: - w, v = 1, rune(octet&0x7F) - case octet&0xE0 == 0xC0: - w, v = 2, rune(octet&0x1F) - case octet&0xF0 == 0xE0: - w, v = 3, rune(octet&0x0F) - case octet&0xF8 == 0xF0: - w, v = 4, rune(octet&0x07) - } - for k := 1; k < w; k++ { - octet = value[i+k] - v = (v << 6) + (rune(octet) & 0x3F) - } - i += w - - if !put(emitter, '\\') { - return false - } - - var ok bool - switch v { - case 0x00: - ok = put(emitter, '0') - case 0x07: - ok = put(emitter, 'a') - case 0x08: - ok = put(emitter, 'b') - case 0x09: - ok = put(emitter, 't') - case 0x0A: - ok = put(emitter, 'n') - case 0x0b: - ok = put(emitter, 'v') - case 0x0c: - ok = put(emitter, 'f') - case 0x0d: - ok = put(emitter, 'r') - case 0x1b: - ok = put(emitter, 'e') - case 0x22: - ok = put(emitter, '"') - case 0x5c: - ok = put(emitter, '\\') - case 0x85: - ok = put(emitter, 'N') - case 0xA0: - ok = put(emitter, '_') - case 0x2028: - ok = put(emitter, 'L') - case 0x2029: - ok = put(emitter, 'P') - default: - if v <= 0xFF { - ok = put(emitter, 'x') - w = 2 - } else if v <= 0xFFFF { - ok = put(emitter, 'u') - w = 4 - } else { - ok = put(emitter, 'U') - w = 8 - } - for k := (w - 1) * 4; ok && k >= 0; k -= 4 { - digit := byte((v >> uint(k)) & 0x0F) - if digit < 10 { - ok = put(emitter, digit+'0') - } else { - ok = put(emitter, digit+'A'-10) - } - } - } - if !ok { - return false - } - spaces = false - } else if is_space(value, i) { - if allow_breaks && !spaces && emitter.column > emitter.best_width && i > 0 && i < len(value)-1 { - if !yaml_emitter_write_indent(emitter) { - return false - } - if is_space(value, i+1) { - if !put(emitter, '\\') { - return false - } - } - i += width(value[i]) - } else if !write(emitter, value, &i) { - return false - } - spaces = true - } else { - if !write(emitter, value, &i) { - return false - } - spaces = false - } - } - if !yaml_emitter_write_indicator(emitter, []byte{'"'}, false, false, false) { - return false - } - emitter.whitespace = false - emitter.indention = false - return true -} - -func yaml_emitter_write_block_scalar_hints(emitter *yaml_emitter_t, value []byte) bool { - if is_space(value, 0) || is_break(value, 0) { - indent_hint := []byte{'0' + byte(emitter.best_indent)} - if !yaml_emitter_write_indicator(emitter, indent_hint, false, false, false) { - return false - } - } - - emitter.open_ended = false - - var chomp_hint [1]byte - if len(value) == 0 { - chomp_hint[0] = '-' - } else { - i := len(value) - 1 - for value[i]&0xC0 == 0x80 { - i-- - } - if !is_break(value, i) { - chomp_hint[0] = '-' - } else if i == 0 { - chomp_hint[0] = '+' - emitter.open_ended = true - } else { - i-- - for value[i]&0xC0 == 0x80 { - i-- - } - if is_break(value, i) { - chomp_hint[0] = '+' - emitter.open_ended = true - } - } - } - if chomp_hint[0] != 0 { - if !yaml_emitter_write_indicator(emitter, chomp_hint[:], false, false, false) { - return false - } - } - return true -} - -func yaml_emitter_write_literal_scalar(emitter *yaml_emitter_t, value []byte) bool { - if !yaml_emitter_write_indicator(emitter, []byte{'|'}, true, false, false) { - return false - } - if !yaml_emitter_write_block_scalar_hints(emitter, value) { - return false - } - if !put_break(emitter) { - return false - } - emitter.indention = true - emitter.whitespace = true - breaks := true - for i := 0; i < len(value); { - if is_break(value, i) { - if !write_break(emitter, value, &i) { - return false - } - emitter.indention = true - breaks = true - } else { - if breaks { - if !yaml_emitter_write_indent(emitter) { - return false - } - } - if !write(emitter, value, &i) { - return false - } - emitter.indention = false - breaks = false - } - } - - return true -} - -func yaml_emitter_write_folded_scalar(emitter *yaml_emitter_t, value []byte) bool { - if !yaml_emitter_write_indicator(emitter, []byte{'>'}, true, false, false) { - return false - } - if !yaml_emitter_write_block_scalar_hints(emitter, value) { - return false - } - - if !put_break(emitter) { - return false - } - emitter.indention = true - emitter.whitespace = true - - breaks := true - leading_spaces := true - for i := 0; i < len(value); { - if is_break(value, i) { - if !breaks && !leading_spaces && value[i] == '\n' { - k := 0 - for is_break(value, k) { - k += width(value[k]) - } - if !is_blankz(value, k) { - if !put_break(emitter) { - return false - } - } - } - if !write_break(emitter, value, &i) { - return false - } - emitter.indention = true - breaks = true - } else { - if breaks { - if !yaml_emitter_write_indent(emitter) { - return false - } - leading_spaces = is_blank(value, i) - } - if !breaks && is_space(value, i) && !is_space(value, i+1) && emitter.column > emitter.best_width { - if !yaml_emitter_write_indent(emitter) { - return false - } - i += width(value[i]) - } else { - if !write(emitter, value, &i) { - return false - } - } - emitter.indention = false - breaks = false - } - } - return true -} diff --git a/vendor/github.com/ajeddeloh/yaml/encode.go b/vendor/github.com/ajeddeloh/yaml/encode.go deleted file mode 100644 index 84f8499551..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/encode.go +++ /dev/null @@ -1,306 +0,0 @@ -package yaml - -import ( - "encoding" - "fmt" - "reflect" - "regexp" - "sort" - "strconv" - "strings" - "time" -) - -type encoder struct { - emitter yaml_emitter_t - event yaml_event_t - out []byte - flow bool -} - -func newEncoder() (e *encoder) { - e = &encoder{} - e.must(yaml_emitter_initialize(&e.emitter)) - yaml_emitter_set_output_string(&e.emitter, &e.out) - yaml_emitter_set_unicode(&e.emitter, true) - e.must(yaml_stream_start_event_initialize(&e.event, yaml_UTF8_ENCODING)) - e.emit() - e.must(yaml_document_start_event_initialize(&e.event, nil, nil, true)) - e.emit() - return e -} - -func (e *encoder) finish() { - e.must(yaml_document_end_event_initialize(&e.event, true)) - e.emit() - e.emitter.open_ended = false - e.must(yaml_stream_end_event_initialize(&e.event)) - e.emit() -} - -func (e *encoder) destroy() { - yaml_emitter_delete(&e.emitter) -} - -func (e *encoder) emit() { - // This will internally delete the e.event value. - if !yaml_emitter_emit(&e.emitter, &e.event) && e.event.typ != yaml_DOCUMENT_END_EVENT && e.event.typ != yaml_STREAM_END_EVENT { - e.must(false) - } -} - -func (e *encoder) must(ok bool) { - if !ok { - msg := e.emitter.problem - if msg == "" { - msg = "unknown problem generating YAML content" - } - failf("%s", msg) - } -} - -func (e *encoder) marshal(tag string, in reflect.Value) { - if !in.IsValid() { - e.nilv() - return - } - iface := in.Interface() - if m, ok := iface.(Marshaler); ok { - v, err := m.MarshalYAML() - if err != nil { - fail(err) - } - if v == nil { - e.nilv() - return - } - in = reflect.ValueOf(v) - } else if m, ok := iface.(encoding.TextMarshaler); ok { - text, err := m.MarshalText() - if err != nil { - fail(err) - } - in = reflect.ValueOf(string(text)) - } - switch in.Kind() { - case reflect.Interface: - if in.IsNil() { - e.nilv() - } else { - e.marshal(tag, in.Elem()) - } - case reflect.Map: - e.mapv(tag, in) - case reflect.Ptr: - if in.IsNil() { - e.nilv() - } else { - e.marshal(tag, in.Elem()) - } - case reflect.Struct: - e.structv(tag, in) - case reflect.Slice: - if in.Type().Elem() == mapItemType { - e.itemsv(tag, in) - } else { - e.slicev(tag, in) - } - case reflect.String: - e.stringv(tag, in) - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - if in.Type() == durationType { - e.stringv(tag, reflect.ValueOf(iface.(time.Duration).String())) - } else { - e.intv(tag, in) - } - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - e.uintv(tag, in) - case reflect.Float32, reflect.Float64: - e.floatv(tag, in) - case reflect.Bool: - e.boolv(tag, in) - default: - panic("cannot marshal type: " + in.Type().String()) - } -} - -func (e *encoder) mapv(tag string, in reflect.Value) { - e.mappingv(tag, func() { - keys := keyList(in.MapKeys()) - sort.Sort(keys) - for _, k := range keys { - e.marshal("", k) - e.marshal("", in.MapIndex(k)) - } - }) -} - -func (e *encoder) itemsv(tag string, in reflect.Value) { - e.mappingv(tag, func() { - slice := in.Convert(reflect.TypeOf([]MapItem{})).Interface().([]MapItem) - for _, item := range slice { - e.marshal("", reflect.ValueOf(item.Key)) - e.marshal("", reflect.ValueOf(item.Value)) - } - }) -} - -func (e *encoder) structv(tag string, in reflect.Value) { - sinfo, err := getStructInfo(in.Type()) - if err != nil { - panic(err) - } - e.mappingv(tag, func() { - for _, info := range sinfo.FieldsList { - var value reflect.Value - if info.Inline == nil { - value = in.Field(info.Num) - } else { - value = in.FieldByIndex(info.Inline) - } - if info.OmitEmpty && isZero(value) { - continue - } - e.marshal("", reflect.ValueOf(info.Key)) - e.flow = info.Flow - e.marshal("", value) - } - if sinfo.InlineMap >= 0 { - m := in.Field(sinfo.InlineMap) - if m.Len() > 0 { - e.flow = false - keys := keyList(m.MapKeys()) - sort.Sort(keys) - for _, k := range keys { - if _, found := sinfo.FieldsMap[k.String()]; found { - panic(fmt.Sprintf("Can't have key %q in inlined map; conflicts with struct field", k.String())) - } - e.marshal("", k) - e.flow = false - e.marshal("", m.MapIndex(k)) - } - } - } - }) -} - -func (e *encoder) mappingv(tag string, f func()) { - implicit := tag == "" - style := yaml_BLOCK_MAPPING_STYLE - if e.flow { - e.flow = false - style = yaml_FLOW_MAPPING_STYLE - } - e.must(yaml_mapping_start_event_initialize(&e.event, nil, []byte(tag), implicit, style)) - e.emit() - f() - e.must(yaml_mapping_end_event_initialize(&e.event)) - e.emit() -} - -func (e *encoder) slicev(tag string, in reflect.Value) { - implicit := tag == "" - style := yaml_BLOCK_SEQUENCE_STYLE - if e.flow { - e.flow = false - style = yaml_FLOW_SEQUENCE_STYLE - } - e.must(yaml_sequence_start_event_initialize(&e.event, nil, []byte(tag), implicit, style)) - e.emit() - n := in.Len() - for i := 0; i < n; i++ { - e.marshal("", in.Index(i)) - } - e.must(yaml_sequence_end_event_initialize(&e.event)) - e.emit() -} - -// isBase60 returns whether s is in base 60 notation as defined in YAML 1.1. -// -// The base 60 float notation in YAML 1.1 is a terrible idea and is unsupported -// in YAML 1.2 and by this package, but these should be marshalled quoted for -// the time being for compatibility with other parsers. -func isBase60Float(s string) (result bool) { - // Fast path. - if s == "" { - return false - } - c := s[0] - if !(c == '+' || c == '-' || c >= '0' && c <= '9') || strings.IndexByte(s, ':') < 0 { - return false - } - // Do the full match. - return base60float.MatchString(s) -} - -// From http://yaml.org/type/float.html, except the regular expression there -// is bogus. In practice parsers do not enforce the "\.[0-9_]*" suffix. -var base60float = regexp.MustCompile(`^[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+(?:\.[0-9_]*)?$`) - -func (e *encoder) stringv(tag string, in reflect.Value) { - var style yaml_scalar_style_t - s := in.String() - rtag, rs := resolve("", s) - if rtag == yaml_BINARY_TAG { - if tag == "" || tag == yaml_STR_TAG { - tag = rtag - s = rs.(string) - } else if tag == yaml_BINARY_TAG { - failf("explicitly tagged !!binary data must be base64-encoded") - } else { - failf("cannot marshal invalid UTF-8 data as %s", shortTag(tag)) - } - } - if tag == "" && (rtag != yaml_STR_TAG || isBase60Float(s)) { - style = yaml_DOUBLE_QUOTED_SCALAR_STYLE - } else if strings.Contains(s, "\n") { - style = yaml_LITERAL_SCALAR_STYLE - } else { - style = yaml_PLAIN_SCALAR_STYLE - } - e.emitScalar(s, "", tag, style) -} - -func (e *encoder) boolv(tag string, in reflect.Value) { - var s string - if in.Bool() { - s = "true" - } else { - s = "false" - } - e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE) -} - -func (e *encoder) intv(tag string, in reflect.Value) { - s := strconv.FormatInt(in.Int(), 10) - e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE) -} - -func (e *encoder) uintv(tag string, in reflect.Value) { - s := strconv.FormatUint(in.Uint(), 10) - e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE) -} - -func (e *encoder) floatv(tag string, in reflect.Value) { - // FIXME: Handle 64 bits here. - s := strconv.FormatFloat(float64(in.Float()), 'g', -1, 32) - switch s { - case "+Inf": - s = ".inf" - case "-Inf": - s = "-.inf" - case "NaN": - s = ".nan" - } - e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE) -} - -func (e *encoder) nilv() { - e.emitScalar("null", "", "", yaml_PLAIN_SCALAR_STYLE) -} - -func (e *encoder) emitScalar(value, anchor, tag string, style yaml_scalar_style_t) { - implicit := tag == "" - e.must(yaml_scalar_event_initialize(&e.event, []byte(anchor), []byte(tag), []byte(value), implicit, implicit, style)) - e.emit() -} diff --git a/vendor/github.com/ajeddeloh/yaml/parserc.go b/vendor/github.com/ajeddeloh/yaml/parserc.go deleted file mode 100644 index 81d05dfe57..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/parserc.go +++ /dev/null @@ -1,1095 +0,0 @@ -package yaml - -import ( - "bytes" -) - -// The parser implements the following grammar: -// -// stream ::= STREAM-START implicit_document? explicit_document* STREAM-END -// implicit_document ::= block_node DOCUMENT-END* -// explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END* -// block_node_or_indentless_sequence ::= -// ALIAS -// | properties (block_content | indentless_block_sequence)? -// | block_content -// | indentless_block_sequence -// block_node ::= ALIAS -// | properties block_content? -// | block_content -// flow_node ::= ALIAS -// | properties flow_content? -// | flow_content -// properties ::= TAG ANCHOR? | ANCHOR TAG? -// block_content ::= block_collection | flow_collection | SCALAR -// flow_content ::= flow_collection | SCALAR -// block_collection ::= block_sequence | block_mapping -// flow_collection ::= flow_sequence | flow_mapping -// block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END -// indentless_sequence ::= (BLOCK-ENTRY block_node?)+ -// block_mapping ::= BLOCK-MAPPING_START -// ((KEY block_node_or_indentless_sequence?)? -// (VALUE block_node_or_indentless_sequence?)?)* -// BLOCK-END -// flow_sequence ::= FLOW-SEQUENCE-START -// (flow_sequence_entry FLOW-ENTRY)* -// flow_sequence_entry? -// FLOW-SEQUENCE-END -// flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? -// flow_mapping ::= FLOW-MAPPING-START -// (flow_mapping_entry FLOW-ENTRY)* -// flow_mapping_entry? -// FLOW-MAPPING-END -// flow_mapping_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? - -// Peek the next token in the token queue. -func peek_token(parser *yaml_parser_t) *yaml_token_t { - if parser.token_available || yaml_parser_fetch_more_tokens(parser) { - return &parser.tokens[parser.tokens_head] - } - return nil -} - -// Remove the next token from the queue (must be called after peek_token). -func skip_token(parser *yaml_parser_t) { - parser.token_available = false - parser.tokens_parsed++ - parser.stream_end_produced = parser.tokens[parser.tokens_head].typ == yaml_STREAM_END_TOKEN - parser.tokens_head++ -} - -// Get the next event. -func yaml_parser_parse(parser *yaml_parser_t, event *yaml_event_t) bool { - // Erase the event object. - *event = yaml_event_t{} - - // No events after the end of the stream or error. - if parser.stream_end_produced || parser.error != yaml_NO_ERROR || parser.state == yaml_PARSE_END_STATE { - return true - } - - // Generate the next event. - return yaml_parser_state_machine(parser, event) -} - -// Set parser error. -func yaml_parser_set_parser_error(parser *yaml_parser_t, problem string, problem_mark yaml_mark_t) bool { - parser.error = yaml_PARSER_ERROR - parser.problem = problem - parser.problem_mark = problem_mark - return false -} - -func yaml_parser_set_parser_error_context(parser *yaml_parser_t, context string, context_mark yaml_mark_t, problem string, problem_mark yaml_mark_t) bool { - parser.error = yaml_PARSER_ERROR - parser.context = context - parser.context_mark = context_mark - parser.problem = problem - parser.problem_mark = problem_mark - return false -} - -// State dispatcher. -func yaml_parser_state_machine(parser *yaml_parser_t, event *yaml_event_t) bool { - //trace("yaml_parser_state_machine", "state:", parser.state.String()) - - switch parser.state { - case yaml_PARSE_STREAM_START_STATE: - return yaml_parser_parse_stream_start(parser, event) - - case yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE: - return yaml_parser_parse_document_start(parser, event, true) - - case yaml_PARSE_DOCUMENT_START_STATE: - return yaml_parser_parse_document_start(parser, event, false) - - case yaml_PARSE_DOCUMENT_CONTENT_STATE: - return yaml_parser_parse_document_content(parser, event) - - case yaml_PARSE_DOCUMENT_END_STATE: - return yaml_parser_parse_document_end(parser, event) - - case yaml_PARSE_BLOCK_NODE_STATE: - return yaml_parser_parse_node(parser, event, true, false) - - case yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE: - return yaml_parser_parse_node(parser, event, true, true) - - case yaml_PARSE_FLOW_NODE_STATE: - return yaml_parser_parse_node(parser, event, false, false) - - case yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE: - return yaml_parser_parse_block_sequence_entry(parser, event, true) - - case yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE: - return yaml_parser_parse_block_sequence_entry(parser, event, false) - - case yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE: - return yaml_parser_parse_indentless_sequence_entry(parser, event) - - case yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE: - return yaml_parser_parse_block_mapping_key(parser, event, true) - - case yaml_PARSE_BLOCK_MAPPING_KEY_STATE: - return yaml_parser_parse_block_mapping_key(parser, event, false) - - case yaml_PARSE_BLOCK_MAPPING_VALUE_STATE: - return yaml_parser_parse_block_mapping_value(parser, event) - - case yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE: - return yaml_parser_parse_flow_sequence_entry(parser, event, true) - - case yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE: - return yaml_parser_parse_flow_sequence_entry(parser, event, false) - - case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE: - return yaml_parser_parse_flow_sequence_entry_mapping_key(parser, event) - - case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE: - return yaml_parser_parse_flow_sequence_entry_mapping_value(parser, event) - - case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE: - return yaml_parser_parse_flow_sequence_entry_mapping_end(parser, event) - - case yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE: - return yaml_parser_parse_flow_mapping_key(parser, event, true) - - case yaml_PARSE_FLOW_MAPPING_KEY_STATE: - return yaml_parser_parse_flow_mapping_key(parser, event, false) - - case yaml_PARSE_FLOW_MAPPING_VALUE_STATE: - return yaml_parser_parse_flow_mapping_value(parser, event, false) - - case yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE: - return yaml_parser_parse_flow_mapping_value(parser, event, true) - - default: - panic("invalid parser state") - } -} - -// Parse the production: -// stream ::= STREAM-START implicit_document? explicit_document* STREAM-END -// ************ -func yaml_parser_parse_stream_start(parser *yaml_parser_t, event *yaml_event_t) bool { - token := peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_STREAM_START_TOKEN { - return yaml_parser_set_parser_error(parser, "did not find expected ", token.start_mark) - } - parser.state = yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE - *event = yaml_event_t{ - typ: yaml_STREAM_START_EVENT, - start_mark: token.start_mark, - end_mark: token.end_mark, - encoding: token.encoding, - } - skip_token(parser) - return true -} - -// Parse the productions: -// implicit_document ::= block_node DOCUMENT-END* -// * -// explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END* -// ************************* -func yaml_parser_parse_document_start(parser *yaml_parser_t, event *yaml_event_t, implicit bool) bool { - - token := peek_token(parser) - if token == nil { - return false - } - - // Parse extra document end indicators. - if !implicit { - for token.typ == yaml_DOCUMENT_END_TOKEN { - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - } - } - - if implicit && token.typ != yaml_VERSION_DIRECTIVE_TOKEN && - token.typ != yaml_TAG_DIRECTIVE_TOKEN && - token.typ != yaml_DOCUMENT_START_TOKEN && - token.typ != yaml_STREAM_END_TOKEN { - // Parse an implicit document. - if !yaml_parser_process_directives(parser, nil, nil) { - return false - } - parser.states = append(parser.states, yaml_PARSE_DOCUMENT_END_STATE) - parser.state = yaml_PARSE_BLOCK_NODE_STATE - - *event = yaml_event_t{ - typ: yaml_DOCUMENT_START_EVENT, - start_mark: token.start_mark, - end_mark: token.end_mark, - } - - } else if token.typ != yaml_STREAM_END_TOKEN { - // Parse an explicit document. - var version_directive *yaml_version_directive_t - var tag_directives []yaml_tag_directive_t - start_mark := token.start_mark - if !yaml_parser_process_directives(parser, &version_directive, &tag_directives) { - return false - } - token = peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_DOCUMENT_START_TOKEN { - yaml_parser_set_parser_error(parser, - "did not find expected ", token.start_mark) - return false - } - parser.states = append(parser.states, yaml_PARSE_DOCUMENT_END_STATE) - parser.state = yaml_PARSE_DOCUMENT_CONTENT_STATE - end_mark := token.end_mark - - *event = yaml_event_t{ - typ: yaml_DOCUMENT_START_EVENT, - start_mark: start_mark, - end_mark: end_mark, - version_directive: version_directive, - tag_directives: tag_directives, - implicit: false, - } - skip_token(parser) - - } else { - // Parse the stream end. - parser.state = yaml_PARSE_END_STATE - *event = yaml_event_t{ - typ: yaml_STREAM_END_EVENT, - start_mark: token.start_mark, - end_mark: token.end_mark, - } - skip_token(parser) - } - - return true -} - -// Parse the productions: -// explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END* -// *********** -// -func yaml_parser_parse_document_content(parser *yaml_parser_t, event *yaml_event_t) bool { - token := peek_token(parser) - if token == nil { - return false - } - if token.typ == yaml_VERSION_DIRECTIVE_TOKEN || - token.typ == yaml_TAG_DIRECTIVE_TOKEN || - token.typ == yaml_DOCUMENT_START_TOKEN || - token.typ == yaml_DOCUMENT_END_TOKEN || - token.typ == yaml_STREAM_END_TOKEN { - parser.state = parser.states[len(parser.states)-1] - parser.states = parser.states[:len(parser.states)-1] - return yaml_parser_process_empty_scalar(parser, event, - token.start_mark) - } - return yaml_parser_parse_node(parser, event, true, false) -} - -// Parse the productions: -// implicit_document ::= block_node DOCUMENT-END* -// ************* -// explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END* -// -func yaml_parser_parse_document_end(parser *yaml_parser_t, event *yaml_event_t) bool { - token := peek_token(parser) - if token == nil { - return false - } - - start_mark := token.start_mark - end_mark := token.start_mark - - implicit := true - if token.typ == yaml_DOCUMENT_END_TOKEN { - end_mark = token.end_mark - skip_token(parser) - implicit = false - } - - parser.tag_directives = parser.tag_directives[:0] - - parser.state = yaml_PARSE_DOCUMENT_START_STATE - *event = yaml_event_t{ - typ: yaml_DOCUMENT_END_EVENT, - start_mark: start_mark, - end_mark: end_mark, - implicit: implicit, - } - return true -} - -// Parse the productions: -// block_node_or_indentless_sequence ::= -// ALIAS -// ***** -// | properties (block_content | indentless_block_sequence)? -// ********** * -// | block_content | indentless_block_sequence -// * -// block_node ::= ALIAS -// ***** -// | properties block_content? -// ********** * -// | block_content -// * -// flow_node ::= ALIAS -// ***** -// | properties flow_content? -// ********** * -// | flow_content -// * -// properties ::= TAG ANCHOR? | ANCHOR TAG? -// ************************* -// block_content ::= block_collection | flow_collection | SCALAR -// ****** -// flow_content ::= flow_collection | SCALAR -// ****** -func yaml_parser_parse_node(parser *yaml_parser_t, event *yaml_event_t, block, indentless_sequence bool) bool { - //defer trace("yaml_parser_parse_node", "block:", block, "indentless_sequence:", indentless_sequence)() - - token := peek_token(parser) - if token == nil { - return false - } - - if token.typ == yaml_ALIAS_TOKEN { - parser.state = parser.states[len(parser.states)-1] - parser.states = parser.states[:len(parser.states)-1] - *event = yaml_event_t{ - typ: yaml_ALIAS_EVENT, - start_mark: token.start_mark, - end_mark: token.end_mark, - anchor: token.value, - } - skip_token(parser) - return true - } - - start_mark := token.start_mark - end_mark := token.start_mark - - var tag_token bool - var tag_handle, tag_suffix, anchor []byte - var tag_mark yaml_mark_t - if token.typ == yaml_ANCHOR_TOKEN { - anchor = token.value - start_mark = token.start_mark - end_mark = token.end_mark - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - if token.typ == yaml_TAG_TOKEN { - tag_token = true - tag_handle = token.value - tag_suffix = token.suffix - tag_mark = token.start_mark - end_mark = token.end_mark - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - } - } else if token.typ == yaml_TAG_TOKEN { - tag_token = true - tag_handle = token.value - tag_suffix = token.suffix - start_mark = token.start_mark - tag_mark = token.start_mark - end_mark = token.end_mark - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - if token.typ == yaml_ANCHOR_TOKEN { - anchor = token.value - end_mark = token.end_mark - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - } - } - - var tag []byte - if tag_token { - if len(tag_handle) == 0 { - tag = tag_suffix - tag_suffix = nil - } else { - for i := range parser.tag_directives { - if bytes.Equal(parser.tag_directives[i].handle, tag_handle) { - tag = append([]byte(nil), parser.tag_directives[i].prefix...) - tag = append(tag, tag_suffix...) - break - } - } - if len(tag) == 0 { - yaml_parser_set_parser_error_context(parser, - "while parsing a node", start_mark, - "found undefined tag handle", tag_mark) - return false - } - } - } - - implicit := len(tag) == 0 - if indentless_sequence && token.typ == yaml_BLOCK_ENTRY_TOKEN { - end_mark = token.end_mark - parser.state = yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE - *event = yaml_event_t{ - typ: yaml_SEQUENCE_START_EVENT, - start_mark: start_mark, - end_mark: end_mark, - anchor: anchor, - tag: tag, - implicit: implicit, - style: yaml_style_t(yaml_BLOCK_SEQUENCE_STYLE), - } - return true - } - if token.typ == yaml_SCALAR_TOKEN { - var plain_implicit, quoted_implicit bool - end_mark = token.end_mark - if (len(tag) == 0 && token.style == yaml_PLAIN_SCALAR_STYLE) || (len(tag) == 1 && tag[0] == '!') { - plain_implicit = true - } else if len(tag) == 0 { - quoted_implicit = true - } - parser.state = parser.states[len(parser.states)-1] - parser.states = parser.states[:len(parser.states)-1] - - *event = yaml_event_t{ - typ: yaml_SCALAR_EVENT, - start_mark: start_mark, - end_mark: end_mark, - anchor: anchor, - tag: tag, - value: token.value, - implicit: plain_implicit, - quoted_implicit: quoted_implicit, - style: yaml_style_t(token.style), - } - skip_token(parser) - return true - } - if token.typ == yaml_FLOW_SEQUENCE_START_TOKEN { - // [Go] Some of the events below can be merged as they differ only on style. - end_mark = token.end_mark - parser.state = yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE - *event = yaml_event_t{ - typ: yaml_SEQUENCE_START_EVENT, - start_mark: start_mark, - end_mark: end_mark, - anchor: anchor, - tag: tag, - implicit: implicit, - style: yaml_style_t(yaml_FLOW_SEQUENCE_STYLE), - } - return true - } - if token.typ == yaml_FLOW_MAPPING_START_TOKEN { - end_mark = token.end_mark - parser.state = yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE - *event = yaml_event_t{ - typ: yaml_MAPPING_START_EVENT, - start_mark: start_mark, - end_mark: end_mark, - anchor: anchor, - tag: tag, - implicit: implicit, - style: yaml_style_t(yaml_FLOW_MAPPING_STYLE), - } - return true - } - if block && token.typ == yaml_BLOCK_SEQUENCE_START_TOKEN { - end_mark = token.end_mark - parser.state = yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE - *event = yaml_event_t{ - typ: yaml_SEQUENCE_START_EVENT, - start_mark: start_mark, - end_mark: end_mark, - anchor: anchor, - tag: tag, - implicit: implicit, - style: yaml_style_t(yaml_BLOCK_SEQUENCE_STYLE), - } - return true - } - if block && token.typ == yaml_BLOCK_MAPPING_START_TOKEN { - end_mark = token.end_mark - parser.state = yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE - *event = yaml_event_t{ - typ: yaml_MAPPING_START_EVENT, - start_mark: start_mark, - end_mark: end_mark, - anchor: anchor, - tag: tag, - implicit: implicit, - style: yaml_style_t(yaml_BLOCK_MAPPING_STYLE), - } - return true - } - if len(anchor) > 0 || len(tag) > 0 { - parser.state = parser.states[len(parser.states)-1] - parser.states = parser.states[:len(parser.states)-1] - - *event = yaml_event_t{ - typ: yaml_SCALAR_EVENT, - start_mark: start_mark, - end_mark: end_mark, - anchor: anchor, - tag: tag, - implicit: implicit, - quoted_implicit: false, - style: yaml_style_t(yaml_PLAIN_SCALAR_STYLE), - } - return true - } - - context := "while parsing a flow node" - if block { - context = "while parsing a block node" - } - yaml_parser_set_parser_error_context(parser, context, start_mark, - "did not find expected node content", token.start_mark) - return false -} - -// Parse the productions: -// block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END -// ******************** *********** * ********* -// -func yaml_parser_parse_block_sequence_entry(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { - if first { - token := peek_token(parser) - parser.marks = append(parser.marks, token.start_mark) - skip_token(parser) - } - - token := peek_token(parser) - if token == nil { - return false - } - - if token.typ == yaml_BLOCK_ENTRY_TOKEN { - mark := token.end_mark - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_BLOCK_ENTRY_TOKEN && token.typ != yaml_BLOCK_END_TOKEN { - parser.states = append(parser.states, yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE) - return yaml_parser_parse_node(parser, event, true, false) - } else { - parser.state = yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE - return yaml_parser_process_empty_scalar(parser, event, mark) - } - } - if token.typ == yaml_BLOCK_END_TOKEN { - parser.state = parser.states[len(parser.states)-1] - parser.states = parser.states[:len(parser.states)-1] - parser.marks = parser.marks[:len(parser.marks)-1] - - *event = yaml_event_t{ - typ: yaml_SEQUENCE_END_EVENT, - start_mark: token.start_mark, - end_mark: token.end_mark, - } - - skip_token(parser) - return true - } - - context_mark := parser.marks[len(parser.marks)-1] - parser.marks = parser.marks[:len(parser.marks)-1] - return yaml_parser_set_parser_error_context(parser, - "while parsing a block collection", context_mark, - "did not find expected '-' indicator", token.start_mark) -} - -// Parse the productions: -// indentless_sequence ::= (BLOCK-ENTRY block_node?)+ -// *********** * -func yaml_parser_parse_indentless_sequence_entry(parser *yaml_parser_t, event *yaml_event_t) bool { - token := peek_token(parser) - if token == nil { - return false - } - - if token.typ == yaml_BLOCK_ENTRY_TOKEN { - mark := token.end_mark - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_BLOCK_ENTRY_TOKEN && - token.typ != yaml_KEY_TOKEN && - token.typ != yaml_VALUE_TOKEN && - token.typ != yaml_BLOCK_END_TOKEN { - parser.states = append(parser.states, yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE) - return yaml_parser_parse_node(parser, event, true, false) - } - parser.state = yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE - return yaml_parser_process_empty_scalar(parser, event, mark) - } - parser.state = parser.states[len(parser.states)-1] - parser.states = parser.states[:len(parser.states)-1] - - *event = yaml_event_t{ - typ: yaml_SEQUENCE_END_EVENT, - start_mark: token.start_mark, - end_mark: token.start_mark, // [Go] Shouldn't this be token.end_mark? - } - return true -} - -// Parse the productions: -// block_mapping ::= BLOCK-MAPPING_START -// ******************* -// ((KEY block_node_or_indentless_sequence?)? -// *** * -// (VALUE block_node_or_indentless_sequence?)?)* -// -// BLOCK-END -// ********* -// -func yaml_parser_parse_block_mapping_key(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { - if first { - token := peek_token(parser) - parser.marks = append(parser.marks, token.start_mark) - skip_token(parser) - } - - token := peek_token(parser) - if token == nil { - return false - } - - if token.typ == yaml_KEY_TOKEN { - mark := token.end_mark - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_KEY_TOKEN && - token.typ != yaml_VALUE_TOKEN && - token.typ != yaml_BLOCK_END_TOKEN { - parser.states = append(parser.states, yaml_PARSE_BLOCK_MAPPING_VALUE_STATE) - return yaml_parser_parse_node(parser, event, true, true) - } else { - parser.state = yaml_PARSE_BLOCK_MAPPING_VALUE_STATE - return yaml_parser_process_empty_scalar(parser, event, mark) - } - } else if token.typ == yaml_BLOCK_END_TOKEN { - parser.state = parser.states[len(parser.states)-1] - parser.states = parser.states[:len(parser.states)-1] - parser.marks = parser.marks[:len(parser.marks)-1] - *event = yaml_event_t{ - typ: yaml_MAPPING_END_EVENT, - start_mark: token.start_mark, - end_mark: token.end_mark, - } - skip_token(parser) - return true - } - - context_mark := parser.marks[len(parser.marks)-1] - parser.marks = parser.marks[:len(parser.marks)-1] - return yaml_parser_set_parser_error_context(parser, - "while parsing a block mapping", context_mark, - "did not find expected key", token.start_mark) -} - -// Parse the productions: -// block_mapping ::= BLOCK-MAPPING_START -// -// ((KEY block_node_or_indentless_sequence?)? -// -// (VALUE block_node_or_indentless_sequence?)?)* -// ***** * -// BLOCK-END -// -// -func yaml_parser_parse_block_mapping_value(parser *yaml_parser_t, event *yaml_event_t) bool { - token := peek_token(parser) - if token == nil { - return false - } - if token.typ == yaml_VALUE_TOKEN { - mark := token.end_mark - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_KEY_TOKEN && - token.typ != yaml_VALUE_TOKEN && - token.typ != yaml_BLOCK_END_TOKEN { - parser.states = append(parser.states, yaml_PARSE_BLOCK_MAPPING_KEY_STATE) - return yaml_parser_parse_node(parser, event, true, true) - } - parser.state = yaml_PARSE_BLOCK_MAPPING_KEY_STATE - return yaml_parser_process_empty_scalar(parser, event, mark) - } - parser.state = yaml_PARSE_BLOCK_MAPPING_KEY_STATE - return yaml_parser_process_empty_scalar(parser, event, token.start_mark) -} - -// Parse the productions: -// flow_sequence ::= FLOW-SEQUENCE-START -// ******************* -// (flow_sequence_entry FLOW-ENTRY)* -// * ********** -// flow_sequence_entry? -// * -// FLOW-SEQUENCE-END -// ***************** -// flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? -// * -// -func yaml_parser_parse_flow_sequence_entry(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { - if first { - token := peek_token(parser) - parser.marks = append(parser.marks, token.start_mark) - skip_token(parser) - } - token := peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_FLOW_SEQUENCE_END_TOKEN { - if !first { - if token.typ == yaml_FLOW_ENTRY_TOKEN { - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - } else { - context_mark := parser.marks[len(parser.marks)-1] - parser.marks = parser.marks[:len(parser.marks)-1] - return yaml_parser_set_parser_error_context(parser, - "while parsing a flow sequence", context_mark, - "did not find expected ',' or ']'", token.start_mark) - } - } - - if token.typ == yaml_KEY_TOKEN { - parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE - *event = yaml_event_t{ - typ: yaml_MAPPING_START_EVENT, - start_mark: token.start_mark, - end_mark: token.end_mark, - implicit: true, - style: yaml_style_t(yaml_FLOW_MAPPING_STYLE), - } - skip_token(parser) - return true - } else if token.typ != yaml_FLOW_SEQUENCE_END_TOKEN { - parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE) - return yaml_parser_parse_node(parser, event, false, false) - } - } - - parser.state = parser.states[len(parser.states)-1] - parser.states = parser.states[:len(parser.states)-1] - parser.marks = parser.marks[:len(parser.marks)-1] - - *event = yaml_event_t{ - typ: yaml_SEQUENCE_END_EVENT, - start_mark: token.start_mark, - end_mark: token.end_mark, - } - - skip_token(parser) - return true -} - -// -// Parse the productions: -// flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? -// *** * -// -func yaml_parser_parse_flow_sequence_entry_mapping_key(parser *yaml_parser_t, event *yaml_event_t) bool { - token := peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_VALUE_TOKEN && - token.typ != yaml_FLOW_ENTRY_TOKEN && - token.typ != yaml_FLOW_SEQUENCE_END_TOKEN { - parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE) - return yaml_parser_parse_node(parser, event, false, false) - } - mark := token.end_mark - skip_token(parser) - parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE - return yaml_parser_process_empty_scalar(parser, event, mark) -} - -// Parse the productions: -// flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? -// ***** * -// -func yaml_parser_parse_flow_sequence_entry_mapping_value(parser *yaml_parser_t, event *yaml_event_t) bool { - token := peek_token(parser) - if token == nil { - return false - } - if token.typ == yaml_VALUE_TOKEN { - skip_token(parser) - token := peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_FLOW_ENTRY_TOKEN && token.typ != yaml_FLOW_SEQUENCE_END_TOKEN { - parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE) - return yaml_parser_parse_node(parser, event, false, false) - } - } - parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE - return yaml_parser_process_empty_scalar(parser, event, token.start_mark) -} - -// Parse the productions: -// flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? -// * -// -func yaml_parser_parse_flow_sequence_entry_mapping_end(parser *yaml_parser_t, event *yaml_event_t) bool { - token := peek_token(parser) - if token == nil { - return false - } - parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE - *event = yaml_event_t{ - typ: yaml_MAPPING_END_EVENT, - start_mark: token.start_mark, - end_mark: token.start_mark, // [Go] Shouldn't this be end_mark? - } - return true -} - -// Parse the productions: -// flow_mapping ::= FLOW-MAPPING-START -// ****************** -// (flow_mapping_entry FLOW-ENTRY)* -// * ********** -// flow_mapping_entry? -// ****************** -// FLOW-MAPPING-END -// **************** -// flow_mapping_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? -// * *** * -// -func yaml_parser_parse_flow_mapping_key(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { - if first { - token := peek_token(parser) - parser.marks = append(parser.marks, token.start_mark) - skip_token(parser) - } - - token := peek_token(parser) - if token == nil { - return false - } - - if token.typ != yaml_FLOW_MAPPING_END_TOKEN { - if !first { - if token.typ == yaml_FLOW_ENTRY_TOKEN { - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - } else { - context_mark := parser.marks[len(parser.marks)-1] - parser.marks = parser.marks[:len(parser.marks)-1] - return yaml_parser_set_parser_error_context(parser, - "while parsing a flow mapping", context_mark, - "did not find expected ',' or '}'", token.start_mark) - } - } - - if token.typ == yaml_KEY_TOKEN { - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_VALUE_TOKEN && - token.typ != yaml_FLOW_ENTRY_TOKEN && - token.typ != yaml_FLOW_MAPPING_END_TOKEN { - parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_VALUE_STATE) - return yaml_parser_parse_node(parser, event, false, false) - } else { - parser.state = yaml_PARSE_FLOW_MAPPING_VALUE_STATE - return yaml_parser_process_empty_scalar(parser, event, token.start_mark) - } - } else if token.typ != yaml_FLOW_MAPPING_END_TOKEN { - parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE) - return yaml_parser_parse_node(parser, event, false, false) - } - } - - parser.state = parser.states[len(parser.states)-1] - parser.states = parser.states[:len(parser.states)-1] - parser.marks = parser.marks[:len(parser.marks)-1] - *event = yaml_event_t{ - typ: yaml_MAPPING_END_EVENT, - start_mark: token.start_mark, - end_mark: token.end_mark, - } - skip_token(parser) - return true -} - -// Parse the productions: -// flow_mapping_entry ::= flow_node | KEY flow_node? (VALUE flow_node?)? -// * ***** * -// -func yaml_parser_parse_flow_mapping_value(parser *yaml_parser_t, event *yaml_event_t, empty bool) bool { - token := peek_token(parser) - if token == nil { - return false - } - if empty { - parser.state = yaml_PARSE_FLOW_MAPPING_KEY_STATE - return yaml_parser_process_empty_scalar(parser, event, token.start_mark) - } - if token.typ == yaml_VALUE_TOKEN { - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - if token.typ != yaml_FLOW_ENTRY_TOKEN && token.typ != yaml_FLOW_MAPPING_END_TOKEN { - parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_KEY_STATE) - return yaml_parser_parse_node(parser, event, false, false) - } - } - parser.state = yaml_PARSE_FLOW_MAPPING_KEY_STATE - return yaml_parser_process_empty_scalar(parser, event, token.start_mark) -} - -// Generate an empty scalar event. -func yaml_parser_process_empty_scalar(parser *yaml_parser_t, event *yaml_event_t, mark yaml_mark_t) bool { - *event = yaml_event_t{ - typ: yaml_SCALAR_EVENT, - start_mark: mark, - end_mark: mark, - value: nil, // Empty - implicit: true, - style: yaml_style_t(yaml_PLAIN_SCALAR_STYLE), - } - return true -} - -var default_tag_directives = []yaml_tag_directive_t{ - {[]byte("!"), []byte("!")}, - {[]byte("!!"), []byte("tag:yaml.org,2002:")}, -} - -// Parse directives. -func yaml_parser_process_directives(parser *yaml_parser_t, - version_directive_ref **yaml_version_directive_t, - tag_directives_ref *[]yaml_tag_directive_t) bool { - - var version_directive *yaml_version_directive_t - var tag_directives []yaml_tag_directive_t - - token := peek_token(parser) - if token == nil { - return false - } - - for token.typ == yaml_VERSION_DIRECTIVE_TOKEN || token.typ == yaml_TAG_DIRECTIVE_TOKEN { - if token.typ == yaml_VERSION_DIRECTIVE_TOKEN { - if version_directive != nil { - yaml_parser_set_parser_error(parser, - "found duplicate %YAML directive", token.start_mark) - return false - } - if token.major != 1 || token.minor != 1 { - yaml_parser_set_parser_error(parser, - "found incompatible YAML document", token.start_mark) - return false - } - version_directive = &yaml_version_directive_t{ - major: token.major, - minor: token.minor, - } - } else if token.typ == yaml_TAG_DIRECTIVE_TOKEN { - value := yaml_tag_directive_t{ - handle: token.value, - prefix: token.prefix, - } - if !yaml_parser_append_tag_directive(parser, value, false, token.start_mark) { - return false - } - tag_directives = append(tag_directives, value) - } - - skip_token(parser) - token = peek_token(parser) - if token == nil { - return false - } - } - - for i := range default_tag_directives { - if !yaml_parser_append_tag_directive(parser, default_tag_directives[i], true, token.start_mark) { - return false - } - } - - if version_directive_ref != nil { - *version_directive_ref = version_directive - } - if tag_directives_ref != nil { - *tag_directives_ref = tag_directives - } - return true -} - -// Append a tag directive to the directives stack. -func yaml_parser_append_tag_directive(parser *yaml_parser_t, value yaml_tag_directive_t, allow_duplicates bool, mark yaml_mark_t) bool { - for i := range parser.tag_directives { - if bytes.Equal(value.handle, parser.tag_directives[i].handle) { - if allow_duplicates { - return true - } - return yaml_parser_set_parser_error(parser, "found duplicate %TAG directive", mark) - } - } - - // [Go] I suspect the copy is unnecessary. This was likely done - // because there was no way to track ownership of the data. - value_copy := yaml_tag_directive_t{ - handle: make([]byte, len(value.handle)), - prefix: make([]byte, len(value.prefix)), - } - copy(value_copy.handle, value.handle) - copy(value_copy.prefix, value.prefix) - parser.tag_directives = append(parser.tag_directives, value_copy) - return true -} diff --git a/vendor/github.com/ajeddeloh/yaml/readerc.go b/vendor/github.com/ajeddeloh/yaml/readerc.go deleted file mode 100644 index f450791717..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/readerc.go +++ /dev/null @@ -1,394 +0,0 @@ -package yaml - -import ( - "io" -) - -// Set the reader error and return 0. -func yaml_parser_set_reader_error(parser *yaml_parser_t, problem string, offset int, value int) bool { - parser.error = yaml_READER_ERROR - parser.problem = problem - parser.problem_offset = offset - parser.problem_value = value - return false -} - -// Byte order marks. -const ( - bom_UTF8 = "\xef\xbb\xbf" - bom_UTF16LE = "\xff\xfe" - bom_UTF16BE = "\xfe\xff" -) - -// Determine the input stream encoding by checking the BOM symbol. If no BOM is -// found, the UTF-8 encoding is assumed. Return 1 on success, 0 on failure. -func yaml_parser_determine_encoding(parser *yaml_parser_t) bool { - // Ensure that we had enough bytes in the raw buffer. - for !parser.eof && len(parser.raw_buffer)-parser.raw_buffer_pos < 3 { - if !yaml_parser_update_raw_buffer(parser) { - return false - } - } - - // Determine the encoding. - buf := parser.raw_buffer - pos := parser.raw_buffer_pos - avail := len(buf) - pos - if avail >= 2 && buf[pos] == bom_UTF16LE[0] && buf[pos+1] == bom_UTF16LE[1] { - parser.encoding = yaml_UTF16LE_ENCODING - parser.raw_buffer_pos += 2 - parser.offset += 2 - } else if avail >= 2 && buf[pos] == bom_UTF16BE[0] && buf[pos+1] == bom_UTF16BE[1] { - parser.encoding = yaml_UTF16BE_ENCODING - parser.raw_buffer_pos += 2 - parser.offset += 2 - } else if avail >= 3 && buf[pos] == bom_UTF8[0] && buf[pos+1] == bom_UTF8[1] && buf[pos+2] == bom_UTF8[2] { - parser.encoding = yaml_UTF8_ENCODING - parser.raw_buffer_pos += 3 - parser.offset += 3 - } else { - parser.encoding = yaml_UTF8_ENCODING - } - return true -} - -// Update the raw buffer. -func yaml_parser_update_raw_buffer(parser *yaml_parser_t) bool { - size_read := 0 - - // Return if the raw buffer is full. - if parser.raw_buffer_pos == 0 && len(parser.raw_buffer) == cap(parser.raw_buffer) { - return true - } - - // Return on EOF. - if parser.eof { - return true - } - - // Move the remaining bytes in the raw buffer to the beginning. - if parser.raw_buffer_pos > 0 && parser.raw_buffer_pos < len(parser.raw_buffer) { - copy(parser.raw_buffer, parser.raw_buffer[parser.raw_buffer_pos:]) - } - parser.raw_buffer = parser.raw_buffer[:len(parser.raw_buffer)-parser.raw_buffer_pos] - parser.raw_buffer_pos = 0 - - // Call the read handler to fill the buffer. - size_read, err := parser.read_handler(parser, parser.raw_buffer[len(parser.raw_buffer):cap(parser.raw_buffer)]) - parser.raw_buffer = parser.raw_buffer[:len(parser.raw_buffer)+size_read] - if err == io.EOF { - parser.eof = true - } else if err != nil { - return yaml_parser_set_reader_error(parser, "input error: "+err.Error(), parser.offset, -1) - } - return true -} - -// Ensure that the buffer contains at least `length` characters. -// Return true on success, false on failure. -// -// The length is supposed to be significantly less that the buffer size. -func yaml_parser_update_buffer(parser *yaml_parser_t, length int) bool { - if parser.read_handler == nil { - panic("read handler must be set") - } - - // If the EOF flag is set and the raw buffer is empty, do nothing. - if parser.eof && parser.raw_buffer_pos == len(parser.raw_buffer) { - return true - } - - // Return if the buffer contains enough characters. - if parser.unread >= length { - return true - } - - // Determine the input encoding if it is not known yet. - if parser.encoding == yaml_ANY_ENCODING { - if !yaml_parser_determine_encoding(parser) { - return false - } - } - - // Move the unread characters to the beginning of the buffer. - buffer_len := len(parser.buffer) - if parser.buffer_pos > 0 && parser.buffer_pos < buffer_len { - copy(parser.buffer, parser.buffer[parser.buffer_pos:]) - buffer_len -= parser.buffer_pos - parser.buffer_pos = 0 - } else if parser.buffer_pos == buffer_len { - buffer_len = 0 - parser.buffer_pos = 0 - } - - // Open the whole buffer for writing, and cut it before returning. - parser.buffer = parser.buffer[:cap(parser.buffer)] - - // Fill the buffer until it has enough characters. - first := true - for parser.unread < length { - - // Fill the raw buffer if necessary. - if !first || parser.raw_buffer_pos == len(parser.raw_buffer) { - if !yaml_parser_update_raw_buffer(parser) { - parser.buffer = parser.buffer[:buffer_len] - return false - } - } - first = false - - // Decode the raw buffer. - inner: - for parser.raw_buffer_pos != len(parser.raw_buffer) { - var value rune - var width int - - raw_unread := len(parser.raw_buffer) - parser.raw_buffer_pos - - // Decode the next character. - switch parser.encoding { - case yaml_UTF8_ENCODING: - // Decode a UTF-8 character. Check RFC 3629 - // (http://www.ietf.org/rfc/rfc3629.txt) for more details. - // - // The following table (taken from the RFC) is used for - // decoding. - // - // Char. number range | UTF-8 octet sequence - // (hexadecimal) | (binary) - // --------------------+------------------------------------ - // 0000 0000-0000 007F | 0xxxxxxx - // 0000 0080-0000 07FF | 110xxxxx 10xxxxxx - // 0000 0800-0000 FFFF | 1110xxxx 10xxxxxx 10xxxxxx - // 0001 0000-0010 FFFF | 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx - // - // Additionally, the characters in the range 0xD800-0xDFFF - // are prohibited as they are reserved for use with UTF-16 - // surrogate pairs. - - // Determine the length of the UTF-8 sequence. - octet := parser.raw_buffer[parser.raw_buffer_pos] - switch { - case octet&0x80 == 0x00: - width = 1 - case octet&0xE0 == 0xC0: - width = 2 - case octet&0xF0 == 0xE0: - width = 3 - case octet&0xF8 == 0xF0: - width = 4 - default: - // The leading octet is invalid. - return yaml_parser_set_reader_error(parser, - "invalid leading UTF-8 octet", - parser.offset, int(octet)) - } - - // Check if the raw buffer contains an incomplete character. - if width > raw_unread { - if parser.eof { - return yaml_parser_set_reader_error(parser, - "incomplete UTF-8 octet sequence", - parser.offset, -1) - } - break inner - } - - // Decode the leading octet. - switch { - case octet&0x80 == 0x00: - value = rune(octet & 0x7F) - case octet&0xE0 == 0xC0: - value = rune(octet & 0x1F) - case octet&0xF0 == 0xE0: - value = rune(octet & 0x0F) - case octet&0xF8 == 0xF0: - value = rune(octet & 0x07) - default: - value = 0 - } - - // Check and decode the trailing octets. - for k := 1; k < width; k++ { - octet = parser.raw_buffer[parser.raw_buffer_pos+k] - - // Check if the octet is valid. - if (octet & 0xC0) != 0x80 { - return yaml_parser_set_reader_error(parser, - "invalid trailing UTF-8 octet", - parser.offset+k, int(octet)) - } - - // Decode the octet. - value = (value << 6) + rune(octet&0x3F) - } - - // Check the length of the sequence against the value. - switch { - case width == 1: - case width == 2 && value >= 0x80: - case width == 3 && value >= 0x800: - case width == 4 && value >= 0x10000: - default: - return yaml_parser_set_reader_error(parser, - "invalid length of a UTF-8 sequence", - parser.offset, -1) - } - - // Check the range of the value. - if value >= 0xD800 && value <= 0xDFFF || value > 0x10FFFF { - return yaml_parser_set_reader_error(parser, - "invalid Unicode character", - parser.offset, int(value)) - } - - case yaml_UTF16LE_ENCODING, yaml_UTF16BE_ENCODING: - var low, high int - if parser.encoding == yaml_UTF16LE_ENCODING { - low, high = 0, 1 - } else { - low, high = 1, 0 - } - - // The UTF-16 encoding is not as simple as one might - // naively think. Check RFC 2781 - // (http://www.ietf.org/rfc/rfc2781.txt). - // - // Normally, two subsequent bytes describe a Unicode - // character. However a special technique (called a - // surrogate pair) is used for specifying character - // values larger than 0xFFFF. - // - // A surrogate pair consists of two pseudo-characters: - // high surrogate area (0xD800-0xDBFF) - // low surrogate area (0xDC00-0xDFFF) - // - // The following formulas are used for decoding - // and encoding characters using surrogate pairs: - // - // U = U' + 0x10000 (0x01 00 00 <= U <= 0x10 FF FF) - // U' = yyyyyyyyyyxxxxxxxxxx (0 <= U' <= 0x0F FF FF) - // W1 = 110110yyyyyyyyyy - // W2 = 110111xxxxxxxxxx - // - // where U is the character value, W1 is the high surrogate - // area, W2 is the low surrogate area. - - // Check for incomplete UTF-16 character. - if raw_unread < 2 { - if parser.eof { - return yaml_parser_set_reader_error(parser, - "incomplete UTF-16 character", - parser.offset, -1) - } - break inner - } - - // Get the character. - value = rune(parser.raw_buffer[parser.raw_buffer_pos+low]) + - (rune(parser.raw_buffer[parser.raw_buffer_pos+high]) << 8) - - // Check for unexpected low surrogate area. - if value&0xFC00 == 0xDC00 { - return yaml_parser_set_reader_error(parser, - "unexpected low surrogate area", - parser.offset, int(value)) - } - - // Check for a high surrogate area. - if value&0xFC00 == 0xD800 { - width = 4 - - // Check for incomplete surrogate pair. - if raw_unread < 4 { - if parser.eof { - return yaml_parser_set_reader_error(parser, - "incomplete UTF-16 surrogate pair", - parser.offset, -1) - } - break inner - } - - // Get the next character. - value2 := rune(parser.raw_buffer[parser.raw_buffer_pos+low+2]) + - (rune(parser.raw_buffer[parser.raw_buffer_pos+high+2]) << 8) - - // Check for a low surrogate area. - if value2&0xFC00 != 0xDC00 { - return yaml_parser_set_reader_error(parser, - "expected low surrogate area", - parser.offset+2, int(value2)) - } - - // Generate the value of the surrogate pair. - value = 0x10000 + ((value & 0x3FF) << 10) + (value2 & 0x3FF) - } else { - width = 2 - } - - default: - panic("impossible") - } - - // Check if the character is in the allowed range: - // #x9 | #xA | #xD | [#x20-#x7E] (8 bit) - // | #x85 | [#xA0-#xD7FF] | [#xE000-#xFFFD] (16 bit) - // | [#x10000-#x10FFFF] (32 bit) - switch { - case value == 0x09: - case value == 0x0A: - case value == 0x0D: - case value >= 0x20 && value <= 0x7E: - case value == 0x85: - case value >= 0xA0 && value <= 0xD7FF: - case value >= 0xE000 && value <= 0xFFFD: - case value >= 0x10000 && value <= 0x10FFFF: - default: - return yaml_parser_set_reader_error(parser, - "control characters are not allowed", - parser.offset, int(value)) - } - - // Move the raw pointers. - parser.raw_buffer_pos += width - parser.offset += width - - // Finally put the character into the buffer. - if value <= 0x7F { - // 0000 0000-0000 007F . 0xxxxxxx - parser.buffer[buffer_len+0] = byte(value) - buffer_len += 1 - } else if value <= 0x7FF { - // 0000 0080-0000 07FF . 110xxxxx 10xxxxxx - parser.buffer[buffer_len+0] = byte(0xC0 + (value >> 6)) - parser.buffer[buffer_len+1] = byte(0x80 + (value & 0x3F)) - buffer_len += 2 - } else if value <= 0xFFFF { - // 0000 0800-0000 FFFF . 1110xxxx 10xxxxxx 10xxxxxx - parser.buffer[buffer_len+0] = byte(0xE0 + (value >> 12)) - parser.buffer[buffer_len+1] = byte(0x80 + ((value >> 6) & 0x3F)) - parser.buffer[buffer_len+2] = byte(0x80 + (value & 0x3F)) - buffer_len += 3 - } else { - // 0001 0000-0010 FFFF . 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx - parser.buffer[buffer_len+0] = byte(0xF0 + (value >> 18)) - parser.buffer[buffer_len+1] = byte(0x80 + ((value >> 12) & 0x3F)) - parser.buffer[buffer_len+2] = byte(0x80 + ((value >> 6) & 0x3F)) - parser.buffer[buffer_len+3] = byte(0x80 + (value & 0x3F)) - buffer_len += 4 - } - - parser.unread++ - } - - // On EOF, put NUL into the buffer and return. - if parser.eof { - parser.buffer[buffer_len] = 0 - buffer_len++ - parser.unread++ - break - } - } - parser.buffer = parser.buffer[:buffer_len] - return true -} diff --git a/vendor/github.com/ajeddeloh/yaml/resolve.go b/vendor/github.com/ajeddeloh/yaml/resolve.go deleted file mode 100644 index 232313cc08..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/resolve.go +++ /dev/null @@ -1,208 +0,0 @@ -package yaml - -import ( - "encoding/base64" - "math" - "regexp" - "strconv" - "strings" - "unicode/utf8" -) - -type resolveMapItem struct { - value interface{} - tag string -} - -var resolveTable = make([]byte, 256) -var resolveMap = make(map[string]resolveMapItem) - -func init() { - t := resolveTable - t[int('+')] = 'S' // Sign - t[int('-')] = 'S' - for _, c := range "0123456789" { - t[int(c)] = 'D' // Digit - } - for _, c := range "yYnNtTfFoO~" { - t[int(c)] = 'M' // In map - } - t[int('.')] = '.' // Float (potentially in map) - - var resolveMapList = []struct { - v interface{} - tag string - l []string - }{ - {true, yaml_BOOL_TAG, []string{"y", "Y", "yes", "Yes", "YES"}}, - {true, yaml_BOOL_TAG, []string{"true", "True", "TRUE"}}, - {true, yaml_BOOL_TAG, []string{"on", "On", "ON"}}, - {false, yaml_BOOL_TAG, []string{"n", "N", "no", "No", "NO"}}, - {false, yaml_BOOL_TAG, []string{"false", "False", "FALSE"}}, - {false, yaml_BOOL_TAG, []string{"off", "Off", "OFF"}}, - {nil, yaml_NULL_TAG, []string{"", "~", "null", "Null", "NULL"}}, - {math.NaN(), yaml_FLOAT_TAG, []string{".nan", ".NaN", ".NAN"}}, - {math.Inf(+1), yaml_FLOAT_TAG, []string{".inf", ".Inf", ".INF"}}, - {math.Inf(+1), yaml_FLOAT_TAG, []string{"+.inf", "+.Inf", "+.INF"}}, - {math.Inf(-1), yaml_FLOAT_TAG, []string{"-.inf", "-.Inf", "-.INF"}}, - {"<<", yaml_MERGE_TAG, []string{"<<"}}, - } - - m := resolveMap - for _, item := range resolveMapList { - for _, s := range item.l { - m[s] = resolveMapItem{item.v, item.tag} - } - } -} - -const longTagPrefix = "tag:yaml.org,2002:" - -func shortTag(tag string) string { - // TODO This can easily be made faster and produce less garbage. - if strings.HasPrefix(tag, longTagPrefix) { - return "!!" + tag[len(longTagPrefix):] - } - return tag -} - -func longTag(tag string) string { - if strings.HasPrefix(tag, "!!") { - return longTagPrefix + tag[2:] - } - return tag -} - -func resolvableTag(tag string) bool { - switch tag { - case "", yaml_STR_TAG, yaml_BOOL_TAG, yaml_INT_TAG, yaml_FLOAT_TAG, yaml_NULL_TAG: - return true - } - return false -} - -var yamlStyleFloat = regexp.MustCompile(`^[-+]?[0-9]*\.?[0-9]+([eE][-+][0-9]+)?$`) - -func resolve(tag string, in string) (rtag string, out interface{}) { - if !resolvableTag(tag) { - return tag, in - } - - defer func() { - switch tag { - case "", rtag, yaml_STR_TAG, yaml_BINARY_TAG: - return - } - failf("cannot decode %s `%s` as a %s", shortTag(rtag), in, shortTag(tag)) - }() - - // Any data is accepted as a !!str or !!binary. - // Otherwise, the prefix is enough of a hint about what it might be. - hint := byte('N') - if in != "" { - hint = resolveTable[in[0]] - } - if hint != 0 && tag != yaml_STR_TAG && tag != yaml_BINARY_TAG { - // Handle things we can lookup in a map. - if item, ok := resolveMap[in]; ok { - return item.tag, item.value - } - - // Base 60 floats are a bad idea, were dropped in YAML 1.2, and - // are purposefully unsupported here. They're still quoted on - // the way out for compatibility with other parser, though. - - switch hint { - case 'M': - // We've already checked the map above. - - case '.': - // Not in the map, so maybe a normal float. - floatv, err := strconv.ParseFloat(in, 64) - if err == nil { - return yaml_FLOAT_TAG, floatv - } - - case 'D', 'S': - // Int, float, or timestamp. - plain := strings.Replace(in, "_", "", -1) - intv, err := strconv.ParseInt(plain, 0, 64) - if err == nil { - if intv == int64(int(intv)) { - return yaml_INT_TAG, int(intv) - } else { - return yaml_INT_TAG, intv - } - } - uintv, err := strconv.ParseUint(plain, 0, 64) - if err == nil { - return yaml_INT_TAG, uintv - } - if yamlStyleFloat.MatchString(plain) { - floatv, err := strconv.ParseFloat(plain, 64) - if err == nil { - return yaml_FLOAT_TAG, floatv - } - } - if strings.HasPrefix(plain, "0b") { - intv, err := strconv.ParseInt(plain[2:], 2, 64) - if err == nil { - if intv == int64(int(intv)) { - return yaml_INT_TAG, int(intv) - } else { - return yaml_INT_TAG, intv - } - } - uintv, err := strconv.ParseUint(plain[2:], 2, 64) - if err == nil { - return yaml_INT_TAG, uintv - } - } else if strings.HasPrefix(plain, "-0b") { - intv, err := strconv.ParseInt(plain[3:], 2, 64) - if err == nil { - if intv == int64(int(intv)) { - return yaml_INT_TAG, -int(intv) - } else { - return yaml_INT_TAG, -intv - } - } - } - // XXX Handle timestamps here. - - default: - panic("resolveTable item not yet handled: " + string(rune(hint)) + " (with " + in + ")") - } - } - if tag == yaml_BINARY_TAG { - return yaml_BINARY_TAG, in - } - if utf8.ValidString(in) { - return yaml_STR_TAG, in - } - return yaml_BINARY_TAG, encodeBase64(in) -} - -// encodeBase64 encodes s as base64 that is broken up into multiple lines -// as appropriate for the resulting length. -func encodeBase64(s string) string { - const lineLen = 70 - encLen := base64.StdEncoding.EncodedLen(len(s)) - lines := encLen/lineLen + 1 - buf := make([]byte, encLen*2+lines) - in := buf[0:encLen] - out := buf[encLen:] - base64.StdEncoding.Encode(in, []byte(s)) - k := 0 - for i := 0; i < len(in); i += lineLen { - j := i + lineLen - if j > len(in) { - j = len(in) - } - k += copy(out[k:], in[i:j]) - if lines > 1 { - out[k] = '\n' - k++ - } - } - return string(out[:k]) -} diff --git a/vendor/github.com/ajeddeloh/yaml/scannerc.go b/vendor/github.com/ajeddeloh/yaml/scannerc.go deleted file mode 100644 index 0744844558..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/scannerc.go +++ /dev/null @@ -1,2711 +0,0 @@ -package yaml - -import ( - "bytes" - "fmt" -) - -// Introduction -// ************ -// -// The following notes assume that you are familiar with the YAML specification -// (http://yaml.org/spec/1.2/spec.html). We mostly follow it, although in -// some cases we are less restrictive that it requires. -// -// The process of transforming a YAML stream into a sequence of events is -// divided on two steps: Scanning and Parsing. -// -// The Scanner transforms the input stream into a sequence of tokens, while the -// parser transform the sequence of tokens produced by the Scanner into a -// sequence of parsing events. -// -// The Scanner is rather clever and complicated. The Parser, on the contrary, -// is a straightforward implementation of a recursive-descendant parser (or, -// LL(1) parser, as it is usually called). -// -// Actually there are two issues of Scanning that might be called "clever", the -// rest is quite straightforward. The issues are "block collection start" and -// "simple keys". Both issues are explained below in details. -// -// Here the Scanning step is explained and implemented. We start with the list -// of all the tokens produced by the Scanner together with short descriptions. -// -// Now, tokens: -// -// STREAM-START(encoding) # The stream start. -// STREAM-END # The stream end. -// VERSION-DIRECTIVE(major,minor) # The '%YAML' directive. -// TAG-DIRECTIVE(handle,prefix) # The '%TAG' directive. -// DOCUMENT-START # '---' -// DOCUMENT-END # '...' -// BLOCK-SEQUENCE-START # Indentation increase denoting a block -// BLOCK-MAPPING-START # sequence or a block mapping. -// BLOCK-END # Indentation decrease. -// FLOW-SEQUENCE-START # '[' -// FLOW-SEQUENCE-END # ']' -// BLOCK-SEQUENCE-START # '{' -// BLOCK-SEQUENCE-END # '}' -// BLOCK-ENTRY # '-' -// FLOW-ENTRY # ',' -// KEY # '?' or nothing (simple keys). -// VALUE # ':' -// ALIAS(anchor) # '*anchor' -// ANCHOR(anchor) # '&anchor' -// TAG(handle,suffix) # '!handle!suffix' -// SCALAR(value,style) # A scalar. -// -// The following two tokens are "virtual" tokens denoting the beginning and the -// end of the stream: -// -// STREAM-START(encoding) -// STREAM-END -// -// We pass the information about the input stream encoding with the -// STREAM-START token. -// -// The next two tokens are responsible for tags: -// -// VERSION-DIRECTIVE(major,minor) -// TAG-DIRECTIVE(handle,prefix) -// -// Example: -// -// %YAML 1.1 -// %TAG ! !foo -// %TAG !yaml! tag:yaml.org,2002: -// --- -// -// The correspoding sequence of tokens: -// -// STREAM-START(utf-8) -// VERSION-DIRECTIVE(1,1) -// TAG-DIRECTIVE("!","!foo") -// TAG-DIRECTIVE("!yaml","tag:yaml.org,2002:") -// DOCUMENT-START -// STREAM-END -// -// Note that the VERSION-DIRECTIVE and TAG-DIRECTIVE tokens occupy a whole -// line. -// -// The document start and end indicators are represented by: -// -// DOCUMENT-START -// DOCUMENT-END -// -// Note that if a YAML stream contains an implicit document (without '---' -// and '...' indicators), no DOCUMENT-START and DOCUMENT-END tokens will be -// produced. -// -// In the following examples, we present whole documents together with the -// produced tokens. -// -// 1. An implicit document: -// -// 'a scalar' -// -// Tokens: -// -// STREAM-START(utf-8) -// SCALAR("a scalar",single-quoted) -// STREAM-END -// -// 2. An explicit document: -// -// --- -// 'a scalar' -// ... -// -// Tokens: -// -// STREAM-START(utf-8) -// DOCUMENT-START -// SCALAR("a scalar",single-quoted) -// DOCUMENT-END -// STREAM-END -// -// 3. Several documents in a stream: -// -// 'a scalar' -// --- -// 'another scalar' -// --- -// 'yet another scalar' -// -// Tokens: -// -// STREAM-START(utf-8) -// SCALAR("a scalar",single-quoted) -// DOCUMENT-START -// SCALAR("another scalar",single-quoted) -// DOCUMENT-START -// SCALAR("yet another scalar",single-quoted) -// STREAM-END -// -// We have already introduced the SCALAR token above. The following tokens are -// used to describe aliases, anchors, tag, and scalars: -// -// ALIAS(anchor) -// ANCHOR(anchor) -// TAG(handle,suffix) -// SCALAR(value,style) -// -// The following series of examples illustrate the usage of these tokens: -// -// 1. A recursive sequence: -// -// &A [ *A ] -// -// Tokens: -// -// STREAM-START(utf-8) -// ANCHOR("A") -// FLOW-SEQUENCE-START -// ALIAS("A") -// FLOW-SEQUENCE-END -// STREAM-END -// -// 2. A tagged scalar: -// -// !!float "3.14" # A good approximation. -// -// Tokens: -// -// STREAM-START(utf-8) -// TAG("!!","float") -// SCALAR("3.14",double-quoted) -// STREAM-END -// -// 3. Various scalar styles: -// -// --- # Implicit empty plain scalars do not produce tokens. -// --- a plain scalar -// --- 'a single-quoted scalar' -// --- "a double-quoted scalar" -// --- |- -// a literal scalar -// --- >- -// a folded -// scalar -// -// Tokens: -// -// STREAM-START(utf-8) -// DOCUMENT-START -// DOCUMENT-START -// SCALAR("a plain scalar",plain) -// DOCUMENT-START -// SCALAR("a single-quoted scalar",single-quoted) -// DOCUMENT-START -// SCALAR("a double-quoted scalar",double-quoted) -// DOCUMENT-START -// SCALAR("a literal scalar",literal) -// DOCUMENT-START -// SCALAR("a folded scalar",folded) -// STREAM-END -// -// Now it's time to review collection-related tokens. We will start with -// flow collections: -// -// FLOW-SEQUENCE-START -// FLOW-SEQUENCE-END -// FLOW-MAPPING-START -// FLOW-MAPPING-END -// FLOW-ENTRY -// KEY -// VALUE -// -// The tokens FLOW-SEQUENCE-START, FLOW-SEQUENCE-END, FLOW-MAPPING-START, and -// FLOW-MAPPING-END represent the indicators '[', ']', '{', and '}' -// correspondingly. FLOW-ENTRY represent the ',' indicator. Finally the -// indicators '?' and ':', which are used for denoting mapping keys and values, -// are represented by the KEY and VALUE tokens. -// -// The following examples show flow collections: -// -// 1. A flow sequence: -// -// [item 1, item 2, item 3] -// -// Tokens: -// -// STREAM-START(utf-8) -// FLOW-SEQUENCE-START -// SCALAR("item 1",plain) -// FLOW-ENTRY -// SCALAR("item 2",plain) -// FLOW-ENTRY -// SCALAR("item 3",plain) -// FLOW-SEQUENCE-END -// STREAM-END -// -// 2. A flow mapping: -// -// { -// a simple key: a value, # Note that the KEY token is produced. -// ? a complex key: another value, -// } -// -// Tokens: -// -// STREAM-START(utf-8) -// FLOW-MAPPING-START -// KEY -// SCALAR("a simple key",plain) -// VALUE -// SCALAR("a value",plain) -// FLOW-ENTRY -// KEY -// SCALAR("a complex key",plain) -// VALUE -// SCALAR("another value",plain) -// FLOW-ENTRY -// FLOW-MAPPING-END -// STREAM-END -// -// A simple key is a key which is not denoted by the '?' indicator. Note that -// the Scanner still produce the KEY token whenever it encounters a simple key. -// -// For scanning block collections, the following tokens are used (note that we -// repeat KEY and VALUE here): -// -// BLOCK-SEQUENCE-START -// BLOCK-MAPPING-START -// BLOCK-END -// BLOCK-ENTRY -// KEY -// VALUE -// -// The tokens BLOCK-SEQUENCE-START and BLOCK-MAPPING-START denote indentation -// increase that precedes a block collection (cf. the INDENT token in Python). -// The token BLOCK-END denote indentation decrease that ends a block collection -// (cf. the DEDENT token in Python). However YAML has some syntax pecularities -// that makes detections of these tokens more complex. -// -// The tokens BLOCK-ENTRY, KEY, and VALUE are used to represent the indicators -// '-', '?', and ':' correspondingly. -// -// The following examples show how the tokens BLOCK-SEQUENCE-START, -// BLOCK-MAPPING-START, and BLOCK-END are emitted by the Scanner: -// -// 1. Block sequences: -// -// - item 1 -// - item 2 -// - -// - item 3.1 -// - item 3.2 -// - -// key 1: value 1 -// key 2: value 2 -// -// Tokens: -// -// STREAM-START(utf-8) -// BLOCK-SEQUENCE-START -// BLOCK-ENTRY -// SCALAR("item 1",plain) -// BLOCK-ENTRY -// SCALAR("item 2",plain) -// BLOCK-ENTRY -// BLOCK-SEQUENCE-START -// BLOCK-ENTRY -// SCALAR("item 3.1",plain) -// BLOCK-ENTRY -// SCALAR("item 3.2",plain) -// BLOCK-END -// BLOCK-ENTRY -// BLOCK-MAPPING-START -// KEY -// SCALAR("key 1",plain) -// VALUE -// SCALAR("value 1",plain) -// KEY -// SCALAR("key 2",plain) -// VALUE -// SCALAR("value 2",plain) -// BLOCK-END -// BLOCK-END -// STREAM-END -// -// 2. Block mappings: -// -// a simple key: a value # The KEY token is produced here. -// ? a complex key -// : another value -// a mapping: -// key 1: value 1 -// key 2: value 2 -// a sequence: -// - item 1 -// - item 2 -// -// Tokens: -// -// STREAM-START(utf-8) -// BLOCK-MAPPING-START -// KEY -// SCALAR("a simple key",plain) -// VALUE -// SCALAR("a value",plain) -// KEY -// SCALAR("a complex key",plain) -// VALUE -// SCALAR("another value",plain) -// KEY -// SCALAR("a mapping",plain) -// BLOCK-MAPPING-START -// KEY -// SCALAR("key 1",plain) -// VALUE -// SCALAR("value 1",plain) -// KEY -// SCALAR("key 2",plain) -// VALUE -// SCALAR("value 2",plain) -// BLOCK-END -// KEY -// SCALAR("a sequence",plain) -// VALUE -// BLOCK-SEQUENCE-START -// BLOCK-ENTRY -// SCALAR("item 1",plain) -// BLOCK-ENTRY -// SCALAR("item 2",plain) -// BLOCK-END -// BLOCK-END -// STREAM-END -// -// YAML does not always require to start a new block collection from a new -// line. If the current line contains only '-', '?', and ':' indicators, a new -// block collection may start at the current line. The following examples -// illustrate this case: -// -// 1. Collections in a sequence: -// -// - - item 1 -// - item 2 -// - key 1: value 1 -// key 2: value 2 -// - ? complex key -// : complex value -// -// Tokens: -// -// STREAM-START(utf-8) -// BLOCK-SEQUENCE-START -// BLOCK-ENTRY -// BLOCK-SEQUENCE-START -// BLOCK-ENTRY -// SCALAR("item 1",plain) -// BLOCK-ENTRY -// SCALAR("item 2",plain) -// BLOCK-END -// BLOCK-ENTRY -// BLOCK-MAPPING-START -// KEY -// SCALAR("key 1",plain) -// VALUE -// SCALAR("value 1",plain) -// KEY -// SCALAR("key 2",plain) -// VALUE -// SCALAR("value 2",plain) -// BLOCK-END -// BLOCK-ENTRY -// BLOCK-MAPPING-START -// KEY -// SCALAR("complex key") -// VALUE -// SCALAR("complex value") -// BLOCK-END -// BLOCK-END -// STREAM-END -// -// 2. Collections in a mapping: -// -// ? a sequence -// : - item 1 -// - item 2 -// ? a mapping -// : key 1: value 1 -// key 2: value 2 -// -// Tokens: -// -// STREAM-START(utf-8) -// BLOCK-MAPPING-START -// KEY -// SCALAR("a sequence",plain) -// VALUE -// BLOCK-SEQUENCE-START -// BLOCK-ENTRY -// SCALAR("item 1",plain) -// BLOCK-ENTRY -// SCALAR("item 2",plain) -// BLOCK-END -// KEY -// SCALAR("a mapping",plain) -// VALUE -// BLOCK-MAPPING-START -// KEY -// SCALAR("key 1",plain) -// VALUE -// SCALAR("value 1",plain) -// KEY -// SCALAR("key 2",plain) -// VALUE -// SCALAR("value 2",plain) -// BLOCK-END -// BLOCK-END -// STREAM-END -// -// YAML also permits non-indented sequences if they are included into a block -// mapping. In this case, the token BLOCK-SEQUENCE-START is not produced: -// -// key: -// - item 1 # BLOCK-SEQUENCE-START is NOT produced here. -// - item 2 -// -// Tokens: -// -// STREAM-START(utf-8) -// BLOCK-MAPPING-START -// KEY -// SCALAR("key",plain) -// VALUE -// BLOCK-ENTRY -// SCALAR("item 1",plain) -// BLOCK-ENTRY -// SCALAR("item 2",plain) -// BLOCK-END -// - -// Ensure that the buffer contains the required number of characters. -// Return true on success, false on failure (reader error or memory error). -func cache(parser *yaml_parser_t, length int) bool { - // [Go] This was inlined: !cache(A, B) -> unread < B && !update(A, B) - return parser.unread >= length || yaml_parser_update_buffer(parser, length) -} - -// Advance the buffer pointer. -func skip(parser *yaml_parser_t) { - parser.mark.index++ - parser.mark.column++ - parser.unread-- - parser.buffer_pos += width(parser.buffer[parser.buffer_pos]) -} - -func skip_line(parser *yaml_parser_t) { - if is_crlf(parser.buffer, parser.buffer_pos) { - parser.mark.index += 2 - parser.mark.column = 0 - parser.mark.line++ - parser.unread -= 2 - parser.buffer_pos += 2 - } else if is_break(parser.buffer, parser.buffer_pos) { - parser.mark.index++ - parser.mark.column = 0 - parser.mark.line++ - parser.unread-- - parser.buffer_pos += width(parser.buffer[parser.buffer_pos]) - } -} - -// Copy a character to a string buffer and advance pointers. -func read(parser *yaml_parser_t, s []byte) []byte { - w := width(parser.buffer[parser.buffer_pos]) - if w == 0 { - panic("invalid character sequence") - } - if len(s) == 0 { - s = make([]byte, 0, 32) - } - if w == 1 && len(s)+w <= cap(s) { - s = s[:len(s)+1] - s[len(s)-1] = parser.buffer[parser.buffer_pos] - parser.buffer_pos++ - } else { - s = append(s, parser.buffer[parser.buffer_pos:parser.buffer_pos+w]...) - parser.buffer_pos += w - } - parser.mark.index++ - parser.mark.column++ - parser.unread-- - return s -} - -// Copy a line break character to a string buffer and advance pointers. -func read_line(parser *yaml_parser_t, s []byte) []byte { - buf := parser.buffer - pos := parser.buffer_pos - switch { - case buf[pos] == '\r' && buf[pos+1] == '\n': - // CR LF . LF - s = append(s, '\n') - parser.buffer_pos += 2 - parser.mark.index++ - parser.unread-- - case buf[pos] == '\r' || buf[pos] == '\n': - // CR|LF . LF - s = append(s, '\n') - parser.buffer_pos += 1 - case buf[pos] == '\xC2' && buf[pos+1] == '\x85': - // NEL . LF - s = append(s, '\n') - parser.buffer_pos += 2 - case buf[pos] == '\xE2' && buf[pos+1] == '\x80' && (buf[pos+2] == '\xA8' || buf[pos+2] == '\xA9'): - // LS|PS . LS|PS - s = append(s, buf[parser.buffer_pos:pos+3]...) - parser.buffer_pos += 3 - default: - return s - } - parser.mark.index++ - parser.mark.column = 0 - parser.mark.line++ - parser.unread-- - return s -} - -// Get the next token. -func yaml_parser_scan(parser *yaml_parser_t, token *yaml_token_t) bool { - // Erase the token object. - *token = yaml_token_t{} // [Go] Is this necessary? - - // No tokens after STREAM-END or error. - if parser.stream_end_produced || parser.error != yaml_NO_ERROR { - return true - } - - // Ensure that the tokens queue contains enough tokens. - if !parser.token_available { - if !yaml_parser_fetch_more_tokens(parser) { - return false - } - } - - // Fetch the next token from the queue. - *token = parser.tokens[parser.tokens_head] - parser.tokens_head++ - parser.tokens_parsed++ - parser.token_available = false - - if token.typ == yaml_STREAM_END_TOKEN { - parser.stream_end_produced = true - } - return true -} - -// Set the scanner error and return false. -func yaml_parser_set_scanner_error(parser *yaml_parser_t, context string, context_mark yaml_mark_t, problem string) bool { - parser.error = yaml_SCANNER_ERROR - parser.context = context - parser.context_mark = context_mark - parser.problem = problem - parser.problem_mark = parser.mark - return false -} - -func yaml_parser_set_scanner_tag_error(parser *yaml_parser_t, directive bool, context_mark yaml_mark_t, problem string) bool { - context := "while parsing a tag" - if directive { - context = "while parsing a %TAG directive" - } - return yaml_parser_set_scanner_error(parser, context, context_mark, problem) -} - -func trace(args ...interface{}) func() { - pargs := append([]interface{}{"+++"}, args...) - fmt.Println(pargs...) - pargs = append([]interface{}{"---"}, args...) - return func() { fmt.Println(pargs...) } -} - -// Ensure that the tokens queue contains at least one token which can be -// returned to the Parser. -func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool { - // While we need more tokens to fetch, do it. - for { - // Check if we really need to fetch more tokens. - need_more_tokens := false - - if parser.tokens_head == len(parser.tokens) { - // Queue is empty. - need_more_tokens = true - } else { - // Check if any potential simple key may occupy the head position. - if !yaml_parser_stale_simple_keys(parser) { - return false - } - - for i := range parser.simple_keys { - simple_key := &parser.simple_keys[i] - if simple_key.possible && simple_key.token_number == parser.tokens_parsed { - need_more_tokens = true - break - } - } - } - - // We are finished. - if !need_more_tokens { - break - } - // Fetch the next token. - if !yaml_parser_fetch_next_token(parser) { - return false - } - } - - parser.token_available = true - return true -} - -// The dispatcher for token fetchers. -func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool { - // Ensure that the buffer is initialized. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - - // Check if we just started scanning. Fetch STREAM-START then. - if !parser.stream_start_produced { - return yaml_parser_fetch_stream_start(parser) - } - - // Eat whitespaces and comments until we reach the next token. - if !yaml_parser_scan_to_next_token(parser) { - return false - } - - // Remove obsolete potential simple keys. - if !yaml_parser_stale_simple_keys(parser) { - return false - } - - // Check the indentation level against the current column. - if !yaml_parser_unroll_indent(parser, parser.mark.column) { - return false - } - - // Ensure that the buffer contains at least 4 characters. 4 is the length - // of the longest indicators ('--- ' and '... '). - if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) { - return false - } - - // Is it the end of the stream? - if is_z(parser.buffer, parser.buffer_pos) { - return yaml_parser_fetch_stream_end(parser) - } - - // Is it a directive? - if parser.mark.column == 0 && parser.buffer[parser.buffer_pos] == '%' { - return yaml_parser_fetch_directive(parser) - } - - buf := parser.buffer - pos := parser.buffer_pos - - // Is it the document start indicator? - if parser.mark.column == 0 && buf[pos] == '-' && buf[pos+1] == '-' && buf[pos+2] == '-' && is_blankz(buf, pos+3) { - return yaml_parser_fetch_document_indicator(parser, yaml_DOCUMENT_START_TOKEN) - } - - // Is it the document end indicator? - if parser.mark.column == 0 && buf[pos] == '.' && buf[pos+1] == '.' && buf[pos+2] == '.' && is_blankz(buf, pos+3) { - return yaml_parser_fetch_document_indicator(parser, yaml_DOCUMENT_END_TOKEN) - } - - // Is it the flow sequence start indicator? - if buf[pos] == '[' { - return yaml_parser_fetch_flow_collection_start(parser, yaml_FLOW_SEQUENCE_START_TOKEN) - } - - // Is it the flow mapping start indicator? - if parser.buffer[parser.buffer_pos] == '{' { - return yaml_parser_fetch_flow_collection_start(parser, yaml_FLOW_MAPPING_START_TOKEN) - } - - // Is it the flow sequence end indicator? - if parser.buffer[parser.buffer_pos] == ']' { - return yaml_parser_fetch_flow_collection_end(parser, - yaml_FLOW_SEQUENCE_END_TOKEN) - } - - // Is it the flow mapping end indicator? - if parser.buffer[parser.buffer_pos] == '}' { - return yaml_parser_fetch_flow_collection_end(parser, - yaml_FLOW_MAPPING_END_TOKEN) - } - - // Is it the flow entry indicator? - if parser.buffer[parser.buffer_pos] == ',' { - return yaml_parser_fetch_flow_entry(parser) - } - - // Is it the block entry indicator? - if parser.buffer[parser.buffer_pos] == '-' && is_blankz(parser.buffer, parser.buffer_pos+1) { - return yaml_parser_fetch_block_entry(parser) - } - - // Is it the key indicator? - if parser.buffer[parser.buffer_pos] == '?' && (parser.flow_level > 0 || is_blankz(parser.buffer, parser.buffer_pos+1)) { - return yaml_parser_fetch_key(parser) - } - - // Is it the value indicator? - if parser.buffer[parser.buffer_pos] == ':' && (parser.flow_level > 0 || is_blankz(parser.buffer, parser.buffer_pos+1)) { - return yaml_parser_fetch_value(parser) - } - - // Is it an alias? - if parser.buffer[parser.buffer_pos] == '*' { - return yaml_parser_fetch_anchor(parser, yaml_ALIAS_TOKEN) - } - - // Is it an anchor? - if parser.buffer[parser.buffer_pos] == '&' { - return yaml_parser_fetch_anchor(parser, yaml_ANCHOR_TOKEN) - } - - // Is it a tag? - if parser.buffer[parser.buffer_pos] == '!' { - return yaml_parser_fetch_tag(parser) - } - - // Is it a literal scalar? - if parser.buffer[parser.buffer_pos] == '|' && parser.flow_level == 0 { - return yaml_parser_fetch_block_scalar(parser, true) - } - - // Is it a folded scalar? - if parser.buffer[parser.buffer_pos] == '>' && parser.flow_level == 0 { - return yaml_parser_fetch_block_scalar(parser, false) - } - - // Is it a single-quoted scalar? - if parser.buffer[parser.buffer_pos] == '\'' { - return yaml_parser_fetch_flow_scalar(parser, true) - } - - // Is it a double-quoted scalar? - if parser.buffer[parser.buffer_pos] == '"' { - return yaml_parser_fetch_flow_scalar(parser, false) - } - - // Is it a plain scalar? - // - // A plain scalar may start with any non-blank characters except - // - // '-', '?', ':', ',', '[', ']', '{', '}', - // '#', '&', '*', '!', '|', '>', '\'', '\"', - // '%', '@', '`'. - // - // In the block context (and, for the '-' indicator, in the flow context - // too), it may also start with the characters - // - // '-', '?', ':' - // - // if it is followed by a non-space character. - // - // The last rule is more restrictive than the specification requires. - // [Go] Make this logic more reasonable. - //switch parser.buffer[parser.buffer_pos] { - //case '-', '?', ':', ',', '?', '-', ',', ':', ']', '[', '}', '{', '&', '#', '!', '*', '>', '|', '"', '\'', '@', '%', '-', '`': - //} - if !(is_blankz(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == '-' || - parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == ':' || - parser.buffer[parser.buffer_pos] == ',' || parser.buffer[parser.buffer_pos] == '[' || - parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '{' || - parser.buffer[parser.buffer_pos] == '}' || parser.buffer[parser.buffer_pos] == '#' || - parser.buffer[parser.buffer_pos] == '&' || parser.buffer[parser.buffer_pos] == '*' || - parser.buffer[parser.buffer_pos] == '!' || parser.buffer[parser.buffer_pos] == '|' || - parser.buffer[parser.buffer_pos] == '>' || parser.buffer[parser.buffer_pos] == '\'' || - parser.buffer[parser.buffer_pos] == '"' || parser.buffer[parser.buffer_pos] == '%' || - parser.buffer[parser.buffer_pos] == '@' || parser.buffer[parser.buffer_pos] == '`') || - (parser.buffer[parser.buffer_pos] == '-' && !is_blank(parser.buffer, parser.buffer_pos+1)) || - (parser.flow_level == 0 && - (parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == ':') && - !is_blankz(parser.buffer, parser.buffer_pos+1)) { - return yaml_parser_fetch_plain_scalar(parser) - } - - // If we don't determine the token type so far, it is an error. - return yaml_parser_set_scanner_error(parser, - "while scanning for the next token", parser.mark, - "found character that cannot start any token") -} - -// Check the list of potential simple keys and remove the positions that -// cannot contain simple keys anymore. -func yaml_parser_stale_simple_keys(parser *yaml_parser_t) bool { - // Check for a potential simple key for each flow level. - for i := range parser.simple_keys { - simple_key := &parser.simple_keys[i] - - // The specification requires that a simple key - // - // - is limited to a single line, - // - is shorter than 1024 characters. - if simple_key.possible && (simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index) { - - // Check if the potential simple key to be removed is required. - if simple_key.required { - return yaml_parser_set_scanner_error(parser, - "while scanning a simple key", simple_key.mark, - "could not find expected ':'") - } - simple_key.possible = false - } - } - return true -} - -// Check if a simple key may start at the current position and add it if -// needed. -func yaml_parser_save_simple_key(parser *yaml_parser_t) bool { - // A simple key is required at the current position if the scanner is in - // the block context and the current column coincides with the indentation - // level. - - required := parser.flow_level == 0 && parser.indent == parser.mark.column - - // A simple key is required only when it is the first token in the current - // line. Therefore it is always allowed. But we add a check anyway. - if required && !parser.simple_key_allowed { - panic("should not happen") - } - - // - // If the current position may start a simple key, save it. - // - if parser.simple_key_allowed { - simple_key := yaml_simple_key_t{ - possible: true, - required: required, - token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head), - } - simple_key.mark = parser.mark - - if !yaml_parser_remove_simple_key(parser) { - return false - } - parser.simple_keys[len(parser.simple_keys)-1] = simple_key - } - return true -} - -// Remove a potential simple key at the current flow level. -func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool { - i := len(parser.simple_keys) - 1 - if parser.simple_keys[i].possible { - // If the key is required, it is an error. - if parser.simple_keys[i].required { - return yaml_parser_set_scanner_error(parser, - "while scanning a simple key", parser.simple_keys[i].mark, - "could not find expected ':'") - } - } - // Remove the key from the stack. - parser.simple_keys[i].possible = false - return true -} - -// Increase the flow level and resize the simple key list if needed. -func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool { - // Reset the simple key on the next level. - parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{}) - - // Increase the flow level. - parser.flow_level++ - return true -} - -// Decrease the flow level. -func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool { - if parser.flow_level > 0 { - parser.flow_level-- - parser.simple_keys = parser.simple_keys[:len(parser.simple_keys)-1] - } - return true -} - -// Push the current indentation level to the stack and set the new level -// the current column is greater than the indentation level. In this case, -// append or insert the specified token into the token queue. -func yaml_parser_roll_indent(parser *yaml_parser_t, column, number int, typ yaml_token_type_t, mark yaml_mark_t) bool { - // In the flow context, do nothing. - if parser.flow_level > 0 { - return true - } - - if parser.indent < column { - // Push the current indentation level to the stack and set the new - // indentation level. - parser.indents = append(parser.indents, parser.indent) - parser.indent = column - - // Create a token and insert it into the queue. - token := yaml_token_t{ - typ: typ, - start_mark: mark, - end_mark: mark, - } - if number > -1 { - number -= parser.tokens_parsed - } - yaml_insert_token(parser, number, &token) - } - return true -} - -// Pop indentation levels from the indents stack until the current level -// becomes less or equal to the column. For each indentation level, append -// the BLOCK-END token. -func yaml_parser_unroll_indent(parser *yaml_parser_t, column int) bool { - // In the flow context, do nothing. - if parser.flow_level > 0 { - return true - } - - // Loop through the indentation levels in the stack. - for parser.indent > column { - // Create a token and append it to the queue. - token := yaml_token_t{ - typ: yaml_BLOCK_END_TOKEN, - start_mark: parser.mark, - end_mark: parser.mark, - } - yaml_insert_token(parser, -1, &token) - - // Pop the indentation level. - parser.indent = parser.indents[len(parser.indents)-1] - parser.indents = parser.indents[:len(parser.indents)-1] - } - return true -} - -// Initialize the scanner and produce the STREAM-START token. -func yaml_parser_fetch_stream_start(parser *yaml_parser_t) bool { - - // Set the initial indentation. - parser.indent = -1 - - // Initialize the simple key stack. - parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{}) - - // A simple key is allowed at the beginning of the stream. - parser.simple_key_allowed = true - - // We have started. - parser.stream_start_produced = true - - // Create the STREAM-START token and append it to the queue. - token := yaml_token_t{ - typ: yaml_STREAM_START_TOKEN, - start_mark: parser.mark, - end_mark: parser.mark, - encoding: parser.encoding, - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the STREAM-END token and shut down the scanner. -func yaml_parser_fetch_stream_end(parser *yaml_parser_t) bool { - - // Force new line. - if parser.mark.column != 0 { - parser.mark.column = 0 - parser.mark.line++ - } - - // Reset the indentation level. - if !yaml_parser_unroll_indent(parser, -1) { - return false - } - - // Reset simple keys. - if !yaml_parser_remove_simple_key(parser) { - return false - } - - parser.simple_key_allowed = false - - // Create the STREAM-END token and append it to the queue. - token := yaml_token_t{ - typ: yaml_STREAM_END_TOKEN, - start_mark: parser.mark, - end_mark: parser.mark, - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce a VERSION-DIRECTIVE or TAG-DIRECTIVE token. -func yaml_parser_fetch_directive(parser *yaml_parser_t) bool { - // Reset the indentation level. - if !yaml_parser_unroll_indent(parser, -1) { - return false - } - - // Reset simple keys. - if !yaml_parser_remove_simple_key(parser) { - return false - } - - parser.simple_key_allowed = false - - // Create the YAML-DIRECTIVE or TAG-DIRECTIVE token. - token := yaml_token_t{} - if !yaml_parser_scan_directive(parser, &token) { - return false - } - // Append the token to the queue. - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the DOCUMENT-START or DOCUMENT-END token. -func yaml_parser_fetch_document_indicator(parser *yaml_parser_t, typ yaml_token_type_t) bool { - // Reset the indentation level. - if !yaml_parser_unroll_indent(parser, -1) { - return false - } - - // Reset simple keys. - if !yaml_parser_remove_simple_key(parser) { - return false - } - - parser.simple_key_allowed = false - - // Consume the token. - start_mark := parser.mark - - skip(parser) - skip(parser) - skip(parser) - - end_mark := parser.mark - - // Create the DOCUMENT-START or DOCUMENT-END token. - token := yaml_token_t{ - typ: typ, - start_mark: start_mark, - end_mark: end_mark, - } - // Append the token to the queue. - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the FLOW-SEQUENCE-START or FLOW-MAPPING-START token. -func yaml_parser_fetch_flow_collection_start(parser *yaml_parser_t, typ yaml_token_type_t) bool { - // The indicators '[' and '{' may start a simple key. - if !yaml_parser_save_simple_key(parser) { - return false - } - - // Increase the flow level. - if !yaml_parser_increase_flow_level(parser) { - return false - } - - // A simple key may follow the indicators '[' and '{'. - parser.simple_key_allowed = true - - // Consume the token. - start_mark := parser.mark - skip(parser) - end_mark := parser.mark - - // Create the FLOW-SEQUENCE-START of FLOW-MAPPING-START token. - token := yaml_token_t{ - typ: typ, - start_mark: start_mark, - end_mark: end_mark, - } - // Append the token to the queue. - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the FLOW-SEQUENCE-END or FLOW-MAPPING-END token. -func yaml_parser_fetch_flow_collection_end(parser *yaml_parser_t, typ yaml_token_type_t) bool { - // Reset any potential simple key on the current flow level. - if !yaml_parser_remove_simple_key(parser) { - return false - } - - // Decrease the flow level. - if !yaml_parser_decrease_flow_level(parser) { - return false - } - - // No simple keys after the indicators ']' and '}'. - parser.simple_key_allowed = false - - // Consume the token. - - start_mark := parser.mark - skip(parser) - end_mark := parser.mark - - // Create the FLOW-SEQUENCE-END of FLOW-MAPPING-END token. - token := yaml_token_t{ - typ: typ, - start_mark: start_mark, - end_mark: end_mark, - } - // Append the token to the queue. - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the FLOW-ENTRY token. -func yaml_parser_fetch_flow_entry(parser *yaml_parser_t) bool { - // Reset any potential simple keys on the current flow level. - if !yaml_parser_remove_simple_key(parser) { - return false - } - - // Simple keys are allowed after ','. - parser.simple_key_allowed = true - - // Consume the token. - start_mark := parser.mark - skip(parser) - end_mark := parser.mark - - // Create the FLOW-ENTRY token and append it to the queue. - token := yaml_token_t{ - typ: yaml_FLOW_ENTRY_TOKEN, - start_mark: start_mark, - end_mark: end_mark, - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the BLOCK-ENTRY token. -func yaml_parser_fetch_block_entry(parser *yaml_parser_t) bool { - // Check if the scanner is in the block context. - if parser.flow_level == 0 { - // Check if we are allowed to start a new entry. - if !parser.simple_key_allowed { - return yaml_parser_set_scanner_error(parser, "", parser.mark, - "block sequence entries are not allowed in this context") - } - // Add the BLOCK-SEQUENCE-START token if needed. - if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_SEQUENCE_START_TOKEN, parser.mark) { - return false - } - } else { - // It is an error for the '-' indicator to occur in the flow context, - // but we let the Parser detect and report about it because the Parser - // is able to point to the context. - } - - // Reset any potential simple keys on the current flow level. - if !yaml_parser_remove_simple_key(parser) { - return false - } - - // Simple keys are allowed after '-'. - parser.simple_key_allowed = true - - // Consume the token. - start_mark := parser.mark - skip(parser) - end_mark := parser.mark - - // Create the BLOCK-ENTRY token and append it to the queue. - token := yaml_token_t{ - typ: yaml_BLOCK_ENTRY_TOKEN, - start_mark: start_mark, - end_mark: end_mark, - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the KEY token. -func yaml_parser_fetch_key(parser *yaml_parser_t) bool { - - // In the block context, additional checks are required. - if parser.flow_level == 0 { - // Check if we are allowed to start a new key (not nessesary simple). - if !parser.simple_key_allowed { - return yaml_parser_set_scanner_error(parser, "", parser.mark, - "mapping keys are not allowed in this context") - } - // Add the BLOCK-MAPPING-START token if needed. - if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_MAPPING_START_TOKEN, parser.mark) { - return false - } - } - - // Reset any potential simple keys on the current flow level. - if !yaml_parser_remove_simple_key(parser) { - return false - } - - // Simple keys are allowed after '?' in the block context. - parser.simple_key_allowed = parser.flow_level == 0 - - // Consume the token. - start_mark := parser.mark - skip(parser) - end_mark := parser.mark - - // Create the KEY token and append it to the queue. - token := yaml_token_t{ - typ: yaml_KEY_TOKEN, - start_mark: start_mark, - end_mark: end_mark, - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the VALUE token. -func yaml_parser_fetch_value(parser *yaml_parser_t) bool { - - simple_key := &parser.simple_keys[len(parser.simple_keys)-1] - - // Have we found a simple key? - if simple_key.possible { - // Create the KEY token and insert it into the queue. - token := yaml_token_t{ - typ: yaml_KEY_TOKEN, - start_mark: simple_key.mark, - end_mark: simple_key.mark, - } - yaml_insert_token(parser, simple_key.token_number-parser.tokens_parsed, &token) - - // In the block context, we may need to add the BLOCK-MAPPING-START token. - if !yaml_parser_roll_indent(parser, simple_key.mark.column, - simple_key.token_number, - yaml_BLOCK_MAPPING_START_TOKEN, simple_key.mark) { - return false - } - - // Remove the simple key. - simple_key.possible = false - - // A simple key cannot follow another simple key. - parser.simple_key_allowed = false - - } else { - // The ':' indicator follows a complex key. - - // In the block context, extra checks are required. - if parser.flow_level == 0 { - - // Check if we are allowed to start a complex value. - if !parser.simple_key_allowed { - return yaml_parser_set_scanner_error(parser, "", parser.mark, - "mapping values are not allowed in this context") - } - - // Add the BLOCK-MAPPING-START token if needed. - if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_MAPPING_START_TOKEN, parser.mark) { - return false - } - } - - // Simple keys after ':' are allowed in the block context. - parser.simple_key_allowed = parser.flow_level == 0 - } - - // Consume the token. - start_mark := parser.mark - skip(parser) - end_mark := parser.mark - - // Create the VALUE token and append it to the queue. - token := yaml_token_t{ - typ: yaml_VALUE_TOKEN, - start_mark: start_mark, - end_mark: end_mark, - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the ALIAS or ANCHOR token. -func yaml_parser_fetch_anchor(parser *yaml_parser_t, typ yaml_token_type_t) bool { - // An anchor or an alias could be a simple key. - if !yaml_parser_save_simple_key(parser) { - return false - } - - // A simple key cannot follow an anchor or an alias. - parser.simple_key_allowed = false - - // Create the ALIAS or ANCHOR token and append it to the queue. - var token yaml_token_t - if !yaml_parser_scan_anchor(parser, &token, typ) { - return false - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the TAG token. -func yaml_parser_fetch_tag(parser *yaml_parser_t) bool { - // A tag could be a simple key. - if !yaml_parser_save_simple_key(parser) { - return false - } - - // A simple key cannot follow a tag. - parser.simple_key_allowed = false - - // Create the TAG token and append it to the queue. - var token yaml_token_t - if !yaml_parser_scan_tag(parser, &token) { - return false - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the SCALAR(...,literal) or SCALAR(...,folded) tokens. -func yaml_parser_fetch_block_scalar(parser *yaml_parser_t, literal bool) bool { - // Remove any potential simple keys. - if !yaml_parser_remove_simple_key(parser) { - return false - } - - // A simple key may follow a block scalar. - parser.simple_key_allowed = true - - // Create the SCALAR token and append it to the queue. - var token yaml_token_t - if !yaml_parser_scan_block_scalar(parser, &token, literal) { - return false - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the SCALAR(...,single-quoted) or SCALAR(...,double-quoted) tokens. -func yaml_parser_fetch_flow_scalar(parser *yaml_parser_t, single bool) bool { - // A plain scalar could be a simple key. - if !yaml_parser_save_simple_key(parser) { - return false - } - - // A simple key cannot follow a flow scalar. - parser.simple_key_allowed = false - - // Create the SCALAR token and append it to the queue. - var token yaml_token_t - if !yaml_parser_scan_flow_scalar(parser, &token, single) { - return false - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Produce the SCALAR(...,plain) token. -func yaml_parser_fetch_plain_scalar(parser *yaml_parser_t) bool { - // A plain scalar could be a simple key. - if !yaml_parser_save_simple_key(parser) { - return false - } - - // A simple key cannot follow a flow scalar. - parser.simple_key_allowed = false - - // Create the SCALAR token and append it to the queue. - var token yaml_token_t - if !yaml_parser_scan_plain_scalar(parser, &token) { - return false - } - yaml_insert_token(parser, -1, &token) - return true -} - -// Eat whitespaces and comments until the next token is found. -func yaml_parser_scan_to_next_token(parser *yaml_parser_t) bool { - - // Until the next token is not found. - for { - // Allow the BOM mark to start a line. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - if parser.mark.column == 0 && is_bom(parser.buffer, parser.buffer_pos) { - skip(parser) - } - - // Eat whitespaces. - // Tabs are allowed: - // - in the flow context - // - in the block context, but not at the beginning of the line or - // after '-', '?', or ':' (complex value). - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - - for parser.buffer[parser.buffer_pos] == ' ' || ((parser.flow_level > 0 || !parser.simple_key_allowed) && parser.buffer[parser.buffer_pos] == '\t') { - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - // Eat a comment until a line break. - if parser.buffer[parser.buffer_pos] == '#' { - for !is_breakz(parser.buffer, parser.buffer_pos) { - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - } - - // If it is a line break, eat it. - if is_break(parser.buffer, parser.buffer_pos) { - if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { - return false - } - skip_line(parser) - - // In the block context, a new line may start a simple key. - if parser.flow_level == 0 { - parser.simple_key_allowed = true - } - } else { - break // We have found a token. - } - } - - return true -} - -// Scan a YAML-DIRECTIVE or TAG-DIRECTIVE token. -// -// Scope: -// %YAML 1.1 # a comment \n -// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -// %TAG !yaml! tag:yaml.org,2002: \n -// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -// -func yaml_parser_scan_directive(parser *yaml_parser_t, token *yaml_token_t) bool { - // Eat '%'. - start_mark := parser.mark - skip(parser) - - // Scan the directive name. - var name []byte - if !yaml_parser_scan_directive_name(parser, start_mark, &name) { - return false - } - - // Is it a YAML directive? - if bytes.Equal(name, []byte("YAML")) { - // Scan the VERSION directive value. - var major, minor int8 - if !yaml_parser_scan_version_directive_value(parser, start_mark, &major, &minor) { - return false - } - end_mark := parser.mark - - // Create a VERSION-DIRECTIVE token. - *token = yaml_token_t{ - typ: yaml_VERSION_DIRECTIVE_TOKEN, - start_mark: start_mark, - end_mark: end_mark, - major: major, - minor: minor, - } - - // Is it a TAG directive? - } else if bytes.Equal(name, []byte("TAG")) { - // Scan the TAG directive value. - var handle, prefix []byte - if !yaml_parser_scan_tag_directive_value(parser, start_mark, &handle, &prefix) { - return false - } - end_mark := parser.mark - - // Create a TAG-DIRECTIVE token. - *token = yaml_token_t{ - typ: yaml_TAG_DIRECTIVE_TOKEN, - start_mark: start_mark, - end_mark: end_mark, - value: handle, - prefix: prefix, - } - - // Unknown directive. - } else { - yaml_parser_set_scanner_error(parser, "while scanning a directive", - start_mark, "found unknown directive name") - return false - } - - // Eat the rest of the line including any comments. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - - for is_blank(parser.buffer, parser.buffer_pos) { - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - if parser.buffer[parser.buffer_pos] == '#' { - for !is_breakz(parser.buffer, parser.buffer_pos) { - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - } - - // Check if we are at the end of the line. - if !is_breakz(parser.buffer, parser.buffer_pos) { - yaml_parser_set_scanner_error(parser, "while scanning a directive", - start_mark, "did not find expected comment or line break") - return false - } - - // Eat a line break. - if is_break(parser.buffer, parser.buffer_pos) { - if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { - return false - } - skip_line(parser) - } - - return true -} - -// Scan the directive name. -// -// Scope: -// %YAML 1.1 # a comment \n -// ^^^^ -// %TAG !yaml! tag:yaml.org,2002: \n -// ^^^ -// -func yaml_parser_scan_directive_name(parser *yaml_parser_t, start_mark yaml_mark_t, name *[]byte) bool { - // Consume the directive name. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - - var s []byte - for is_alpha(parser.buffer, parser.buffer_pos) { - s = read(parser, s) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - // Check if the name is empty. - if len(s) == 0 { - yaml_parser_set_scanner_error(parser, "while scanning a directive", - start_mark, "could not find expected directive name") - return false - } - - // Check for an blank character after the name. - if !is_blankz(parser.buffer, parser.buffer_pos) { - yaml_parser_set_scanner_error(parser, "while scanning a directive", - start_mark, "found unexpected non-alphabetical character") - return false - } - *name = s - return true -} - -// Scan the value of VERSION-DIRECTIVE. -// -// Scope: -// %YAML 1.1 # a comment \n -// ^^^^^^ -func yaml_parser_scan_version_directive_value(parser *yaml_parser_t, start_mark yaml_mark_t, major, minor *int8) bool { - // Eat whitespaces. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - for is_blank(parser.buffer, parser.buffer_pos) { - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - // Consume the major version number. - if !yaml_parser_scan_version_directive_number(parser, start_mark, major) { - return false - } - - // Eat '.'. - if parser.buffer[parser.buffer_pos] != '.' { - return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive", - start_mark, "did not find expected digit or '.' character") - } - - skip(parser) - - // Consume the minor version number. - if !yaml_parser_scan_version_directive_number(parser, start_mark, minor) { - return false - } - return true -} - -const max_number_length = 2 - -// Scan the version number of VERSION-DIRECTIVE. -// -// Scope: -// %YAML 1.1 # a comment \n -// ^ -// %YAML 1.1 # a comment \n -// ^ -func yaml_parser_scan_version_directive_number(parser *yaml_parser_t, start_mark yaml_mark_t, number *int8) bool { - - // Repeat while the next character is digit. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - var value, length int8 - for is_digit(parser.buffer, parser.buffer_pos) { - // Check if the number is too long. - length++ - if length > max_number_length { - return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive", - start_mark, "found extremely long version number") - } - value = value*10 + int8(as_digit(parser.buffer, parser.buffer_pos)) - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - // Check if the number was present. - if length == 0 { - return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive", - start_mark, "did not find expected version number") - } - *number = value - return true -} - -// Scan the value of a TAG-DIRECTIVE token. -// -// Scope: -// %TAG !yaml! tag:yaml.org,2002: \n -// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -// -func yaml_parser_scan_tag_directive_value(parser *yaml_parser_t, start_mark yaml_mark_t, handle, prefix *[]byte) bool { - var handle_value, prefix_value []byte - - // Eat whitespaces. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - - for is_blank(parser.buffer, parser.buffer_pos) { - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - // Scan a handle. - if !yaml_parser_scan_tag_handle(parser, true, start_mark, &handle_value) { - return false - } - - // Expect a whitespace. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - if !is_blank(parser.buffer, parser.buffer_pos) { - yaml_parser_set_scanner_error(parser, "while scanning a %TAG directive", - start_mark, "did not find expected whitespace") - return false - } - - // Eat whitespaces. - for is_blank(parser.buffer, parser.buffer_pos) { - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - // Scan a prefix. - if !yaml_parser_scan_tag_uri(parser, true, nil, start_mark, &prefix_value) { - return false - } - - // Expect a whitespace or line break. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - if !is_blankz(parser.buffer, parser.buffer_pos) { - yaml_parser_set_scanner_error(parser, "while scanning a %TAG directive", - start_mark, "did not find expected whitespace or line break") - return false - } - - *handle = handle_value - *prefix = prefix_value - return true -} - -func yaml_parser_scan_anchor(parser *yaml_parser_t, token *yaml_token_t, typ yaml_token_type_t) bool { - var s []byte - - // Eat the indicator character. - start_mark := parser.mark - skip(parser) - - // Consume the value. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - - for is_alpha(parser.buffer, parser.buffer_pos) { - s = read(parser, s) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - end_mark := parser.mark - - /* - * Check if length of the anchor is greater than 0 and it is followed by - * a whitespace character or one of the indicators: - * - * '?', ':', ',', ']', '}', '%', '@', '`'. - */ - - if len(s) == 0 || - !(is_blankz(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == '?' || - parser.buffer[parser.buffer_pos] == ':' || parser.buffer[parser.buffer_pos] == ',' || - parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '}' || - parser.buffer[parser.buffer_pos] == '%' || parser.buffer[parser.buffer_pos] == '@' || - parser.buffer[parser.buffer_pos] == '`') { - context := "while scanning an alias" - if typ == yaml_ANCHOR_TOKEN { - context = "while scanning an anchor" - } - yaml_parser_set_scanner_error(parser, context, start_mark, - "did not find expected alphabetic or numeric character") - return false - } - - // Create a token. - *token = yaml_token_t{ - typ: typ, - start_mark: start_mark, - end_mark: end_mark, - value: s, - } - - return true -} - -/* - * Scan a TAG token. - */ - -func yaml_parser_scan_tag(parser *yaml_parser_t, token *yaml_token_t) bool { - var handle, suffix []byte - - start_mark := parser.mark - - // Check if the tag is in the canonical form. - if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { - return false - } - - if parser.buffer[parser.buffer_pos+1] == '<' { - // Keep the handle as '' - - // Eat '!<' - skip(parser) - skip(parser) - - // Consume the tag value. - if !yaml_parser_scan_tag_uri(parser, false, nil, start_mark, &suffix) { - return false - } - - // Check for '>' and eat it. - if parser.buffer[parser.buffer_pos] != '>' { - yaml_parser_set_scanner_error(parser, "while scanning a tag", - start_mark, "did not find the expected '>'") - return false - } - - skip(parser) - } else { - // The tag has either the '!suffix' or the '!handle!suffix' form. - - // First, try to scan a handle. - if !yaml_parser_scan_tag_handle(parser, false, start_mark, &handle) { - return false - } - - // Check if it is, indeed, handle. - if handle[0] == '!' && len(handle) > 1 && handle[len(handle)-1] == '!' { - // Scan the suffix now. - if !yaml_parser_scan_tag_uri(parser, false, nil, start_mark, &suffix) { - return false - } - } else { - // It wasn't a handle after all. Scan the rest of the tag. - if !yaml_parser_scan_tag_uri(parser, false, handle, start_mark, &suffix) { - return false - } - - // Set the handle to '!'. - handle = []byte{'!'} - - // A special case: the '!' tag. Set the handle to '' and the - // suffix to '!'. - if len(suffix) == 0 { - handle, suffix = suffix, handle - } - } - } - - // Check the character which ends the tag. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - if !is_blankz(parser.buffer, parser.buffer_pos) { - yaml_parser_set_scanner_error(parser, "while scanning a tag", - start_mark, "did not find expected whitespace or line break") - return false - } - - end_mark := parser.mark - - // Create a token. - *token = yaml_token_t{ - typ: yaml_TAG_TOKEN, - start_mark: start_mark, - end_mark: end_mark, - value: handle, - suffix: suffix, - } - return true -} - -// Scan a tag handle. -func yaml_parser_scan_tag_handle(parser *yaml_parser_t, directive bool, start_mark yaml_mark_t, handle *[]byte) bool { - // Check the initial '!' character. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - if parser.buffer[parser.buffer_pos] != '!' { - yaml_parser_set_scanner_tag_error(parser, directive, - start_mark, "did not find expected '!'") - return false - } - - var s []byte - - // Copy the '!' character. - s = read(parser, s) - - // Copy all subsequent alphabetical and numerical characters. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - for is_alpha(parser.buffer, parser.buffer_pos) { - s = read(parser, s) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - // Check if the trailing character is '!' and copy it. - if parser.buffer[parser.buffer_pos] == '!' { - s = read(parser, s) - } else { - // It's either the '!' tag or not really a tag handle. If it's a %TAG - // directive, it's an error. If it's a tag token, it must be a part of URI. - if directive && string(s) != "!" { - yaml_parser_set_scanner_tag_error(parser, directive, - start_mark, "did not find expected '!'") - return false - } - } - - *handle = s - return true -} - -// Scan a tag. -func yaml_parser_scan_tag_uri(parser *yaml_parser_t, directive bool, head []byte, start_mark yaml_mark_t, uri *[]byte) bool { - //size_t length = head ? strlen((char *)head) : 0 - var s []byte - hasTag := len(head) > 0 - - // Copy the head if needed. - // - // Note that we don't copy the leading '!' character. - if len(head) > 1 { - s = append(s, head[1:]...) - } - - // Scan the tag. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - - // The set of characters that may appear in URI is as follows: - // - // '0'-'9', 'A'-'Z', 'a'-'z', '_', '-', ';', '/', '?', ':', '@', '&', - // '=', '+', '$', ',', '.', '!', '~', '*', '\'', '(', ')', '[', ']', - // '%'. - // [Go] Convert this into more reasonable logic. - for is_alpha(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == ';' || - parser.buffer[parser.buffer_pos] == '/' || parser.buffer[parser.buffer_pos] == '?' || - parser.buffer[parser.buffer_pos] == ':' || parser.buffer[parser.buffer_pos] == '@' || - parser.buffer[parser.buffer_pos] == '&' || parser.buffer[parser.buffer_pos] == '=' || - parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '$' || - parser.buffer[parser.buffer_pos] == ',' || parser.buffer[parser.buffer_pos] == '.' || - parser.buffer[parser.buffer_pos] == '!' || parser.buffer[parser.buffer_pos] == '~' || - parser.buffer[parser.buffer_pos] == '*' || parser.buffer[parser.buffer_pos] == '\'' || - parser.buffer[parser.buffer_pos] == '(' || parser.buffer[parser.buffer_pos] == ')' || - parser.buffer[parser.buffer_pos] == '[' || parser.buffer[parser.buffer_pos] == ']' || - parser.buffer[parser.buffer_pos] == '%' { - // Check if it is a URI-escape sequence. - if parser.buffer[parser.buffer_pos] == '%' { - if !yaml_parser_scan_uri_escapes(parser, directive, start_mark, &s) { - return false - } - } else { - s = read(parser, s) - } - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - hasTag = true - } - - if !hasTag { - yaml_parser_set_scanner_tag_error(parser, directive, - start_mark, "did not find expected tag URI") - return false - } - *uri = s - return true -} - -// Decode an URI-escape sequence corresponding to a single UTF-8 character. -func yaml_parser_scan_uri_escapes(parser *yaml_parser_t, directive bool, start_mark yaml_mark_t, s *[]byte) bool { - - // Decode the required number of characters. - w := 1024 - for w > 0 { - // Check for a URI-escaped octet. - if parser.unread < 3 && !yaml_parser_update_buffer(parser, 3) { - return false - } - - if !(parser.buffer[parser.buffer_pos] == '%' && - is_hex(parser.buffer, parser.buffer_pos+1) && - is_hex(parser.buffer, parser.buffer_pos+2)) { - return yaml_parser_set_scanner_tag_error(parser, directive, - start_mark, "did not find URI escaped octet") - } - - // Get the octet. - octet := byte((as_hex(parser.buffer, parser.buffer_pos+1) << 4) + as_hex(parser.buffer, parser.buffer_pos+2)) - - // If it is the leading octet, determine the length of the UTF-8 sequence. - if w == 1024 { - w = width(octet) - if w == 0 { - return yaml_parser_set_scanner_tag_error(parser, directive, - start_mark, "found an incorrect leading UTF-8 octet") - } - } else { - // Check if the trailing octet is correct. - if octet&0xC0 != 0x80 { - return yaml_parser_set_scanner_tag_error(parser, directive, - start_mark, "found an incorrect trailing UTF-8 octet") - } - } - - // Copy the octet and move the pointers. - *s = append(*s, octet) - skip(parser) - skip(parser) - skip(parser) - w-- - } - return true -} - -// Scan a block scalar. -func yaml_parser_scan_block_scalar(parser *yaml_parser_t, token *yaml_token_t, literal bool) bool { - // Eat the indicator '|' or '>'. - start_mark := parser.mark - skip(parser) - - // Scan the additional block scalar indicators. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - - // Check for a chomping indicator. - var chomping, increment int - if parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '-' { - // Set the chomping method and eat the indicator. - if parser.buffer[parser.buffer_pos] == '+' { - chomping = +1 - } else { - chomping = -1 - } - skip(parser) - - // Check for an indentation indicator. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - if is_digit(parser.buffer, parser.buffer_pos) { - // Check that the indentation is greater than 0. - if parser.buffer[parser.buffer_pos] == '0' { - yaml_parser_set_scanner_error(parser, "while scanning a block scalar", - start_mark, "found an indentation indicator equal to 0") - return false - } - - // Get the indentation level and eat the indicator. - increment = as_digit(parser.buffer, parser.buffer_pos) - skip(parser) - } - - } else if is_digit(parser.buffer, parser.buffer_pos) { - // Do the same as above, but in the opposite order. - - if parser.buffer[parser.buffer_pos] == '0' { - yaml_parser_set_scanner_error(parser, "while scanning a block scalar", - start_mark, "found an indentation indicator equal to 0") - return false - } - increment = as_digit(parser.buffer, parser.buffer_pos) - skip(parser) - - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - if parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '-' { - if parser.buffer[parser.buffer_pos] == '+' { - chomping = +1 - } else { - chomping = -1 - } - skip(parser) - } - } - - // Eat whitespaces and comments to the end of the line. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - for is_blank(parser.buffer, parser.buffer_pos) { - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - if parser.buffer[parser.buffer_pos] == '#' { - for !is_breakz(parser.buffer, parser.buffer_pos) { - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - } - - // Check if we are at the end of the line. - if !is_breakz(parser.buffer, parser.buffer_pos) { - yaml_parser_set_scanner_error(parser, "while scanning a block scalar", - start_mark, "did not find expected comment or line break") - return false - } - - // Eat a line break. - if is_break(parser.buffer, parser.buffer_pos) { - if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { - return false - } - skip_line(parser) - } - - end_mark := parser.mark - - // Set the indentation level if it was specified. - var indent int - if increment > 0 { - if parser.indent >= 0 { - indent = parser.indent + increment - } else { - indent = increment - } - } - - // Scan the leading line breaks and determine the indentation level if needed. - var s, leading_break, trailing_breaks []byte - if !yaml_parser_scan_block_scalar_breaks(parser, &indent, &trailing_breaks, start_mark, &end_mark) { - return false - } - - // Scan the block scalar content. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - var leading_blank, trailing_blank bool - for parser.mark.column == indent && !is_z(parser.buffer, parser.buffer_pos) { - // We are at the beginning of a non-empty line. - - // Is it a trailing whitespace? - trailing_blank = is_blank(parser.buffer, parser.buffer_pos) - - // Check if we need to fold the leading line break. - if !literal && !leading_blank && !trailing_blank && len(leading_break) > 0 && leading_break[0] == '\n' { - // Do we need to join the lines by space? - if len(trailing_breaks) == 0 { - s = append(s, ' ') - } - } else { - s = append(s, leading_break...) - } - leading_break = leading_break[:0] - - // Append the remaining line breaks. - s = append(s, trailing_breaks...) - trailing_breaks = trailing_breaks[:0] - - // Is it a leading whitespace? - leading_blank = is_blank(parser.buffer, parser.buffer_pos) - - // Consume the current line. - for !is_breakz(parser.buffer, parser.buffer_pos) { - s = read(parser, s) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - // Consume the line break. - if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { - return false - } - - leading_break = read_line(parser, leading_break) - - // Eat the following indentation spaces and line breaks. - if !yaml_parser_scan_block_scalar_breaks(parser, &indent, &trailing_breaks, start_mark, &end_mark) { - return false - } - } - - // Chomp the tail. - if chomping != -1 { - s = append(s, leading_break...) - } - if chomping == 1 { - s = append(s, trailing_breaks...) - } - - // Create a token. - *token = yaml_token_t{ - typ: yaml_SCALAR_TOKEN, - start_mark: start_mark, - end_mark: end_mark, - value: s, - style: yaml_LITERAL_SCALAR_STYLE, - } - if !literal { - token.style = yaml_FOLDED_SCALAR_STYLE - } - return true -} - -// Scan indentation spaces and line breaks for a block scalar. Determine the -// indentation level if needed. -func yaml_parser_scan_block_scalar_breaks(parser *yaml_parser_t, indent *int, breaks *[]byte, start_mark yaml_mark_t, end_mark *yaml_mark_t) bool { - *end_mark = parser.mark - - // Eat the indentation spaces and line breaks. - max_indent := 0 - for { - // Eat the indentation spaces. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - for (*indent == 0 || parser.mark.column < *indent) && is_space(parser.buffer, parser.buffer_pos) { - skip(parser) - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - if parser.mark.column > max_indent { - max_indent = parser.mark.column - } - - // Check for a tab character messing the indentation. - if (*indent == 0 || parser.mark.column < *indent) && is_tab(parser.buffer, parser.buffer_pos) { - return yaml_parser_set_scanner_error(parser, "while scanning a block scalar", - start_mark, "found a tab character where an indentation space is expected") - } - - // Have we found a non-empty line? - if !is_break(parser.buffer, parser.buffer_pos) { - break - } - - // Consume the line break. - if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { - return false - } - // [Go] Should really be returning breaks instead. - *breaks = read_line(parser, *breaks) - *end_mark = parser.mark - } - - // Determine the indentation level if needed. - if *indent == 0 { - *indent = max_indent - if *indent < parser.indent+1 { - *indent = parser.indent + 1 - } - if *indent < 1 { - *indent = 1 - } - } - return true -} - -// Scan a quoted scalar. -func yaml_parser_scan_flow_scalar(parser *yaml_parser_t, token *yaml_token_t, single bool) bool { - // Eat the left quote. - start_mark := parser.mark - skip(parser) - - // Consume the content of the quoted scalar. - var s, leading_break, trailing_breaks, whitespaces []byte - for { - // Check that there are no document indicators at the beginning of the line. - if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) { - return false - } - - if parser.mark.column == 0 && - ((parser.buffer[parser.buffer_pos+0] == '-' && - parser.buffer[parser.buffer_pos+1] == '-' && - parser.buffer[parser.buffer_pos+2] == '-') || - (parser.buffer[parser.buffer_pos+0] == '.' && - parser.buffer[parser.buffer_pos+1] == '.' && - parser.buffer[parser.buffer_pos+2] == '.')) && - is_blankz(parser.buffer, parser.buffer_pos+3) { - yaml_parser_set_scanner_error(parser, "while scanning a quoted scalar", - start_mark, "found unexpected document indicator") - return false - } - - // Check for EOF. - if is_z(parser.buffer, parser.buffer_pos) { - yaml_parser_set_scanner_error(parser, "while scanning a quoted scalar", - start_mark, "found unexpected end of stream") - return false - } - - // Consume non-blank characters. - leading_blanks := false - for !is_blankz(parser.buffer, parser.buffer_pos) { - if single && parser.buffer[parser.buffer_pos] == '\'' && parser.buffer[parser.buffer_pos+1] == '\'' { - // Is is an escaped single quote. - s = append(s, '\'') - skip(parser) - skip(parser) - - } else if single && parser.buffer[parser.buffer_pos] == '\'' { - // It is a right single quote. - break - } else if !single && parser.buffer[parser.buffer_pos] == '"' { - // It is a right double quote. - break - - } else if !single && parser.buffer[parser.buffer_pos] == '\\' && is_break(parser.buffer, parser.buffer_pos+1) { - // It is an escaped line break. - if parser.unread < 3 && !yaml_parser_update_buffer(parser, 3) { - return false - } - skip(parser) - skip_line(parser) - leading_blanks = true - break - - } else if !single && parser.buffer[parser.buffer_pos] == '\\' { - // It is an escape sequence. - code_length := 0 - - // Check the escape character. - switch parser.buffer[parser.buffer_pos+1] { - case '0': - s = append(s, 0) - case 'a': - s = append(s, '\x07') - case 'b': - s = append(s, '\x08') - case 't', '\t': - s = append(s, '\x09') - case 'n': - s = append(s, '\x0A') - case 'v': - s = append(s, '\x0B') - case 'f': - s = append(s, '\x0C') - case 'r': - s = append(s, '\x0D') - case 'e': - s = append(s, '\x1B') - case ' ': - s = append(s, '\x20') - case '"': - s = append(s, '"') - case '\'': - s = append(s, '\'') - case '\\': - s = append(s, '\\') - case 'N': // NEL (#x85) - s = append(s, '\xC2') - s = append(s, '\x85') - case '_': // #xA0 - s = append(s, '\xC2') - s = append(s, '\xA0') - case 'L': // LS (#x2028) - s = append(s, '\xE2') - s = append(s, '\x80') - s = append(s, '\xA8') - case 'P': // PS (#x2029) - s = append(s, '\xE2') - s = append(s, '\x80') - s = append(s, '\xA9') - case 'x': - code_length = 2 - case 'u': - code_length = 4 - case 'U': - code_length = 8 - default: - yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar", - start_mark, "found unknown escape character") - return false - } - - skip(parser) - skip(parser) - - // Consume an arbitrary escape code. - if code_length > 0 { - var value int - - // Scan the character value. - if parser.unread < code_length && !yaml_parser_update_buffer(parser, code_length) { - return false - } - for k := 0; k < code_length; k++ { - if !is_hex(parser.buffer, parser.buffer_pos+k) { - yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar", - start_mark, "did not find expected hexdecimal number") - return false - } - value = (value << 4) + as_hex(parser.buffer, parser.buffer_pos+k) - } - - // Check the value and write the character. - if (value >= 0xD800 && value <= 0xDFFF) || value > 0x10FFFF { - yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar", - start_mark, "found invalid Unicode character escape code") - return false - } - if value <= 0x7F { - s = append(s, byte(value)) - } else if value <= 0x7FF { - s = append(s, byte(0xC0+(value>>6))) - s = append(s, byte(0x80+(value&0x3F))) - } else if value <= 0xFFFF { - s = append(s, byte(0xE0+(value>>12))) - s = append(s, byte(0x80+((value>>6)&0x3F))) - s = append(s, byte(0x80+(value&0x3F))) - } else { - s = append(s, byte(0xF0+(value>>18))) - s = append(s, byte(0x80+((value>>12)&0x3F))) - s = append(s, byte(0x80+((value>>6)&0x3F))) - s = append(s, byte(0x80+(value&0x3F))) - } - - // Advance the pointer. - for k := 0; k < code_length; k++ { - skip(parser) - } - } - } else { - // It is a non-escaped non-blank character. - s = read(parser, s) - } - if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { - return false - } - } - - // Check if we are at the end of the scalar. - if single { - if parser.buffer[parser.buffer_pos] == '\'' { - break - } - } else { - if parser.buffer[parser.buffer_pos] == '"' { - break - } - } - - // Consume blank characters. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - - for is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos) { - if is_blank(parser.buffer, parser.buffer_pos) { - // Consume a space or a tab character. - if !leading_blanks { - whitespaces = read(parser, whitespaces) - } else { - skip(parser) - } - } else { - if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { - return false - } - - // Check if it is a first line break. - if !leading_blanks { - whitespaces = whitespaces[:0] - leading_break = read_line(parser, leading_break) - leading_blanks = true - } else { - trailing_breaks = read_line(parser, trailing_breaks) - } - } - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - // Join the whitespaces or fold line breaks. - if leading_blanks { - // Do we need to fold line breaks? - if len(leading_break) > 0 && leading_break[0] == '\n' { - if len(trailing_breaks) == 0 { - s = append(s, ' ') - } else { - s = append(s, trailing_breaks...) - } - } else { - s = append(s, leading_break...) - s = append(s, trailing_breaks...) - } - trailing_breaks = trailing_breaks[:0] - leading_break = leading_break[:0] - } else { - s = append(s, whitespaces...) - whitespaces = whitespaces[:0] - } - } - - // Eat the right quote. - skip(parser) - end_mark := parser.mark - - // Create a token. - *token = yaml_token_t{ - typ: yaml_SCALAR_TOKEN, - start_mark: start_mark, - end_mark: end_mark, - value: s, - style: yaml_SINGLE_QUOTED_SCALAR_STYLE, - } - if !single { - token.style = yaml_DOUBLE_QUOTED_SCALAR_STYLE - } - return true -} - -// Scan a plain scalar. -func yaml_parser_scan_plain_scalar(parser *yaml_parser_t, token *yaml_token_t) bool { - - var s, leading_break, trailing_breaks, whitespaces []byte - var leading_blanks bool - var indent = parser.indent + 1 - - start_mark := parser.mark - end_mark := parser.mark - - // Consume the content of the plain scalar. - for { - // Check for a document indicator. - if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) { - return false - } - if parser.mark.column == 0 && - ((parser.buffer[parser.buffer_pos+0] == '-' && - parser.buffer[parser.buffer_pos+1] == '-' && - parser.buffer[parser.buffer_pos+2] == '-') || - (parser.buffer[parser.buffer_pos+0] == '.' && - parser.buffer[parser.buffer_pos+1] == '.' && - parser.buffer[parser.buffer_pos+2] == '.')) && - is_blankz(parser.buffer, parser.buffer_pos+3) { - break - } - - // Check for a comment. - if parser.buffer[parser.buffer_pos] == '#' { - break - } - - // Consume non-blank characters. - for !is_blankz(parser.buffer, parser.buffer_pos) { - - // Check for 'x:x' in the flow context. TODO: Fix the test "spec-08-13". - if parser.flow_level > 0 && - parser.buffer[parser.buffer_pos] == ':' && - !is_blankz(parser.buffer, parser.buffer_pos+1) { - yaml_parser_set_scanner_error(parser, "while scanning a plain scalar", - start_mark, "found unexpected ':'") - return false - } - - // Check for indicators that may end a plain scalar. - if (parser.buffer[parser.buffer_pos] == ':' && is_blankz(parser.buffer, parser.buffer_pos+1)) || - (parser.flow_level > 0 && - (parser.buffer[parser.buffer_pos] == ',' || parser.buffer[parser.buffer_pos] == ':' || - parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == '[' || - parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '{' || - parser.buffer[parser.buffer_pos] == '}')) { - break - } - - // Check if we need to join whitespaces and breaks. - if leading_blanks || len(whitespaces) > 0 { - if leading_blanks { - // Do we need to fold line breaks? - if leading_break[0] == '\n' { - if len(trailing_breaks) == 0 { - s = append(s, ' ') - } else { - s = append(s, trailing_breaks...) - } - } else { - s = append(s, leading_break...) - s = append(s, trailing_breaks...) - } - trailing_breaks = trailing_breaks[:0] - leading_break = leading_break[:0] - leading_blanks = false - } else { - s = append(s, whitespaces...) - whitespaces = whitespaces[:0] - } - } - - // Copy the character. - s = read(parser, s) - - end_mark = parser.mark - if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { - return false - } - } - - // Is it the end? - if !(is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos)) { - break - } - - // Consume blank characters. - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - - for is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos) { - if is_blank(parser.buffer, parser.buffer_pos) { - - // Check for tab character that abuse indentation. - if leading_blanks && parser.mark.column < indent && is_tab(parser.buffer, parser.buffer_pos) { - yaml_parser_set_scanner_error(parser, "while scanning a plain scalar", - start_mark, "found a tab character that violate indentation") - return false - } - - // Consume a space or a tab character. - if !leading_blanks { - whitespaces = read(parser, whitespaces) - } else { - skip(parser) - } - } else { - if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) { - return false - } - - // Check if it is a first line break. - if !leading_blanks { - whitespaces = whitespaces[:0] - leading_break = read_line(parser, leading_break) - leading_blanks = true - } else { - trailing_breaks = read_line(parser, trailing_breaks) - } - } - if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) { - return false - } - } - - // Check indentation level. - if parser.flow_level == 0 && parser.mark.column < indent { - break - } - } - - // Create a token. - *token = yaml_token_t{ - typ: yaml_SCALAR_TOKEN, - start_mark: start_mark, - end_mark: end_mark, - value: s, - style: yaml_PLAIN_SCALAR_STYLE, - } - - // Note that we change the 'simple_key_allowed' flag. - if leading_blanks { - parser.simple_key_allowed = true - } - return true -} diff --git a/vendor/github.com/ajeddeloh/yaml/sorter.go b/vendor/github.com/ajeddeloh/yaml/sorter.go deleted file mode 100644 index 5958822f9c..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/sorter.go +++ /dev/null @@ -1,104 +0,0 @@ -package yaml - -import ( - "reflect" - "unicode" -) - -type keyList []reflect.Value - -func (l keyList) Len() int { return len(l) } -func (l keyList) Swap(i, j int) { l[i], l[j] = l[j], l[i] } -func (l keyList) Less(i, j int) bool { - a := l[i] - b := l[j] - ak := a.Kind() - bk := b.Kind() - for (ak == reflect.Interface || ak == reflect.Ptr) && !a.IsNil() { - a = a.Elem() - ak = a.Kind() - } - for (bk == reflect.Interface || bk == reflect.Ptr) && !b.IsNil() { - b = b.Elem() - bk = b.Kind() - } - af, aok := keyFloat(a) - bf, bok := keyFloat(b) - if aok && bok { - if af != bf { - return af < bf - } - if ak != bk { - return ak < bk - } - return numLess(a, b) - } - if ak != reflect.String || bk != reflect.String { - return ak < bk - } - ar, br := []rune(a.String()), []rune(b.String()) - for i := 0; i < len(ar) && i < len(br); i++ { - if ar[i] == br[i] { - continue - } - al := unicode.IsLetter(ar[i]) - bl := unicode.IsLetter(br[i]) - if al && bl { - return ar[i] < br[i] - } - if al || bl { - return bl - } - var ai, bi int - var an, bn int64 - for ai = i; ai < len(ar) && unicode.IsDigit(ar[ai]); ai++ { - an = an*10 + int64(ar[ai]-'0') - } - for bi = i; bi < len(br) && unicode.IsDigit(br[bi]); bi++ { - bn = bn*10 + int64(br[bi]-'0') - } - if an != bn { - return an < bn - } - if ai != bi { - return ai < bi - } - return ar[i] < br[i] - } - return len(ar) < len(br) -} - -// keyFloat returns a float value for v if it is a number/bool -// and whether it is a number/bool or not. -func keyFloat(v reflect.Value) (f float64, ok bool) { - switch v.Kind() { - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - return float64(v.Int()), true - case reflect.Float32, reflect.Float64: - return v.Float(), true - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - return float64(v.Uint()), true - case reflect.Bool: - if v.Bool() { - return 1, true - } - return 0, true - } - return 0, false -} - -// numLess returns whether a < b. -// a and b must necessarily have the same kind. -func numLess(a, b reflect.Value) bool { - switch a.Kind() { - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - return a.Int() < b.Int() - case reflect.Float32, reflect.Float64: - return a.Float() < b.Float() - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - return a.Uint() < b.Uint() - case reflect.Bool: - return !a.Bool() && b.Bool() - } - panic("not a number") -} diff --git a/vendor/github.com/ajeddeloh/yaml/writerc.go b/vendor/github.com/ajeddeloh/yaml/writerc.go deleted file mode 100644 index 190362f25d..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/writerc.go +++ /dev/null @@ -1,89 +0,0 @@ -package yaml - -// Set the writer error and return false. -func yaml_emitter_set_writer_error(emitter *yaml_emitter_t, problem string) bool { - emitter.error = yaml_WRITER_ERROR - emitter.problem = problem - return false -} - -// Flush the output buffer. -func yaml_emitter_flush(emitter *yaml_emitter_t) bool { - if emitter.write_handler == nil { - panic("write handler not set") - } - - // Check if the buffer is empty. - if emitter.buffer_pos == 0 { - return true - } - - // If the output encoding is UTF-8, we don't need to recode the buffer. - if emitter.encoding == yaml_UTF8_ENCODING { - if err := emitter.write_handler(emitter, emitter.buffer[:emitter.buffer_pos]); err != nil { - return yaml_emitter_set_writer_error(emitter, "write error: "+err.Error()) - } - emitter.buffer_pos = 0 - return true - } - - // Recode the buffer into the raw buffer. - var low, high int - if emitter.encoding == yaml_UTF16LE_ENCODING { - low, high = 0, 1 - } else { - high, low = 1, 0 - } - - pos := 0 - for pos < emitter.buffer_pos { - // See the "reader.c" code for more details on UTF-8 encoding. Note - // that we assume that the buffer contains a valid UTF-8 sequence. - - // Read the next UTF-8 character. - octet := emitter.buffer[pos] - - var w int - var value rune - switch { - case octet&0x80 == 0x00: - w, value = 1, rune(octet&0x7F) - case octet&0xE0 == 0xC0: - w, value = 2, rune(octet&0x1F) - case octet&0xF0 == 0xE0: - w, value = 3, rune(octet&0x0F) - case octet&0xF8 == 0xF0: - w, value = 4, rune(octet&0x07) - } - for k := 1; k < w; k++ { - octet = emitter.buffer[pos+k] - value = (value << 6) + (rune(octet) & 0x3F) - } - pos += w - - // Write the character. - if value < 0x10000 { - var b [2]byte - b[high] = byte(value >> 8) - b[low] = byte(value & 0xFF) - emitter.raw_buffer = append(emitter.raw_buffer, b[0], b[1]) - } else { - // Write the character using a surrogate pair (check "reader.c"). - var b [4]byte - value -= 0x10000 - b[high] = byte(0xD8 + (value >> 18)) - b[low] = byte((value >> 10) & 0xFF) - b[high+2] = byte(0xDC + ((value >> 8) & 0xFF)) - b[low+2] = byte(value & 0xFF) - emitter.raw_buffer = append(emitter.raw_buffer, b[0], b[1], b[2], b[3]) - } - } - - // Write the raw buffer. - if err := emitter.write_handler(emitter, emitter.raw_buffer); err != nil { - return yaml_emitter_set_writer_error(emitter, "write error: "+err.Error()) - } - emitter.buffer_pos = 0 - emitter.raw_buffer = emitter.raw_buffer[:0] - return true -} diff --git a/vendor/github.com/ajeddeloh/yaml/yaml.go b/vendor/github.com/ajeddeloh/yaml/yaml.go deleted file mode 100644 index 01abedb594..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/yaml.go +++ /dev/null @@ -1,368 +0,0 @@ -// Package yaml implements YAML support for the Go language. -// -// Source code and other details for the project are available at GitHub: -// -// https://github.com/go-yaml/yaml -// -package yaml - -import ( - "errors" - "fmt" - "reflect" - "strings" - "sync" -) - -// MapSlice encodes and decodes as a YAML map. -// The order of keys is preserved when encoding and decoding. -type MapSlice []MapItem - -// MapItem is an item in a MapSlice. -type MapItem struct { - Key, Value interface{} -} - -// The Unmarshaler interface may be implemented by types to customize their -// behavior when being unmarshaled from a YAML document. The UnmarshalYAML -// method receives a function that may be called to unmarshal the original -// YAML value into a field or variable. It is safe to call the unmarshal -// function parameter more than once if necessary. -type Unmarshaler interface { - UnmarshalYAML(unmarshal func(interface{}) error) error -} - -// The Marshaler interface may be implemented by types to customize their -// behavior when being marshaled into a YAML document. The returned value -// is marshaled in place of the original value implementing Marshaler. -// -// If an error is returned by MarshalYAML, the marshaling procedure stops -// and returns with the provided error. -type Marshaler interface { - MarshalYAML() (interface{}, error) -} - -// Unmarshal decodes the first document found within the in byte slice -// and assigns decoded values into the out value. -// -// Maps and pointers (to a struct, string, int, etc) are accepted as out -// values. If an internal pointer within a struct is not initialized, -// the yaml package will initialize it if necessary for unmarshalling -// the provided data. The out parameter must not be nil. -// -// The type of the decoded values should be compatible with the respective -// values in out. If one or more values cannot be decoded due to a type -// mismatches, decoding continues partially until the end of the YAML -// content, and a *yaml.TypeError is returned with details for all -// missed values. -// -// Struct fields are only unmarshalled if they are exported (have an -// upper case first letter), and are unmarshalled using the field name -// lowercased as the default key. Custom keys may be defined via the -// "yaml" name in the field tag: the content preceding the first comma -// is used as the key, and the following comma-separated options are -// used to tweak the marshalling process (see Marshal). -// Conflicting names result in a runtime error. -// -// For example: -// -// type T struct { -// F int `yaml:"a,omitempty"` -// B int -// } -// var t T -// yaml.Unmarshal([]byte("a: 1\nb: 2"), &t) -// -// See the documentation of Marshal for the format of tags and a list of -// supported tag options. -// -func Unmarshal(in []byte, out interface{}) (err error) { - return unmarshal(in, out, false) -} - -// UnmarshalStrict is like Unmarshal except that any fields that are found -// in the data that do not have corresponding struct members will result in -// an error. -func UnmarshalStrict(in []byte, out interface{}) (err error) { - return unmarshal(in, out, true) -} - -func unmarshal(in []byte, out interface{}, strict bool) (err error) { - defer handleErr(&err) - d := newDecoder(strict) - p := newParser(in) - defer p.destroy() - node := p.parse() - if node != nil { - v := reflect.ValueOf(out) - if v.Kind() == reflect.Ptr && !v.IsNil() { - v = v.Elem() - } - d.unmarshal(node, v) - } - if len(d.terrors) > 0 { - return &TypeError{d.terrors} - } - return nil -} - -func UnmarshalToNode(in []byte) *Node { - p := newParser(in) - //defer p.destroy() - node := p.parse() - if node == nil { - return nil - } - tmp := Node(*node) - return &tmp -} - -// Marshal serializes the value provided into a YAML document. The structure -// of the generated document will reflect the structure of the value itself. -// Maps and pointers (to struct, string, int, etc) are accepted as the in value. -// -// Struct fields are only unmarshalled if they are exported (have an upper case -// first letter), and are unmarshalled using the field name lowercased as the -// default key. Custom keys may be defined via the "yaml" name in the field -// tag: the content preceding the first comma is used as the key, and the -// following comma-separated options are used to tweak the marshalling process. -// Conflicting names result in a runtime error. -// -// The field tag format accepted is: -// -// `(...) yaml:"[][,[,]]" (...)` -// -// The following flags are currently supported: -// -// omitempty Only include the field if it's not set to the zero -// value for the type or to empty slices or maps. -// Does not apply to zero valued structs. -// -// flow Marshal using a flow style (useful for structs, -// sequences and maps). -// -// inline Inline the field, which must be a struct or a map, -// causing all of its fields or keys to be processed as if -// they were part of the outer struct. For maps, keys must -// not conflict with the yaml keys of other struct fields. -// -// In addition, if the key is "-", the field is ignored. -// -// For example: -// -// type T struct { -// F int "a,omitempty" -// B int -// } -// yaml.Marshal(&T{B: 2}) // Returns "b: 2\n" -// yaml.Marshal(&T{F: 1}} // Returns "a: 1\nb: 0\n" -// -func Marshal(in interface{}) (out []byte, err error) { - defer handleErr(&err) - e := newEncoder() - defer e.destroy() - e.marshal("", reflect.ValueOf(in)) - e.finish() - out = e.out - return -} - -func handleErr(err *error) { - if v := recover(); v != nil { - if e, ok := v.(yamlError); ok { - *err = e.err - } else { - panic(v) - } - } -} - -type yamlError struct { - err error -} - -func fail(err error) { - panic(yamlError{err}) -} - -func failf(format string, args ...interface{}) { - panic(yamlError{fmt.Errorf("yaml: "+format, args...)}) -} - -// A TypeError is returned by Unmarshal when one or more fields in -// the YAML document cannot be properly decoded into the requested -// types. When this error is returned, the value is still -// unmarshaled partially. -type TypeError struct { - Errors []string -} - -func (e *TypeError) Error() string { - return fmt.Sprintf("yaml: unmarshal errors:\n %s", strings.Join(e.Errors, "\n ")) -} - -// -------------------------------------------------------------------------- -// Maintain a mapping of keys to structure field indexes - -// The code in this section was copied from mgo/bson. - -// structInfo holds details for the serialization of fields of -// a given struct. -type structInfo struct { - FieldsMap map[string]fieldInfo - FieldsList []fieldInfo - - // InlineMap is the number of the field in the struct that - // contains an ,inline map, or -1 if there's none. - InlineMap int -} - -type fieldInfo struct { - Key string - Num int - OmitEmpty bool - Flow bool - - // Inline holds the field index if the field is part of an inlined struct. - Inline []int -} - -var structMap = make(map[reflect.Type]*structInfo) -var fieldMapMutex sync.RWMutex - -func getStructInfo(st reflect.Type) (*structInfo, error) { - fieldMapMutex.RLock() - sinfo, found := structMap[st] - fieldMapMutex.RUnlock() - if found { - return sinfo, nil - } - - n := st.NumField() - fieldsMap := make(map[string]fieldInfo) - fieldsList := make([]fieldInfo, 0, n) - inlineMap := -1 - for i := 0; i != n; i++ { - field := st.Field(i) - if field.PkgPath != "" && !field.Anonymous { - continue // Private field - } - - info := fieldInfo{Num: i} - - tag := field.Tag.Get("yaml") - if tag == "" && strings.Index(string(field.Tag), ":") < 0 { - tag = string(field.Tag) - } - if tag == "-" { - continue - } - - inline := false - fields := strings.Split(tag, ",") - if len(fields) > 1 { - for _, flag := range fields[1:] { - switch flag { - case "omitempty": - info.OmitEmpty = true - case "flow": - info.Flow = true - case "inline": - inline = true - default: - return nil, errors.New(fmt.Sprintf("Unsupported flag %q in tag %q of type %s", flag, tag, st)) - } - } - tag = fields[0] - } - - if inline { - switch field.Type.Kind() { - case reflect.Map: - if inlineMap >= 0 { - return nil, errors.New("Multiple ,inline maps in struct " + st.String()) - } - if field.Type.Key() != reflect.TypeOf("") { - return nil, errors.New("Option ,inline needs a map with string keys in struct " + st.String()) - } - inlineMap = info.Num - case reflect.Struct: - sinfo, err := getStructInfo(field.Type) - if err != nil { - return nil, err - } - for _, finfo := range sinfo.FieldsList { - if _, found := fieldsMap[finfo.Key]; found { - msg := "Duplicated key '" + finfo.Key + "' in struct " + st.String() - return nil, errors.New(msg) - } - if finfo.Inline == nil { - finfo.Inline = []int{i, finfo.Num} - } else { - finfo.Inline = append([]int{i}, finfo.Inline...) - } - fieldsMap[finfo.Key] = finfo - fieldsList = append(fieldsList, finfo) - } - default: - //return nil, errors.New("Option ,inline needs a struct value or map field") - return nil, errors.New("Option ,inline needs a struct value field") - } - continue - } - - if tag != "" { - info.Key = tag - } else { - info.Key = strings.ToLower(field.Name) - } - - if _, found = fieldsMap[info.Key]; found { - msg := "Duplicated key '" + info.Key + "' in struct " + st.String() - return nil, errors.New(msg) - } - - fieldsList = append(fieldsList, info) - fieldsMap[info.Key] = info - } - - sinfo = &structInfo{fieldsMap, fieldsList, inlineMap} - - fieldMapMutex.Lock() - structMap[st] = sinfo - fieldMapMutex.Unlock() - return sinfo, nil -} - -func isZero(v reflect.Value) bool { - switch v.Kind() { - case reflect.String: - return len(v.String()) == 0 - case reflect.Interface, reflect.Ptr: - return v.IsNil() - case reflect.Slice: - return v.Len() == 0 - case reflect.Map: - return v.Len() == 0 - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - return v.Int() == 0 - case reflect.Float32, reflect.Float64: - return v.Float() == 0 - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - return v.Uint() == 0 - case reflect.Bool: - return !v.Bool() - case reflect.Struct: - vt := v.Type() - for i := v.NumField() - 1; i >= 0; i-- { - if vt.Field(i).PkgPath != "" { - continue // Private field - } - if !isZero(v.Field(i)) { - return false - } - } - return true - } - return false -} diff --git a/vendor/github.com/ajeddeloh/yaml/yamlh.go b/vendor/github.com/ajeddeloh/yaml/yamlh.go deleted file mode 100644 index 3caeca0491..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/yamlh.go +++ /dev/null @@ -1,716 +0,0 @@ -package yaml - -import ( - "io" -) - -// The version directive data. -type yaml_version_directive_t struct { - major int8 // The major version number. - minor int8 // The minor version number. -} - -// The tag directive data. -type yaml_tag_directive_t struct { - handle []byte // The tag handle. - prefix []byte // The tag prefix. -} - -type yaml_encoding_t int - -// The stream encoding. -const ( - // Let the parser choose the encoding. - yaml_ANY_ENCODING yaml_encoding_t = iota - - yaml_UTF8_ENCODING // The default UTF-8 encoding. - yaml_UTF16LE_ENCODING // The UTF-16-LE encoding with BOM. - yaml_UTF16BE_ENCODING // The UTF-16-BE encoding with BOM. -) - -type yaml_break_t int - -// Line break types. -const ( - // Let the parser choose the break type. - yaml_ANY_BREAK yaml_break_t = iota - - yaml_CR_BREAK // Use CR for line breaks (Mac style). - yaml_LN_BREAK // Use LN for line breaks (Unix style). - yaml_CRLN_BREAK // Use CR LN for line breaks (DOS style). -) - -type yaml_error_type_t int - -// Many bad things could happen with the parser and emitter. -const ( - // No error is produced. - yaml_NO_ERROR yaml_error_type_t = iota - - yaml_MEMORY_ERROR // Cannot allocate or reallocate a block of memory. - yaml_READER_ERROR // Cannot read or decode the input stream. - yaml_SCANNER_ERROR // Cannot scan the input stream. - yaml_PARSER_ERROR // Cannot parse the input stream. - yaml_COMPOSER_ERROR // Cannot compose a YAML document. - yaml_WRITER_ERROR // Cannot write to the output stream. - yaml_EMITTER_ERROR // Cannot emit a YAML stream. -) - -// The pointer position. -type yaml_mark_t struct { - index int // The position index. - line int // The position line. - column int // The position column. -} - -// Node Styles - -type yaml_style_t int8 - -type yaml_scalar_style_t yaml_style_t - -// Scalar styles. -const ( - // Let the emitter choose the style. - yaml_ANY_SCALAR_STYLE yaml_scalar_style_t = iota - - yaml_PLAIN_SCALAR_STYLE // The plain scalar style. - yaml_SINGLE_QUOTED_SCALAR_STYLE // The single-quoted scalar style. - yaml_DOUBLE_QUOTED_SCALAR_STYLE // The double-quoted scalar style. - yaml_LITERAL_SCALAR_STYLE // The literal scalar style. - yaml_FOLDED_SCALAR_STYLE // The folded scalar style. -) - -type yaml_sequence_style_t yaml_style_t - -// Sequence styles. -const ( - // Let the emitter choose the style. - yaml_ANY_SEQUENCE_STYLE yaml_sequence_style_t = iota - - yaml_BLOCK_SEQUENCE_STYLE // The block sequence style. - yaml_FLOW_SEQUENCE_STYLE // The flow sequence style. -) - -type yaml_mapping_style_t yaml_style_t - -// Mapping styles. -const ( - // Let the emitter choose the style. - yaml_ANY_MAPPING_STYLE yaml_mapping_style_t = iota - - yaml_BLOCK_MAPPING_STYLE // The block mapping style. - yaml_FLOW_MAPPING_STYLE // The flow mapping style. -) - -// Tokens - -type yaml_token_type_t int - -// Token types. -const ( - // An empty token. - yaml_NO_TOKEN yaml_token_type_t = iota - - yaml_STREAM_START_TOKEN // A STREAM-START token. - yaml_STREAM_END_TOKEN // A STREAM-END token. - - yaml_VERSION_DIRECTIVE_TOKEN // A VERSION-DIRECTIVE token. - yaml_TAG_DIRECTIVE_TOKEN // A TAG-DIRECTIVE token. - yaml_DOCUMENT_START_TOKEN // A DOCUMENT-START token. - yaml_DOCUMENT_END_TOKEN // A DOCUMENT-END token. - - yaml_BLOCK_SEQUENCE_START_TOKEN // A BLOCK-SEQUENCE-START token. - yaml_BLOCK_MAPPING_START_TOKEN // A BLOCK-SEQUENCE-END token. - yaml_BLOCK_END_TOKEN // A BLOCK-END token. - - yaml_FLOW_SEQUENCE_START_TOKEN // A FLOW-SEQUENCE-START token. - yaml_FLOW_SEQUENCE_END_TOKEN // A FLOW-SEQUENCE-END token. - yaml_FLOW_MAPPING_START_TOKEN // A FLOW-MAPPING-START token. - yaml_FLOW_MAPPING_END_TOKEN // A FLOW-MAPPING-END token. - - yaml_BLOCK_ENTRY_TOKEN // A BLOCK-ENTRY token. - yaml_FLOW_ENTRY_TOKEN // A FLOW-ENTRY token. - yaml_KEY_TOKEN // A KEY token. - yaml_VALUE_TOKEN // A VALUE token. - - yaml_ALIAS_TOKEN // An ALIAS token. - yaml_ANCHOR_TOKEN // An ANCHOR token. - yaml_TAG_TOKEN // A TAG token. - yaml_SCALAR_TOKEN // A SCALAR token. -) - -func (tt yaml_token_type_t) String() string { - switch tt { - case yaml_NO_TOKEN: - return "yaml_NO_TOKEN" - case yaml_STREAM_START_TOKEN: - return "yaml_STREAM_START_TOKEN" - case yaml_STREAM_END_TOKEN: - return "yaml_STREAM_END_TOKEN" - case yaml_VERSION_DIRECTIVE_TOKEN: - return "yaml_VERSION_DIRECTIVE_TOKEN" - case yaml_TAG_DIRECTIVE_TOKEN: - return "yaml_TAG_DIRECTIVE_TOKEN" - case yaml_DOCUMENT_START_TOKEN: - return "yaml_DOCUMENT_START_TOKEN" - case yaml_DOCUMENT_END_TOKEN: - return "yaml_DOCUMENT_END_TOKEN" - case yaml_BLOCK_SEQUENCE_START_TOKEN: - return "yaml_BLOCK_SEQUENCE_START_TOKEN" - case yaml_BLOCK_MAPPING_START_TOKEN: - return "yaml_BLOCK_MAPPING_START_TOKEN" - case yaml_BLOCK_END_TOKEN: - return "yaml_BLOCK_END_TOKEN" - case yaml_FLOW_SEQUENCE_START_TOKEN: - return "yaml_FLOW_SEQUENCE_START_TOKEN" - case yaml_FLOW_SEQUENCE_END_TOKEN: - return "yaml_FLOW_SEQUENCE_END_TOKEN" - case yaml_FLOW_MAPPING_START_TOKEN: - return "yaml_FLOW_MAPPING_START_TOKEN" - case yaml_FLOW_MAPPING_END_TOKEN: - return "yaml_FLOW_MAPPING_END_TOKEN" - case yaml_BLOCK_ENTRY_TOKEN: - return "yaml_BLOCK_ENTRY_TOKEN" - case yaml_FLOW_ENTRY_TOKEN: - return "yaml_FLOW_ENTRY_TOKEN" - case yaml_KEY_TOKEN: - return "yaml_KEY_TOKEN" - case yaml_VALUE_TOKEN: - return "yaml_VALUE_TOKEN" - case yaml_ALIAS_TOKEN: - return "yaml_ALIAS_TOKEN" - case yaml_ANCHOR_TOKEN: - return "yaml_ANCHOR_TOKEN" - case yaml_TAG_TOKEN: - return "yaml_TAG_TOKEN" - case yaml_SCALAR_TOKEN: - return "yaml_SCALAR_TOKEN" - } - return "" -} - -// The token structure. -type yaml_token_t struct { - // The token type. - typ yaml_token_type_t - - // The start/end of the token. - start_mark, end_mark yaml_mark_t - - // The stream encoding (for yaml_STREAM_START_TOKEN). - encoding yaml_encoding_t - - // The alias/anchor/scalar value or tag/tag directive handle - // (for yaml_ALIAS_TOKEN, yaml_ANCHOR_TOKEN, yaml_SCALAR_TOKEN, yaml_TAG_TOKEN, yaml_TAG_DIRECTIVE_TOKEN). - value []byte - - // The tag suffix (for yaml_TAG_TOKEN). - suffix []byte - - // The tag directive prefix (for yaml_TAG_DIRECTIVE_TOKEN). - prefix []byte - - // The scalar style (for yaml_SCALAR_TOKEN). - style yaml_scalar_style_t - - // The version directive major/minor (for yaml_VERSION_DIRECTIVE_TOKEN). - major, minor int8 -} - -// Events - -type yaml_event_type_t int8 - -// Event types. -const ( - // An empty event. - yaml_NO_EVENT yaml_event_type_t = iota - - yaml_STREAM_START_EVENT // A STREAM-START event. - yaml_STREAM_END_EVENT // A STREAM-END event. - yaml_DOCUMENT_START_EVENT // A DOCUMENT-START event. - yaml_DOCUMENT_END_EVENT // A DOCUMENT-END event. - yaml_ALIAS_EVENT // An ALIAS event. - yaml_SCALAR_EVENT // A SCALAR event. - yaml_SEQUENCE_START_EVENT // A SEQUENCE-START event. - yaml_SEQUENCE_END_EVENT // A SEQUENCE-END event. - yaml_MAPPING_START_EVENT // A MAPPING-START event. - yaml_MAPPING_END_EVENT // A MAPPING-END event. -) - -// The event structure. -type yaml_event_t struct { - - // The event type. - typ yaml_event_type_t - - // The start and end of the event. - start_mark, end_mark yaml_mark_t - - // The document encoding (for yaml_STREAM_START_EVENT). - encoding yaml_encoding_t - - // The version directive (for yaml_DOCUMENT_START_EVENT). - version_directive *yaml_version_directive_t - - // The list of tag directives (for yaml_DOCUMENT_START_EVENT). - tag_directives []yaml_tag_directive_t - - // The anchor (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT, yaml_ALIAS_EVENT). - anchor []byte - - // The tag (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT). - tag []byte - - // The scalar value (for yaml_SCALAR_EVENT). - value []byte - - // Is the document start/end indicator implicit, or the tag optional? - // (for yaml_DOCUMENT_START_EVENT, yaml_DOCUMENT_END_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT, yaml_SCALAR_EVENT). - implicit bool - - // Is the tag optional for any non-plain style? (for yaml_SCALAR_EVENT). - quoted_implicit bool - - // The style (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT). - style yaml_style_t -} - -func (e *yaml_event_t) scalar_style() yaml_scalar_style_t { return yaml_scalar_style_t(e.style) } -func (e *yaml_event_t) sequence_style() yaml_sequence_style_t { return yaml_sequence_style_t(e.style) } -func (e *yaml_event_t) mapping_style() yaml_mapping_style_t { return yaml_mapping_style_t(e.style) } - -// Nodes - -const ( - yaml_NULL_TAG = "tag:yaml.org,2002:null" // The tag !!null with the only possible value: null. - yaml_BOOL_TAG = "tag:yaml.org,2002:bool" // The tag !!bool with the values: true and false. - yaml_STR_TAG = "tag:yaml.org,2002:str" // The tag !!str for string values. - yaml_INT_TAG = "tag:yaml.org,2002:int" // The tag !!int for integer values. - yaml_FLOAT_TAG = "tag:yaml.org,2002:float" // The tag !!float for float values. - yaml_TIMESTAMP_TAG = "tag:yaml.org,2002:timestamp" // The tag !!timestamp for date and time values. - - yaml_SEQ_TAG = "tag:yaml.org,2002:seq" // The tag !!seq is used to denote sequences. - yaml_MAP_TAG = "tag:yaml.org,2002:map" // The tag !!map is used to denote mapping. - - // Not in original libyaml. - yaml_BINARY_TAG = "tag:yaml.org,2002:binary" - yaml_MERGE_TAG = "tag:yaml.org,2002:merge" - - yaml_DEFAULT_SCALAR_TAG = yaml_STR_TAG // The default scalar tag is !!str. - yaml_DEFAULT_SEQUENCE_TAG = yaml_SEQ_TAG // The default sequence tag is !!seq. - yaml_DEFAULT_MAPPING_TAG = yaml_MAP_TAG // The default mapping tag is !!map. -) - -type yaml_node_type_t int - -// Node types. -const ( - // An empty node. - yaml_NO_NODE yaml_node_type_t = iota - - yaml_SCALAR_NODE // A scalar node. - yaml_SEQUENCE_NODE // A sequence node. - yaml_MAPPING_NODE // A mapping node. -) - -// An element of a sequence node. -type yaml_node_item_t int - -// An element of a mapping node. -type yaml_node_pair_t struct { - key int // The key of the element. - value int // The value of the element. -} - -// The node structure. -type yaml_node_t struct { - typ yaml_node_type_t // The node type. - tag []byte // The node tag. - - // The node data. - - // The scalar parameters (for yaml_SCALAR_NODE). - scalar struct { - value []byte // The scalar value. - length int // The length of the scalar value. - style yaml_scalar_style_t // The scalar style. - } - - // The sequence parameters (for YAML_SEQUENCE_NODE). - sequence struct { - items_data []yaml_node_item_t // The stack of sequence items. - style yaml_sequence_style_t // The sequence style. - } - - // The mapping parameters (for yaml_MAPPING_NODE). - mapping struct { - pairs_data []yaml_node_pair_t // The stack of mapping pairs (key, value). - pairs_start *yaml_node_pair_t // The beginning of the stack. - pairs_end *yaml_node_pair_t // The end of the stack. - pairs_top *yaml_node_pair_t // The top of the stack. - style yaml_mapping_style_t // The mapping style. - } - - start_mark yaml_mark_t // The beginning of the node. - end_mark yaml_mark_t // The end of the node. - -} - -// The document structure. -type yaml_document_t struct { - - // The document nodes. - nodes []yaml_node_t - - // The version directive. - version_directive *yaml_version_directive_t - - // The list of tag directives. - tag_directives_data []yaml_tag_directive_t - tag_directives_start int // The beginning of the tag directives list. - tag_directives_end int // The end of the tag directives list. - - start_implicit int // Is the document start indicator implicit? - end_implicit int // Is the document end indicator implicit? - - // The start/end of the document. - start_mark, end_mark yaml_mark_t -} - -// The prototype of a read handler. -// -// The read handler is called when the parser needs to read more bytes from the -// source. The handler should write not more than size bytes to the buffer. -// The number of written bytes should be set to the size_read variable. -// -// [in,out] data A pointer to an application data specified by -// yaml_parser_set_input(). -// [out] buffer The buffer to write the data from the source. -// [in] size The size of the buffer. -// [out] size_read The actual number of bytes read from the source. -// -// On success, the handler should return 1. If the handler failed, -// the returned value should be 0. On EOF, the handler should set the -// size_read to 0 and return 1. -type yaml_read_handler_t func(parser *yaml_parser_t, buffer []byte) (n int, err error) - -// This structure holds information about a potential simple key. -type yaml_simple_key_t struct { - possible bool // Is a simple key possible? - required bool // Is a simple key required? - token_number int // The number of the token. - mark yaml_mark_t // The position mark. -} - -// The states of the parser. -type yaml_parser_state_t int - -const ( - yaml_PARSE_STREAM_START_STATE yaml_parser_state_t = iota - - yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE // Expect the beginning of an implicit document. - yaml_PARSE_DOCUMENT_START_STATE // Expect DOCUMENT-START. - yaml_PARSE_DOCUMENT_CONTENT_STATE // Expect the content of a document. - yaml_PARSE_DOCUMENT_END_STATE // Expect DOCUMENT-END. - yaml_PARSE_BLOCK_NODE_STATE // Expect a block node. - yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE // Expect a block node or indentless sequence. - yaml_PARSE_FLOW_NODE_STATE // Expect a flow node. - yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE // Expect the first entry of a block sequence. - yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE // Expect an entry of a block sequence. - yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE // Expect an entry of an indentless sequence. - yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE // Expect the first key of a block mapping. - yaml_PARSE_BLOCK_MAPPING_KEY_STATE // Expect a block mapping key. - yaml_PARSE_BLOCK_MAPPING_VALUE_STATE // Expect a block mapping value. - yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE // Expect the first entry of a flow sequence. - yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE // Expect an entry of a flow sequence. - yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE // Expect a key of an ordered mapping. - yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE // Expect a value of an ordered mapping. - yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE // Expect the and of an ordered mapping entry. - yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE // Expect the first key of a flow mapping. - yaml_PARSE_FLOW_MAPPING_KEY_STATE // Expect a key of a flow mapping. - yaml_PARSE_FLOW_MAPPING_VALUE_STATE // Expect a value of a flow mapping. - yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE // Expect an empty value of a flow mapping. - yaml_PARSE_END_STATE // Expect nothing. -) - -func (ps yaml_parser_state_t) String() string { - switch ps { - case yaml_PARSE_STREAM_START_STATE: - return "yaml_PARSE_STREAM_START_STATE" - case yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE: - return "yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE" - case yaml_PARSE_DOCUMENT_START_STATE: - return "yaml_PARSE_DOCUMENT_START_STATE" - case yaml_PARSE_DOCUMENT_CONTENT_STATE: - return "yaml_PARSE_DOCUMENT_CONTENT_STATE" - case yaml_PARSE_DOCUMENT_END_STATE: - return "yaml_PARSE_DOCUMENT_END_STATE" - case yaml_PARSE_BLOCK_NODE_STATE: - return "yaml_PARSE_BLOCK_NODE_STATE" - case yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE: - return "yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE" - case yaml_PARSE_FLOW_NODE_STATE: - return "yaml_PARSE_FLOW_NODE_STATE" - case yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE: - return "yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE" - case yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE: - return "yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE" - case yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE: - return "yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE" - case yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE: - return "yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE" - case yaml_PARSE_BLOCK_MAPPING_KEY_STATE: - return "yaml_PARSE_BLOCK_MAPPING_KEY_STATE" - case yaml_PARSE_BLOCK_MAPPING_VALUE_STATE: - return "yaml_PARSE_BLOCK_MAPPING_VALUE_STATE" - case yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE: - return "yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE" - case yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE: - return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE" - case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE: - return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE" - case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE: - return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE" - case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE: - return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE" - case yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE: - return "yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE" - case yaml_PARSE_FLOW_MAPPING_KEY_STATE: - return "yaml_PARSE_FLOW_MAPPING_KEY_STATE" - case yaml_PARSE_FLOW_MAPPING_VALUE_STATE: - return "yaml_PARSE_FLOW_MAPPING_VALUE_STATE" - case yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE: - return "yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE" - case yaml_PARSE_END_STATE: - return "yaml_PARSE_END_STATE" - } - return "" -} - -// This structure holds aliases data. -type yaml_alias_data_t struct { - anchor []byte // The anchor. - index int // The node id. - mark yaml_mark_t // The anchor mark. -} - -// The parser structure. -// -// All members are internal. Manage the structure using the -// yaml_parser_ family of functions. -type yaml_parser_t struct { - - // Error handling - - error yaml_error_type_t // Error type. - - problem string // Error description. - - // The byte about which the problem occurred. - problem_offset int - problem_value int - problem_mark yaml_mark_t - - // The error context. - context string - context_mark yaml_mark_t - - // Reader stuff - - read_handler yaml_read_handler_t // Read handler. - - input_file io.Reader // File input data. - input []byte // String input data. - input_pos int - - eof bool // EOF flag - - buffer []byte // The working buffer. - buffer_pos int // The current position of the buffer. - - unread int // The number of unread characters in the buffer. - - raw_buffer []byte // The raw buffer. - raw_buffer_pos int // The current position of the buffer. - - encoding yaml_encoding_t // The input encoding. - - offset int // The offset of the current position (in bytes). - mark yaml_mark_t // The mark of the current position. - - // Scanner stuff - - stream_start_produced bool // Have we started to scan the input stream? - stream_end_produced bool // Have we reached the end of the input stream? - - flow_level int // The number of unclosed '[' and '{' indicators. - - tokens []yaml_token_t // The tokens queue. - tokens_head int // The head of the tokens queue. - tokens_parsed int // The number of tokens fetched from the queue. - token_available bool // Does the tokens queue contain a token ready for dequeueing. - - indent int // The current indentation level. - indents []int // The indentation levels stack. - - simple_key_allowed bool // May a simple key occur at the current position? - simple_keys []yaml_simple_key_t // The stack of simple keys. - - // Parser stuff - - state yaml_parser_state_t // The current parser state. - states []yaml_parser_state_t // The parser states stack. - marks []yaml_mark_t // The stack of marks. - tag_directives []yaml_tag_directive_t // The list of TAG directives. - - // Dumper stuff - - aliases []yaml_alias_data_t // The alias data. - - document *yaml_document_t // The currently parsed document. -} - -// Emitter Definitions - -// The prototype of a write handler. -// -// The write handler is called when the emitter needs to flush the accumulated -// characters to the output. The handler should write @a size bytes of the -// @a buffer to the output. -// -// @param[in,out] data A pointer to an application data specified by -// yaml_emitter_set_output(). -// @param[in] buffer The buffer with bytes to be written. -// @param[in] size The size of the buffer. -// -// @returns On success, the handler should return @c 1. If the handler failed, -// the returned value should be @c 0. -// -type yaml_write_handler_t func(emitter *yaml_emitter_t, buffer []byte) error - -type yaml_emitter_state_t int - -// The emitter states. -const ( - // Expect STREAM-START. - yaml_EMIT_STREAM_START_STATE yaml_emitter_state_t = iota - - yaml_EMIT_FIRST_DOCUMENT_START_STATE // Expect the first DOCUMENT-START or STREAM-END. - yaml_EMIT_DOCUMENT_START_STATE // Expect DOCUMENT-START or STREAM-END. - yaml_EMIT_DOCUMENT_CONTENT_STATE // Expect the content of a document. - yaml_EMIT_DOCUMENT_END_STATE // Expect DOCUMENT-END. - yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE // Expect the first item of a flow sequence. - yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE // Expect an item of a flow sequence. - yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE // Expect the first key of a flow mapping. - yaml_EMIT_FLOW_MAPPING_KEY_STATE // Expect a key of a flow mapping. - yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE // Expect a value for a simple key of a flow mapping. - yaml_EMIT_FLOW_MAPPING_VALUE_STATE // Expect a value of a flow mapping. - yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE // Expect the first item of a block sequence. - yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE // Expect an item of a block sequence. - yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE // Expect the first key of a block mapping. - yaml_EMIT_BLOCK_MAPPING_KEY_STATE // Expect the key of a block mapping. - yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE // Expect a value for a simple key of a block mapping. - yaml_EMIT_BLOCK_MAPPING_VALUE_STATE // Expect a value of a block mapping. - yaml_EMIT_END_STATE // Expect nothing. -) - -// The emitter structure. -// -// All members are internal. Manage the structure using the @c yaml_emitter_ -// family of functions. -type yaml_emitter_t struct { - - // Error handling - - error yaml_error_type_t // Error type. - problem string // Error description. - - // Writer stuff - - write_handler yaml_write_handler_t // Write handler. - - output_buffer *[]byte // String output data. - output_file io.Writer // File output data. - - buffer []byte // The working buffer. - buffer_pos int // The current position of the buffer. - - raw_buffer []byte // The raw buffer. - raw_buffer_pos int // The current position of the buffer. - - encoding yaml_encoding_t // The stream encoding. - - // Emitter stuff - - canonical bool // If the output is in the canonical style? - best_indent int // The number of indentation spaces. - best_width int // The preferred width of the output lines. - unicode bool // Allow unescaped non-ASCII characters? - line_break yaml_break_t // The preferred line break. - - state yaml_emitter_state_t // The current emitter state. - states []yaml_emitter_state_t // The stack of states. - - events []yaml_event_t // The event queue. - events_head int // The head of the event queue. - - indents []int // The stack of indentation levels. - - tag_directives []yaml_tag_directive_t // The list of tag directives. - - indent int // The current indentation level. - - flow_level int // The current flow level. - - root_context bool // Is it the document root context? - sequence_context bool // Is it a sequence context? - mapping_context bool // Is it a mapping context? - simple_key_context bool // Is it a simple mapping key context? - - line int // The current line. - column int // The current column. - whitespace bool // If the last character was a whitespace? - indention bool // If the last character was an indentation character (' ', '-', '?', ':')? - open_ended bool // If an explicit document end is required? - - // Anchor analysis. - anchor_data struct { - anchor []byte // The anchor value. - alias bool // Is it an alias? - } - - // Tag analysis. - tag_data struct { - handle []byte // The tag handle. - suffix []byte // The tag suffix. - } - - // Scalar analysis. - scalar_data struct { - value []byte // The scalar value. - multiline bool // Does the scalar contain line breaks? - flow_plain_allowed bool // Can the scalar be expessed in the flow plain style? - block_plain_allowed bool // Can the scalar be expressed in the block plain style? - single_quoted_allowed bool // Can the scalar be expressed in the single quoted style? - block_allowed bool // Can the scalar be expressed in the literal or folded styles? - style yaml_scalar_style_t // The output style. - } - - // Dumper stuff - - opened bool // If the stream was already opened? - closed bool // If the stream was already closed? - - // The information associated with the document nodes. - anchors *struct { - references int // The number of references. - anchor int // The anchor id. - serialized bool // If the node has been emitted? - } - - last_anchor_id int // The last assigned anchor id. - - document *yaml_document_t // The currently emitted document. -} diff --git a/vendor/github.com/ajeddeloh/yaml/yamlprivateh.go b/vendor/github.com/ajeddeloh/yaml/yamlprivateh.go deleted file mode 100644 index 8110ce3c37..0000000000 --- a/vendor/github.com/ajeddeloh/yaml/yamlprivateh.go +++ /dev/null @@ -1,173 +0,0 @@ -package yaml - -const ( - // The size of the input raw buffer. - input_raw_buffer_size = 512 - - // The size of the input buffer. - // It should be possible to decode the whole raw buffer. - input_buffer_size = input_raw_buffer_size * 3 - - // The size of the output buffer. - output_buffer_size = 128 - - // The size of the output raw buffer. - // It should be possible to encode the whole output buffer. - output_raw_buffer_size = (output_buffer_size*2 + 2) - - // The size of other stacks and queues. - initial_stack_size = 16 - initial_queue_size = 16 - initial_string_size = 16 -) - -// Check if the character at the specified position is an alphabetical -// character, a digit, '_', or '-'. -func is_alpha(b []byte, i int) bool { - return b[i] >= '0' && b[i] <= '9' || b[i] >= 'A' && b[i] <= 'Z' || b[i] >= 'a' && b[i] <= 'z' || b[i] == '_' || b[i] == '-' -} - -// Check if the character at the specified position is a digit. -func is_digit(b []byte, i int) bool { - return b[i] >= '0' && b[i] <= '9' -} - -// Get the value of a digit. -func as_digit(b []byte, i int) int { - return int(b[i]) - '0' -} - -// Check if the character at the specified position is a hex-digit. -func is_hex(b []byte, i int) bool { - return b[i] >= '0' && b[i] <= '9' || b[i] >= 'A' && b[i] <= 'F' || b[i] >= 'a' && b[i] <= 'f' -} - -// Get the value of a hex-digit. -func as_hex(b []byte, i int) int { - bi := b[i] - if bi >= 'A' && bi <= 'F' { - return int(bi) - 'A' + 10 - } - if bi >= 'a' && bi <= 'f' { - return int(bi) - 'a' + 10 - } - return int(bi) - '0' -} - -// Check if the character is ASCII. -func is_ascii(b []byte, i int) bool { - return b[i] <= 0x7F -} - -// Check if the character at the start of the buffer can be printed unescaped. -func is_printable(b []byte, i int) bool { - return ((b[i] == 0x0A) || // . == #x0A - (b[i] >= 0x20 && b[i] <= 0x7E) || // #x20 <= . <= #x7E - (b[i] == 0xC2 && b[i+1] >= 0xA0) || // #0xA0 <= . <= #xD7FF - (b[i] > 0xC2 && b[i] < 0xED) || - (b[i] == 0xED && b[i+1] < 0xA0) || - (b[i] == 0xEE) || - (b[i] == 0xEF && // #xE000 <= . <= #xFFFD - !(b[i+1] == 0xBB && b[i+2] == 0xBF) && // && . != #xFEFF - !(b[i+1] == 0xBF && (b[i+2] == 0xBE || b[i+2] == 0xBF)))) -} - -// Check if the character at the specified position is NUL. -func is_z(b []byte, i int) bool { - return b[i] == 0x00 -} - -// Check if the beginning of the buffer is a BOM. -func is_bom(b []byte, i int) bool { - return b[0] == 0xEF && b[1] == 0xBB && b[2] == 0xBF -} - -// Check if the character at the specified position is space. -func is_space(b []byte, i int) bool { - return b[i] == ' ' -} - -// Check if the character at the specified position is tab. -func is_tab(b []byte, i int) bool { - return b[i] == '\t' -} - -// Check if the character at the specified position is blank (space or tab). -func is_blank(b []byte, i int) bool { - //return is_space(b, i) || is_tab(b, i) - return b[i] == ' ' || b[i] == '\t' -} - -// Check if the character at the specified position is a line break. -func is_break(b []byte, i int) bool { - return (b[i] == '\r' || // CR (#xD) - b[i] == '\n' || // LF (#xA) - b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85) - b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028) - b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9) // PS (#x2029) -} - -func is_crlf(b []byte, i int) bool { - return b[i] == '\r' && b[i+1] == '\n' -} - -// Check if the character is a line break or NUL. -func is_breakz(b []byte, i int) bool { - //return is_break(b, i) || is_z(b, i) - return ( // is_break: - b[i] == '\r' || // CR (#xD) - b[i] == '\n' || // LF (#xA) - b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85) - b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028) - b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029) - // is_z: - b[i] == 0) -} - -// Check if the character is a line break, space, or NUL. -func is_spacez(b []byte, i int) bool { - //return is_space(b, i) || is_breakz(b, i) - return ( // is_space: - b[i] == ' ' || - // is_breakz: - b[i] == '\r' || // CR (#xD) - b[i] == '\n' || // LF (#xA) - b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85) - b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028) - b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029) - b[i] == 0) -} - -// Check if the character is a line break, space, tab, or NUL. -func is_blankz(b []byte, i int) bool { - //return is_blank(b, i) || is_breakz(b, i) - return ( // is_blank: - b[i] == ' ' || b[i] == '\t' || - // is_breakz: - b[i] == '\r' || // CR (#xD) - b[i] == '\n' || // LF (#xA) - b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85) - b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028) - b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029) - b[i] == 0) -} - -// Determine the width of the character. -func width(b byte) int { - // Don't replace these by a switch without first - // confirming that it is being inlined. - if b&0x80 == 0x00 { - return 1 - } - if b&0xE0 == 0xC0 { - return 2 - } - if b&0xF0 == 0xE0 { - return 3 - } - if b&0xF8 == 0xF0 { - return 4 - } - return 0 - -} diff --git a/vendor/github.com/alecthomas/units/COPYING b/vendor/github.com/alecthomas/units/COPYING deleted file mode 100644 index 2993ec085d..0000000000 --- a/vendor/github.com/alecthomas/units/COPYING +++ /dev/null @@ -1,19 +0,0 @@ -Copyright (C) 2014 Alec Thomas - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/alecthomas/units/bytes.go b/vendor/github.com/alecthomas/units/bytes.go deleted file mode 100644 index eaadeb8005..0000000000 --- a/vendor/github.com/alecthomas/units/bytes.go +++ /dev/null @@ -1,83 +0,0 @@ -package units - -// Base2Bytes is the old non-SI power-of-2 byte scale (1024 bytes in a kilobyte, -// etc.). -type Base2Bytes int64 - -// Base-2 byte units. -const ( - Kibibyte Base2Bytes = 1024 - KiB = Kibibyte - Mebibyte = Kibibyte * 1024 - MiB = Mebibyte - Gibibyte = Mebibyte * 1024 - GiB = Gibibyte - Tebibyte = Gibibyte * 1024 - TiB = Tebibyte - Pebibyte = Tebibyte * 1024 - PiB = Pebibyte - Exbibyte = Pebibyte * 1024 - EiB = Exbibyte -) - -var ( - bytesUnitMap = MakeUnitMap("iB", "B", 1024) - oldBytesUnitMap = MakeUnitMap("B", "B", 1024) -) - -// ParseBase2Bytes supports both iB and B in base-2 multipliers. That is, KB -// and KiB are both 1024. -func ParseBase2Bytes(s string) (Base2Bytes, error) { - n, err := ParseUnit(s, bytesUnitMap) - if err != nil { - n, err = ParseUnit(s, oldBytesUnitMap) - } - return Base2Bytes(n), err -} - -func (b Base2Bytes) String() string { - return ToString(int64(b), 1024, "iB", "B") -} - -var ( - metricBytesUnitMap = MakeUnitMap("B", "B", 1000) -) - -// MetricBytes are SI byte units (1000 bytes in a kilobyte). -type MetricBytes SI - -// SI base-10 byte units. -const ( - Kilobyte MetricBytes = 1000 - KB = Kilobyte - Megabyte = Kilobyte * 1000 - MB = Megabyte - Gigabyte = Megabyte * 1000 - GB = Gigabyte - Terabyte = Gigabyte * 1000 - TB = Terabyte - Petabyte = Terabyte * 1000 - PB = Petabyte - Exabyte = Petabyte * 1000 - EB = Exabyte -) - -// ParseMetricBytes parses base-10 metric byte units. That is, KB is 1000 bytes. -func ParseMetricBytes(s string) (MetricBytes, error) { - n, err := ParseUnit(s, metricBytesUnitMap) - return MetricBytes(n), err -} - -func (m MetricBytes) String() string { - return ToString(int64(m), 1000, "B", "B") -} - -// ParseStrictBytes supports both iB and B suffixes for base 2 and metric, -// respectively. That is, KiB represents 1024 and KB represents 1000. -func ParseStrictBytes(s string) (int64, error) { - n, err := ParseUnit(s, bytesUnitMap) - if err != nil { - n, err = ParseUnit(s, metricBytesUnitMap) - } - return int64(n), err -} diff --git a/vendor/github.com/alecthomas/units/doc.go b/vendor/github.com/alecthomas/units/doc.go deleted file mode 100644 index 156ae38672..0000000000 --- a/vendor/github.com/alecthomas/units/doc.go +++ /dev/null @@ -1,13 +0,0 @@ -// Package units provides helpful unit multipliers and functions for Go. -// -// The goal of this package is to have functionality similar to the time [1] package. -// -// -// [1] http://golang.org/pkg/time/ -// -// It allows for code like this: -// -// n, err := ParseBase2Bytes("1KB") -// // n == 1024 -// n = units.Mebibyte * 512 -package units diff --git a/vendor/github.com/alecthomas/units/si.go b/vendor/github.com/alecthomas/units/si.go deleted file mode 100644 index 8234a9d52c..0000000000 --- a/vendor/github.com/alecthomas/units/si.go +++ /dev/null @@ -1,26 +0,0 @@ -package units - -// SI units. -type SI int64 - -// SI unit multiples. -const ( - Kilo SI = 1000 - Mega = Kilo * 1000 - Giga = Mega * 1000 - Tera = Giga * 1000 - Peta = Tera * 1000 - Exa = Peta * 1000 -) - -func MakeUnitMap(suffix, shortSuffix string, scale int64) map[string]float64 { - return map[string]float64{ - shortSuffix: 1, - "K" + suffix: float64(scale), - "M" + suffix: float64(scale * scale), - "G" + suffix: float64(scale * scale * scale), - "T" + suffix: float64(scale * scale * scale * scale), - "P" + suffix: float64(scale * scale * scale * scale * scale), - "E" + suffix: float64(scale * scale * scale * scale * scale * scale), - } -} diff --git a/vendor/github.com/alecthomas/units/util.go b/vendor/github.com/alecthomas/units/util.go deleted file mode 100644 index 6527e92d16..0000000000 --- a/vendor/github.com/alecthomas/units/util.go +++ /dev/null @@ -1,138 +0,0 @@ -package units - -import ( - "errors" - "fmt" - "strings" -) - -var ( - siUnits = []string{"", "K", "M", "G", "T", "P", "E"} -) - -func ToString(n int64, scale int64, suffix, baseSuffix string) string { - mn := len(siUnits) - out := make([]string, mn) - for i, m := range siUnits { - if n%scale != 0 || i == 0 && n == 0 { - s := suffix - if i == 0 { - s = baseSuffix - } - out[mn-1-i] = fmt.Sprintf("%d%s%s", n%scale, m, s) - } - n /= scale - if n == 0 { - break - } - } - return strings.Join(out, "") -} - -// Below code ripped straight from http://golang.org/src/pkg/time/format.go?s=33392:33438#L1123 -var errLeadingInt = errors.New("units: bad [0-9]*") // never printed - -// leadingInt consumes the leading [0-9]* from s. -func leadingInt(s string) (x int64, rem string, err error) { - i := 0 - for ; i < len(s); i++ { - c := s[i] - if c < '0' || c > '9' { - break - } - if x >= (1<<63-10)/10 { - // overflow - return 0, "", errLeadingInt - } - x = x*10 + int64(c) - '0' - } - return x, s[i:], nil -} - -func ParseUnit(s string, unitMap map[string]float64) (int64, error) { - // [-+]?([0-9]*(\.[0-9]*)?[a-z]+)+ - orig := s - f := float64(0) - neg := false - - // Consume [-+]? - if s != "" { - c := s[0] - if c == '-' || c == '+' { - neg = c == '-' - s = s[1:] - } - } - // Special case: if all that is left is "0", this is zero. - if s == "0" { - return 0, nil - } - if s == "" { - return 0, errors.New("units: invalid " + orig) - } - for s != "" { - g := float64(0) // this element of the sequence - - var x int64 - var err error - - // The next character must be [0-9.] - if !(s[0] == '.' || ('0' <= s[0] && s[0] <= '9')) { - return 0, errors.New("units: invalid " + orig) - } - // Consume [0-9]* - pl := len(s) - x, s, err = leadingInt(s) - if err != nil { - return 0, errors.New("units: invalid " + orig) - } - g = float64(x) - pre := pl != len(s) // whether we consumed anything before a period - - // Consume (\.[0-9]*)? - post := false - if s != "" && s[0] == '.' { - s = s[1:] - pl := len(s) - x, s, err = leadingInt(s) - if err != nil { - return 0, errors.New("units: invalid " + orig) - } - scale := 1.0 - for n := pl - len(s); n > 0; n-- { - scale *= 10 - } - g += float64(x) / scale - post = pl != len(s) - } - if !pre && !post { - // no digits (e.g. ".s" or "-.s") - return 0, errors.New("units: invalid " + orig) - } - - // Consume unit. - i := 0 - for ; i < len(s); i++ { - c := s[i] - if c == '.' || ('0' <= c && c <= '9') { - break - } - } - u := s[:i] - s = s[i:] - unit, ok := unitMap[u] - if !ok { - return 0, errors.New("units: unknown unit " + u + " in " + orig) - } - - f += g * unit - } - - if neg { - f = -f - } - if f < float64(-1<<63) || f > float64(1<<63-1) { - return 0, errors.New("units: overflow parsing unit") - } - return int64(f), nil -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/LICENSE b/vendor/github.com/coreos/container-linux-config-transpiler/LICENSE deleted file mode 100644 index e06d208186..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ -Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/NOTICE b/vendor/github.com/coreos/container-linux-config-transpiler/NOTICE deleted file mode 100644 index b39ddfa5cb..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/NOTICE +++ /dev/null @@ -1,5 +0,0 @@ -CoreOS Project -Copyright 2014 CoreOS, Inc - -This product includes software developed at CoreOS, Inc. -(http://www.coreos.com/). diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/astyaml/astyaml.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/astyaml/astyaml.go deleted file mode 100644 index 1f898b8b51..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/astyaml/astyaml.go +++ /dev/null @@ -1,134 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package astyaml - -import ( - "errors" - "io" - "strings" - - yaml "github.com/ajeddeloh/yaml" - "github.com/coreos/ignition/config/validate/astnode" -) - -var ( - ErrNotDocumentNode = errors.New("Can only convert from document node") - ErrNotMappingNode = errors.New("Tried to change the key of a node which is not a mapping node") - ErrKeyNotFound = errors.New("Key to be replaced not found") -) - -type YamlNode struct { - tag string - key yaml.Node - yaml.Node -} - -func FromYamlDocumentNode(n yaml.Node) (YamlNode, error) { - if n.Kind != yaml.DocumentNode { - return YamlNode{}, ErrNotDocumentNode - } - - return YamlNode{ - key: n, - tag: "yaml", - Node: *n.Children[0], - }, nil -} - -func (n YamlNode) ValueLineCol(source io.ReadSeeker) (int, int, string) { - return n.Line + 1, n.Column + 1, "" -} - -func (n YamlNode) KeyLineCol(source io.ReadSeeker) (int, int, string) { - return n.key.Line + 1, n.key.Column + 1, "" -} - -func (n YamlNode) LiteralValue() interface{} { - return n.Value -} - -func (n YamlNode) SliceChild(index int) (astnode.AstNode, bool) { - if n.Kind != yaml.SequenceNode { - return nil, false - } - if index >= len(n.Children) { - return nil, false - } - - return YamlNode{ - key: yaml.Node{}, - tag: n.tag, - Node: *n.Children[index], - }, true -} - -func (n YamlNode) KeyValueMap() (map[string]astnode.AstNode, bool) { - if n.Kind != yaml.MappingNode { - return nil, false - } - - kvmap := map[string]astnode.AstNode{} - for i := 0; i < len(n.Children); i += 2 { - key := *n.Children[i] - if n.tag == "json" { - key.Value = getIgnKeyName(key.Value) - } - value := *n.Children[i+1] - kvmap[key.Value] = YamlNode{ - key: key, - tag: n.tag, - Node: value, - } - } - return kvmap, true -} - -// ChangeKey replaces the oldkey with a new key/value pair. Useful for patching -// up a tree parsed from yaml but then used for validating an ignition structure -func (n *YamlNode) ChangeKey(oldKeyName, newKeyName string, newValue YamlNode) error { - if n.Kind != yaml.MappingNode { - return ErrNotMappingNode - } - for i := 0; i < len(n.Children); i += 2 { - key := n.Children[i] - if key.Value == oldKeyName { - //key.Value = newKeyName - (*n.Children[i]).Value = newKeyName - *n.Children[i+1] = newValue.Node - return nil - } - } - - return ErrKeyNotFound -} - -// getIgnKeyName converts a snake_case (used by clct) to a camelCase (used by -// ignition) -func getIgnKeyName(keyname string) string { - words := strings.Split(keyname, "_") - for i, word := range words[1:] { - words[i+1] = strings.Title(word) - } - return strings.Join(words, "") -} - -func (n YamlNode) Tag() string { - return n.tag -} - -// ChangeTreeTag changes the value Tag() returns to newTag -func (n *YamlNode) ChangeTreeTag(newTag string) { - n.tag = newTag -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/config.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/config.go deleted file mode 100644 index c6ace4d12f..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/config.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package config - -import ( - "reflect" - - yaml "github.com/ajeddeloh/yaml" - "github.com/coreos/container-linux-config-transpiler/config/astyaml" - "github.com/coreos/container-linux-config-transpiler/config/platform" - "github.com/coreos/container-linux-config-transpiler/config/types" - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -// Parse will convert a byte slice containing a Container Linux Config into a -// golang struct representing the config, the parse tree from parsing the yaml -// and a report of any warnings or errors that occurred during the parsing. -func Parse(data []byte) (types.Config, astnode.AstNode, report.Report) { - var cfg types.Config - var r report.Report - - if err := yaml.Unmarshal(data, &cfg); err != nil { - return types.Config{}, nil, report.ReportFromError(err, report.EntryError) - } - - nodes := yaml.UnmarshalToNode(data) - var root astnode.AstNode - if nodes == nil { - r.Add(report.Entry{ - Kind: report.EntryWarning, - Message: "Configuration is empty", - }) - r.Merge(validate.ValidateWithoutSource(reflect.ValueOf(cfg))) - } else { - var err error - root, err = astyaml.FromYamlDocumentNode(*nodes) - if err != nil { - return types.Config{}, nil, report.ReportFromError(err, report.EntryError) - } - - r.Merge(validate.Validate(reflect.ValueOf(cfg), root, nil, true)) - } - - if r.IsFatal() { - return types.Config{}, nil, r - } - return cfg, root, r -} - -// Convert will convert a golang struct representing a Container Linux -// Config into an Ignition Config, and a report of any warnings or errors. It -// takes the parse tree from parsing the Container Linux config as well. -// Convert also accepts a platform string, which can either be one of the -// platform strings defined in config/templating/templating.go or an empty -// string if [dynamic data](doc/dynamic-data.md) isn't used. -func Convert(in types.Config, p string, ast astnode.AstNode) (ignTypes.Config, report.Report) { - if !platform.IsSupportedPlatform(p) { - r := report.Report{} - r.Add(report.Entry{ - Kind: report.EntryError, - Message: "unsupported platform", - }) - return ignTypes.Config{}, r - } - return types.Convert(in, p, ast) -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/platform/platform.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/platform/platform.go deleted file mode 100644 index 0bf4f73c21..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/platform/platform.go +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package platform - -const ( - Azure = "azure" - DO = "digitalocean" - EC2 = "ec2" - GCE = "gce" - Packet = "packet" - OpenStackMetadata = "openstack-metadata" - VagrantVirtualbox = "vagrant-virtualbox" - CloudStackConfigDrive = "cloudstack-configdrive" - Custom = "custom" -) - -var Platforms = []string{ - Azure, - DO, - EC2, - GCE, - Packet, - OpenStackMetadata, - VagrantVirtualbox, - CloudStackConfigDrive, - Custom, -} - -func IsSupportedPlatform(platform string) bool { - for _, supportedPlatform := range Platforms { - if supportedPlatform == platform { - return true - } - } - return platform == "" -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/templating/templating.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/templating/templating.go deleted file mode 100644 index b97b82872e..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/templating/templating.go +++ /dev/null @@ -1,133 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package templating - -import ( - "fmt" - "strings" - - "github.com/coreos/container-linux-config-transpiler/config/platform" -) - -var ( - ErrUnknownPlatform = fmt.Errorf("unsupported platform") - ErrUnknownField = fmt.Errorf("unknown field") -) - -const ( - fieldHostname = "HOSTNAME" - fieldV4Private = "PRIVATE_IPV4" - fieldV4Public = "PUBLIC_IPV4" - fieldV6Private = "PRIVATE_IPV6" - fieldV6Public = "PUBLIC_IPV6" -) - -var platformTemplatingMap = map[string]map[string]string{ - platform.Azure: { - // TODO: is this right? - fieldV4Private: "COREOS_AZURE_IPV4_DYNAMIC", - fieldV4Public: "COREOS_AZURE_IPV4_VIRTUAL", - }, - platform.DO: { - // TODO: unused: COREOS_DIGITALOCEAN_IPV4_ANCHOR_0 - fieldHostname: "COREOS_DIGITALOCEAN_HOSTNAME", - fieldV4Private: "COREOS_DIGITALOCEAN_IPV4_PRIVATE_0", - fieldV4Public: "COREOS_DIGITALOCEAN_IPV4_PUBLIC_0", - fieldV6Private: "COREOS_DIGITALOCEAN_IPV6_PRIVATE_0", - fieldV6Public: "COREOS_DIGITALOCEAN_IPV6_PUBLIC_0", - }, - platform.EC2: { - fieldHostname: "COREOS_EC2_HOSTNAME", - fieldV4Private: "COREOS_EC2_IPV4_LOCAL", - fieldV4Public: "COREOS_EC2_IPV4_PUBLIC", - }, - platform.GCE: { - fieldHostname: "COREOS_GCE_HOSTNAME", - fieldV4Private: "COREOS_GCE_IP_LOCAL_0", - fieldV4Public: "COREOS_GCE_IP_EXTERNAL_0", - }, - platform.Packet: { - fieldHostname: "COREOS_PACKET_HOSTNAME", - fieldV4Private: "COREOS_PACKET_IPV4_PRIVATE_0", - fieldV4Public: "COREOS_PACKET_IPV4_PUBLIC_0", - fieldV6Public: "COREOS_PACKET_IPV6_PUBLIC_0", - }, - platform.OpenStackMetadata: { - fieldHostname: "COREOS_OPENSTACK_HOSTNAME", - fieldV4Private: "COREOS_OPENSTACK_IPV4_LOCAL", - fieldV4Public: "COREOS_OPENSTACK_IPV4_PUBLIC", - }, - platform.VagrantVirtualbox: { - fieldHostname: "COREOS_VAGRANT_VIRTUALBOX_HOSTNAME", - fieldV4Private: "COREOS_VAGRANT_VIRTUALBOX_PRIVATE_IPV4", - }, - platform.CloudStackConfigDrive: { - fieldHostname: "CLOUDSTACK_LOCAL_HOSTNAME", - }, - platform.Custom: { - fieldHostname: "COREOS_CUSTOM_HOSTNAME", - fieldV4Private: "COREOS_CUSTOM_PRIVATE_IPV4", - fieldV4Public: "COREOS_CUSTOM_PUBLIC_IPV4", - fieldV6Private: "COREOS_CUSTOM_PRIVATE_IPV6", - fieldV6Public: "COREOS_CUSTOM_PUBLIC_IPV6", - }, -} - -// HasTemplating returns whether or not any of the environment variables present -// in the passed in list use ct templating -func HasTemplating(vars []string) bool { - for _, v := range vars { - if strings.ContainsRune(v, '{') || strings.ContainsRune(v, '}') { - return true - } - } - return false -} - -func PerformTemplating(platform string, vars []string) ([]string, error) { - if _, ok := platformTemplatingMap[platform]; !ok { - return nil, ErrUnknownPlatform - } - - for i := range vars { - startIndex := strings.IndexRune(vars[i], '{') - endIndex := strings.IndexRune(vars[i], '}') - for startIndex != -1 && endIndex != -1 && startIndex < endIndex { - fieldName := vars[i][startIndex+1 : endIndex] - fieldVal, ok := platformTemplatingMap[platform][fieldName] - if !ok { - return nil, ErrUnknownField - } - vars[i] = strings.Replace(vars[i], "{"+fieldName+"}", "${"+fieldVal+"}", 1) - - // start the search for a new start index from the old end index, or - // we'll just find the curly braces we just substituted in - startIndex = strings.IndexRune(vars[i][endIndex:], '{') - if startIndex != -1 { - startIndex += endIndex - - // and start the search for a new end index from the new start - // index, or as before we'll just find the curly braces we just - // substituted in - endIndex = strings.IndexRune(vars[i][startIndex:], '}') - if endIndex != -1 { - endIndex += startIndex - } - } - - } - } - return vars, nil -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/common.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/common.go deleted file mode 100644 index 1a18b0e608..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/common.go +++ /dev/null @@ -1,172 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "errors" - "fmt" - "reflect" - - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/report" - - "github.com/coreos/container-linux-config-transpiler/config/platform" - "github.com/coreos/container-linux-config-transpiler/config/templating" - "github.com/coreos/container-linux-config-transpiler/config/types/util" - iutil "github.com/coreos/container-linux-config-transpiler/internal/util" - "github.com/coreos/ignition/config/validate/astnode" -) - -var ( - ErrPlatformUnspecified = fmt.Errorf("platform must be specified to use templating") - ErrInvalidKey = errors.New("Key is invalid (wrong type or not found") - ErrNilNode = errors.New("Ast node is nil") - ErrKeyNotFound = errors.New("Key not found") -) - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, p string) (ignTypes.Config, report.Report, astnode.AstNode) { - if p == platform.OpenStackMetadata || p == platform.CloudStackConfigDrive { - out.Systemd.Units = append(out.Systemd.Units, ignTypes.Unit{ - Name: "coreos-metadata.service", - Dropins: []ignTypes.SystemdDropin{{ - Name: "20-clct-provider-override.conf", - Contents: fmt.Sprintf("[Service]\nEnvironment=COREOS_METADATA_OPT_PROVIDER=--provider=%s", p), - }}, - }) - out.Systemd.Units = append(out.Systemd.Units, ignTypes.Unit{ - Name: "coreos-metadata-sshkeys@.service", - Enabled: iutil.BoolToPtr(true), - Dropins: []ignTypes.SystemdDropin{{ - Name: "20-clct-provider-override.conf", - Contents: fmt.Sprintf("[Service]\nEnvironment=COREOS_METADATA_OPT_PROVIDER=--provider=%s", p), - }}, - }) - } - return out, report.Report{}, ast - }) -} - -func isZero(v interface{}) bool { - if v == nil { - return true - } - zv := reflect.Zero(reflect.TypeOf(v)) - return reflect.DeepEqual(v, zv.Interface()) -} - -// assembleUnit will assemble the contents of a systemd unit dropin that will -// have the given environment variables, and call the given exec line with the -// provided args prepended to it -func assembleUnit(exec string, args, vars []string, p string) (util.SystemdUnit, error) { - hasTemplating := templating.HasTemplating(args) - - out := util.NewSystemdUnit() - if hasTemplating { - if p == "" { - return util.SystemdUnit{}, ErrPlatformUnspecified - } - out.Unit.Add("Requires=coreos-metadata.service") - out.Unit.Add("After=coreos-metadata.service") - out.Service.Add("EnvironmentFile=/run/metadata/coreos") - var err error - args, err = templating.PerformTemplating(p, args) - if err != nil { - return util.SystemdUnit{}, err - } - } - - for _, v := range vars { - out.Service.Add(fmt.Sprintf("Environment=\"%s\"", v)) - } - for _, a := range args { - exec += fmt.Sprintf(" \\\n %s", a) - } - out.Service.Add("ExecStart=") - out.Service.Add(fmt.Sprintf("ExecStart=%s", exec)) - return out, nil -} - -func getArgs(format, tagName string, e interface{}) []string { - if e == nil { - return nil - } - et := reflect.TypeOf(e) - ev := reflect.ValueOf(e) - - vars := []string{} - for i := 0; i < et.NumField(); i++ { - if val := ev.Field(i).Interface(); !isZero(val) { - if et.Field(i).Anonymous { - vars = append(vars, getCliArgs(val)...) - } else { - key := et.Field(i).Tag.Get(tagName) - if ev.Field(i).Kind() == reflect.Ptr { - val = reflect.Indirect(ev.Field(i)).Interface() - } - if _, ok := val.(string); ok { - // to handle whitespace characters - val = fmt.Sprintf("%q", val) - } - vars = append(vars, fmt.Sprintf(format, key, val)) - } - } - } - - return vars -} - -// getCliArgs builds a list of --ARG=VAL from a struct with cli: tags on its members. -func getCliArgs(e interface{}) []string { - return getArgs("--%s=%v", "cli", e) -} - -// Get returns the value for key, where key is an int or string and n is a -// sequence node or mapping node, respectively. -func getNodeChild(n astnode.AstNode, key interface{}) (astnode.AstNode, error) { - if n == nil { - return nil, ErrNilNode - } - switch k := key.(type) { - case int: - if child, ok := n.SliceChild(k); ok { - return child, nil - } - case string: - kvmap, ok := n.KeyValueMap() - if !ok { - return nil, ErrInvalidKey - } - if v, ok := kvmap[k]; ok { - return v, nil - } - default: - return nil, ErrInvalidKey - } - // not found - return nil, ErrKeyNotFound -} - -// GetPath works like calling Get() repeatly with each argument. -func getNodeChildPath(n astnode.AstNode, key ...interface{}) (astnode.AstNode, error) { - if len(key) == 0 { - return n, nil - } - next, err := getNodeChild(n, key[0]) - if err != nil { - return nil, err - } - return getNodeChildPath(next, key[1:]...) -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/config.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/config.go deleted file mode 100644 index 567bcad4d4..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/config.go +++ /dev/null @@ -1,115 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "net/url" - - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -type Config struct { - Ignition Ignition `yaml:"ignition"` - Storage Storage `yaml:"storage"` - Systemd Systemd `yaml:"systemd"` - Networkd Networkd `yaml:"networkd"` - Passwd Passwd `yaml:"passwd"` - Etcd *Etcd `yaml:"etcd"` - Flannel *Flannel `yaml:"flannel"` - Update *Update `yaml:"update"` - Docker *Docker `yaml:"docker"` - Locksmith *Locksmith `yaml:"locksmith"` -} - -type Ignition struct { - Config IgnitionConfig `yaml:"config"` - Timeouts Timeouts `yaml:"timeouts"` - Security Security `yaml:"security"` -} - -type IgnitionConfig struct { - Append []ConfigReference `yaml:"append"` - Replace *ConfigReference `yaml:"replace"` -} - -type ConfigReference struct { - Source string `yaml:"source"` - Verification Verification `yaml:"verification"` -} - -type Timeouts struct { - HTTPResponseHeaders *int `yaml:"http_response_headers"` - HTTPTotal *int `yaml:"http_total"` -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - r := report.Report{} - out.Ignition.Timeouts.HTTPResponseHeaders = in.Ignition.Timeouts.HTTPResponseHeaders - out.Ignition.Timeouts.HTTPTotal = in.Ignition.Timeouts.HTTPTotal - cfgNode, _ := getNodeChildPath(ast, "ignition", "config", "append") - for i, ref := range in.Ignition.Config.Append { - tmp, _ := getNodeChild(cfgNode, i) - newRef, convertReport := convertConfigReference(ref, tmp) - r.Merge(convertReport) - if convertReport.IsFatal() { - // don't add to the output if invalid - continue - } - out.Ignition.Config.Append = append(out.Ignition.Config.Append, newRef) - } - - cfgNode, _ = getNodeChildPath(ast, "ignition", "config", "replace") - if in.Ignition.Config.Replace != nil { - newRef, convertReport := convertConfigReference(*in.Ignition.Config.Replace, cfgNode) - r.Merge(convertReport) - if convertReport.IsFatal() { - // don't add to the output if invalid - return out, r, ast - } - out.Ignition.Config.Replace = &newRef - } - return out, r, ast - }) -} - -func convertConfigReference(in ConfigReference, ast astnode.AstNode) (ignTypes.ConfigReference, report.Report) { - _, err := url.Parse(in.Source) - if err != nil { - r := report.ReportFromError(err, report.EntryError) - if n, err := getNodeChild(ast, "source"); err == nil { - r.AddPosition(n.ValueLineCol(nil)) - } - return ignTypes.ConfigReference{}, r - } - - return ignTypes.ConfigReference{ - Source: in.Source, - Verification: convertVerification(in.Verification), - }, report.Report{} -} - -func convertVerification(in Verification) ignTypes.Verification { - if in.Hash.Function == "" || in.Hash.Sum == "" { - return ignTypes.Verification{} - } - s := in.Hash.String() - - return ignTypes.Verification{ - Hash: &s, - } -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/converter.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/converter.go deleted file mode 100644 index c61316c43f..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/converter.go +++ /dev/null @@ -1,68 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "reflect" - - "github.com/coreos/container-linux-config-transpiler/config/astyaml" - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -type converter func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) - -var converters []converter - -func register(f converter) { - converters = append(converters, f) -} - -func Convert(in Config, platform string, ast astnode.AstNode) (ignTypes.Config, report.Report) { - // convert our tree from having yaml tags to having json tags, so when Validate() is - // called on the tree, it can find the keys in the ignition structs (which are denoted - // by `json` tags) - if asYamlNode, ok := ast.(astyaml.YamlNode); ok { - asYamlNode.ChangeTreeTag("json") - ast = asYamlNode - } - - out := ignTypes.Config{ - Ignition: ignTypes.Ignition{ - Version: "2.2.0", - }, - } - - r := report.Report{} - - for _, convert := range converters { - var subReport report.Report - out, subReport, ast = convert(in, ast, out, platform) - r.Merge(subReport) - } - if r.IsFatal() { - return ignTypes.Config{}, r - } - - validationReport := validate.Validate(reflect.ValueOf(out), ast, nil, false) - r.Merge(validationReport) - if r.IsFatal() { - return ignTypes.Config{}, r - } - - return out, r -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/disks.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/disks.go deleted file mode 100644 index 4ca365cf37..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/disks.go +++ /dev/null @@ -1,124 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - - "github.com/alecthomas/units" - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -const ( - BYTES_PER_SECTOR = 512 -) - -var ( - type_guid_map = map[string]string{ - "raid_containing_root": "be9067b9-ea49-4f15-b4f6-f36f8c9e1818", - "linux_filesystem_data": "0fc63daf-8483-4772-8e79-3d69d8477de4", - "swap_partition": "0657fd6d-a4ab-43c4-84e5-0933c84b4f4f", - "raid_partition": "a19d880f-05fc-4d3b-a006-743f0f84911e", - } -) - -type Disk struct { - Device string `yaml:"device"` - WipeTable bool `yaml:"wipe_table"` - Partitions []Partition `yaml:"partitions"` -} - -type Partition struct { - Label string `yaml:"label"` - Number int `yaml:"number"` - Size string `yaml:"size"` - Start string `yaml:"start"` - GUID string `yaml:"guid"` - TypeGUID string `yaml:"type_guid"` -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - r := report.Report{} - for disk_idx, disk := range in.Storage.Disks { - newDisk := ignTypes.Disk{ - Device: disk.Device, - WipeTable: disk.WipeTable, - } - - for part_idx, partition := range disk.Partitions { - size, err := convertPartitionDimension(partition.Size) - if err != nil { - convertReport := report.ReportFromError(err, report.EntryError) - if sub_node, err := getNodeChildPath(ast, "storage", "disks", disk_idx, "partitions", part_idx, "size"); err == nil { - convertReport.AddPosition(sub_node.ValueLineCol(nil)) - } - r.Merge(convertReport) - // dont add invalid partitions - continue - } - start, err := convertPartitionDimension(partition.Start) - if err != nil { - convertReport := report.ReportFromError(err, report.EntryError) - if sub_node, err := getNodeChildPath(ast, "storage", "disks", disk_idx, "partitions", part_idx, "start"); err == nil { - convertReport.AddPosition(sub_node.ValueLineCol(nil)) - } - r.Merge(convertReport) - // dont add invalid partitions - continue - } - if type_guid, ok := type_guid_map[partition.TypeGUID]; ok { - partition.TypeGUID = type_guid - } - - newPart := ignTypes.Partition{ - Label: partition.Label, - Number: partition.Number, - Size: size, - Start: start, - GUID: partition.GUID, - TypeGUID: partition.TypeGUID, - } - newDisk.Partitions = append(newDisk.Partitions, newPart) - } - - out.Storage.Disks = append(out.Storage.Disks, newDisk) - } - return out, r, ast - }) -} - -func convertPartitionDimension(in string) (int, error) { - if in == "" { - return 0, nil - } - - b, err := units.ParseBase2Bytes(in) - if err != nil { - return 0, err - } - if b < 0 { - return 0, fmt.Errorf("invalid dimension (negative): %q", in) - } - - // Translate bytes into sectors - sectors := (b / BYTES_PER_SECTOR) - if b%BYTES_PER_SECTOR != 0 { - sectors++ - } - return int(sectors), nil -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/docker.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/docker.go deleted file mode 100644 index 6a9865a303..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/docker.go +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - "strings" - - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -type Docker struct { - Flags []string `yaml:"flags"` -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - if in.Docker != nil { - contents := fmt.Sprintf("[Service]\nEnvironment=\"DOCKER_OPTS=%s\"", strings.Join(in.Docker.Flags, " ")) - out.Systemd.Units = append(out.Systemd.Units, ignTypes.Unit{ - Name: "docker.service", - Enable: true, - Dropins: []ignTypes.SystemdDropin{{ - Name: "20-clct-docker.conf", - Contents: contents, - }}, - }) - } - return out, report.Report{}, ast - }) -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/etcd.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/etcd.go deleted file mode 100644 index f9abf155b1..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/etcd.go +++ /dev/null @@ -1,418 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "errors" - "fmt" - - "github.com/coreos/go-semver/semver" - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -var ( - EtcdVersionTooOld = errors.New("Etcd version specified is not valid (too old)") - EtcdMinorVersionTooNew = errors.New("Etcd minor version specified is too new, only options available in the previous minor version will be accepted") - EtcdMajorVersionTooNew = errors.New("Etcd version is not valid (too new)") - OldestEtcd = *semver.New("2.3.0") - EtcdDefaultVersion = *semver.New("3.0.0") -) - -// Options can be the options for any Etcd version -type Options interface{} - -type etcdCommon Etcd - -type EtcdVersion semver.Version - -func (e *EtcdVersion) UnmarshalYAML(unmarshal func(interface{}) error) error { - t := semver.Version(*e) - if err := unmarshal(&t); err != nil { - return err - } - *e = EtcdVersion(t) - return nil -} - -func (e EtcdVersion) Validate() report.Report { - v := semver.Version(e) - switch { - case v.LessThan(OldestEtcd): - return report.ReportFromError(EtcdVersionTooOld, report.EntryError) - case v.Major == 2 && v.Minor > 3: - fallthrough - case v.Major == 3 && v.Minor > 3: - return report.ReportFromError(EtcdMinorVersionTooNew, report.EntryWarning) - case v.Major > 3: - return report.ReportFromError(EtcdMajorVersionTooNew, report.EntryError) - } - return report.Report{} -} - -func (e EtcdVersion) String() string { - return semver.Version(e).String() -} - -// Etcd is a stub for yaml unmarshalling that figures out which -// of the other Etcd structs to use and unmarshals to that. Options needs -// to be an embedded type so that the structure of the yaml tree matches the -// structure of the go config tree -type Etcd struct { - Version *EtcdVersion `yaml:"version"` - Options -} - -func (etcd *Etcd) UnmarshalYAML(unmarshal func(interface{}) error) error { - t := etcdCommon(*etcd) - if err := unmarshal(&t); err != nil { - return err - } - *etcd = Etcd(t) - - var version semver.Version - if etcd.Version == nil { - version = EtcdDefaultVersion - } else { - version = semver.Version(*etcd.Version) - } - - if version.Major == 2 && version.Minor >= 3 { - o := Etcd2{} - if err := unmarshal(&o); err != nil { - return err - } - etcd.Options = o - } else if version.Major == 3 && version.Minor == 0 { - o := Etcd3_0{} - if err := unmarshal(&o); err != nil { - return err - } - etcd.Options = o - } else if version.Major == 3 && version.Minor == 1 { - o := Etcd3_1{} - if err := unmarshal(&o); err != nil { - return err - } - etcd.Options = o - } else if version.Major == 3 && version.Minor == 2 { - o := Etcd3_2{} - if err := unmarshal(&o); err != nil { - return err - } - etcd.Options = o - } else if version.Major == 3 && version.Minor >= 3 { - o := Etcd3_3{} - if err := unmarshal(&o); err != nil { - return err - } - etcd.Options = o - } - - return nil -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - if in.Etcd != nil { - contents, err := etcdContents(*in.Etcd, platform) - if err != nil { - return ignTypes.Config{}, report.ReportFromError(err, report.EntryError), ast - } - out.Systemd.Units = append(out.Systemd.Units, ignTypes.Unit{ - Name: "etcd-member.service", - Enable: true, - Dropins: []ignTypes.SystemdDropin{{ - Name: "20-clct-etcd-member.conf", - Contents: contents, - }}, - }) - } - return out, report.Report{}, ast - }) -} - -// etcdContents creates the string containing the systemd drop in for etcd-member -func etcdContents(etcd Etcd, platform string) (string, error) { - args := getCliArgs(etcd.Options) - var vars []string - if etcd.Version != nil { - vars = []string{fmt.Sprintf("ETCD_IMAGE_TAG=v%s", etcd.Version)} - } - - unit, err := assembleUnit("/usr/lib/coreos/etcd-wrapper $ETCD_OPTS", args, vars, platform) - if err != nil { - return "", err - } - - return unit.String(), nil -} - -type Etcd3_0 struct { - Name *string `yaml:"name" cli:"name"` - DataDir *string `yaml:"data_dir" cli:"data-dir"` - WalDir *string `yaml:"wal_dir" cli:"wal-dir"` - SnapshotCount *int `yaml:"snapshot_count" cli:"snapshot-count"` - HeartbeatInterval *int `yaml:"heartbeat_interval" cli:"heartbeat-interval"` - ElectionTimeout *int `yaml:"election_timeout" cli:"election-timeout"` - EnablePprof *bool `yaml:"enable_pprof" cli:"enable-pprof"` - ListenPeerUrls *string `yaml:"listen_peer_urls" cli:"listen-peer-urls"` - ListenClientUrls *string `yaml:"listen_client_urls" cli:"listen-client-urls"` - MaxSnapshots *int `yaml:"max_snapshots" cli:"max-snapshots"` - MaxWals *int `yaml:"max_wals" cli:"max-wals"` - Cors *string `yaml:"cors" cli:"cors"` - InitialAdvertisePeerUrls *string `yaml:"initial_advertise_peer_urls" cli:"initial-advertise-peer-urls"` - InitialCluster *string `yaml:"initial_cluster" cli:"initial-cluster"` - InitialClusterState *string `yaml:"initial_cluster_state" cli:"initial-cluster-state"` - InitialClusterToken *string `yaml:"initial_cluster_token" cli:"initial-cluster-token"` - AdvertiseClientUrls *string `yaml:"advertise_client_urls" cli:"advertise-client-urls"` - Discovery *string `yaml:"discovery" cli:"discovery"` - DiscoverySrv *string `yaml:"discovery_srv" cli:"discovery-srv"` - DiscoveryFallback *string `yaml:"discovery_fallback" cli:"discovery-fallback"` - DiscoveryProxy *string `yaml:"discovery_proxy" cli:"discovery-proxy"` - StrictReconfigCheck *bool `yaml:"strict_reconfig_check" cli:"strict-reconfig-check"` - AutoCompactionRetention *int `yaml:"auto_compaction_retention" cli:"auto-compaction-retention"` - Proxy *string `yaml:"proxy" cli:"proxy"` - ProxyFailureWait *int `yaml:"proxy_failure_wait" cli:"proxy-failure-wait"` - ProxyRefreshInterval *int `yaml:"proxy_refresh_interval" cli:"proxy-refresh-interval"` - ProxyDialTimeout *int `yaml:"proxy_dial_timeout" cli:"proxy-dial-timeout"` - ProxyWriteTimeout *int `yaml:"proxy_write_timeout" cli:"proxy-write-timeout"` - ProxyReadTimeout *int `yaml:"proxy_read_timeout" cli:"proxy-read-timeout"` - CaFile *string `yaml:"ca_file" cli:"ca-file" deprecated:"ca_file obsoleted by trusted_ca_file and client_cert_auth"` - CertFile *string `yaml:"cert_file" cli:"cert-file"` - KeyFile *string `yaml:"key_file" cli:"key-file"` - ClientCertAuth *bool `yaml:"client_cert_auth" cli:"client-cert-auth"` - TrustedCaFile *string `yaml:"trusted_ca_file" cli:"trusted-ca-file"` - AutoTls *bool `yaml:"auto_tls" cli:"auto-tls"` - PeerCaFile *string `yaml:"peer_ca_file" cli:"peer-ca-file" deprecated:"peer_ca_file obsoleted peer_trusted_ca_file and peer_client_cert_auth"` - PeerCertFile *string `yaml:"peer_cert_file" cli:"peer-cert-file"` - PeerKeyFile *string `yaml:"peer_key_file" cli:"peer-key-file"` - PeerClientCertAuth *bool `yaml:"peer_client_cert_auth" cli:"peer-client-cert-auth"` - PeerTrustedCaFile *string `yaml:"peer_trusted_ca_file" cli:"peer-trusted-ca-file"` - PeerAutoTls *bool `yaml:"peer_auto_tls" cli:"peer-auto-tls"` - Debug *bool `yaml:"debug" cli:"debug"` - LogPackageLevels *string `yaml:"log_package_levels" cli:"log-package-levels"` - ForceNewCluster *bool `yaml:"force_new_cluster" cli:"force-new-cluster"` -} - -type Etcd3_1 struct { - Name *string `yaml:"name" cli:"name"` - DataDir *string `yaml:"data_dir" cli:"data-dir"` - WalDir *string `yaml:"wal_dir" cli:"wal-dir"` - SnapshotCount *int `yaml:"snapshot_count" cli:"snapshot-count"` - HeartbeatInterval *int `yaml:"heartbeat_interval" cli:"heartbeat-interval"` - ElectionTimeout *int `yaml:"election_timeout" cli:"election-timeout"` - EnablePprof *bool `yaml:"enable_pprof" cli:"enable-pprof"` - ListenPeerUrls *string `yaml:"listen_peer_urls" cli:"listen-peer-urls"` - ListenClientUrls *string `yaml:"listen_client_urls" cli:"listen-client-urls"` - MaxSnapshots *int `yaml:"max_snapshots" cli:"max-snapshots"` - MaxWals *int `yaml:"max_wals" cli:"max-wals"` - Cors *string `yaml:"cors" cli:"cors"` - InitialAdvertisePeerUrls *string `yaml:"initial_advertise_peer_urls" cli:"initial-advertise-peer-urls"` - InitialCluster *string `yaml:"initial_cluster" cli:"initial-cluster"` - InitialClusterState *string `yaml:"initial_cluster_state" cli:"initial-cluster-state"` - InitialClusterToken *string `yaml:"initial_cluster_token" cli:"initial-cluster-token"` - AdvertiseClientUrls *string `yaml:"advertise_client_urls" cli:"advertise-client-urls"` - Discovery *string `yaml:"discovery" cli:"discovery"` - DiscoverySrv *string `yaml:"discovery_srv" cli:"discovery-srv"` - DiscoveryFallback *string `yaml:"discovery_fallback" cli:"discovery-fallback"` - DiscoveryProxy *string `yaml:"discovery_proxy" cli:"discovery-proxy"` - StrictReconfigCheck *bool `yaml:"strict_reconfig_check" cli:"strict-reconfig-check"` - AutoCompactionRetention *int `yaml:"auto_compaction_retention" cli:"auto-compaction-retention"` - Proxy *string `yaml:"proxy" cli:"proxy"` - ProxyFailureWait *int `yaml:"proxy_failure_wait" cli:"proxy-failure-wait"` - ProxyRefreshInterval *int `yaml:"proxy_refresh_interval" cli:"proxy-refresh-interval"` - ProxyDialTimeout *int `yaml:"proxy_dial_timeout" cli:"proxy-dial-timeout"` - ProxyWriteTimeout *int `yaml:"proxy_write_timeout" cli:"proxy-write-timeout"` - ProxyReadTimeout *int `yaml:"proxy_read_timeout" cli:"proxy-read-timeout"` - CaFile *string `yaml:"ca_file" cli:"ca-file" deprecated:"ca_file obsoleted by trusted_ca_file and client_cert_auth"` - CertFile *string `yaml:"cert_file" cli:"cert-file"` - KeyFile *string `yaml:"key_file" cli:"key-file"` - ClientCertAuth *bool `yaml:"client_cert_auth" cli:"client-cert-auth"` - TrustedCaFile *string `yaml:"trusted_ca_file" cli:"trusted-ca-file"` - AutoTls *bool `yaml:"auto_tls" cli:"auto-tls"` - PeerCaFile *string `yaml:"peer_ca_file" cli:"peer-ca-file" deprecated:"peer_ca_file obsoleted peer_trusted_ca_file and peer_client_cert_auth"` - PeerCertFile *string `yaml:"peer_cert_file" cli:"peer-cert-file"` - PeerKeyFile *string `yaml:"peer_key_file" cli:"peer-key-file"` - PeerClientCertAuth *bool `yaml:"peer_client_cert_auth" cli:"peer-client-cert-auth"` - PeerTrustedCaFile *string `yaml:"peer_trusted_ca_file" cli:"peer-trusted-ca-file"` - PeerAutoTls *bool `yaml:"peer_auto_tls" cli:"peer-auto-tls"` - Debug *bool `yaml:"debug" cli:"debug"` - LogPackageLevels *string `yaml:"log_package_levels" cli:"log-package-levels"` - ForceNewCluster *bool `yaml:"force_new_cluster" cli:"force-new-cluster"` - Metrics *string `yaml:"metrics" cli:"metrics"` - LogOutput *string `yaml:"log_output" cli:"log-output"` -} - -type Etcd3_2 struct { - Name *string `yaml:"name" cli:"name"` - DataDir *string `yaml:"data_dir" cli:"data-dir"` - WalDir *string `yaml:"wal_dir" cli:"wal-dir"` - SnapshotCount *int `yaml:"snapshot_count" cli:"snapshot-count"` - HeartbeatInterval *int `yaml:"heartbeat_interval" cli:"heartbeat-interval"` - ElectionTimeout *int `yaml:"election_timeout" cli:"election-timeout"` - EnablePprof *bool `yaml:"enable_pprof" cli:"enable-pprof"` - EnableV2 *bool `yaml:"enable_v2" cli:"enable-v2"` - ListenPeerUrls *string `yaml:"listen_peer_urls" cli:"listen-peer-urls"` - ListenClientUrls *string `yaml:"listen_client_urls" cli:"listen-client-urls"` - MaxSnapshots *int `yaml:"max_snapshots" cli:"max-snapshots"` - MaxWals *int `yaml:"max_wals" cli:"max-wals"` - Cors *string `yaml:"cors" cli:"cors"` - InitialAdvertisePeerUrls *string `yaml:"initial_advertise_peer_urls" cli:"initial-advertise-peer-urls"` - InitialCluster *string `yaml:"initial_cluster" cli:"initial-cluster"` - InitialClusterState *string `yaml:"initial_cluster_state" cli:"initial-cluster-state"` - InitialClusterToken *string `yaml:"initial_cluster_token" cli:"initial-cluster-token"` - AdvertiseClientUrls *string `yaml:"advertise_client_urls" cli:"advertise-client-urls"` - Discovery *string `yaml:"discovery" cli:"discovery"` - DiscoverySrv *string `yaml:"discovery_srv" cli:"discovery-srv"` - DiscoveryFallback *string `yaml:"discovery_fallback" cli:"discovery-fallback"` - DiscoveryProxy *string `yaml:"discovery_proxy" cli:"discovery-proxy"` - StrictReconfigCheck *bool `yaml:"strict_reconfig_check" cli:"strict-reconfig-check"` - AutoCompactionRetention *int `yaml:"auto_compaction_retention" cli:"auto-compaction-retention"` - Proxy *string `yaml:"proxy" cli:"proxy"` - ProxyFailureWait *int `yaml:"proxy_failure_wait" cli:"proxy-failure-wait"` - ProxyRefreshInterval *int `yaml:"proxy_refresh_interval" cli:"proxy-refresh-interval"` - ProxyDialTimeout *int `yaml:"proxy_dial_timeout" cli:"proxy-dial-timeout"` - ProxyWriteTimeout *int `yaml:"proxy_write_timeout" cli:"proxy-write-timeout"` - ProxyReadTimeout *int `yaml:"proxy_read_timeout" cli:"proxy-read-timeout"` - CaFile *string `yaml:"ca_file" cli:"ca-file" deprecated:"ca_file obsoleted by trusted_ca_file and client_cert_auth"` - CertFile *string `yaml:"cert_file" cli:"cert-file"` - KeyFile *string `yaml:"key_file" cli:"key-file"` - ClientCertAuth *bool `yaml:"client_cert_auth" cli:"client-cert-auth"` - TrustedCaFile *string `yaml:"trusted_ca_file" cli:"trusted-ca-file"` - AutoTls *bool `yaml:"auto_tls" cli:"auto-tls"` - PeerCaFile *string `yaml:"peer_ca_file" cli:"peer-ca-file" deprecated:"peer_ca_file obsoleted peer_trusted_ca_file and peer_client_cert_auth"` - PeerCertFile *string `yaml:"peer_cert_file" cli:"peer-cert-file"` - PeerKeyFile *string `yaml:"peer_key_file" cli:"peer-key-file"` - PeerClientCertAuth *bool `yaml:"peer_client_cert_auth" cli:"peer-client-cert-auth"` - PeerTrustedCaFile *string `yaml:"peer_trusted_ca_file" cli:"peer-trusted-ca-file"` - PeerAutoTls *bool `yaml:"peer_auto_tls" cli:"peer-auto-tls"` - AuthToken *string `yaml:"auth_token" cli:"auth-token"` - Debug *bool `yaml:"debug" cli:"debug"` - LogPackageLevels *string `yaml:"log_package_levels" cli:"log-package-levels"` - ForceNewCluster *bool `yaml:"force_new_cluster" cli:"force-new-cluster"` - Metrics *string `yaml:"metrics" cli:"metrics"` - LogOutput *string `yaml:"log_output" cli:"log-output"` -} - -type Etcd3_3 struct { - Name *string `yaml:"name" cli:"name"` - DataDir *string `yaml:"data_dir" cli:"data-dir"` - WalDir *string `yaml:"wal_dir" cli:"wal-dir"` - SnapshotCount *int `yaml:"snapshot_count" cli:"snapshot-count"` - HeartbeatInterval *int `yaml:"heartbeat_interval" cli:"heartbeat-interval"` - ElectionTimeout *int `yaml:"election_timeout" cli:"election-timeout"` - EnablePprof *bool `yaml:"enable_pprof" cli:"enable-pprof"` - EnableV2 *bool `yaml:"enable_v2" cli:"enable-v2"` - ListenPeerUrls *string `yaml:"listen_peer_urls" cli:"listen-peer-urls"` - ListenClientUrls *string `yaml:"listen_client_urls" cli:"listen-client-urls"` - MaxSnapshots *int `yaml:"max_snapshots" cli:"max-snapshots"` - MaxWals *int `yaml:"max_wals" cli:"max-wals"` - Cors *string `yaml:"cors" cli:"cors"` - QuotaBackendBytes *int `yaml:"quota_backend_bytes" cli:"quota-backend-bytes"` - MaxTxnOps *int `yaml:"max_txn_ops" cli:"max-txn-ops"` - MaxRequestBytes *int `yaml:"max_request_bytes" cli:"max-request-bytes"` - GrpcKeepaliveMinTime *string `yaml:"grpc_keepalive_min_time" cli:"grpc-keepalive-min-time"` - GrpcKeepaliveInterval *string `yaml:"grpc_keepalive_interval" cli:"grpc-keepalive-interval"` - GrpcKeepaliveTimeout *string `yaml:"grpc_keepalive_timeout" cli:"grpc-keepalive-timeout"` - InitialAdvertisePeerUrls *string `yaml:"initial_advertise_peer_urls" cli:"initial-advertise-peer-urls"` - InitialCluster *string `yaml:"initial_cluster" cli:"initial-cluster"` - InitialClusterState *string `yaml:"initial_cluster_state" cli:"initial-cluster-state"` - InitialClusterToken *string `yaml:"initial_cluster_token" cli:"initial-cluster-token"` - AdvertiseClientUrls *string `yaml:"advertise_client_urls" cli:"advertise-client-urls"` - Discovery *string `yaml:"discovery" cli:"discovery"` - DiscoverySrv *string `yaml:"discovery_srv" cli:"discovery-srv"` - DiscoveryFallback *string `yaml:"discovery_fallback" cli:"discovery-fallback"` - DiscoveryProxy *string `yaml:"discovery_proxy" cli:"discovery-proxy"` - StrictReconfigCheck *bool `yaml:"strict_reconfig_check" cli:"strict-reconfig-check"` - AutoCompactionRetention *string `yaml:"auto_compaction_retention" cli:"auto-compaction-retention"` - AutoCompactionMode *string `yaml:"auto_compaction_mode" cli:"auto-compaction-mode"` - Proxy *string `yaml:"proxy" cli:"proxy"` - ProxyFailureWait *int `yaml:"proxy_failure_wait" cli:"proxy-failure-wait"` - ProxyRefreshInterval *int `yaml:"proxy_refresh_interval" cli:"proxy-refresh-interval"` - ProxyDialTimeout *int `yaml:"proxy_dial_timeout" cli:"proxy-dial-timeout"` - ProxyWriteTimeout *int `yaml:"proxy_write_timeout" cli:"proxy-write-timeout"` - ProxyReadTimeout *int `yaml:"proxy_read_timeout" cli:"proxy-read-timeout"` - CaFile *string `yaml:"ca_file" cli:"ca-file" deprecated:"ca_file obsoleted by trusted_ca_file and client_cert_auth"` - CertFile *string `yaml:"cert_file" cli:"cert-file"` - KeyFile *string `yaml:"key_file" cli:"key-file"` - ClientCertAuth *bool `yaml:"client_cert_auth" cli:"client-cert-auth"` - ClientCrlFile *string `yaml:"client_crl_file" cli:"client-crl-file"` - TrustedCaFile *string `yaml:"trusted_ca_file" cli:"trusted-ca-file"` - AutoTls *bool `yaml:"auto_tls" cli:"auto-tls"` - PeerCaFile *string `yaml:"peer_ca_file" cli:"peer-ca-file" deprecated:"peer_ca_file obsoleted peer_trusted_ca_file and peer_client_cert_auth"` - PeerCertFile *string `yaml:"peer_cert_file" cli:"peer-cert-file"` - PeerKeyFile *string `yaml:"peer_key_file" cli:"peer-key-file"` - PeerClientCertAuth *bool `yaml:"peer_client_cert_auth" cli:"peer-client-cert-auth"` - PeerCrlFile *string `yaml:"peer_crl_file" cli:"peer-crl-file"` - PeerTrustedCaFile *string `yaml:"peer_trusted_ca_file" cli:"peer-trusted-ca-file"` - PeerAutoTls *bool `yaml:"peer_auto_tls" cli:"peer-auto-tls"` - PeerCertAllowedCn *string `yaml:"peer_cert_allowed_cn" cli:"peer-cert-allowed-cn"` - AuthToken *string `yaml:"auth_token" cli:"auth-token"` - Debug *bool `yaml:"debug" cli:"debug"` - LogPackageLevels *string `yaml:"log_package_levels" cli:"log-package-levels"` - ForceNewCluster *bool `yaml:"force_new_cluster" cli:"force-new-cluster"` - Metrics *string `yaml:"metrics" cli:"metrics"` - LogOutput *string `yaml:"log_output" cli:"log-output"` - ListenMetricsUrls *string `yaml:"listen_metrics_urls" cli:"listen-metrics-urls"` - ExperimentalInitialCorruptCheck *bool `yaml:"experimental_initial_corrupt_check" cli:"experimental-initial-corrupt-check"` - ExperimentalCorruptCheckTime *string `yaml:"experimental_corrupt_check_time" cli:"experimental-corrupt-check-time"` - ExperimentalEnableV2V3 *string `yaml:"experimental_enable_v2v3" cli:"experimental-enable-v2v3"` -} - -type Etcd2 struct { - AdvertiseClientURLs *string `yaml:"advertise_client_urls" cli:"advertise-client-urls"` - CAFile *string `yaml:"ca_file" cli:"ca-file" deprecated:"ca_file obsoleted by trusted_ca_file and client_cert_auth"` - CertFile *string `yaml:"cert_file" cli:"cert-file"` - ClientCertAuth *bool `yaml:"client_cert_auth" cli:"client-cert-auth"` - CorsOrigins *string `yaml:"cors" cli:"cors"` - DataDir *string `yaml:"data_dir" cli:"data-dir"` - Debug *bool `yaml:"debug" cli:"debug"` - Discovery *string `yaml:"discovery" cli:"discovery"` - DiscoveryFallback *string `yaml:"discovery_fallback" cli:"discovery-fallback"` - DiscoverySRV *string `yaml:"discovery_srv" cli:"discovery-srv"` - DiscoveryProxy *string `yaml:"discovery_proxy" cli:"discovery-proxy"` - ElectionTimeout *int `yaml:"election_timeout" cli:"election-timeout"` - EnablePprof *bool `yaml:"enable_pprof" cli:"enable-pprof"` - ForceNewCluster *bool `yaml:"force_new_cluster" cli:"force-new-cluster"` - HeartbeatInterval *int `yaml:"heartbeat_interval" cli:"heartbeat-interval"` - InitialAdvertisePeerURLs *string `yaml:"initial_advertise_peer_urls" cli:"initial-advertise-peer-urls"` - InitialCluster *string `yaml:"initial_cluster" cli:"initial-cluster"` - InitialClusterState *string `yaml:"initial_cluster_state" cli:"initial-cluster-state"` - InitialClusterToken *string `yaml:"initial_cluster_token" cli:"initial-cluster-token"` - KeyFile *string `yaml:"key_file" cli:"key-file"` - ListenClientURLs *string `yaml:"listen_client_urls" cli:"listen-client-urls"` - ListenPeerURLs *string `yaml:"listen_peer_urls" cli:"listen-peer-urls"` - LogPackageLevels *string `yaml:"log_package_levels" cli:"log-package-levels"` - MaxSnapshots *int `yaml:"max_snapshots" cli:"max-snapshots"` - MaxWALs *int `yaml:"max_wals" cli:"max-wals"` - Name *string `yaml:"name" cli:"name"` - PeerCAFile *string `yaml:"peer_ca_file" cli:"peer-ca-file" deprecated:"peer_ca_file obsoleted peer_trusted_ca_file and peer_client_cert_auth"` - PeerCertFile *string `yaml:"peer_cert_file" cli:"peer-cert-file"` - PeerKeyFile *string `yaml:"peer_key_file" cli:"peer-key-file"` - PeerClientCertAuth *bool `yaml:"peer_client_cert_auth" cli:"peer-client-cert-auth"` - PeerTrustedCAFile *string `yaml:"peer_trusted_ca_file" cli:"peer-trusted-ca-file"` - Proxy *string `yaml:"proxy" cli:"proxy" valid:"^(on|off|readonly)$"` - ProxyDialTimeout *int `yaml:"proxy_dial_timeout" cli:"proxy-dial-timeout"` - ProxyFailureWait *int `yaml:"proxy_failure_wait" cli:"proxy-failure-wait"` - ProxyReadTimeout *int `yaml:"proxy_read_timeout" cli:"proxy-read-timeout"` - ProxyRefreshInterval *int `yaml:"proxy_refresh_interval" cli:"proxy-refresh-interval"` - ProxyWriteTimeout *int `yaml:"proxy_write_timeout" cli:"proxy-write-timeout"` - SnapshotCount *int `yaml:"snapshot_count" cli:"snapshot-count"` - StrictReconfigCheck *bool `yaml:"strict_reconfig_check" cli:"strict-reconfig-check"` - TrustedCAFile *string `yaml:"trusted_ca_file" cli:"trusted-ca-file"` - WalDir *string `yaml:"wal_dir" cli:"wal-dir"` -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/files.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/files.go deleted file mode 100644 index f335667705..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/files.go +++ /dev/null @@ -1,301 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "errors" - "flag" - "fmt" - "io/ioutil" - "net/url" - "path" - - "github.com/coreos/container-linux-config-transpiler/config/astyaml" - "github.com/coreos/container-linux-config-transpiler/internal/util" - - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" - "github.com/vincent-petithory/dataurl" -) - -var ( - DefaultFileMode = 0644 - DefaultDirMode = 0755 - - WarningUnsetFileMode = fmt.Errorf("mode unspecified for file, defaulting to %#o", DefaultFileMode) - WarningUnsetDirMode = fmt.Errorf("mode unspecified for directory, defaulting to %#o", DefaultDirMode) - - ErrTooManyFileSources = errors.New("only one of the following can be set: local, inline, remote.url") -) - -type FileUser struct { - Id *int `yaml:"id"` - Name string `yaml:"name"` -} - -type FileGroup struct { - Id *int `yaml:"id"` - Name string `yaml:"name"` -} - -type File struct { - Filesystem string `yaml:"filesystem"` - Path string `yaml:"path"` - User *FileUser `yaml:"user"` - Group *FileGroup `yaml:"group"` - Mode *int `yaml:"mode"` - Contents FileContents `yaml:"contents"` - Overwrite *bool `yaml:"overwrite"` - Append bool `yaml:"append"` -} - -type FileContents struct { - Remote Remote `yaml:"remote"` - Inline string `yaml:"inline"` - Local string `yaml:"local"` -} - -type Remote struct { - Url string `yaml:"url"` - Compression string `yaml:"compression"` - Verification Verification `yaml:"verification"` -} - -type Directory struct { - Filesystem string `yaml:"filesystem"` - Path string `yaml:"path"` - User *FileUser `yaml:"user"` - Group *FileGroup `yaml:"group"` - Mode *int `yaml:"mode"` - Overwrite *bool `yaml:"overwrite"` -} - -type Link struct { - Filesystem string `yaml:"filesystem"` - Path string `yaml:"path"` - User *FileUser `yaml:"user"` - Group *FileGroup `yaml:"group"` - Hard bool `yaml:"hard"` - Target string `yaml:"target"` - Overwrite *bool `yaml:"overwrite"` -} - -func (f File) ValidateMode() report.Report { - if f.Mode == nil { - return report.ReportFromError(WarningUnsetFileMode, report.EntryWarning) - } - return report.Report{} -} - -func (d Directory) ValidateMode() report.Report { - if d.Mode == nil { - return report.ReportFromError(WarningUnsetDirMode, report.EntryWarning) - } - return report.Report{} -} - -func (fc FileContents) Validate() report.Report { - i := 0 - if fc.Remote.Url != "" { - i++ - } - if fc.Inline != "" { - i++ - } - if fc.Local != "" { - i++ - } - if i > 1 { - return report.ReportFromError(ErrTooManyFileSources, report.EntryError) - } - return report.Report{} -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - r := report.Report{} - files_node, _ := getNodeChildPath(ast, "storage", "files") - for i, file := range in.Storage.Files { - if file.Mode == nil { - file.Mode = util.IntToPtr(DefaultFileMode) - } - file_node, _ := getNodeChild(files_node, i) - newFile := ignTypes.File{ - Node: ignTypes.Node{ - Filesystem: file.Filesystem, - Path: file.Path, - Overwrite: file.Overwrite, - }, - FileEmbedded1: ignTypes.FileEmbedded1{ - Mode: file.Mode, - Append: file.Append, - }, - } - if file.User != nil { - newFile.User = &ignTypes.NodeUser{ - ID: file.User.Id, - Name: file.User.Name, - } - } - if file.Group != nil { - newFile.Group = &ignTypes.NodeGroup{ - ID: file.Group.Id, - Name: file.Group.Name, - } - } - - if file.Contents.Inline != "" { - newFile.Contents = ignTypes.FileContents{ - Source: (&url.URL{ - Scheme: "data", - Opaque: "," + dataurl.EscapeString(file.Contents.Inline), - }).String(), - } - } - - if file.Contents.Local != "" { - // The provided local file path is relative to the value of the - // --files-dir flag. - filesDir := flag.Lookup("files-dir") - if filesDir == nil || filesDir.Value.String() == "" { - err := errors.New("local files require setting the --files-dir flag to the directory that contains the file") - flagReport := report.ReportFromError(err, report.EntryError) - if n, err := getNodeChildPath(file_node, "contents", "local"); err == nil { - line, col, _ := n.ValueLineCol(nil) - flagReport.AddPosition(line, col, "") - } - r.Merge(flagReport) - continue - } - localPath := path.Join(filesDir.Value.String(), file.Contents.Local) - contents, err := ioutil.ReadFile(localPath) - if err != nil { - // If the file could not be read, record error and continue. - convertReport := report.ReportFromError(err, report.EntryError) - if n, err := getNodeChildPath(file_node, "contents", "local"); err == nil { - line, col, _ := n.ValueLineCol(nil) - convertReport.AddPosition(line, col, "") - } - r.Merge(convertReport) - continue - } - - // Include the contents of the local file as if it were provided inline. - newFile.Contents = ignTypes.FileContents{ - Source: (&url.URL{ - Scheme: "data", - Opaque: "," + dataurl.Escape(contents), - }).String(), - } - } - - if file.Contents.Remote.Url != "" { - source, err := url.Parse(file.Contents.Remote.Url) - if err != nil { - // if invalid, record error and continue - convertReport := report.ReportFromError(err, report.EntryError) - if n, err := getNodeChildPath(file_node, "contents", "remote", "url"); err == nil { - line, col, _ := n.ValueLineCol(nil) - convertReport.AddPosition(line, col, "") - } - r.Merge(convertReport) - continue - } - - // patch the yaml tree to look like the ignition tree by making contents - // the remote section and changing the name from url -> source - asYamlNode, ok := file_node.(astyaml.YamlNode) - if ok { - newContents, _ := getNodeChildPath(file_node, "contents", "remote") - newContentsAsYaml := newContents.(astyaml.YamlNode) - asYamlNode.ChangeKey("contents", "contents", newContentsAsYaml) - - url, _ := getNodeChild(newContents.(astyaml.YamlNode), "url") - newContentsAsYaml.ChangeKey("url", "source", url.(astyaml.YamlNode)) - } - - newFile.Contents = ignTypes.FileContents{Source: source.String()} - - } - - if newFile.Contents == (ignTypes.FileContents{}) { - newFile.Contents = ignTypes.FileContents{ - Source: "data:,", - } - } - - newFile.Contents.Compression = file.Contents.Remote.Compression - newFile.Contents.Verification = convertVerification(file.Contents.Remote.Verification) - - out.Storage.Files = append(out.Storage.Files, newFile) - } - for _, dir := range in.Storage.Directories { - if dir.Mode == nil { - dir.Mode = util.IntToPtr(DefaultDirMode) - } - newDir := ignTypes.Directory{ - Node: ignTypes.Node{ - Filesystem: dir.Filesystem, - Path: dir.Path, - Overwrite: dir.Overwrite, - }, - DirectoryEmbedded1: ignTypes.DirectoryEmbedded1{ - Mode: dir.Mode, - }, - } - if dir.User != nil { - newDir.User = &ignTypes.NodeUser{ - ID: dir.User.Id, - Name: dir.User.Name, - } - } - if dir.Group != nil { - newDir.Group = &ignTypes.NodeGroup{ - ID: dir.Group.Id, - Name: dir.Group.Name, - } - } - out.Storage.Directories = append(out.Storage.Directories, newDir) - } - for _, link := range in.Storage.Links { - newLink := ignTypes.Link{ - Node: ignTypes.Node{ - Filesystem: link.Filesystem, - Path: link.Path, - Overwrite: link.Overwrite, - }, - LinkEmbedded1: ignTypes.LinkEmbedded1{ - Hard: link.Hard, - Target: link.Target, - }, - } - if link.User != nil { - newLink.User = &ignTypes.NodeUser{ - ID: link.User.Id, - Name: link.User.Name, - } - } - if link.Group != nil { - newLink.Group = &ignTypes.NodeGroup{ - ID: link.Group.Id, - Name: link.Group.Name, - } - } - out.Storage.Links = append(out.Storage.Links, newLink) - } - return out, r, ast - }) -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/filesystems.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/filesystems.go deleted file mode 100644 index 73dd465fe0..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/filesystems.go +++ /dev/null @@ -1,93 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -type Filesystem struct { - Name string `yaml:"name"` - Mount *Mount `yaml:"mount"` - Path *string `yaml:"path"` -} - -type Mount struct { - Device string `yaml:"device"` - Format string `yaml:"format"` - Create *Create `yaml:"create"` - WipeFilesystem bool `yaml:"wipe_filesystem"` - Label *string `yaml:"label"` - UUID *string `yaml:"uuid"` - Options []string `yaml:"options"` -} - -type Create struct { - Force bool `yaml:"force"` - Options []string `yaml:"options"` -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - r := report.Report{} - for _, filesystem := range in.Storage.Filesystems { - newFilesystem := ignTypes.Filesystem{ - Name: filesystem.Name, - Path: filesystem.Path, - } - - if filesystem.Mount != nil { - newFilesystem.Mount = &ignTypes.Mount{ - Device: filesystem.Mount.Device, - Format: filesystem.Mount.Format, - WipeFilesystem: filesystem.Mount.WipeFilesystem, - Label: filesystem.Mount.Label, - UUID: filesystem.Mount.UUID, - Options: convertStringSliceToTypesMountOptionSlice(filesystem.Mount.Options), - } - - if filesystem.Mount.Create != nil { - newFilesystem.Mount.Create = &ignTypes.Create{ - Force: filesystem.Mount.Create.Force, - Options: convertStringSliceToTypesCreateOptionSlice(filesystem.Mount.Create.Options), - } - } - } - - out.Storage.Filesystems = append(out.Storage.Filesystems, newFilesystem) - } - return out, r, ast - }) -} - -// golang-- -func convertStringSliceToTypesCreateOptionSlice(ss []string) []ignTypes.CreateOption { - var res []ignTypes.CreateOption - for _, s := range ss { - res = append(res, ignTypes.CreateOption(s)) - } - return res -} - -// golang-- -func convertStringSliceToTypesMountOptionSlice(ss []string) []ignTypes.MountOption { - var res []ignTypes.MountOption - for _, s := range ss { - res = append(res, ignTypes.MountOption(s)) - } - return res -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/flannel.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/flannel.go deleted file mode 100644 index 31abc9af01..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/flannel.go +++ /dev/null @@ -1,233 +0,0 @@ -package types - -import ( - "encoding/json" - "errors" - "fmt" - - "github.com/coreos/go-semver/semver" - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -var ( - ErrFlannelTooOld = errors.New("invalid flannel version (too old)") - ErrFlannelMinorTooNew = errors.New("flannel minor version too new. Only options available in the previous minor version will be supported") - ErrNetConfigInvalidJSON = errors.New("flannel network config doesn't appear to be valid JSON") - ErrNetConfigProvidedAndKubeMgrSet = errors.New("flannel network config cannot be provided if kube_subnet_mgr is set") - OldestFlannelVersion = *semver.New("0.5.0") - FlannelDefaultVersion = *semver.New("0.6.0") -) - -type Flannel struct { - Version *FlannelVersion `yaml:"version"` - NetworkConfig NetworkConfig `yaml:"network_config"` - Options -} - -type flannelCommon Flannel - -type FlannelVersion semver.Version - -type NetworkConfig string - -func (nc NetworkConfig) Validate() report.Report { - if nc == "" { - return report.Report{} - } - tmp := make(map[string]interface{}) - err := json.Unmarshal([]byte(nc), &tmp) - if err != nil { - return report.ReportFromError(ErrNetConfigInvalidJSON, report.EntryError) - } - return report.Report{} -} - -func (v *FlannelVersion) UnmarshalYAML(unmarshal func(interface{}) error) error { - t := semver.Version(*v) - if err := unmarshal(&t); err != nil { - return err - } - *v = FlannelVersion(t) - return nil -} - -func (fv FlannelVersion) Validate() report.Report { - v := semver.Version(fv) - switch { - case v.LessThan(OldestFlannelVersion): - return report.ReportFromError(ErrFlannelTooOld, report.EntryError) - case v.Major == 0 && fv.Minor > 7: - return report.ReportFromError(ErrFlannelMinorTooNew, report.EntryWarning) - } - return report.Report{} -} - -func (fv FlannelVersion) String() string { - return semver.Version(fv).String() -} - -func (f *Flannel) Validate() report.Report { - switch o := f.Options.(type) { - case Flannel0_7: - if o.KubeSubnetMgr != nil && *o.KubeSubnetMgr && f.NetworkConfig != "" { - return report.ReportFromError(ErrNetConfigProvidedAndKubeMgrSet, report.EntryError) - } - } - return report.Report{} -} - -func (flannel *Flannel) UnmarshalYAML(unmarshal func(interface{}) error) error { - t := flannelCommon(*flannel) - if err := unmarshal(&t); err != nil { - return err - } - *flannel = Flannel(t) - - var v semver.Version - if flannel.Version == nil { - v = FlannelDefaultVersion - } else { - v = semver.Version(*flannel.Version) - } - - if v.Major == 0 && v.Minor >= 7 { - o := Flannel0_7{} - if err := unmarshal(&o); err != nil { - return err - } - flannel.Options = o - } else if v.Major == 0 && v.Minor == 6 { - o := Flannel0_6{} - if err := unmarshal(&o); err != nil { - return err - } - flannel.Options = o - } else if v.Major == 0 && v.Minor == 5 { - o := Flannel0_5{} - if err := unmarshal(&o); err != nil { - return err - } - flannel.Options = o - } - return nil -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - if in.Flannel != nil { - contents, err := flannelContents(*in.Flannel, platform) - if err != nil { - return ignTypes.Config{}, report.ReportFromError(err, report.EntryError), ast - } - out.Systemd.Units = append(out.Systemd.Units, ignTypes.Unit{ - Name: "flanneld.service", - Enable: true, - Dropins: []ignTypes.SystemdDropin{{ - Name: "20-clct-flannel.conf", - Contents: contents, - }}, - }) - } - return out, report.Report{}, ast - }) -} - -// flannelContents creates the string containing the systemd drop in for flannel -func flannelContents(flannel Flannel, platform string) (string, error) { - args := getCliArgs(flannel.Options) - var vars []string - if flannel.Version != nil { - vars = []string{fmt.Sprintf("FLANNEL_IMAGE_TAG=v%s", flannel.Version)} - } - - unit, err := assembleUnit("/usr/lib/coreos/flannel-wrapper $FLANNEL_OPTS", args, vars, platform) - if err != nil { - return "", err - } - - if flannel.NetworkConfig != "" { - pre := "ExecStartPre=/usr/bin/etcdctl" - var endpoints *string - var etcdCAFile *string - var etcdCertFile *string - var etcdKeyFile *string - switch o := flannel.Options.(type) { - case Flannel0_7: - endpoints = o.EtcdEndpoints - etcdCAFile = o.EtcdCAFile - etcdCertFile = o.EtcdCertFile - etcdKeyFile = o.EtcdKeyFile - case Flannel0_6: - endpoints = o.EtcdEndpoints - etcdCAFile = o.EtcdCAFile - etcdCertFile = o.EtcdCertFile - etcdKeyFile = o.EtcdKeyFile - case Flannel0_5: - endpoints = o.EtcdEndpoints - etcdCAFile = o.EtcdCAFile - etcdCertFile = o.EtcdCertFile - etcdKeyFile = o.EtcdKeyFile - } - if endpoints != nil { - pre += fmt.Sprintf(" --endpoints=%q", *endpoints) - } - if etcdCAFile != nil { - pre += fmt.Sprintf(" --ca-file=%q", *etcdCAFile) - } - if etcdCertFile != nil { - pre += fmt.Sprintf(" --cert-file=%q", *etcdCertFile) - } - if etcdKeyFile != nil { - pre += fmt.Sprintf(" --key-file=%q", *etcdKeyFile) - } - pre += fmt.Sprintf(" set /coreos.com/network/config %q", flannel.NetworkConfig) - unit.Service.Add(pre) - } - - return unit.String(), nil -} - -// Flannel0_7 represents flannel options for version 0.7.x. Don't embed Flannel0_6 because -// the yaml parser doesn't handle embedded structs -type Flannel0_7 struct { - EtcdUsername *string `yaml:"etcd_username" cli:"etcd-username"` - EtcdPassword *string `yaml:"etcd_password" cli:"etcd-password"` - EtcdEndpoints *string `yaml:"etcd_endpoints" cli:"etcd-endpoints"` - EtcdCAFile *string `yaml:"etcd_cafile" cli:"etcd-cafile"` - EtcdCertFile *string `yaml:"etcd_certfile" cli:"etcd-certfile"` - EtcdKeyFile *string `yaml:"etcd_keyfile" cli:"etcd-keyfile"` - EtcdPrefix *string `yaml:"etcd_prefix" cli:"etcd-prefix"` - IPMasq *string `yaml:"ip_masq" cli:"ip-masq"` - SubnetFile *string `yaml:"subnet_file" cli:"subnet-file"` - Iface *string `yaml:"interface" cli:"iface"` - PublicIP *string `yaml:"public_ip" cli:"public-ip"` - KubeSubnetMgr *bool `yaml:"kube_subnet_mgr" cli:"kube-subnet-mgr"` -} - -type Flannel0_6 struct { - EtcdUsername *string `yaml:"etcd_username" cli:"etcd-username"` - EtcdPassword *string `yaml:"etcd_password" cli:"etcd-password"` - EtcdEndpoints *string `yaml:"etcd_endpoints" cli:"etcd-endpoints"` - EtcdCAFile *string `yaml:"etcd_cafile" cli:"etcd-cafile"` - EtcdCertFile *string `yaml:"etcd_certfile" cli:"etcd-certfile"` - EtcdKeyFile *string `yaml:"etcd_keyfile" cli:"etcd-keyfile"` - EtcdPrefix *string `yaml:"etcd_prefix" cli:"etcd-prefix"` - IPMasq *string `yaml:"ip_masq" cli:"ip-masq"` - SubnetFile *string `yaml:"subnet_file" cli:"subnet-file"` - Iface *string `yaml:"interface" cli:"iface"` - PublicIP *string `yaml:"public_ip" cli:"public-ip"` -} - -type Flannel0_5 struct { - EtcdEndpoints *string `yaml:"etcd_endpoints" cli:"etcd-endpoints"` - EtcdCAFile *string `yaml:"etcd_cafile" cli:"etcd-cafile"` - EtcdCertFile *string `yaml:"etcd_certfile" cli:"etcd-certfile"` - EtcdKeyFile *string `yaml:"etcd_keyfile" cli:"etcd-keyfile"` - EtcdPrefix *string `yaml:"etcd_prefix" cli:"etcd-prefix"` - IPMasq *string `yaml:"ip_masq" cli:"ip-masq"` - SubnetFile *string `yaml:"subnet_file" cli:"subnet-file"` - Iface *string `yaml:"interface" cli:"iface"` - PublicIP *string `yaml:"public_ip" cli:"public-ip"` -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/locksmith.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/locksmith.go deleted file mode 100644 index f701a16ff1..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/locksmith.go +++ /dev/null @@ -1,110 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "errors" - "fmt" - "strings" - "time" - - "github.com/coreos/ignition/config/validate/report" -) - -var ( - ErrMissingStartOrLength = errors.New("window-start and window-length must both be specified") - ErrUnknownStrategy = errors.New("unknown reboot strategy") - ErrParsingWindowStart = errors.New("couldn't parse window start") - ErrUnknownDay = errors.New("unknown day in window start") - ErrParsingWindow = errors.New("couldn't parse window start") - ErrParsingLength = errors.New("couldn't parse window length") -) - -type Locksmith struct { - RebootStrategy *string `yaml:"reboot_strategy" locksmith:"REBOOT_STRATEGY"` - WindowStart *string `yaml:"window_start" locksmith:"LOCKSMITHD_REBOOT_WINDOW_START"` - WindowLength *string `yaml:"window_length" locksmith:"LOCKSMITHD_REBOOT_WINDOW_LENGTH"` - Group *string `yaml:"group" locksmith:"LOCKSMITHD_GROUP"` - EtcdEndpoints *string `yaml:"etcd_endpoints" locksmith:"LOCKSMITHD_ENDPOINT"` - EtcdCAFile *string `yaml:"etcd_cafile" locksmith:"LOCKSMITHD_ETCD_CAFILE"` - EtcdCertFile *string `yaml:"etcd_certfile" locksmith:"LOCKSMITHD_ETCD_CERTFILE"` - EtcdKeyFile *string `yaml:"etcd_keyfile" locksmith:"LOCKSMITHD_ETCD_KEYFILE"` -} - -func (l Locksmith) configLines() []string { - return getArgs("%s=%v", "locksmith", l) -} - -func nilOrEmpty(s *string) bool { - return s == nil || *s == "" -} - -func (l Locksmith) Validate() report.Report { - if (!nilOrEmpty(l.WindowStart) && nilOrEmpty(l.WindowLength)) || (nilOrEmpty(l.WindowStart) && !nilOrEmpty(l.WindowLength)) { - return report.ReportFromError(ErrMissingStartOrLength, report.EntryError) - } - return report.Report{} -} - -func (l Locksmith) ValidateRebootStrategy() report.Report { - if nilOrEmpty(l.RebootStrategy) { - return report.Report{} - } - switch strings.ToLower(*l.RebootStrategy) { - case "reboot", "etcd-lock", "off": - return report.Report{} - default: - return report.ReportFromError(ErrUnknownStrategy, report.EntryError) - } -} - -func (l Locksmith) ValidateWindowStart() report.Report { - if nilOrEmpty(l.WindowStart) { - return report.Report{} - } - var day string - var t string - - _, err := fmt.Sscanf(*l.WindowStart, "%s %s", &day, &t) - if err != nil { - day = "not-present" - t = *l.WindowStart - } - - switch strings.ToLower(day) { - case "sun", "mon", "tue", "wed", "thu", "fri", "sat", "not-present": - break - default: - return report.ReportFromError(ErrUnknownDay, report.EntryError) - } - - _, err = time.Parse("15:04", t) - if err != nil { - return report.ReportFromError(ErrParsingWindow, report.EntryError) - } - - return report.Report{} -} - -func (l Locksmith) ValidateWindowLength() report.Report { - if nilOrEmpty(l.WindowLength) { - return report.Report{} - } - _, err := time.ParseDuration(*l.WindowLength) - if err != nil { - return report.ReportFromError(ErrParsingLength, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/networkd.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/networkd.go deleted file mode 100644 index 01490b8411..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/networkd.go +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -type Networkd struct { - Units []NetworkdUnit `yaml:"units"` -} - -type NetworkdUnit struct { - Name string `yaml:"name"` - Contents string `yaml:"contents"` - Dropins []NetworkdUnitDropIn `yaml:"dropins"` -} - -type NetworkdUnitDropIn struct { - Name string `yaml:"name"` - Contents string `yaml:"contents"` -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - for _, unit := range in.Networkd.Units { - newUnit := ignTypes.Networkdunit{ - Name: unit.Name, - Contents: unit.Contents, - } - for _, dropIn := range unit.Dropins { - newUnit.Dropins = append(newUnit.Dropins, ignTypes.NetworkdDropin{ - Name: dropIn.Name, - Contents: dropIn.Contents, - }) - } - out.Networkd.Units = append(out.Networkd.Units, newUnit) - } - return out, report.Report{}, ast - }) -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/passwd.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/passwd.go deleted file mode 100644 index e12cd5041c..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/passwd.go +++ /dev/null @@ -1,148 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -type Passwd struct { - Users []User `yaml:"users"` - Groups []Group `yaml:"groups"` -} - -type User struct { - Name string `yaml:"name"` - PasswordHash *string `yaml:"password_hash"` - SSHAuthorizedKeys []string `yaml:"ssh_authorized_keys"` - Create *UserCreate `yaml:"create"` - UID *int `yaml:"uid"` - Gecos string `yaml:"gecos"` - HomeDir string `yaml:"home_dir"` - NoCreateHome bool `yaml:"no_create_home"` - PrimaryGroup string `yaml:"primary_group"` - Groups []string `yaml:"groups"` - NoUserGroup bool `yaml:"no_user_group"` - System bool `yaml:"system"` - NoLogInit bool `yaml:"no_log_init"` - Shell string `yaml:"shell"` -} - -type UserCreate struct { - Uid *uint `yaml:"uid"` - GECOS string `yaml:"gecos"` - Homedir string `yaml:"home_dir"` - NoCreateHome bool `yaml:"no_create_home"` - PrimaryGroup string `yaml:"primary_group"` - Groups []string `yaml:"groups"` - NoUserGroup bool `yaml:"no_user_group"` - System bool `yaml:"system"` - NoLogInit bool `yaml:"no_log_init"` - Shell string `yaml:"shell"` -} - -type Group struct { - Name string `yaml:"name"` - Gid *uint `yaml:"gid"` - PasswordHash string `yaml:"password_hash"` - System bool `yaml:"system"` -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - for _, user := range in.Passwd.Users { - newUser := ignTypes.PasswdUser{ - Name: user.Name, - PasswordHash: user.PasswordHash, - SSHAuthorizedKeys: convertStringSliceIntoTypesSSHAuthorizedKeySlice(user.SSHAuthorizedKeys), - UID: user.UID, - Gecos: user.Gecos, - HomeDir: user.HomeDir, - NoCreateHome: user.NoCreateHome, - PrimaryGroup: user.PrimaryGroup, - Groups: convertStringSliceIntoTypesGroupSlice(user.Groups), - NoUserGroup: user.NoUserGroup, - System: user.System, - NoLogInit: user.NoLogInit, - Shell: user.Shell, - } - - if user.Create != nil { - newUser.Create = &ignTypes.Usercreate{ - UID: convertUintPointerToIntPointer(user.Create.Uid), - Gecos: user.Create.GECOS, - HomeDir: user.Create.Homedir, - NoCreateHome: user.Create.NoCreateHome, - PrimaryGroup: user.Create.PrimaryGroup, - Groups: convertStringSliceIntoTypesUsercreateGroupSlice(user.Create.Groups), - NoUserGroup: user.Create.NoUserGroup, - System: user.Create.System, - NoLogInit: user.Create.NoLogInit, - Shell: user.Create.Shell, - } - } - - out.Passwd.Users = append(out.Passwd.Users, newUser) - } - - for _, group := range in.Passwd.Groups { - out.Passwd.Groups = append(out.Passwd.Groups, ignTypes.PasswdGroup{ - Name: group.Name, - Gid: convertUintPointerToIntPointer(group.Gid), - PasswordHash: group.PasswordHash, - System: group.System, - }) - } - return out, report.Report{}, ast - }) -} - -// golang-- -func convertStringSliceIntoTypesSSHAuthorizedKeySlice(ss []string) []ignTypes.SSHAuthorizedKey { - var res []ignTypes.SSHAuthorizedKey - for _, s := range ss { - res = append(res, ignTypes.SSHAuthorizedKey(s)) - } - return res -} - -// golang-- -func convertStringSliceIntoTypesUsercreateGroupSlice(ss []string) []ignTypes.UsercreateGroup { - var res []ignTypes.UsercreateGroup - for _, s := range ss { - res = append(res, ignTypes.UsercreateGroup(s)) - } - return res -} - -// golang-- -func convertStringSliceIntoTypesGroupSlice(ss []string) []ignTypes.Group { - var res []ignTypes.Group - for _, s := range ss { - res = append(res, ignTypes.Group(s)) - } - return res -} - -// golang-- -func convertUintPointerToIntPointer(u *uint) *int { - if u == nil { - return nil - } - x := int(*u) - return &x -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/raid.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/raid.go deleted file mode 100644 index 014ee9dde5..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/raid.go +++ /dev/null @@ -1,64 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -type Raid struct { - Name string `yaml:"name"` - Level string `yaml:"level"` - Devices []string `yaml:"devices"` - Spares int `yaml:"spares"` - Options []string `yaml:"options"` -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - for _, array := range in.Storage.Arrays { - newArray := ignTypes.Raid{ - Name: array.Name, - Level: array.Level, - Spares: array.Spares, - Devices: convertStringSliceToTypesDeviceSlice(array.Devices), - Options: convertStringSiceToTypesRaidOptionSlice(array.Options), - } - - out.Storage.Raid = append(out.Storage.Raid, newArray) - } - return out, report.Report{}, ast - }) -} - -// golang-- -func convertStringSliceToTypesDeviceSlice(ss []string) []ignTypes.Device { - var res []ignTypes.Device - for _, s := range ss { - res = append(res, ignTypes.Device(s)) - } - return res -} - -// golang-- -func convertStringSiceToTypesRaidOptionSlice(ss []string) []ignTypes.RaidOption { - var res []ignTypes.RaidOption - for _, s := range ss { - res = append(res, ignTypes.RaidOption(s)) - } - return res -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/security.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/security.go deleted file mode 100644 index 6e8315329e..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/security.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2018 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -type Security struct { - TLS TLS `yaml:"tls"` -} - -type TLS struct { - CertificateAuthorities []CaReference `yaml:"certificate_authorities"` -} - -type CaReference struct { - Source string `yaml:"source"` - Verification Verification `yaml:"verification"` -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - for _, ca := range in.Ignition.Security.TLS.CertificateAuthorities { - out.Ignition.Security.TLS.CertificateAuthorities = append(out.Ignition.Security.TLS.CertificateAuthorities, ignTypes.CaReference{ - Source: ca.Source, - Verification: convertVerification(ca.Verification), - }) - } - return out, report.Report{}, ast - }) -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/storage.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/storage.go deleted file mode 100644 index 1b667920fa..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/storage.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Storage struct { - Disks []Disk `yaml:"disks"` - Arrays []Raid `yaml:"raid"` - Filesystems []Filesystem `yaml:"filesystems"` - Files []File `yaml:"files"` - Directories []Directory `yaml:"directories"` - Links []Link `yaml:"links"` -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/systemd.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/systemd.go deleted file mode 100644 index 42e054b089..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/systemd.go +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" -) - -type Systemd struct { - Units []SystemdUnit `yaml:"units"` -} - -type SystemdUnit struct { - Name string `yaml:"name"` - Enable bool `yaml:"enable"` - Enabled *bool `yaml:"enabled"` - Mask bool `yaml:"mask"` - Contents string `yaml:"contents"` - Dropins []SystemdUnitDropIn `yaml:"dropins"` -} - -type SystemdUnitDropIn struct { - Name string `yaml:"name"` - Contents string `yaml:"contents"` -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - for _, unit := range in.Systemd.Units { - newUnit := ignTypes.Unit{ - Name: unit.Name, - Enable: unit.Enable, - Enabled: unit.Enabled, - Mask: unit.Mask, - Contents: unit.Contents, - } - - for _, dropIn := range unit.Dropins { - newUnit.Dropins = append(newUnit.Dropins, ignTypes.SystemdDropin{ - Name: dropIn.Name, - Contents: dropIn.Contents, - }) - } - - out.Systemd.Units = append(out.Systemd.Units, newUnit) - } - return out, report.Report{}, ast - }) -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/update.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/update.go deleted file mode 100644 index ae65490b81..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/update.go +++ /dev/null @@ -1,99 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "errors" - "fmt" - "net/url" - "strings" - - "github.com/coreos/container-linux-config-transpiler/internal/util" - - ignTypes "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate/astnode" - "github.com/coreos/ignition/config/validate/report" - "github.com/vincent-petithory/dataurl" -) - -var ( - ErrUnknownGroup = errors.New("unknown update group") -) - -type Update struct { - Group UpdateGroup `yaml:"group"` - Server UpdateServer `yaml:"server"` -} - -type UpdateGroup string -type UpdateServer string - -func (u Update) Validate() report.Report { - switch strings.ToLower(string(u.Group)) { - case "stable", "beta", "alpha": - return report.Report{} - default: - if u.Server == "" { - return report.ReportFromError(ErrUnknownGroup, report.EntryWarning) - } - return report.Report{} - } -} - -func (s UpdateServer) Validate() report.Report { - _, err := url.Parse(string(s)) - if err != nil { - return report.ReportFromError(err, report.EntryError) - } - return report.Report{} -} - -func init() { - register(func(in Config, ast astnode.AstNode, out ignTypes.Config, platform string) (ignTypes.Config, report.Report, astnode.AstNode) { - var contents string - if in.Update != nil { - if in.Update.Group != "" { - contents += fmt.Sprintf("GROUP=%s", strings.ToLower(string(in.Update.Group))) - } - if in.Update.Server != "" { - contents += fmt.Sprintf("\nSERVER=%s", in.Update.Server) - } - } - if in.Locksmith != nil { - lines := in.Locksmith.configLines() - if len(lines) > 0 { - contents += "\n" + strings.Join(lines, "\n") - } - } - if contents != "" { - out.Storage.Files = append(out.Storage.Files, ignTypes.File{ - Node: ignTypes.Node{ - Filesystem: "root", - Path: "/etc/coreos/update.conf", - }, - FileEmbedded1: ignTypes.FileEmbedded1{ - Mode: util.IntToPtr(0644), - Contents: ignTypes.FileContents{ - Source: (&url.URL{ - Scheme: "data", - Opaque: "," + dataurl.EscapeString(contents), - }).String(), - }, - }, - }) - } - return out, report.Report{}, ast - }) -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/util/unit.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/util/unit.go deleted file mode 100644 index 03fb0a92f5..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/util/unit.go +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package util - -type SystemdUnit struct { - Unit *UnitSection - Service *UnitSection - Install *UnitSection -} - -func NewSystemdUnit() SystemdUnit { - return SystemdUnit{ - Unit: &UnitSection{}, - Service: &UnitSection{}, - Install: &UnitSection{}, - } -} - -type UnitSection []string - -func (u *UnitSection) Add(line string) { - *u = append(*u, line) -} - -func (s SystemdUnit) String() string { - res := "" - - type section struct { - name string - contents []string - } - - for _, sec := range []section{ - {"Unit", *s.Unit}, - {"Service", *s.Service}, - {"Install", *s.Install}, - } { - if len(sec.contents) == 0 { - continue - } - if res != "" { - res += "\n\n" - } - res += "[" + sec.name + "]" - for _, line := range sec.contents { - res += "\n" + line - } - } - return res -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/verification.go b/vendor/github.com/coreos/container-linux-config-transpiler/config/types/verification.go deleted file mode 100644 index 359029923f..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/config/types/verification.go +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Verification struct { - Hash Hash `yaml:"hash"` -} - -type Hash struct { - Function string `yaml:"function"` - Sum string `yaml:"sum"` -} - -func (h Hash) String() string { - return h.Function + "-" + h.Sum -} diff --git a/vendor/github.com/coreos/container-linux-config-transpiler/internal/util/type_casts.go b/vendor/github.com/coreos/container-linux-config-transpiler/internal/util/type_casts.go deleted file mode 100644 index 126e252fdd..0000000000 --- a/vendor/github.com/coreos/container-linux-config-transpiler/internal/util/type_casts.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package util - -func IntToPtr(i int) *int { - return &i -} - -func BoolToPtr(b bool) *bool { - return &b -} - -func StringToPtr(s string) *string { - return &s -} diff --git a/vendor/github.com/coreos/ignition/config/merge/merge.go b/vendor/github.com/coreos/ignition/config/merge/merge.go new file mode 100644 index 0000000000..10748ac403 --- /dev/null +++ b/vendor/github.com/coreos/ignition/config/merge/merge.go @@ -0,0 +1,224 @@ +// Copyright 2016 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package merge + +import ( + "reflect" + + "github.com/coreos/ignition/config/util" +) + +// Rules of Config Merging: +// 1) Parent and child configs must be the same version/type +// 2) Only valid configs can be merged +// 3) It is possible to merge two valid configs and get an invalid config +// 3) For structs: +// a) Members that are structs get merged recursively (i.e. ignition.storage) +// b) Members that are primitives get replaced by the child's member (e.g. ignition.storage.files[i].path) +// c) Members that are pointers only get replaced by the child's value if the child's value is non-nil (e.g. ignition.config.replace.source) +// d) List merging of a list with IgnoreDuplicates: append the lists (e.g. ignition.storage.files[i].append) +// e) List merging of a list not merged with other lists: merge any entries with the same Key() and append the others (e.g. ignition.storage.filesystems by path) +// f) List merging of a list merged with other lists: (e.g. ignition.storage.{files,links,directories} by path) +// - merge entries with the same Key() that are in the same list +// - remove entries from the parent with the same Key() that are not in the same list +// - append entries that are unique to the child + +// appendToSlice is a helper that appends to a slice without returning a new one. +// panics if len >= cap +func appendToSlice(s, v reflect.Value) { + s.SetLen(s.Len() + 1) + s.Index(s.Len() - 1).Set(v) +} + +type handleKey struct { + handle string + key string +} + +// structInfo holds information about a struct being processed and has helper methods for querying that +// information in a way that is more clear what the intent is. +type structInfo struct { + // set of field names to not do duplicate merging on + ignoreDups map[string]struct{} + + // map from field names to a handle indicating all those with the same handle should have duplication + // checking done across all fields that share that handle + mergedKeys map[string]string + + // map from each handle + key() value to what list it came from + keysToValues map[handleKey]reflect.Value + + // map from each handle + key() to the list it came from + keysToLists map[handleKey]string +} + +// returns if this field should not do duplicate checking/merging +func (s structInfo) ignoreField(name string) bool { + _, ignore := s.ignoreDups[name] + return ignore +} + +// getChildEntryByKey takes the name of a field (not handle) in the parent and a key and looks that entry +// up in the child. It will look up across all slices that share the same handle. It return the value and +// name of the field in the child it was found in. The bool indicates whether it was found. +func (s structInfo) getChildEntryByKey(fieldName, key string) (reflect.Value, string, bool) { + handle := fieldName + if tmp, ok := s.mergedKeys[fieldName]; ok { + handle = tmp + } + + hkey := handleKey{ + handle: handle, + key: key, + } + if v, ok := s.keysToValues[hkey]; ok { + return v, s.keysToLists[hkey], true + } + return reflect.Value{}, "", false +} + +func newStructInfo(parent, child reflect.Value) structInfo { + ignoreDups := map[string]struct{}{} + if ignorer, ok := parent.Interface().(util.IgnoresDups); ok { + ignoreDups = ignorer.IgnoreDuplicates() + } + + mergedKeys := map[string]string{} + if merger, ok := parent.Interface().(util.MergesKeys); ok { + mergedKeys = merger.MergedKeys() + } + + keysToValues := map[handleKey]reflect.Value{} + keysToLists := map[handleKey]string{} + for i := 0; i < child.NumField(); i++ { + field := child.Field(i) + if field.Kind() != reflect.Slice { + continue + } + + fieldName := child.Type().Field(i).Name + if _, ok := ignoreDups[fieldName]; ok { + continue + } + + handle := fieldName + if tmp, ok := mergedKeys[handle]; ok { + handle = tmp + } + + for j := 0; j < field.Len(); j++ { + v := field.Index(j) + hkey := handleKey{ + handle: handle, + key: util.CallKey(v), + } + keysToValues[hkey] = v + keysToLists[hkey] = fieldName + } + } + + return structInfo{ + ignoreDups: ignoreDups, + mergedKeys: mergedKeys, + keysToValues: keysToValues, + keysToLists: keysToLists, + } +} + +// MergeStruct is intended for use by config/vX_Y/ packages only. They should expose their own Merge() that is properly +// typed. Use that one instead. +// parent and child MUST be the same type +func MergeStruct(parent, child reflect.Value) reflect.Value { + // use New() so it's settable, addr-able, etc + result := reflect.New(parent.Type()).Elem() + info := newStructInfo(parent, child) + + for i := 0; i < parent.NumField(); i++ { + fieldName := parent.Type().Field(i).Name + parentField := parent.Field(i) + childField := child.Field(i) + resultField := result.Field(i) + + kind := parentField.Kind() + switch { + case util.IsPrimitive(kind): + resultField.Set(childField) + case kind == reflect.Ptr && childField.IsNil(): + resultField.Set(parentField) + case kind == reflect.Ptr && !childField.IsNil(): + resultField.Set(childField) + case kind == reflect.Struct: + resultField.Set(MergeStruct(parentField, childField)) + case kind == reflect.Slice && info.ignoreField(fieldName): + if parentField.Len()+childField.Len() == 0 { + continue + } + resultField.Set(reflect.AppendSlice(parentField, childField)) + case kind == reflect.Slice && !info.ignoreField(fieldName): + // ooph, this is a doosey + maxlen := parentField.Len() + childField.Len() + if maxlen == 0 { + continue + } + resultField.Set(reflect.MakeSlice(parentField.Type(), 0, parentField.Len()+childField.Len())) + parentKeys := getKeySet(parentField) + + for i := 0; i < parentField.Len(); i++ { + parentItem := parentField.Index(i) + key := util.CallKey(parentItem) + + if childItem, childList, ok := info.getChildEntryByKey(fieldName, key); ok { + if childList == fieldName { + // case 1: in child config in same list + if childItem.Kind() == reflect.Struct { + appendToSlice(resultField, MergeStruct(parentItem, childItem)) + } else if util.IsPrimitive(childItem.Kind()) { + appendToSlice(resultField, childItem) + } else { + panic("List of pointers or slices or something else weird") + } + } else { + // case 2: in child config in different list. Do nothing since it'll be handled iterating over that list + } + } else { + // case 3: not in child config, append it + appendToSlice(resultField, parentItem) + } + } + for i := 0; i < childField.Len(); i++ { + childItem := childField.Index(i) + key := util.CallKey(childItem) + if _, alreadyMerged := parentKeys[key]; !alreadyMerged { + // We only check the parentMap for this field. If the parent had a matching entry in a differnt field + // then it would be skipped as case 2 above + appendToSlice(resultField, childItem) + } + } + default: + panic("unreachable code reached") + } + } + + return result +} + +// getKeySet takes a value of a slice and returns the set of all the Key() values in that slice +func getKeySet(list reflect.Value) map[string]struct{} { + m := map[string]struct{}{} + for i := 0; i < list.Len(); i++ { + m[util.CallKey(list.Index(i))] = struct{}{} + } + return m +} diff --git a/vendor/github.com/coreos/ignition/config/shared/errors/errors.go b/vendor/github.com/coreos/ignition/config/shared/errors/errors.go index f2d1ddf286..6fe8f66d2e 100644 --- a/vendor/github.com/coreos/ignition/config/shared/errors/errors.go +++ b/vendor/github.com/coreos/ignition/config/shared/errors/errors.go @@ -22,51 +22,52 @@ import ( var ( // Parsing / general errors - ErrInvalid = errors.New("config is not valid") - ErrCloudConfig = errors.New("not a config (found coreos-cloudconfig)") - ErrEmpty = errors.New("not a config (empty)") - ErrUnknownVersion = errors.New("unsupported config version") - ErrScript = errors.New("not a config (found coreos-cloudinit script)") - ErrDeprecated = errors.New("config format deprecated") - ErrCompressionInvalid = errors.New("invalid compression method") + ErrInvalid = errors.New("config is not valid") + ErrEmpty = errors.New("not a config (empty)") // Ignition section errors - ErrOldVersion = errors.New("incorrect config version (too old)") - ErrNewVersion = errors.New("incorrect config version (too new)") ErrInvalidVersion = errors.New("invalid config version (couldn't parse)") + ErrUnknownVersion = errors.New("unsupported config version") + + ErrDeprecated = errors.New("config format deprecated") + ErrCompressionInvalid = errors.New("invalid compression method") // Storage section errors - ErrPermissionsUnset = errors.New("permissions unset, defaulting to 0000") - ErrDiskDeviceRequired = errors.New("disk device is required") - ErrPartitionNumbersCollide = errors.New("partition numbers collide") - ErrPartitionsOverlap = errors.New("partitions overlap") - ErrPartitionsMisaligned = errors.New("partitions misaligned") - ErrAppendAndOverwrite = errors.New("cannot set both append and overwrite to true") - ErrFilesystemInvalidFormat = errors.New("invalid filesystem format") - ErrFilesystemNoMountPath = errors.New("filesystem is missing mount or path") - ErrFilesystemMountAndPath = errors.New("filesystem has both mount and path defined") - ErrUsedCreateAndMountOpts = errors.New("cannot use both create object and mount-level options field") - ErrUsedCreateAndWipeFilesystem = errors.New("cannot use both create object and wipeFilesystem field") - ErrWarningCreateDeprecated = errors.New("the create object has been deprecated in favor of mount-level options") - ErrExt4LabelTooLong = errors.New("filesystem labels cannot be longer than 16 characters when using ext4") - ErrBtrfsLabelTooLong = errors.New("filesystem labels cannot be longer than 256 characters when using btrfs") - ErrXfsLabelTooLong = errors.New("filesystem labels cannot be longer than 12 characters when using xfs") - ErrSwapLabelTooLong = errors.New("filesystem labels cannot be longer than 15 characters when using swap") - ErrVfatLabelTooLong = errors.New("filesystem labels cannot be longer than 11 characters when using vfat") - ErrFileIllegalMode = errors.New("illegal file mode") - ErrNoFilesystem = errors.New("no filesystem specified") - ErrBothIDAndNameSet = errors.New("cannot set both id and name") - ErrLabelTooLong = errors.New("partition labels may not exceed 36 characters") - ErrDoesntMatchGUIDRegex = errors.New("doesn't match the form \"01234567-89AB-CDEF-EDCB-A98765432101\"") - ErrLabelContainsColon = errors.New("partition label will be truncated to text before the colon") - ErrPathRelative = errors.New("path not absolute") - ErrSparesUnsupportedForLevel = errors.New("spares unsupported for arrays with a level greater than 0") - ErrUnrecognizedRaidLevel = errors.New("unrecognized raid level") - ErrShouldNotExistWithOthers = errors.New("shouldExist specified false with other options also specified") - ErrZeroesWithShouldNotExist = errors.New("shouldExist is false for a partition and other partition(s) has start or size 0") + ErrFilePermissionsUnset = errors.New("permissions unset, defaulting to 0644") + ErrDirectoryPermissionsUnset = errors.New("permissions unset, defaulting to 0755") + ErrDiskDeviceRequired = errors.New("disk device is required") + ErrPartitionNumbersCollide = errors.New("partition numbers collide") + ErrPartitionsOverlap = errors.New("partitions overlap") + ErrPartitionsMisaligned = errors.New("partitions misaligned") + ErrAppendAndOverwrite = errors.New("cannot set both append and overwrite to true") + ErrFilesystemInvalidFormat = errors.New("invalid filesystem format") + ErrLabelNeedsFormat = errors.New("filesystem must specify format if label is specified") + ErrFormatNilWithOthers = errors.New("format cannot be empty when path, label, uuid, or options are specified") + ErrExt4LabelTooLong = errors.New("filesystem labels cannot be longer than 16 characters when using ext4") + ErrBtrfsLabelTooLong = errors.New("filesystem labels cannot be longer than 256 characters when using btrfs") + ErrXfsLabelTooLong = errors.New("filesystem labels cannot be longer than 12 characters when using xfs") + ErrSwapLabelTooLong = errors.New("filesystem labels cannot be longer than 15 characters when using swap") + ErrVfatLabelTooLong = errors.New("filesystem labels cannot be longer than 11 characters when using vfat") + ErrFileIllegalMode = errors.New("illegal file mode") + ErrNoFilesystem = errors.New("no filesystem specified") + ErrBothIDAndNameSet = errors.New("cannot set both id and name") + ErrLabelTooLong = errors.New("partition labels may not exceed 36 characters") + ErrDoesntMatchGUIDRegex = errors.New("doesn't match the form \"01234567-89AB-CDEF-EDCB-A98765432101\"") + ErrLabelContainsColon = errors.New("partition label will be truncated to text before the colon") + ErrNoPath = errors.New("path not specified") + ErrPathRelative = errors.New("path not absolute") + ErrDirtyPath = errors.New("path is not fully simplified") + ErrSparesUnsupportedForLevel = errors.New("spares unsupported for arrays with a level greater than 0") + ErrUnrecognizedRaidLevel = errors.New("unrecognized raid level") + ErrShouldNotExistWithOthers = errors.New("shouldExist specified false with other options also specified") + ErrZeroesWithShouldNotExist = errors.New("shouldExist is false for a partition and other partition(s) has start or size 0") + ErrPartitionsUnitsMismatch = errors.New("cannot mix MBs and sectors within a disk") + ErrSizeDeprecated = errors.New("size is deprecated; use sizeMB instead") + ErrStartDeprecated = errors.New("start is deprecated; use startMB instead") + ErrNeedLabelOrNumber = errors.New("a partition number >= 1 or a label must be specified") + ErrDuplicateLabels = errors.New("cannot use the same partition label twice") // Passwd section errors - ErrPasswdCreateDeprecated = errors.New("the create object has been deprecated in favor of user-level options") ErrPasswdCreateAndGecos = errors.New("cannot use both the create object and the user-level gecos field") ErrPasswdCreateAndGroups = errors.New("cannot use both the create object and the user-level groups field") ErrPasswdCreateAndHomeDir = errors.New("cannot use both the create object and the user-level homeDir field") @@ -78,18 +79,20 @@ var ( ErrPasswdCreateAndSystem = errors.New("cannot use both the create object and the user-level system field") ErrPasswdCreateAndUID = errors.New("cannot use both the create object and the user-level uid field") - // Systemd and Networkd section errors - ErrInvalidSystemdExt = errors.New("invalid systemd unit extension") - ErrInvalidSystemdDropinExt = errors.New("invalid systemd drop-in extension") - ErrInvalidNetworkdExt = errors.New("invalid networkd unit extension") - ErrInvalidNetworkdDropinExt = errors.New("invalid networkd drop-in extension") + // Systemd section errors + ErrInvalidSystemdExt = errors.New("invalid systemd unit extension") + ErrInvalidSystemdDropinExt = errors.New("invalid systemd drop-in extension") // Misc errors - ErrInvalidScheme = errors.New("invalid url scheme") - ErrInvalidUrl = errors.New("unable to parse url") - ErrHashMalformed = errors.New("malformed hash specifier") - ErrHashWrongSize = errors.New("incorrect size for hash sum") - ErrHashUnrecognized = errors.New("unrecognized hash function") + ErrInvalidScheme = errors.New("invalid url scheme") + ErrInvalidUrl = errors.New("unable to parse url") + ErrHashMalformed = errors.New("malformed hash specifier") + ErrHashWrongSize = errors.New("incorrect size for hash sum") + ErrHashUnrecognized = errors.New("unrecognized hash function") + ErrEngineConfiguration = errors.New("engine incorrectly configured") + + // AWS S3 specific errors + ErrInvalidS3ObjectVersionId = errors.New("invalid S3 object VersionId") ) // NewNoInstallSectionError produces an error indicating the given unit, named diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/path.go b/vendor/github.com/coreos/ignition/config/util/interfaces.go similarity index 54% rename from vendor/github.com/coreos/ignition/config/v2_0/types/path.go rename to vendor/github.com/coreos/ignition/config/util/interfaces.go index dcf35f8075..857de8234e 100644 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/path.go +++ b/vendor/github.com/coreos/ignition/config/util/interfaces.go @@ -1,4 +1,4 @@ -// Copyright 2016 CoreOS, Inc. +// Copyright 2019 Red Hat, Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,24 +12,28 @@ // See the License for the specific language governing permissions and // limitations under the License. -package types +package util import ( - "path" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" + "reflect" ) -type Path string +type MergesKeys interface { + MergedKeys() map[string]string +} + +type IgnoresDups interface { + IgnoreDuplicates() map[string]struct{} +} -func (p Path) MarshalJSON() ([]byte, error) { - return []byte(`"` + string(p) + `"`), nil +type Keyed interface { + Key() string } -func (p Path) Validate() report.Report { - if !path.IsAbs(string(p)) { - return report.ReportFromError(errors.ErrPathRelative, report.EntryError) +// CallKey is a helper to call the Key() function since this needs to happen a lot +func CallKey(v reflect.Value) string { + if v.Kind() == reflect.String { + return v.Convert(reflect.TypeOf("")).Interface().(string) } - return report.Report{} + return v.Interface().(Keyed).Key() } diff --git a/vendor/github.com/coreos/ignition/config/util/parsingErrors.go b/vendor/github.com/coreos/ignition/config/util/parsingErrors.go index 6b6b114daf..3a1865b227 100644 --- a/vendor/github.com/coreos/ignition/config/util/parsingErrors.go +++ b/vendor/github.com/coreos/ignition/config/util/parsingErrors.go @@ -15,35 +15,24 @@ package util import ( - "bytes" - "errors" - - configErrors "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/v2_3_experimental/types" + "github.com/coreos/ignition/config/shared/errors" "github.com/coreos/ignition/config/validate/report" + "github.com/coreos/ignition/config/validate/util" json "github.com/ajeddeloh/go-json" - "go4.org/errorutil" -) - -var ( - ErrValidConfig = errors.New("HandleParseErrors called with a valid config") ) -// HandleParseErrors will attempt to unmarshal an invalid rawConfig into the -// latest config struct, so as to generate a report.Report from the errors. It -// will always return an error. This is called after config/v* parse functions -// chain has failed to parse a config. -func HandleParseErrors(rawConfig []byte) (report.Report, error) { - config := types.Config{} - err := json.Unmarshal(rawConfig, &config) +// HandleParseErrors will attempt to unmarshal an invalid rawConfig into "to". +// If it fails to unmarsh it will generate a report.Report from the errors. +func HandleParseErrors(rawConfig []byte, to interface{}) (report.Report, error) { + err := json.Unmarshal(rawConfig, to) if err == nil { - return report.Report{}, ErrValidConfig + return report.Report{}, nil } // Handle json syntax and type errors first, since they are fatal but have offset info if serr, ok := err.(*json.SyntaxError); ok { - line, col, highlight := errorutil.HighlightBytePosition(bytes.NewReader(rawConfig), serr.Offset) + line, col, highlight := util.Highlight(rawConfig, serr.Offset) return report.Report{ Entries: []report.Entry{{ Kind: report.EntryError, @@ -53,11 +42,11 @@ func HandleParseErrors(rawConfig []byte) (report.Report, error) { Highlight: highlight, }}, }, - configErrors.ErrInvalid + errors.ErrInvalid } if terr, ok := err.(*json.UnmarshalTypeError); ok { - line, col, highlight := errorutil.HighlightBytePosition(bytes.NewReader(rawConfig), terr.Offset) + line, col, highlight := util.Highlight(rawConfig, terr.Offset) return report.Report{ Entries: []report.Entry{{ Kind: report.EntryError, @@ -67,8 +56,8 @@ func HandleParseErrors(rawConfig []byte) (report.Report, error) { Highlight: highlight, }}, }, - configErrors.ErrInvalid + errors.ErrInvalid } - return report.ReportFromError(err, report.EntryError), err + return report.ReportFromError(err, report.EntryError), errors.ErrInvalid } diff --git a/vendor/github.com/coreos/ignition/config/util/reflection.go b/vendor/github.com/coreos/ignition/config/util/reflection.go new file mode 100644 index 0000000000..561a8706ba --- /dev/null +++ b/vendor/github.com/coreos/ignition/config/util/reflection.go @@ -0,0 +1,55 @@ +// Copyright 2019 Red Hat, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package util + +import ( + "reflect" +) + +func IsPrimitive(k reflect.Kind) bool { + switch k { + case reflect.Bool, + reflect.Int, + reflect.Int8, + reflect.Int16, + reflect.Int32, + reflect.Int64, + reflect.Uint, + reflect.Uint8, + reflect.Uint16, + reflect.Uint32, + reflect.Uint64, + reflect.Uintptr, + reflect.Float32, + reflect.Float64, + reflect.Complex64, + reflect.Complex128, + reflect.String: + return true + default: + return false + } +} + +func IsInvalidInConfig(k reflect.Kind) bool { + switch { + case IsPrimitive(k): + return false + case k == reflect.Ptr || k == reflect.Slice || k == reflect.Struct: + return false + default: + return true + } +} diff --git a/vendor/github.com/coreos/ignition/config/v1/cloudinit.go b/vendor/github.com/coreos/ignition/config/v1/cloudinit.go deleted file mode 100644 index 7cfeb45593..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/cloudinit.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// These functions are copied from github.com/coreos/coreos-cloudinit/config. - -package v1 - -import ( - "bytes" - "compress/gzip" - "io/ioutil" - "strings" - "unicode" -) - -func isCloudConfig(userdata []byte) bool { - header := strings.SplitN(string(decompressIfGzipped(userdata)), "\n", 2)[0] - - // Trim trailing whitespaces - header = strings.TrimRightFunc(header, unicode.IsSpace) - - return (header == "#cloud-config") -} - -func isScript(userdata []byte) bool { - header := strings.SplitN(string(decompressIfGzipped(userdata)), "\n", 2)[0] - return strings.HasPrefix(header, "#!") -} - -func decompressIfGzipped(data []byte) []byte { - if reader, err := gzip.NewReader(bytes.NewReader(data)); err == nil { - uncompressedData, err := ioutil.ReadAll(reader) - reader.Close() - if err == nil { - return uncompressedData - } else { - return data - } - } else { - return data - } -} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/config.go b/vendor/github.com/coreos/ignition/config/v1/types/config.go deleted file mode 100644 index f9215699cb..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/config.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -const ( - Version = 1 -) - -type Config struct { - Version int `json:"ignitionVersion"` - Storage Storage `json:"storage,omitempty"` - Systemd Systemd `json:"systemd,omitempty"` - Networkd Networkd `json:"networkd,omitempty"` - Passwd Passwd `json:"passwd,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/disk.go b/vendor/github.com/coreos/ignition/config/v1/types/disk.go deleted file mode 100644 index 62517856dc..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/disk.go +++ /dev/null @@ -1,123 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Disk struct { - Device Path `json:"device,omitempty"` - WipeTable bool `json:"wipeTable,omitempty"` - Partitions []Partition `json:"partitions,omitempty"` -} - -func (n Disk) Validate() report.Report { - r := report.Report{} - if len(n.Device) == 0 { - r.Add(report.Entry{ - Kind: report.EntryError, - Message: errors.ErrDiskDeviceRequired.Error(), - }) - } - if n.partitionNumbersCollide() { - r.Add(report.Entry{ - Kind: report.EntryError, - Message: errors.ErrPartitionNumbersCollide.Error(), - }) - } - if n.partitionsOverlap() { - r.Add(report.Entry{ - Kind: report.EntryError, - Message: errors.ErrPartitionsOverlap.Error(), - }) - } - if n.partitionsMisaligned() { - r.Add(report.Entry{ - Kind: report.EntryError, - Message: errors.ErrPartitionsMisaligned.Error(), - }) - } - // Disks which get to this point will likely succeed in sgdisk - return r -} - -// partitionNumbersCollide returns true if partition numbers in n.Partitions are not unique. -func (n Disk) partitionNumbersCollide() bool { - m := map[int][]Partition{} - for _, p := range n.Partitions { - m[p.Number] = append(m[p.Number], p) - } - for _, n := range m { - if len(n) > 1 { - // TODO(vc): return information describing the collision for logging - return true - } - } - return false -} - -// end returns the last sector of a partition. -func (p Partition) end() PartitionDimension { - if p.Size == 0 { - // a size of 0 means "fill available", just return the start as the end for those. - return p.Start - } - return p.Start + p.Size - 1 -} - -// partitionsOverlap returns true if any explicitly dimensioned partitions overlap -func (n Disk) partitionsOverlap() bool { - for _, p := range n.Partitions { - // Starts of 0 are placed by sgdisk into the "largest available block" at that time. - // We aren't going to check those for overlap since we don't have the disk geometry. - if p.Start == 0 { - continue - } - - for _, o := range n.Partitions { - if p == o || o.Start == 0 { - continue - } - - // is p.Start within o? - if p.Start >= o.Start && p.Start <= o.end() { - return true - } - - // is p.end() within o? - if p.end() >= o.Start && p.end() <= o.end() { - return true - } - - // do p.Start and p.end() straddle o? - if p.Start < o.Start && p.end() > o.end() { - return true - } - } - } - return false -} - -// partitionsMisaligned returns true if any of the partitions don't start on a 2048-sector (1MiB) boundary. -func (n Disk) partitionsMisaligned() bool { - for _, p := range n.Partitions { - if (p.Start & (2048 - 1)) != 0 { - return true - } - } - return false -} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/filesystem.go b/vendor/github.com/coreos/ignition/config/v1/types/filesystem.go deleted file mode 100644 index 7986bd724c..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/filesystem.go +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Filesystem struct { - Device Path `json:"device,omitempty"` - Format FilesystemFormat `json:"format,omitempty"` - Create *FilesystemCreate `json:"create,omitempty"` - Files []File `json:"files,omitempty"` -} - -type FilesystemCreate struct { - Force bool `json:"force,omitempty"` - Options MkfsOptions `json:"options,omitempty"` -} - -type FilesystemFormat string - -func (f FilesystemFormat) Validate() report.Report { - switch f { - case "ext4", "btrfs", "xfs": - return report.Report{} - default: - return report.ReportFromError(errors.ErrFilesystemInvalidFormat, report.EntryError) - } -} - -type MkfsOptions []string diff --git a/vendor/github.com/coreos/ignition/config/v1/types/group.go b/vendor/github.com/coreos/ignition/config/v1/types/group.go deleted file mode 100644 index 27e5104887..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/group.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Group struct { - Name string `json:"name,omitempty"` - Gid *uint `json:"gid,omitempty"` - PasswordHash string `json:"passwordHash,omitempty"` - System bool `json:"system,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/networkd.go b/vendor/github.com/coreos/ignition/config/v1/types/networkd.go deleted file mode 100644 index 470c721106..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/networkd.go +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Networkd struct { - Units []NetworkdUnit `json:"units,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/partition.go b/vendor/github.com/coreos/ignition/config/v1/types/partition.go deleted file mode 100644 index 16270de2cf..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/partition.go +++ /dev/null @@ -1,60 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - "regexp" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Partition struct { - Label PartitionLabel `json:"label,omitempty"` - Number int `json:"number"` - Size PartitionDimension `json:"size"` - Start PartitionDimension `json:"start"` - TypeGUID PartitionTypeGUID `json:"typeGuid,omitempty"` -} - -type PartitionLabel string - -func (n PartitionLabel) Validate() report.Report { - // http://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_entries: - // 56 (0x38) 72 bytes Partition name (36 UTF-16LE code units) - - // XXX(vc): note GPT calls it a name, we're using label for consistency - // with udev naming /dev/disk/by-partlabel/*. - if len(string(n)) > 36 { - return report.ReportFromError(errors.ErrLabelTooLong, report.EntryError) - } - return report.Report{} -} - -type PartitionDimension uint64 - -type PartitionTypeGUID string - -func (d PartitionTypeGUID) Validate() report.Report { - ok, err := regexp.MatchString("^(|[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12})$", string(d)) - if err != nil { - return report.ReportFromError(fmt.Errorf("error matching type-guid regexp: %v", err), report.EntryError) - } - if !ok { - return report.ReportFromError(fmt.Errorf(`partition type-guid must have the form "01234567-89AB-CDEF-EDCB-A98765432101", got: %q`, string(d)), report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/path.go b/vendor/github.com/coreos/ignition/config/v1/types/path.go deleted file mode 100644 index e37341c1ac..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/path.go +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "path" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Path string - -func (d Path) Validate() report.Report { - if !path.IsAbs(string(d)) { - return report.ReportFromError(errors.ErrPathRelative, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/raid.go b/vendor/github.com/coreos/ignition/config/v1/types/raid.go deleted file mode 100644 index 329b123e6d..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/raid.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Raid struct { - Name string `json:"name"` - Level string `json:"level"` - Devices []Path `json:"devices,omitempty"` - Spares int `json:"spares,omitempty"` -} - -func (n Raid) Validate() report.Report { - switch n.Level { - case "linear", "raid0", "0", "stripe": - if n.Spares != 0 { - return report.ReportFromError(errors.ErrSparesUnsupportedForLevel, report.EntryError) - } - case "raid1", "1", "mirror": - case "raid4", "4": - case "raid5", "5": - case "raid6", "6": - case "raid10", "10": - default: - return report.ReportFromError(errors.ErrUnrecognizedRaidLevel, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/storage.go b/vendor/github.com/coreos/ignition/config/v1/types/storage.go deleted file mode 100644 index 2649751a7d..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/storage.go +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Storage struct { - Disks []Disk `json:"disks,omitempty"` - Arrays []Raid `json:"raid,omitempty"` - Filesystems []Filesystem `json:"filesystems,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/unit.go b/vendor/github.com/coreos/ignition/config/v1/types/unit.go deleted file mode 100644 index 5e983cc145..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/unit.go +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "path" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type SystemdUnit struct { - Name SystemdUnitName `json:"name,omitempty"` - Enable bool `json:"enable,omitempty"` - Mask bool `json:"mask,omitempty"` - Contents string `json:"contents,omitempty"` - DropIns []SystemdUnitDropIn `json:"dropins,omitempty"` -} - -type SystemdUnitDropIn struct { - Name SystemdUnitDropInName `json:"name,omitempty"` - Contents string `json:"contents,omitempty"` -} - -type SystemdUnitName string - -func (n SystemdUnitName) Validate() report.Report { - switch path.Ext(string(n)) { - case ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice", ".scope": - return report.Report{} - default: - return report.ReportFromError(errors.ErrInvalidSystemdExt, report.EntryError) - } -} - -type SystemdUnitDropInName string - -func (n SystemdUnitDropInName) Validate() report.Report { - switch path.Ext(string(n)) { - case ".conf": - return report.Report{} - default: - return report.ReportFromError(errors.ErrInvalidSystemdDropinExt, report.EntryError) - } -} - -type NetworkdUnit struct { - Name NetworkdUnitName `json:"name,omitempty"` - Contents string `json:"contents,omitempty"` -} - -type NetworkdUnitName string - -func (n NetworkdUnitName) Validate() report.Report { - switch path.Ext(string(n)) { - case ".link", ".netdev", ".network": - return report.Report{} - default: - return report.ReportFromError(errors.ErrInvalidNetworkdExt, report.EntryError) - } -} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/user.go b/vendor/github.com/coreos/ignition/config/v1/types/user.go deleted file mode 100644 index f6653e2749..0000000000 --- a/vendor/github.com/coreos/ignition/config/v1/types/user.go +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type User struct { - Name string `json:"name,omitempty"` - PasswordHash string `json:"passwordHash,omitempty"` - SSHAuthorizedKeys []string `json:"sshAuthorizedKeys,omitempty"` - Create *UserCreate `json:"create,omitempty"` -} - -type UserCreate struct { - Uid *uint `json:"uid,omitempty"` - GECOS string `json:"gecos,omitempty"` - Homedir string `json:"homeDir,omitempty"` - NoCreateHome bool `json:"noCreateHome,omitempty"` - PrimaryGroup string `json:"primaryGroup,omitempty"` - Groups []string `json:"groups,omitempty"` - NoUserGroup bool `json:"noUserGroup,omitempty"` - System bool `json:"system,omitempty"` - NoLogInit bool `json:"noLogInit,omitempty"` - Shell string `json:"shell,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/append.go b/vendor/github.com/coreos/ignition/config/v2_0/append.go deleted file mode 100644 index cee6bc412e..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/append.go +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v2_0 - -import ( - "reflect" - - "github.com/coreos/ignition/config/v2_0/types" -) - -// Append appends newConfig to oldConfig and returns the result. Appending one -// config to another is accomplished by iterating over every field in the -// config structure, appending slices, recursively appending structs, and -// overwriting old values with new values for all other types. -func Append(oldConfig, newConfig types.Config) types.Config { - vOld := reflect.ValueOf(oldConfig) - vNew := reflect.ValueOf(newConfig) - - vResult := appendStruct(vOld, vNew) - - return vResult.Interface().(types.Config) -} - -// appendStruct is an internal helper function to AppendConfig. Given two values -// of structures (assumed to be the same type), recursively iterate over every -// field in the struct, appending slices, recursively appending structs, and -// overwriting old values with the new for all other types. Individual fields -// are able to override their merge strategy using the "merge" tag. Accepted -// values are "new" or "old": "new" uses the new value, "old" uses the old -// value. These are currently only used for "ignition.config" and -// "ignition.version". -func appendStruct(vOld, vNew reflect.Value) reflect.Value { - tOld := vOld.Type() - vRes := reflect.New(tOld) - - for i := 0; i < tOld.NumField(); i++ { - vfOld := vOld.Field(i) - vfNew := vNew.Field(i) - vfRes := vRes.Elem().Field(i) - - switch tOld.Field(i).Tag.Get("merge") { - case "old": - vfRes.Set(vfOld) - continue - case "new": - vfRes.Set(vfNew) - continue - } - - switch vfOld.Type().Kind() { - case reflect.Struct: - vfRes.Set(appendStruct(vfOld, vfNew)) - case reflect.Slice: - vfRes.Set(reflect.AppendSlice(vfOld, vfNew)) - default: - vfRes.Set(vfNew) - } - } - - return vRes.Elem() -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/cloudinit.go b/vendor/github.com/coreos/ignition/config/v2_0/cloudinit.go deleted file mode 100644 index 9e1f2ad0e7..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/cloudinit.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// These functions are copied from github.com/coreos/coreos-cloudinit/config. - -package v2_0 - -import ( - "bytes" - "compress/gzip" - "io/ioutil" - "strings" - "unicode" -) - -func isCloudConfig(userdata []byte) bool { - header := strings.SplitN(string(decompressIfGzipped(userdata)), "\n", 2)[0] - - // Trim trailing whitespaces - header = strings.TrimRightFunc(header, unicode.IsSpace) - - return (header == "#cloud-config") -} - -func isScript(userdata []byte) bool { - header := strings.SplitN(string(decompressIfGzipped(userdata)), "\n", 2)[0] - return strings.HasPrefix(header, "#!") -} - -func decompressIfGzipped(data []byte) []byte { - if reader, err := gzip.NewReader(bytes.NewReader(data)); err == nil { - uncompressedData, err := ioutil.ReadAll(reader) - reader.Close() - if err == nil { - return uncompressedData - } else { - return data - } - } else { - return data - } -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/config.go b/vendor/github.com/coreos/ignition/config/v2_0/config.go deleted file mode 100644 index f1385bf1ca..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/config.go +++ /dev/null @@ -1,70 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v2_0 - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/v1" - "github.com/coreos/ignition/config/v2_0/types" - "github.com/coreos/ignition/config/validate" - "github.com/coreos/ignition/config/validate/report" - - json "github.com/ajeddeloh/go-json" - "github.com/coreos/go-semver/semver" -) - -// Parse parses the raw config into a types.Config struct and generates a report of any -// errors, warnings, info, and deprecations it encountered -func Parse(rawConfig []byte) (types.Config, report.Report, error) { - if isEmpty(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrEmpty - } else if isCloudConfig(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrCloudConfig - } else if isScript(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrScript - } - - var err error - var config types.Config - - err = json.Unmarshal(rawConfig, &config) - - if err != nil || semver.Version(config.Ignition.Version).LessThan(types.MaxVersion) { - // We can fail unmarshaling if it's an older config. Attempt to parse - // it as such. - config, rpt, err := v1.Parse(rawConfig) - if err != nil { - return types.Config{}, rpt, err - } - - rpt.Merge(report.ReportFromError(errors.ErrDeprecated, report.EntryDeprecated)) - return TranslateFromV1(config), rpt, err - } - - if semver.Version(config.Ignition.Version) != types.MaxVersion { - return types.Config{}, report.Report{}, errors.ErrUnknownVersion - } - - rpt := validate.ValidateConfig(rawConfig, config) - if rpt.IsFatal() { - return types.Config{}, rpt, errors.ErrInvalid - } - - return config, rpt, nil -} - -func isEmpty(userdata []byte) bool { - return len(userdata) == 0 -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/translate.go b/vendor/github.com/coreos/ignition/config/v2_0/translate.go deleted file mode 100644 index 832adce566..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/translate.go +++ /dev/null @@ -1,173 +0,0 @@ -// Copyright 2018 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v2_0 - -import ( - "fmt" - - v1 "github.com/coreos/ignition/config/v1/types" - "github.com/coreos/ignition/config/v2_0/types" - "github.com/vincent-petithory/dataurl" -) - -func TranslateFromV1(old v1.Config) types.Config { - config := types.Config{ - Ignition: types.Ignition{ - Version: types.IgnitionVersion(types.MaxVersion), - }, - } - - for _, oldDisk := range old.Storage.Disks { - disk := types.Disk{ - Device: types.Path(oldDisk.Device), - WipeTable: oldDisk.WipeTable, - } - - for _, oldPartition := range oldDisk.Partitions { - disk.Partitions = append(disk.Partitions, types.Partition{ - Label: types.PartitionLabel(oldPartition.Label), - Number: oldPartition.Number, - Size: types.PartitionDimension(oldPartition.Size), - Start: types.PartitionDimension(oldPartition.Start), - TypeGUID: types.PartitionTypeGUID(oldPartition.TypeGUID), - }) - } - - config.Storage.Disks = append(config.Storage.Disks, disk) - } - - for _, oldArray := range old.Storage.Arrays { - array := types.Raid{ - Name: oldArray.Name, - Level: oldArray.Level, - Spares: oldArray.Spares, - } - - for _, oldDevice := range oldArray.Devices { - array.Devices = append(array.Devices, types.Path(oldDevice)) - } - - config.Storage.Arrays = append(config.Storage.Arrays, array) - } - - for i, oldFilesystem := range old.Storage.Filesystems { - filesystem := types.Filesystem{ - Name: fmt.Sprintf("_translate-filesystem-%d", i), - Mount: &types.FilesystemMount{ - Device: types.Path(oldFilesystem.Device), - Format: types.FilesystemFormat(oldFilesystem.Format), - }, - } - - if oldFilesystem.Create != nil { - filesystem.Mount.Create = &types.FilesystemCreate{ - Force: oldFilesystem.Create.Force, - Options: types.MkfsOptions(oldFilesystem.Create.Options), - } - } - - config.Storage.Filesystems = append(config.Storage.Filesystems, filesystem) - - for _, oldFile := range oldFilesystem.Files { - file := types.File{ - Filesystem: filesystem.Name, - Path: types.Path(oldFile.Path), - User: types.FileUser{Id: oldFile.Uid}, - Group: types.FileGroup{Id: oldFile.Gid}, - Mode: types.FileMode(oldFile.Mode), - Contents: types.FileContents{ - Source: types.Url{ - Scheme: "data", - Opaque: "," + dataurl.EscapeString(oldFile.Contents), - }, - }, - } - - config.Storage.Files = append(config.Storage.Files, file) - } - } - - for _, oldUnit := range old.Systemd.Units { - unit := types.SystemdUnit{ - Name: types.SystemdUnitName(oldUnit.Name), - Enable: oldUnit.Enable, - Mask: oldUnit.Mask, - Contents: oldUnit.Contents, - } - - for _, oldDropIn := range oldUnit.DropIns { - unit.DropIns = append(unit.DropIns, types.SystemdUnitDropIn{ - Name: types.SystemdUnitDropInName(oldDropIn.Name), - Contents: oldDropIn.Contents, - }) - } - - config.Systemd.Units = append(config.Systemd.Units, unit) - } - - for _, oldUnit := range old.Networkd.Units { - config.Networkd.Units = append(config.Networkd.Units, types.NetworkdUnit{ - Name: types.NetworkdUnitName(oldUnit.Name), - Contents: oldUnit.Contents, - }) - } - - for _, oldUser := range old.Passwd.Users { - user := types.User{ - Name: oldUser.Name, - PasswordHash: oldUser.PasswordHash, - SSHAuthorizedKeys: oldUser.SSHAuthorizedKeys, - } - - if oldUser.Create != nil { - var uid *uint - if oldUser.Create.Uid != nil { - tmp := uint(*oldUser.Create.Uid) - uid = &tmp - } - - user.Create = &types.UserCreate{ - Uid: uid, - GECOS: oldUser.Create.GECOS, - Homedir: oldUser.Create.Homedir, - NoCreateHome: oldUser.Create.NoCreateHome, - PrimaryGroup: oldUser.Create.PrimaryGroup, - Groups: oldUser.Create.Groups, - NoUserGroup: oldUser.Create.NoUserGroup, - System: oldUser.Create.System, - NoLogInit: oldUser.Create.NoLogInit, - Shell: oldUser.Create.Shell, - } - } - - config.Passwd.Users = append(config.Passwd.Users, user) - } - - for _, oldGroup := range old.Passwd.Groups { - var gid *uint - if oldGroup.Gid != nil { - tmp := uint(*oldGroup.Gid) - gid = &tmp - } - config.Passwd.Groups = append(config.Passwd.Groups, types.Group{ - Name: oldGroup.Name, - Gid: gid, - PasswordHash: oldGroup.PasswordHash, - System: oldGroup.System, - }) - } - - return config -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/compression.go b/vendor/github.com/coreos/ignition/config/v2_0/types/compression.go deleted file mode 100644 index f56e5b9c80..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/compression.go +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Compression string - -func (c Compression) Validate() report.Report { - switch c { - case "", "gzip": - default: - return report.ReportFromError(errors.ErrCompressionInvalid, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/config.go b/vendor/github.com/coreos/ignition/config/v2_0/types/config.go deleted file mode 100644 index 3855158917..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/config.go +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - - "github.com/coreos/go-semver/semver" - - "github.com/coreos/ignition/config/validate/report" -) - -var ( - MaxVersion = semver.Version{ - Major: 2, - Minor: 0, - } -) - -type Config struct { - Ignition Ignition `json:"ignition"` - Storage Storage `json:"storage,omitempty"` - Systemd Systemd `json:"systemd,omitempty"` - Networkd Networkd `json:"networkd,omitempty"` - Passwd Passwd `json:"passwd,omitempty"` -} - -func (c Config) Validate() report.Report { - r := report.Report{} - rules := []rule{ - checkFilesFilesystems, - checkDuplicateFilesystems, - } - - for _, rule := range rules { - rule(c, &r) - } - return r -} - -type rule func(cfg Config, report *report.Report) - -func checkFilesFilesystems(cfg Config, r *report.Report) { - filesystems := map[string]struct{}{"root": {}} - for _, filesystem := range cfg.Storage.Filesystems { - filesystems[filesystem.Name] = struct{}{} - } - for _, file := range cfg.Storage.Files { - if file.Filesystem == "" { - // Filesystem was not specified. This is an error, but its handled in types.File's Validate, not here - continue - } - _, ok := filesystems[file.Filesystem] - if !ok { - r.Add(report.Entry{ - Kind: report.EntryWarning, - Message: fmt.Sprintf("File %q references nonexistent filesystem %q. (This is ok if it is defined in a referenced config)", - file.Path, file.Filesystem), - }) - } - } -} - -func checkDuplicateFilesystems(cfg Config, r *report.Report) { - filesystems := map[string]struct{}{"root": {}} - for _, filesystem := range cfg.Storage.Filesystems { - if _, ok := filesystems[filesystem.Name]; ok { - r.Add(report.Entry{ - Kind: report.EntryWarning, - Message: fmt.Sprintf("Filesystem %q shadows exising filesystem definition", filesystem.Name), - }) - } - filesystems[filesystem.Name] = struct{}{} - } -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/disk.go b/vendor/github.com/coreos/ignition/config/v2_0/types/disk.go deleted file mode 100644 index b68c5c930e..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/disk.go +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Disk struct { - Device Path `json:"device,omitempty"` - WipeTable bool `json:"wipeTable,omitempty"` - Partitions []Partition `json:"partitions,omitempty"` -} - -func (n Disk) Validate() report.Report { - r := report.Report{} - if len(n.Device) == 0 { - r.Add(report.Entry{ - Message: errors.ErrDiskDeviceRequired.Error(), - Kind: report.EntryError, - }) - } - if n.partitionNumbersCollide() { - r.Add(report.Entry{ - Message: errors.ErrPartitionNumbersCollide.Error(), - Kind: report.EntryError, - }) - } - if n.partitionsOverlap() { - r.Add(report.Entry{ - Message: errors.ErrPartitionsOverlap.Error(), - Kind: report.EntryError, - }) - } - if n.partitionsMisaligned() { - r.Add(report.Entry{ - Message: errors.ErrPartitionsMisaligned.Error(), - Kind: report.EntryError, - }) - } - // Disks which have no errors at this point will likely succeed in sgdisk - return r -} - -// partitionNumbersCollide returns true if partition numbers in n.Partitions are not unique. -func (n Disk) partitionNumbersCollide() bool { - m := map[int][]Partition{} - for _, p := range n.Partitions { - if p.Number != 0 { - // a number of 0 means next available number, multiple devices can specify this - m[p.Number] = append(m[p.Number], p) - } - } - for _, n := range m { - if len(n) > 1 { - // TODO(vc): return information describing the collision for logging - return true - } - } - return false -} - -// end returns the last sector of a partition. -func (p Partition) end() PartitionDimension { - if p.Size == 0 { - // a size of 0 means "fill available", just return the start as the end for those. - return p.Start - } - return p.Start + p.Size - 1 -} - -// partitionsOverlap returns true if any explicitly dimensioned partitions overlap -func (n Disk) partitionsOverlap() bool { - for _, p := range n.Partitions { - // Starts of 0 are placed by sgdisk into the "largest available block" at that time. - // We aren't going to check those for overlap since we don't have the disk geometry. - if p.Start == 0 { - continue - } - - for _, o := range n.Partitions { - if p == o || o.Start == 0 { - continue - } - - // is p.Start within o? - if p.Start >= o.Start && p.Start <= o.end() { - return true - } - - // is p.end() within o? - if p.end() >= o.Start && p.end() <= o.end() { - return true - } - - // do p.Start and p.end() straddle o? - if p.Start < o.Start && p.end() > o.end() { - return true - } - } - } - return false -} - -// partitionsMisaligned returns true if any of the partitions don't start on a 2048-sector (1MiB) boundary. -func (n Disk) partitionsMisaligned() bool { - for _, p := range n.Partitions { - if (p.Start & (2048 - 1)) != 0 { - return true - } - } - return false -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/file.go b/vendor/github.com/coreos/ignition/config/v2_0/types/file.go deleted file mode 100644 index 8d3e79054d..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/file.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "os" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type File struct { - Filesystem string `json:"filesystem,omitempty"` - Path Path `json:"path,omitempty"` - Contents FileContents `json:"contents,omitempty"` - Mode FileMode `json:"mode,omitempty"` - User FileUser `json:"user,omitempty"` - Group FileGroup `json:"group,omitempty"` -} - -func (f File) Validate() report.Report { - if f.Filesystem == "" { - return report.ReportFromError(errors.ErrNoFilesystem, report.EntryError) - } - return report.Report{} -} - -type FileUser struct { - Id int `json:"id,omitempty"` -} - -type FileGroup struct { - Id int `json:"id,omitempty"` -} - -type FileContents struct { - Compression Compression `json:"compression,omitempty"` - Source Url `json:"source,omitempty"` - Verification Verification `json:"verification,omitempty"` -} - -type FileMode os.FileMode - -func (m FileMode) Validate() report.Report { - if (m &^ 07777) != 0 { - return report.ReportFromError(errors.ErrFileIllegalMode, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/filesystem.go b/vendor/github.com/coreos/ignition/config/v2_0/types/filesystem.go deleted file mode 100644 index e3572711da..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/filesystem.go +++ /dev/null @@ -1,60 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Filesystem struct { - Name string `json:"name,omitempty"` - Mount *FilesystemMount `json:"mount,omitempty"` - Path *Path `json:"path,omitempty"` -} - -type FilesystemMount struct { - Device Path `json:"device,omitempty"` - Format FilesystemFormat `json:"format,omitempty"` - Create *FilesystemCreate `json:"create,omitempty"` -} - -type FilesystemCreate struct { - Force bool `json:"force,omitempty"` - Options MkfsOptions `json:"options,omitempty"` -} - -func (f Filesystem) Validate() report.Report { - if f.Mount == nil && f.Path == nil { - return report.ReportFromError(errors.ErrFilesystemNoMountPath, report.EntryError) - } - if f.Mount != nil && f.Path != nil { - return report.ReportFromError(errors.ErrFilesystemMountAndPath, report.EntryError) - } - return report.Report{} -} - -type FilesystemFormat string - -func (f FilesystemFormat) Validate() report.Report { - switch f { - case "ext4", "btrfs", "xfs": - return report.Report{} - default: - return report.ReportFromError(errors.ErrFilesystemInvalidFormat, report.EntryError) - } -} - -type MkfsOptions []string diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/group.go b/vendor/github.com/coreos/ignition/config/v2_0/types/group.go deleted file mode 100644 index 27e5104887..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/group.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Group struct { - Name string `json:"name,omitempty"` - Gid *uint `json:"gid,omitempty"` - PasswordHash string `json:"passwordHash,omitempty"` - System bool `json:"system,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/hash.go b/vendor/github.com/coreos/ignition/config/v2_0/types/hash.go deleted file mode 100644 index 628524dc6d..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/hash.go +++ /dev/null @@ -1,72 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "crypto" - "encoding/hex" - "encoding/json" - "strings" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Hash struct { - Function string - Sum string -} - -func (h *Hash) UnmarshalJSON(data []byte) error { - var th string - if err := json.Unmarshal(data, &th); err != nil { - return err - } - - parts := strings.SplitN(th, "-", 2) - if len(parts) != 2 { - return errors.ErrHashMalformed - } - - h.Function = parts[0] - h.Sum = parts[1] - - return nil -} - -func (h Hash) MarshalJSON() ([]byte, error) { - return []byte(`"` + h.Function + "-" + h.Sum + `"`), nil -} - -func (h Hash) String() string { - bytes, _ := h.MarshalJSON() - return string(bytes) -} - -func (h Hash) Validate() report.Report { - var hash crypto.Hash - switch h.Function { - case "sha512": - hash = crypto.SHA512 - default: - return report.ReportFromError(errors.ErrHashUnrecognized, report.EntryError) - } - - if len(h.Sum) != hex.EncodedLen(hash.Size()) { - return report.ReportFromError(errors.ErrHashWrongSize, report.EntryError) - } - - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/ignition.go b/vendor/github.com/coreos/ignition/config/v2_0/types/ignition.go deleted file mode 100644 index deeb822d09..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/ignition.go +++ /dev/null @@ -1,64 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "encoding/json" - - "github.com/coreos/go-semver/semver" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Ignition struct { - Version IgnitionVersion `json:"version,omitempty" merge:"old"` - Config IgnitionConfig `json:"config,omitempty" merge:"new"` -} - -type IgnitionConfig struct { - Append []ConfigReference `json:"append,omitempty"` - Replace *ConfigReference `json:"replace,omitempty"` -} - -type ConfigReference struct { - Source Url `json:"source,omitempty"` - Verification Verification `json:"verification,omitempty"` -} - -type IgnitionVersion semver.Version - -func (v *IgnitionVersion) UnmarshalJSON(data []byte) error { - tv := semver.Version(*v) - if err := json.Unmarshal(data, &tv); err != nil { - return err - } - *v = IgnitionVersion(tv) - return nil -} - -func (v IgnitionVersion) MarshalJSON() ([]byte, error) { - return semver.Version(v).MarshalJSON() -} - -func (v IgnitionVersion) Validate() report.Report { - if MaxVersion.Major > v.Major { - return report.ReportFromError(errors.ErrOldVersion, report.EntryError) - } - if MaxVersion.LessThan(semver.Version(v)) { - return report.ReportFromError(errors.ErrNewVersion, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/networkd.go b/vendor/github.com/coreos/ignition/config/v2_0/types/networkd.go deleted file mode 100644 index 470c721106..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/networkd.go +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Networkd struct { - Units []NetworkdUnit `json:"units,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/partition.go b/vendor/github.com/coreos/ignition/config/v2_0/types/partition.go deleted file mode 100644 index c36545d4a6..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/partition.go +++ /dev/null @@ -1,64 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - "regexp" - "strings" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Partition struct { - Label PartitionLabel `json:"label,omitempty"` - Number int `json:"number"` - Size PartitionDimension `json:"size"` - Start PartitionDimension `json:"start"` - TypeGUID PartitionTypeGUID `json:"typeGuid,omitempty"` -} - -type PartitionLabel string - -func (n PartitionLabel) Validate() report.Report { - // http://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_entries: - // 56 (0x38) 72 bytes Partition name (36 UTF-16LE code units) - - // XXX(vc): note GPT calls it a name, we're using label for consistency - // with udev naming /dev/disk/by-partlabel/*. - if len(string(n)) > 36 { - return report.ReportFromError(errors.ErrLabelTooLong, report.EntryError) - } - if strings.Contains(string(n), ":") { - return report.ReportFromError(errors.ErrLabelContainsColon, report.EntryWarning) - } - return report.Report{} -} - -type PartitionDimension uint64 - -type PartitionTypeGUID string - -func (d PartitionTypeGUID) Validate() report.Report { - ok, err := regexp.MatchString("^(|[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12})$", string(d)) - if err != nil { - return report.ReportFromError(fmt.Errorf("error matching type-guid regexp: %v", err), report.EntryError) - } - if !ok { - return report.ReportFromError(errors.ErrDoesntMatchGUIDRegex, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/passwd.go b/vendor/github.com/coreos/ignition/config/v2_0/types/passwd.go deleted file mode 100644 index 0ffff43bb8..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/passwd.go +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Passwd struct { - Users []User `json:"users,omitempty"` - Groups []Group `json:"groups,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/raid.go b/vendor/github.com/coreos/ignition/config/v2_0/types/raid.go deleted file mode 100644 index 329b123e6d..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/raid.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Raid struct { - Name string `json:"name"` - Level string `json:"level"` - Devices []Path `json:"devices,omitempty"` - Spares int `json:"spares,omitempty"` -} - -func (n Raid) Validate() report.Report { - switch n.Level { - case "linear", "raid0", "0", "stripe": - if n.Spares != 0 { - return report.ReportFromError(errors.ErrSparesUnsupportedForLevel, report.EntryError) - } - case "raid1", "1", "mirror": - case "raid4", "4": - case "raid5", "5": - case "raid6", "6": - case "raid10", "10": - default: - return report.ReportFromError(errors.ErrUnrecognizedRaidLevel, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/storage.go b/vendor/github.com/coreos/ignition/config/v2_0/types/storage.go deleted file mode 100644 index bd7343778a..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/storage.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Storage struct { - Disks []Disk `json:"disks,omitempty"` - Arrays []Raid `json:"raid,omitempty"` - Filesystems []Filesystem `json:"filesystems,omitempty"` - Files []File `json:"files,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/systemd.go b/vendor/github.com/coreos/ignition/config/v2_0/types/systemd.go deleted file mode 100644 index 97194b9115..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/systemd.go +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Systemd struct { - Units []SystemdUnit `json:"units,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/unit.go b/vendor/github.com/coreos/ignition/config/v2_0/types/unit.go deleted file mode 100644 index 06d99f2661..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/unit.go +++ /dev/null @@ -1,115 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - "path" - "strings" - - "github.com/coreos/go-systemd/unit" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/shared/validations" - "github.com/coreos/ignition/config/validate/report" -) - -type SystemdUnit struct { - Name SystemdUnitName `json:"name,omitempty"` - Enable bool `json:"enable,omitempty"` - Mask bool `json:"mask,omitempty"` - Contents string `json:"contents,omitempty"` - DropIns []SystemdUnitDropIn `json:"dropins,omitempty"` -} - -func (u SystemdUnit) Validate() report.Report { - r := report.Report{} - opts, err := validateUnitContent(u.Contents) - if err != nil { - return report.ReportFromError(err, report.EntryError) - } - - r.Merge(validations.ValidateInstallSection(string(u.Name), u.Enable, u.Contents == "", opts)) - - return r -} - -type SystemdUnitDropIn struct { - Name SystemdUnitDropInName `json:"name,omitempty"` - Contents string `json:"contents,omitempty"` -} - -func (u SystemdUnitDropIn) Validate() report.Report { - if _, err := validateUnitContent(u.Contents); err != nil { - return report.ReportFromError(err, report.EntryError) - } - - return report.Report{} -} - -type SystemdUnitName string - -func (n SystemdUnitName) Validate() report.Report { - switch path.Ext(string(n)) { - case ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice", ".scope": - return report.Report{} - default: - return report.ReportFromError(errors.ErrInvalidSystemdExt, report.EntryError) - } -} - -type SystemdUnitDropInName string - -func (n SystemdUnitDropInName) Validate() report.Report { - switch path.Ext(string(n)) { - case ".conf": - return report.Report{} - default: - return report.ReportFromError(errors.ErrInvalidSystemdDropinExt, report.EntryError) - } -} - -type NetworkdUnit struct { - Name NetworkdUnitName `json:"name,omitempty"` - Contents string `json:"contents,omitempty"` -} - -func (u NetworkdUnit) Validate() report.Report { - if _, err := validateUnitContent(u.Contents); err != nil { - return report.ReportFromError(err, report.EntryError) - } - - return report.Report{} -} - -type NetworkdUnitName string - -func (n NetworkdUnitName) Validate() report.Report { - switch path.Ext(string(n)) { - case ".link", ".netdev", ".network": - return report.Report{} - default: - return report.ReportFromError(errors.ErrInvalidNetworkdExt, report.EntryError) - } -} - -func validateUnitContent(content string) ([]*unit.UnitOption, error) { - c := strings.NewReader(content) - opts, err := unit.Deserialize(c) - if err != nil { - return nil, fmt.Errorf("invalid unit content: %s", err) - } - return opts, nil -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/url.go b/vendor/github.com/coreos/ignition/config/v2_0/types/url.go deleted file mode 100644 index b8ed96118b..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/url.go +++ /dev/null @@ -1,69 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "encoding/json" - "net/url" - - "github.com/vincent-petithory/dataurl" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -type Url url.URL - -func (u *Url) UnmarshalJSON(data []byte) error { - var tu string - if err := json.Unmarshal(data, &tu); err != nil { - return err - } - - pu, err := url.Parse(tu) - if err != nil { - return errors.ErrInvalidUrl - } - - *u = Url(*pu) - return nil -} - -func (u Url) MarshalJSON() ([]byte, error) { - return []byte(`"` + u.String() + `"`), nil -} - -func (u Url) String() string { - tu := url.URL(u) - return (&tu).String() -} - -func (u Url) Validate() report.Report { - // Empty url is valid, indicates an empty file - if u.String() == "" { - return report.Report{} - } - switch url.URL(u).Scheme { - case "http", "https", "oem": - return report.Report{} - case "data": - if _, err := dataurl.DecodeString(u.String()); err != nil { - return report.ReportFromError(err, report.EntryError) - } - return report.Report{} - default: - return report.ReportFromError(errors.ErrInvalidScheme, report.EntryError) - } -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/user.go b/vendor/github.com/coreos/ignition/config/v2_0/types/user.go deleted file mode 100644 index f6653e2749..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/user.go +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type User struct { - Name string `json:"name,omitempty"` - PasswordHash string `json:"passwordHash,omitempty"` - SSHAuthorizedKeys []string `json:"sshAuthorizedKeys,omitempty"` - Create *UserCreate `json:"create,omitempty"` -} - -type UserCreate struct { - Uid *uint `json:"uid,omitempty"` - GECOS string `json:"gecos,omitempty"` - Homedir string `json:"homeDir,omitempty"` - NoCreateHome bool `json:"noCreateHome,omitempty"` - PrimaryGroup string `json:"primaryGroup,omitempty"` - Groups []string `json:"groups,omitempty"` - NoUserGroup bool `json:"noUserGroup,omitempty"` - System bool `json:"system,omitempty"` - NoLogInit bool `json:"noLogInit,omitempty"` - Shell string `json:"shell,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_0/types/verification.go b/vendor/github.com/coreos/ignition/config/v2_0/types/verification.go deleted file mode 100644 index b7cef403e8..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_0/types/verification.go +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -type Verification struct { - Hash *Hash `json:"hash,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/append.go b/vendor/github.com/coreos/ignition/config/v2_1/append.go deleted file mode 100644 index b1517b7310..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/append.go +++ /dev/null @@ -1,72 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v2_1 - -import ( - "reflect" - - "github.com/coreos/ignition/config/v2_1/types" -) - -// Append appends newConfig to oldConfig and returns the result. Appending one -// config to another is accomplished by iterating over every field in the -// config structure, appending slices, recursively appending structs, and -// overwriting old values with new values for all other types. -func Append(oldConfig, newConfig types.Config) types.Config { - vOld := reflect.ValueOf(oldConfig) - vNew := reflect.ValueOf(newConfig) - - vResult := appendStruct(vOld, vNew) - - return vResult.Interface().(types.Config) -} - -// appendStruct is an internal helper function to AppendConfig. Given two values -// of structures (assumed to be the same type), recursively iterate over every -// field in the struct, appending slices, recursively appending structs, and -// overwriting old values with the new for all other types. Some individual -// struct fields have alternate merge strategies, determined by the field name. -// Currently these fields are "ignition.version", which uses the old value, and -// "ignition.config" which uses the new value. -func appendStruct(vOld, vNew reflect.Value) reflect.Value { - tOld := vOld.Type() - vRes := reflect.New(tOld) - - for i := 0; i < tOld.NumField(); i++ { - vfOld := vOld.Field(i) - vfNew := vNew.Field(i) - vfRes := vRes.Elem().Field(i) - - switch tOld.Field(i).Name { - case "Version": - vfRes.Set(vfOld) - continue - case "Config": - vfRes.Set(vfNew) - continue - } - - switch vfOld.Type().Kind() { - case reflect.Struct: - vfRes.Set(appendStruct(vfOld, vfNew)) - case reflect.Slice: - vfRes.Set(reflect.AppendSlice(vfOld, vfNew)) - default: - vfRes.Set(vfNew) - } - } - - return vRes.Elem() -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/cloudinit.go b/vendor/github.com/coreos/ignition/config/v2_1/cloudinit.go deleted file mode 100644 index a019320f41..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/cloudinit.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// These functions are copied from github.com/coreos/coreos-cloudinit/config. - -package v2_1 - -import ( - "bytes" - "compress/gzip" - "io/ioutil" - "strings" - "unicode" -) - -func isCloudConfig(userdata []byte) bool { - header := strings.SplitN(string(decompressIfGzipped(userdata)), "\n", 2)[0] - - // Trim trailing whitespaces - header = strings.TrimRightFunc(header, unicode.IsSpace) - - return (header == "#cloud-config") -} - -func isScript(userdata []byte) bool { - header := strings.SplitN(string(decompressIfGzipped(userdata)), "\n", 2)[0] - return strings.HasPrefix(header, "#!") -} - -func decompressIfGzipped(data []byte) []byte { - if reader, err := gzip.NewReader(bytes.NewReader(data)); err == nil { - uncompressedData, err := ioutil.ReadAll(reader) - reader.Close() - if err == nil { - return uncompressedData - } else { - return data - } - } else { - return data - } -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/config.go b/vendor/github.com/coreos/ignition/config/v2_1/config.go deleted file mode 100644 index 3fd271dd7e..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/config.go +++ /dev/null @@ -1,68 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v2_1 - -import ( - "github.com/coreos/go-semver/semver" - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/v2_0" - "github.com/coreos/ignition/config/v2_1/types" - "github.com/coreos/ignition/config/validate" - "github.com/coreos/ignition/config/validate/report" - - json "github.com/ajeddeloh/go-json" -) - -func Parse(rawConfig []byte) (types.Config, report.Report, error) { - if isEmpty(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrEmpty - } else if isCloudConfig(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrCloudConfig - } else if isScript(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrScript - } - - var err error - var config types.Config - - err = json.Unmarshal(rawConfig, &config) - - version, semverErr := semver.NewVersion(config.Ignition.Version) - - if err != nil || semverErr != nil || version.LessThan(types.MaxVersion) { - // We can fail unmarshaling if it's an older config. Attempt to parse - // it as such. - config, rpt, err := v2_0.Parse(rawConfig) - if err != nil { - return types.Config{}, rpt, err - } - return TranslateFromV2_0(config), rpt, err - } - - if *version != types.MaxVersion { - return types.Config{}, report.Report{}, errors.ErrUnknownVersion - } - - rpt := validate.ValidateConfig(rawConfig, config) - if rpt.IsFatal() { - return types.Config{}, rpt, errors.ErrInvalid - } - - return config, rpt, nil -} - -func isEmpty(userdata []byte) bool { - return len(userdata) == 0 -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/translate.go b/vendor/github.com/coreos/ignition/config/v2_1/translate.go deleted file mode 100644 index e6b80dd122..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/translate.go +++ /dev/null @@ -1,236 +0,0 @@ -// Copyright 2018 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v2_1 - -import ( - "strings" - - "github.com/coreos/ignition/config/util" - v2_0 "github.com/coreos/ignition/config/v2_0/types" - "github.com/coreos/ignition/config/v2_1/types" -) - -// golang-- -func translateV2_0MkfsOptionsTov2_1OptionSlice(opts v2_0.MkfsOptions) []types.CreateOption { - newOpts := make([]types.CreateOption, len(opts)) - for i, o := range opts { - newOpts[i] = types.CreateOption(o) - } - return newOpts -} - -// golang-- -func translateStringSliceTov2_1SSHAuthorizedKeySlice(keys []string) []types.SSHAuthorizedKey { - newKeys := make([]types.SSHAuthorizedKey, len(keys)) - for i, k := range keys { - newKeys[i] = types.SSHAuthorizedKey(k) - } - return newKeys -} - -// golang-- -func translateStringSliceTov2_1UsercreateGroupSlice(groups []string) []types.UsercreateGroup { - var newGroups []types.UsercreateGroup - for _, g := range groups { - newGroups = append(newGroups, types.UsercreateGroup(g)) - } - return newGroups -} - -func TranslateFromV2_0(old v2_0.Config) types.Config { - translateVerification := func(old v2_0.Verification) types.Verification { - var ver types.Verification - if old.Hash != nil { - // .String() here is a wrapper around MarshalJSON, which will put the hash in quotes - h := strings.Trim(old.Hash.String(), "\"") - ver.Hash = &h - } - return ver - } - translateConfigReference := func(old v2_0.ConfigReference) types.ConfigReference { - return types.ConfigReference{ - Source: old.Source.String(), - Verification: translateVerification(old.Verification), - } - } - - config := types.Config{ - Ignition: types.Ignition{ - Version: types.MaxVersion.String(), - }, - } - - if old.Ignition.Config.Replace != nil { - ref := translateConfigReference(*old.Ignition.Config.Replace) - config.Ignition.Config.Replace = &ref - } - - for _, oldAppend := range old.Ignition.Config.Append { - config.Ignition.Config.Append = - append(config.Ignition.Config.Append, translateConfigReference(oldAppend)) - } - - for _, oldDisk := range old.Storage.Disks { - disk := types.Disk{ - Device: string(oldDisk.Device), - WipeTable: oldDisk.WipeTable, - } - - for _, oldPartition := range oldDisk.Partitions { - disk.Partitions = append(disk.Partitions, types.Partition{ - Label: string(oldPartition.Label), - Number: oldPartition.Number, - Size: int(oldPartition.Size), - Start: int(oldPartition.Start), - TypeGUID: string(oldPartition.TypeGUID), - }) - } - - config.Storage.Disks = append(config.Storage.Disks, disk) - } - - for _, oldArray := range old.Storage.Arrays { - array := types.Raid{ - Name: oldArray.Name, - Level: oldArray.Level, - Spares: oldArray.Spares, - } - - for _, oldDevice := range oldArray.Devices { - array.Devices = append(array.Devices, types.Device(oldDevice)) - } - - config.Storage.Raid = append(config.Storage.Raid, array) - } - - for _, oldFilesystem := range old.Storage.Filesystems { - filesystem := types.Filesystem{ - Name: oldFilesystem.Name, - } - - if oldFilesystem.Mount != nil { - filesystem.Mount = &types.Mount{ - Device: string(oldFilesystem.Mount.Device), - Format: string(oldFilesystem.Mount.Format), - } - - if oldFilesystem.Mount.Create != nil { - filesystem.Mount.Create = &types.Create{ - Force: oldFilesystem.Mount.Create.Force, - Options: translateV2_0MkfsOptionsTov2_1OptionSlice(oldFilesystem.Mount.Create.Options), - } - } - } - - if oldFilesystem.Path != nil { - p := string(*oldFilesystem.Path) - filesystem.Path = &p - } - - config.Storage.Filesystems = append(config.Storage.Filesystems, filesystem) - } - - for _, oldFile := range old.Storage.Files { - file := types.File{ - Node: types.Node{ - Filesystem: oldFile.Filesystem, - Path: string(oldFile.Path), - User: types.NodeUser{ID: util.IntToPtr(oldFile.User.Id)}, - Group: types.NodeGroup{ID: util.IntToPtr(oldFile.Group.Id)}, - }, - FileEmbedded1: types.FileEmbedded1{ - Mode: int(oldFile.Mode), - Contents: types.FileContents{ - Compression: string(oldFile.Contents.Compression), - Source: oldFile.Contents.Source.String(), - Verification: translateVerification(oldFile.Contents.Verification), - }, - }, - } - - config.Storage.Files = append(config.Storage.Files, file) - } - - for _, oldUnit := range old.Systemd.Units { - unit := types.Unit{ - Name: string(oldUnit.Name), - Enable: oldUnit.Enable, - Mask: oldUnit.Mask, - Contents: oldUnit.Contents, - } - - for _, oldDropIn := range oldUnit.DropIns { - unit.Dropins = append(unit.Dropins, types.Dropin{ - Name: string(oldDropIn.Name), - Contents: oldDropIn.Contents, - }) - } - - config.Systemd.Units = append(config.Systemd.Units, unit) - } - - for _, oldUnit := range old.Networkd.Units { - config.Networkd.Units = append(config.Networkd.Units, types.Networkdunit{ - Name: string(oldUnit.Name), - Contents: oldUnit.Contents, - }) - } - - for _, oldUser := range old.Passwd.Users { - user := types.PasswdUser{ - Name: oldUser.Name, - PasswordHash: util.StrToPtr(oldUser.PasswordHash), - SSHAuthorizedKeys: translateStringSliceTov2_1SSHAuthorizedKeySlice(oldUser.SSHAuthorizedKeys), - } - - if oldUser.Create != nil { - var u *int - if oldUser.Create.Uid != nil { - tmp := int(*oldUser.Create.Uid) - u = &tmp - } - user.Create = &types.Usercreate{ - UID: u, - Gecos: oldUser.Create.GECOS, - HomeDir: oldUser.Create.Homedir, - NoCreateHome: oldUser.Create.NoCreateHome, - PrimaryGroup: oldUser.Create.PrimaryGroup, - Groups: translateStringSliceTov2_1UsercreateGroupSlice(oldUser.Create.Groups), - NoUserGroup: oldUser.Create.NoUserGroup, - System: oldUser.Create.System, - NoLogInit: oldUser.Create.NoLogInit, - Shell: oldUser.Create.Shell, - } - } - - config.Passwd.Users = append(config.Passwd.Users, user) - } - - for _, oldGroup := range old.Passwd.Groups { - var g *int - if oldGroup.Gid != nil { - tmp := int(*oldGroup.Gid) - g = &tmp - } - config.Passwd.Groups = append(config.Passwd.Groups, types.PasswdGroup{ - Name: oldGroup.Name, - Gid: g, - PasswordHash: oldGroup.PasswordHash, - System: oldGroup.System, - }) - } - - return config -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/config.go b/vendor/github.com/coreos/ignition/config/v2_1/types/config.go deleted file mode 100644 index 0e83bc6ad1..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/config.go +++ /dev/null @@ -1,91 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - - "github.com/coreos/go-semver/semver" - - "github.com/coreos/ignition/config/validate/report" -) - -var ( - MaxVersion = semver.Version{ - Major: 2, - Minor: 1, - } -) - -func (c Config) Validate() report.Report { - r := report.Report{} - rules := []rule{ - checkFilesFilesystems, - checkDuplicateFilesystems, - } - - for _, rule := range rules { - rule(c, &r) - } - return r -} - -type rule func(cfg Config, report *report.Report) - -func checkNodeFilesystems(node Node, filesystems map[string]struct{}, nodeType string) report.Report { - r := report.Report{} - if node.Filesystem == "" { - // Filesystem was not specified. This is an error, but its handled in types.File's Validate, not here - return r - } - _, ok := filesystems[node.Filesystem] - if !ok { - r.Add(report.Entry{ - Kind: report.EntryWarning, - Message: fmt.Sprintf("%v %q references nonexistent filesystem %q. (This is ok if it is defined in a referenced config)", - nodeType, node.Path, node.Filesystem), - }) - } - return r -} - -func checkFilesFilesystems(cfg Config, r *report.Report) { - filesystems := map[string]struct{}{"root": {}} - for _, filesystem := range cfg.Storage.Filesystems { - filesystems[filesystem.Name] = struct{}{} - } - for _, file := range cfg.Storage.Files { - r.Merge(checkNodeFilesystems(file.Node, filesystems, "File")) - } - for _, link := range cfg.Storage.Links { - r.Merge(checkNodeFilesystems(link.Node, filesystems, "Link")) - } - for _, dir := range cfg.Storage.Directories { - r.Merge(checkNodeFilesystems(dir.Node, filesystems, "Directory")) - } -} - -func checkDuplicateFilesystems(cfg Config, r *report.Report) { - filesystems := map[string]struct{}{"root": {}} - for _, filesystem := range cfg.Storage.Filesystems { - if _, ok := filesystems[filesystem.Name]; ok { - r.Add(report.Entry{ - Kind: report.EntryWarning, - Message: fmt.Sprintf("Filesystem %q shadows exising filesystem definition", filesystem.Name), - }) - } - filesystems[filesystem.Name] = struct{}{} - } -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/disk.go b/vendor/github.com/coreos/ignition/config/v2_1/types/disk.go deleted file mode 100644 index f0af504a17..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/disk.go +++ /dev/null @@ -1,128 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (n Disk) Validate() report.Report { - return report.Report{} -} - -func (n Disk) ValidateDevice() report.Report { - if len(n.Device) == 0 { - return report.ReportFromError(errors.ErrDiskDeviceRequired, report.EntryError) - } - if err := validatePath(string(n.Device)); err != nil { - return report.ReportFromError(err, report.EntryError) - } - return report.Report{} -} - -func (n Disk) ValidatePartitions() report.Report { - r := report.Report{} - if n.partitionNumbersCollide() { - r.Add(report.Entry{ - Message: errors.ErrPartitionNumbersCollide.Error(), - Kind: report.EntryError, - }) - } - if n.partitionsOverlap() { - r.Add(report.Entry{ - Message: errors.ErrPartitionsOverlap.Error(), - Kind: report.EntryError, - }) - } - if n.partitionsMisaligned() { - r.Add(report.Entry{ - Message: errors.ErrPartitionsMisaligned.Error(), - Kind: report.EntryError, - }) - } - // Disks which have no errors at this point will likely succeed in sgdisk - return r -} - -// partitionNumbersCollide returns true if partition numbers in n.Partitions are not unique. -func (n Disk) partitionNumbersCollide() bool { - m := map[int][]Partition{} - for _, p := range n.Partitions { - if p.Number != 0 { - // a number of 0 means next available number, multiple devices can specify this - m[p.Number] = append(m[p.Number], p) - } - } - for _, n := range m { - if len(n) > 1 { - // TODO(vc): return information describing the collision for logging - return true - } - } - return false -} - -// end returns the last sector of a partition. -func (p Partition) end() int { - if p.Size == 0 { - // a size of 0 means "fill available", just return the start as the end for those. - return p.Start - } - return p.Start + p.Size - 1 -} - -// partitionsOverlap returns true if any explicitly dimensioned partitions overlap -func (n Disk) partitionsOverlap() bool { - for _, p := range n.Partitions { - // Starts of 0 are placed by sgdisk into the "largest available block" at that time. - // We aren't going to check those for overlap since we don't have the disk geometry. - if p.Start == 0 { - continue - } - - for _, o := range n.Partitions { - if p == o || o.Start == 0 { - continue - } - - // is p.Start within o? - if p.Start >= o.Start && p.Start <= o.end() { - return true - } - - // is p.end() within o? - if p.end() >= o.Start && p.end() <= o.end() { - return true - } - - // do p.Start and p.end() straddle o? - if p.Start < o.Start && p.end() > o.end() { - return true - } - } - } - return false -} - -// partitionsMisaligned returns true if any of the partitions don't start on a 2048-sector (1MiB) boundary. -func (n Disk) partitionsMisaligned() bool { - for _, p := range n.Partitions { - if (p.Start & (2048 - 1)) != 0 { - return true - } - } - return false -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/filesystem.go b/vendor/github.com/coreos/ignition/config/v2_1/types/filesystem.go deleted file mode 100644 index a2e43ffda1..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/filesystem.go +++ /dev/null @@ -1,144 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (f Filesystem) Validate() report.Report { - r := report.Report{} - if f.Mount == nil && f.Path == nil { - r.Add(report.Entry{ - Message: errors.ErrFilesystemNoMountPath.Error(), - Kind: report.EntryError, - }) - } - if f.Mount != nil { - if f.Path != nil { - r.Add(report.Entry{ - Message: errors.ErrFilesystemMountAndPath.Error(), - Kind: report.EntryError, - }) - } - if f.Mount.Create != nil { - if f.Mount.WipeFilesystem { - r.Add(report.Entry{ - Message: errors.ErrUsedCreateAndWipeFilesystem.Error(), - Kind: report.EntryError, - }) - } - if len(f.Mount.Options) > 0 { - r.Add(report.Entry{ - Message: errors.ErrUsedCreateAndMountOpts.Error(), - Kind: report.EntryError, - }) - } - r.Add(report.Entry{ - Message: errors.ErrWarningCreateDeprecated.Error(), - Kind: report.EntryWarning, - }) - } - } - return r -} - -func (f Filesystem) ValidatePath() report.Report { - r := report.Report{} - if f.Path != nil && validatePath(*f.Path) != nil { - r.Add(report.Entry{ - Message: errors.ErrPathRelative.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (m Mount) Validate() report.Report { - r := report.Report{} - switch m.Format { - case "ext4", "btrfs", "xfs", "swap", "vfat": - default: - r.Add(report.Entry{ - Message: errors.ErrFilesystemInvalidFormat.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (m Mount) ValidateDevice() report.Report { - r := report.Report{} - if err := validatePath(m.Device); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (m Mount) ValidateLabel() report.Report { - r := report.Report{} - if m.Label == nil { - return r - } - switch m.Format { - case "ext4": - if len(*m.Label) > 16 { - // source: man mkfs.ext4 - r.Add(report.Entry{ - Message: errors.ErrExt4LabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "btrfs": - if len(*m.Label) > 256 { - // source: man mkfs.btrfs - r.Add(report.Entry{ - Message: errors.ErrBtrfsLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "xfs": - if len(*m.Label) > 12 { - // source: man mkfs.xfs - r.Add(report.Entry{ - Message: errors.ErrXfsLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "swap": - // mkswap's man page does not state a limit on label size, but through - // experimentation it appears that mkswap will truncate long labels to - // 15 characters, so let's enforce that. - if len(*m.Label) > 15 { - r.Add(report.Entry{ - Message: errors.ErrSwapLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "vfat": - if len(*m.Label) > 11 { - // source: man mkfs.fat - r.Add(report.Entry{ - Message: errors.ErrVfatLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/link.go b/vendor/github.com/coreos/ignition/config/v2_1/types/link.go deleted file mode 100644 index f028442528..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/link.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/validate/report" -) - -func (s LinkEmbedded1) ValidateTarget() report.Report { - r := report.Report{} - if !s.Hard { - err := validatePath(s.Target) - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/mode.go b/vendor/github.com/coreos/ignition/config/v2_1/types/mode.go deleted file mode 100644 index 12d4188e95..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/mode.go +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" -) - -func validateMode(m int) error { - if m < 0 || m > 07777 { - return errors.ErrFileIllegalMode - } - return nil -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/node.go b/vendor/github.com/coreos/ignition/config/v2_1/types/node.go deleted file mode 100644 index 50badfdfb9..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/node.go +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "path/filepath" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (n Node) ValidateFilesystem() report.Report { - r := report.Report{} - if n.Filesystem == "" { - r.Add(report.Entry{ - Message: errors.ErrNoFilesystem.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (n Node) ValidatePath() report.Report { - r := report.Report{} - if err := validatePath(n.Path); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (n Node) Depth() int { - count := 0 - for p := filepath.Clean(string(n.Path)); p != "/"; count++ { - p = filepath.Dir(p) - } - return count -} - -func (nu NodeUser) Validate() report.Report { - r := report.Report{} - if nu.ID != nil && nu.Name != "" { - r.Add(report.Entry{ - Message: errors.ErrBothIDAndNameSet.Error(), - Kind: report.EntryError, - }) - } - return r -} -func (ng NodeGroup) Validate() report.Report { - r := report.Report{} - if ng.ID != nil && ng.Name != "" { - r.Add(report.Entry{ - Message: errors.ErrBothIDAndNameSet.Error(), - Kind: report.EntryError, - }) - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/partition.go b/vendor/github.com/coreos/ignition/config/v2_1/types/partition.go deleted file mode 100644 index 084dce7ce2..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/partition.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - "regexp" - "strings" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -const ( - guidRegexStr = "^(|[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12})$" -) - -func (p Partition) ValidateLabel() report.Report { - r := report.Report{} - // http://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_entries: - // 56 (0x38) 72 bytes Partition name (36 UTF-16LE code units) - - // XXX(vc): note GPT calls it a name, we're using label for consistency - // with udev naming /dev/disk/by-partlabel/*. - if len(p.Label) > 36 { - r.Add(report.Entry{ - Message: errors.ErrLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - - // sgdisk uses colons for delimitting compound arguments and does not allow escaping them. - if strings.Contains(p.Label, ":") { - r.Add(report.Entry{ - Message: errors.ErrLabelContainsColon.Error(), - Kind: report.EntryWarning, - }) - } - return r -} - -func (p Partition) ValidateTypeGUID() report.Report { - return validateGUID(p.TypeGUID) -} - -func (p Partition) ValidateGUID() report.Report { - return validateGUID(p.GUID) -} - -func validateGUID(guid string) report.Report { - r := report.Report{} - ok, err := regexp.MatchString(guidRegexStr, guid) - if err != nil { - r.Add(report.Entry{ - Message: fmt.Sprintf("error matching guid regexp: %v", err), - Kind: report.EntryError, - }) - } else if !ok { - r.Add(report.Entry{ - Message: errors.ErrDoesntMatchGUIDRegex.Error(), - Kind: report.EntryError, - }) - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/passwd.go b/vendor/github.com/coreos/ignition/config/v2_1/types/passwd.go deleted file mode 100644 index 10508c56c0..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/passwd.go +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (p PasswdUser) Validate() report.Report { - r := report.Report{} - if p.Create != nil { - r.Add(report.Entry{ - Message: errors.ErrPasswdCreateDeprecated.Error(), - Kind: report.EntryWarning, - }) - addErr := func(err error) { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - if p.Gecos != "" { - addErr(errors.ErrPasswdCreateAndGecos) - } - if len(p.Groups) > 0 { - addErr(errors.ErrPasswdCreateAndGroups) - } - if p.HomeDir != "" { - addErr(errors.ErrPasswdCreateAndHomeDir) - } - if p.NoCreateHome { - addErr(errors.ErrPasswdCreateAndNoCreateHome) - } - if p.NoLogInit { - addErr(errors.ErrPasswdCreateAndNoLogInit) - } - if p.NoUserGroup { - addErr(errors.ErrPasswdCreateAndNoUserGroup) - } - if p.PrimaryGroup != "" { - addErr(errors.ErrPasswdCreateAndPrimaryGroup) - } - if p.Shell != "" { - addErr(errors.ErrPasswdCreateAndShell) - } - if p.System { - addErr(errors.ErrPasswdCreateAndSystem) - } - if p.UID != nil { - addErr(errors.ErrPasswdCreateAndUID) - } - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/path.go b/vendor/github.com/coreos/ignition/config/v2_1/types/path.go deleted file mode 100644 index 780607c31a..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/path.go +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "path" - - "github.com/coreos/ignition/config/shared/errors" -) - -func validatePath(p string) error { - if !path.IsAbs(p) { - return errors.ErrPathRelative - } - return nil -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/raid.go b/vendor/github.com/coreos/ignition/config/v2_1/types/raid.go deleted file mode 100644 index 3aceaa9faa..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/raid.go +++ /dev/null @@ -1,57 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (n Raid) ValidateLevel() report.Report { - r := report.Report{} - switch n.Level { - case "linear", "raid0", "0", "stripe": - if n.Spares != 0 { - r.Add(report.Entry{ - Message: errors.ErrSparesUnsupportedForLevel.Error(), - Kind: report.EntryError, - }) - } - case "raid1", "1", "mirror": - case "raid4", "4": - case "raid5", "5": - case "raid6", "6": - case "raid10", "10": - default: - r.Add(report.Entry{ - Message: errors.ErrUnrecognizedRaidLevel.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (n Raid) ValidateDevices() report.Report { - r := report.Report{} - for _, d := range n.Devices { - if err := validatePath(string(d)); err != nil { - r.Add(report.Entry{ - Message: errors.ErrPathRelative.Error(), - Kind: report.EntryError, - }) - } - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/schema.go b/vendor/github.com/coreos/ignition/config/v2_1/types/schema.go deleted file mode 100644 index e0caed5e6e..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/schema.go +++ /dev/null @@ -1,221 +0,0 @@ -package types - -// generated by "schematyper --package=types schema/ignition.json -o config/types/schema.go --root-type=Config" -- DO NOT EDIT - -type Config struct { - Ignition Ignition `json:"ignition"` - Networkd Networkd `json:"networkd,omitempty"` - Passwd Passwd `json:"passwd,omitempty"` - Storage Storage `json:"storage,omitempty"` - Systemd Systemd `json:"systemd,omitempty"` -} - -type ConfigReference struct { - Source string `json:"source,omitempty"` - Verification Verification `json:"verification,omitempty"` -} - -type Create struct { - Force bool `json:"force,omitempty"` - Options []CreateOption `json:"options,omitempty"` -} - -type CreateOption string - -type Device string - -type Directory struct { - Node - DirectoryEmbedded1 -} - -type DirectoryEmbedded1 struct { - Mode int `json:"mode,omitempty"` -} - -type Disk struct { - Device string `json:"device,omitempty"` - Partitions []Partition `json:"partitions,omitempty"` - WipeTable bool `json:"wipeTable,omitempty"` -} - -type Dropin struct { - Contents string `json:"contents,omitempty"` - Name string `json:"name,omitempty"` -} - -type File struct { - Node - FileEmbedded1 -} - -type FileContents struct { - Compression string `json:"compression,omitempty"` - Source string `json:"source,omitempty"` - Verification Verification `json:"verification,omitempty"` -} - -type FileEmbedded1 struct { - Contents FileContents `json:"contents,omitempty"` - Mode int `json:"mode,omitempty"` -} - -type Filesystem struct { - Mount *Mount `json:"mount,omitempty"` - Name string `json:"name,omitempty"` - Path *string `json:"path,omitempty"` -} - -type Ignition struct { - Config IgnitionConfig `json:"config,omitempty"` - Timeouts Timeouts `json:"timeouts,omitempty"` - Version string `json:"version,omitempty"` -} - -type IgnitionConfig struct { - Append []ConfigReference `json:"append,omitempty"` - Replace *ConfigReference `json:"replace,omitempty"` -} - -type Link struct { - Node - LinkEmbedded1 -} - -type LinkEmbedded1 struct { - Hard bool `json:"hard,omitempty"` - Target string `json:"target,omitempty"` -} - -type Mount struct { - Create *Create `json:"create,omitempty"` - Device string `json:"device,omitempty"` - Format string `json:"format,omitempty"` - Label *string `json:"label,omitempty"` - Options []MountOption `json:"options,omitempty"` - UUID *string `json:"uuid,omitempty"` - WipeFilesystem bool `json:"wipeFilesystem,omitempty"` -} - -type MountOption string - -type Networkd struct { - Units []Networkdunit `json:"units,omitempty"` -} - -type Networkdunit struct { - Contents string `json:"contents,omitempty"` - Name string `json:"name,omitempty"` -} - -type Node struct { - Filesystem string `json:"filesystem,omitempty"` - Group NodeGroup `json:"group,omitempty"` - Path string `json:"path,omitempty"` - User NodeUser `json:"user,omitempty"` -} - -type NodeGroup struct { - ID *int `json:"id,omitempty"` - Name string `json:"name,omitempty"` -} - -type NodeUser struct { - ID *int `json:"id,omitempty"` - Name string `json:"name,omitempty"` -} - -type Partition struct { - GUID string `json:"guid,omitempty"` - Label string `json:"label,omitempty"` - Number int `json:"number,omitempty"` - Size int `json:"size,omitempty"` - Start int `json:"start,omitempty"` - TypeGUID string `json:"typeGuid,omitempty"` -} - -type Passwd struct { - Groups []PasswdGroup `json:"groups,omitempty"` - Users []PasswdUser `json:"users,omitempty"` -} - -type PasswdGroup struct { - Gid *int `json:"gid,omitempty"` - Name string `json:"name,omitempty"` - PasswordHash string `json:"passwordHash,omitempty"` - System bool `json:"system,omitempty"` -} - -type PasswdUser struct { - Create *Usercreate `json:"create,omitempty"` - Gecos string `json:"gecos,omitempty"` - Groups []PasswdUserGroup `json:"groups,omitempty"` - HomeDir string `json:"homeDir,omitempty"` - Name string `json:"name,omitempty"` - NoCreateHome bool `json:"noCreateHome,omitempty"` - NoLogInit bool `json:"noLogInit,omitempty"` - NoUserGroup bool `json:"noUserGroup,omitempty"` - PasswordHash *string `json:"passwordHash,omitempty"` - PrimaryGroup string `json:"primaryGroup,omitempty"` - SSHAuthorizedKeys []SSHAuthorizedKey `json:"sshAuthorizedKeys,omitempty"` - Shell string `json:"shell,omitempty"` - System bool `json:"system,omitempty"` - UID *int `json:"uid,omitempty"` -} - -type PasswdUserGroup string - -type Raid struct { - Devices []Device `json:"devices,omitempty"` - Level string `json:"level,omitempty"` - Name string `json:"name,omitempty"` - Spares int `json:"spares,omitempty"` -} - -type SSHAuthorizedKey string - -type Storage struct { - Directories []Directory `json:"directories,omitempty"` - Disks []Disk `json:"disks,omitempty"` - Files []File `json:"files,omitempty"` - Filesystems []Filesystem `json:"filesystems,omitempty"` - Links []Link `json:"links,omitempty"` - Raid []Raid `json:"raid,omitempty"` -} - -type Systemd struct { - Units []Unit `json:"units,omitempty"` -} - -type Timeouts struct { - HTTPResponseHeaders *int `json:"httpResponseHeaders,omitempty"` - HTTPTotal *int `json:"httpTotal,omitempty"` -} - -type Unit struct { - Contents string `json:"contents,omitempty"` - Dropins []Dropin `json:"dropins,omitempty"` - Enable bool `json:"enable,omitempty"` - Enabled *bool `json:"enabled,omitempty"` - Mask bool `json:"mask,omitempty"` - Name string `json:"name,omitempty"` -} - -type Usercreate struct { - Gecos string `json:"gecos,omitempty"` - Groups []UsercreateGroup `json:"groups,omitempty"` - HomeDir string `json:"homeDir,omitempty"` - NoCreateHome bool `json:"noCreateHome,omitempty"` - NoLogInit bool `json:"noLogInit,omitempty"` - NoUserGroup bool `json:"noUserGroup,omitempty"` - PrimaryGroup string `json:"primaryGroup,omitempty"` - Shell string `json:"shell,omitempty"` - System bool `json:"system,omitempty"` - UID *int `json:"uid,omitempty"` -} - -type UsercreateGroup string - -type Verification struct { - Hash *string `json:"hash,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/url.go b/vendor/github.com/coreos/ignition/config/v2_1/types/url.go deleted file mode 100644 index 0fdc4a170e..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/url.go +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "net/url" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/vincent-petithory/dataurl" -) - -func validateURL(s string) error { - // Empty url is valid, indicates an empty file - if s == "" { - return nil - } - u, err := url.Parse(s) - if err != nil { - return errors.ErrInvalidUrl - } - - switch u.Scheme { - case "http", "https", "oem", "tftp", "s3": - return nil - case "data": - if _, err := dataurl.DecodeString(s); err != nil { - return err - } - return nil - default: - return errors.ErrInvalidScheme - } -} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/verification.go b/vendor/github.com/coreos/ignition/config/v2_1/types/verification.go deleted file mode 100644 index 51e7d1550a..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/verification.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "crypto" - "encoding/hex" - "strings" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -// HashParts will return the sum and function (in that order) of the hash stored -// in this Verification, or an error if there is an issue during parsing. -func (v Verification) HashParts() (string, string, error) { - if v.Hash == nil { - // The hash can be nil - return "", "", nil - } - parts := strings.SplitN(*v.Hash, "-", 2) - if len(parts) != 2 { - return "", "", errors.ErrHashMalformed - } - - return parts[0], parts[1], nil -} - -func (v Verification) Validate() report.Report { - r := report.Report{} - - if v.Hash == nil { - // The hash can be nil - return r - } - - function, sum, err := v.HashParts() - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - return r - } - var hash crypto.Hash - switch function { - case "sha512": - hash = crypto.SHA512 - default: - r.Add(report.Entry{ - Message: errors.ErrHashUnrecognized.Error(), - Kind: report.EntryError, - }) - return r - } - - if len(sum) != hex.EncodedLen(hash.Size()) { - r.Add(report.Entry{ - Message: errors.ErrHashWrongSize.Error(), - Kind: report.EntryError, - }) - } - - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/append.go b/vendor/github.com/coreos/ignition/config/v2_2/append.go deleted file mode 100644 index cf28f40905..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/append.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v2_2 - -import ( - "reflect" - - "github.com/coreos/ignition/config/v2_2/types" -) - -// Append appends newConfig to oldConfig and returns the result. Appending one -// config to another is accomplished by iterating over every field in the -// config structure, appending slices, recursively appending structs, and -// overwriting old values with new values for all other types. -func Append(oldConfig, newConfig types.Config) types.Config { - vOld := reflect.ValueOf(oldConfig) - vNew := reflect.ValueOf(newConfig) - - vResult := appendStruct(vOld, vNew) - - return vResult.Interface().(types.Config) -} - -// appendStruct is an internal helper function to AppendConfig. Given two values -// of structures (assumed to be the same type), recursively iterate over every -// field in the struct, appending slices, recursively appending structs, and -// overwriting old values with the new for all other types. Some individual -// struct fields have alternate merge strategies, determined by the field name. -// Currently these fields are "ignition.version", which uses the old value, and -// "ignition.config" which uses the new value. -func appendStruct(vOld, vNew reflect.Value) reflect.Value { - tOld := vOld.Type() - vRes := reflect.New(tOld) - - for i := 0; i < tOld.NumField(); i++ { - vfOld := vOld.Field(i) - vfNew := vNew.Field(i) - vfRes := vRes.Elem().Field(i) - - switch tOld.Field(i).Name { - case "Version": - vfRes.Set(vfOld) - continue - case "Config": - vfRes.Set(vfNew) - continue - } - - switch vfOld.Type().Kind() { - case reflect.Struct: - vfRes.Set(appendStruct(vfOld, vfNew)) - case reflect.Slice: - vfRes.Set(reflect.AppendSlice(vfOld, vfNew)) - default: - if vfNew.Kind() == reflect.Ptr && vfNew.IsNil() { - vfRes.Set(vfOld) - } else { - vfRes.Set(vfNew) - } - } - } - - return vRes.Elem() -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/cloudinit.go b/vendor/github.com/coreos/ignition/config/v2_2/cloudinit.go deleted file mode 100644 index 36a5439324..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/cloudinit.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// These functions are copied from github.com/coreos/coreos-cloudinit/config. - -package v2_2 - -import ( - "bytes" - "compress/gzip" - "io/ioutil" - "strings" - "unicode" -) - -func isCloudConfig(userdata []byte) bool { - header := strings.SplitN(string(decompressIfGzipped(userdata)), "\n", 2)[0] - - // Trim trailing whitespaces - header = strings.TrimRightFunc(header, unicode.IsSpace) - - return (header == "#cloud-config") -} - -func isScript(userdata []byte) bool { - header := strings.SplitN(string(decompressIfGzipped(userdata)), "\n", 2)[0] - return strings.HasPrefix(header, "#!") -} - -func decompressIfGzipped(data []byte) []byte { - if reader, err := gzip.NewReader(bytes.NewReader(data)); err == nil { - uncompressedData, err := ioutil.ReadAll(reader) - reader.Close() - if err == nil { - return uncompressedData - } else { - return data - } - } else { - return data - } -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/config.go b/vendor/github.com/coreos/ignition/config/v2_2/config.go deleted file mode 100644 index c934a9e4a3..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/config.go +++ /dev/null @@ -1,71 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v2_2 - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/v2_1" - "github.com/coreos/ignition/config/v2_2/types" - "github.com/coreos/ignition/config/validate" - "github.com/coreos/ignition/config/validate/report" - - json "github.com/ajeddeloh/go-json" - "github.com/coreos/go-semver/semver" -) - -// Parse parses the raw config into a types.Config struct and generates a report of any -// errors, warnings, info, and deprecations it encountered. Unlike config.Parse, -// it does not attempt to translate the config. -func Parse(rawConfig []byte) (types.Config, report.Report, error) { - if isEmpty(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrEmpty - } else if isCloudConfig(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrCloudConfig - } else if isScript(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrScript - } - - var err error - var config types.Config - - err = json.Unmarshal(rawConfig, &config) - - version, semverErr := semver.NewVersion(config.Ignition.Version) - - if err != nil || semverErr != nil || version.LessThan(types.MaxVersion) { - // We can fail unmarshaling if it's an older config. Attempt to parse - // it as such. - config, rpt, err := v2_1.Parse(rawConfig) - if err != nil { - return types.Config{}, rpt, err - } - return TranslateFromV2_1(config), rpt, err - } - - if *version != types.MaxVersion { - return types.Config{}, report.Report{}, errors.ErrUnknownVersion - } - - rpt := validate.ValidateConfig(rawConfig, config) - if rpt.IsFatal() { - return types.Config{}, rpt, errors.ErrInvalid - } - - return config, rpt, nil -} - -func isEmpty(userdata []byte) bool { - return len(userdata) == 0 -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/translate.go b/vendor/github.com/coreos/ignition/config/v2_2/translate.go deleted file mode 100644 index 56a6b33fc9..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/translate.go +++ /dev/null @@ -1,354 +0,0 @@ -// Copyright 2018 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v2_2 - -import ( - "github.com/coreos/ignition/config/util" - v2_1 "github.com/coreos/ignition/config/v2_1/types" - "github.com/coreos/ignition/config/v2_2/types" -) - -// golang-- -func translateStringSliceToV2_2SSHAuthorizedKeySlice(keys []string) []types.SSHAuthorizedKey { - newKeys := make([]types.SSHAuthorizedKey, len(keys)) - for i, k := range keys { - newKeys[i] = types.SSHAuthorizedKey(k) - } - return newKeys -} - -// golang-- -func translateStringSliceToV2_2UsercreateGroupSlice(groups []string) []types.UsercreateGroup { - var newGroups []types.UsercreateGroup - for _, g := range groups { - newGroups = append(newGroups, types.UsercreateGroup(g)) - } - return newGroups -} - -func TranslateFromV2_1(old v2_1.Config) types.Config { - translateConfigReference := func(old *v2_1.ConfigReference) *types.ConfigReference { - if old == nil { - return nil - } - return &types.ConfigReference{ - Source: old.Source, - Verification: types.Verification{ - Hash: old.Verification.Hash, - }, - } - } - translateConfigReferenceSlice := func(old []v2_1.ConfigReference) []types.ConfigReference { - var res []types.ConfigReference - for _, c := range old { - res = append(res, *translateConfigReference(&c)) - } - return res - } - translateNetworkdUnitSlice := func(old []v2_1.Networkdunit) []types.Networkdunit { - var res []types.Networkdunit - for _, u := range old { - res = append(res, types.Networkdunit{ - Contents: u.Contents, - Name: u.Name, - }) - } - return res - } - translatePasswdGroupSlice := func(old []v2_1.PasswdGroup) []types.PasswdGroup { - var res []types.PasswdGroup - for _, g := range old { - res = append(res, types.PasswdGroup{ - Gid: g.Gid, - Name: g.Name, - PasswordHash: g.PasswordHash, - System: g.System, - }) - } - return res - } - translatePasswdUsercreateGroupSlice := func(old []v2_1.UsercreateGroup) []types.UsercreateGroup { - var res []types.UsercreateGroup - for _, g := range old { - res = append(res, types.UsercreateGroup(g)) - } - return res - } - translatePasswdUsercreate := func(old *v2_1.Usercreate) *types.Usercreate { - if old == nil { - return nil - } - return &types.Usercreate{ - Gecos: old.Gecos, - Groups: translatePasswdUsercreateGroupSlice(old.Groups), - HomeDir: old.HomeDir, - NoCreateHome: old.NoCreateHome, - NoLogInit: old.NoLogInit, - NoUserGroup: old.NoUserGroup, - PrimaryGroup: old.PrimaryGroup, - Shell: old.Shell, - System: old.System, - UID: old.UID, - } - } - translatePasswdUserGroupSlice := func(old []v2_1.PasswdUserGroup) []types.Group { - var res []types.Group - for _, g := range old { - res = append(res, types.Group(g)) - } - return res - } - translatePasswdSSHAuthorizedKeySlice := func(old []v2_1.SSHAuthorizedKey) []types.SSHAuthorizedKey { - res := make([]types.SSHAuthorizedKey, len(old)) - for i, k := range old { - res[i] = types.SSHAuthorizedKey(k) - } - return res - } - translatePasswdUserSlice := func(old []v2_1.PasswdUser) []types.PasswdUser { - var res []types.PasswdUser - for _, u := range old { - res = append(res, types.PasswdUser{ - Create: translatePasswdUsercreate(u.Create), - Gecos: u.Gecos, - Groups: translatePasswdUserGroupSlice(u.Groups), - HomeDir: u.HomeDir, - Name: u.Name, - NoCreateHome: u.NoCreateHome, - NoLogInit: u.NoLogInit, - NoUserGroup: u.NoUserGroup, - PasswordHash: u.PasswordHash, - PrimaryGroup: u.PrimaryGroup, - SSHAuthorizedKeys: translatePasswdSSHAuthorizedKeySlice(u.SSHAuthorizedKeys), - Shell: u.Shell, - System: u.System, - UID: u.UID, - }) - } - return res - } - translateNodeGroup := func(old v2_1.NodeGroup) *types.NodeGroup { - return &types.NodeGroup{ - ID: old.ID, - Name: old.Name, - } - } - translateNodeUser := func(old v2_1.NodeUser) *types.NodeUser { - return &types.NodeUser{ - ID: old.ID, - Name: old.Name, - } - } - translateNode := func(old v2_1.Node) types.Node { - return types.Node{ - Filesystem: old.Filesystem, - Group: translateNodeGroup(old.Group), - Path: old.Path, - User: translateNodeUser(old.User), - } - } - translateDirectorySlice := func(old []v2_1.Directory) []types.Directory { - var res []types.Directory - for _, x := range old { - res = append(res, types.Directory{ - Node: translateNode(x.Node), - DirectoryEmbedded1: types.DirectoryEmbedded1{ - Mode: util.IntToPtr(x.DirectoryEmbedded1.Mode), - }, - }) - } - return res - } - translatePartitionSlice := func(old []v2_1.Partition) []types.Partition { - var res []types.Partition - for _, x := range old { - res = append(res, types.Partition{ - GUID: x.GUID, - Label: x.Label, - Number: x.Number, - Size: x.Size, - Start: x.Start, - TypeGUID: x.TypeGUID, - }) - } - return res - } - translateDiskSlice := func(old []v2_1.Disk) []types.Disk { - var res []types.Disk - for _, x := range old { - res = append(res, types.Disk{ - Device: x.Device, - Partitions: translatePartitionSlice(x.Partitions), - WipeTable: x.WipeTable, - }) - } - return res - } - translateFileSlice := func(old []v2_1.File) []types.File { - var res []types.File - for _, x := range old { - res = append(res, types.File{ - Node: translateNode(x.Node), - FileEmbedded1: types.FileEmbedded1{ - Contents: types.FileContents{ - Compression: x.Contents.Compression, - Source: x.Contents.Source, - Verification: types.Verification{ - Hash: x.Contents.Verification.Hash, - }, - }, - Mode: util.IntToPtr(x.Mode), - }, - }) - } - return res - } - translateMountCreateOptionSlice := func(old []v2_1.CreateOption) []types.CreateOption { - var res []types.CreateOption - for _, x := range old { - res = append(res, types.CreateOption(x)) - } - return res - } - translateMountCreate := func(old *v2_1.Create) *types.Create { - if old == nil { - return nil - } - return &types.Create{ - Force: old.Force, - Options: translateMountCreateOptionSlice(old.Options), - } - } - translateMountOptionSlice := func(old []v2_1.MountOption) []types.MountOption { - var res []types.MountOption - for _, x := range old { - res = append(res, types.MountOption(x)) - } - return res - } - translateMount := func(old *v2_1.Mount) *types.Mount { - if old == nil { - return nil - } - return &types.Mount{ - Create: translateMountCreate(old.Create), - Device: old.Device, - Format: old.Format, - Label: old.Label, - Options: translateMountOptionSlice(old.Options), - UUID: old.UUID, - WipeFilesystem: old.WipeFilesystem, - } - } - translateFilesystemSlice := func(old []v2_1.Filesystem) []types.Filesystem { - var res []types.Filesystem - for _, x := range old { - res = append(res, types.Filesystem{ - Mount: translateMount(x.Mount), - Name: x.Name, - Path: x.Path, - }) - } - return res - } - translateLinkSlice := func(old []v2_1.Link) []types.Link { - var res []types.Link - for _, x := range old { - res = append(res, types.Link{ - Node: translateNode(x.Node), - LinkEmbedded1: types.LinkEmbedded1{ - Hard: x.Hard, - Target: x.Target, - }, - }) - } - return res - } - translateDeviceSlice := func(old []v2_1.Device) []types.Device { - var res []types.Device - for _, x := range old { - res = append(res, types.Device(x)) - } - return res - } - translateRaidSlice := func(old []v2_1.Raid) []types.Raid { - var res []types.Raid - for _, x := range old { - res = append(res, types.Raid{ - Devices: translateDeviceSlice(x.Devices), - Level: x.Level, - Name: x.Name, - Spares: x.Spares, - }) - } - return res - } - translateSystemdDropinSlice := func(old []v2_1.Dropin) []types.SystemdDropin { - var res []types.SystemdDropin - for _, x := range old { - res = append(res, types.SystemdDropin{ - Contents: x.Contents, - Name: x.Name, - }) - } - return res - } - translateSystemdUnitSlice := func(old []v2_1.Unit) []types.Unit { - var res []types.Unit - for _, x := range old { - res = append(res, types.Unit{ - Contents: x.Contents, - Dropins: translateSystemdDropinSlice(x.Dropins), - Enable: x.Enable, - Enabled: x.Enabled, - Mask: x.Mask, - Name: x.Name, - }) - } - return res - } - config := types.Config{ - Ignition: types.Ignition{ - Version: types.MaxVersion.String(), - Timeouts: types.Timeouts{ - HTTPResponseHeaders: old.Ignition.Timeouts.HTTPResponseHeaders, - HTTPTotal: old.Ignition.Timeouts.HTTPTotal, - }, - Config: types.IgnitionConfig{ - Replace: translateConfigReference(old.Ignition.Config.Replace), - Append: translateConfigReferenceSlice(old.Ignition.Config.Append), - }, - }, - Networkd: types.Networkd{ - Units: translateNetworkdUnitSlice(old.Networkd.Units), - }, - Passwd: types.Passwd{ - Groups: translatePasswdGroupSlice(old.Passwd.Groups), - Users: translatePasswdUserSlice(old.Passwd.Users), - }, - Storage: types.Storage{ - Directories: translateDirectorySlice(old.Storage.Directories), - Disks: translateDiskSlice(old.Storage.Disks), - Files: translateFileSlice(old.Storage.Files), - Filesystems: translateFilesystemSlice(old.Storage.Filesystems), - Links: translateLinkSlice(old.Storage.Links), - Raid: translateRaidSlice(old.Storage.Raid), - }, - Systemd: types.Systemd{ - Units: translateSystemdUnitSlice(old.Systemd.Units), - }, - } - return config -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/ca.go b/vendor/github.com/coreos/ignition/config/v2_2/types/ca.go deleted file mode 100644 index 7440e1e2f3..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/ca.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2018 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/validate/report" -) - -func (c CaReference) ValidateSource() report.Report { - err := validateURL(c.Source) - if err != nil { - return report.ReportFromError(err, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/config.go b/vendor/github.com/coreos/ignition/config/v2_2/types/config.go deleted file mode 100644 index b1fcfcd991..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/config.go +++ /dev/null @@ -1,91 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - - "github.com/coreos/go-semver/semver" - - "github.com/coreos/ignition/config/validate/report" -) - -var ( - MaxVersion = semver.Version{ - Major: 2, - Minor: 2, - } -) - -func (c Config) Validate() report.Report { - r := report.Report{} - rules := []rule{ - checkFilesFilesystems, - checkDuplicateFilesystems, - } - - for _, rule := range rules { - rule(c, &r) - } - return r -} - -type rule func(cfg Config, report *report.Report) - -func checkNodeFilesystems(node Node, filesystems map[string]struct{}, nodeType string) report.Report { - r := report.Report{} - if node.Filesystem == "" { - // Filesystem was not specified. This is an error, but its handled in types.File's Validate, not here - return r - } - _, ok := filesystems[node.Filesystem] - if !ok { - r.Add(report.Entry{ - Kind: report.EntryWarning, - Message: fmt.Sprintf("%v %q references nonexistent filesystem %q. (This is ok if it is defined in a referenced config)", - nodeType, node.Path, node.Filesystem), - }) - } - return r -} - -func checkFilesFilesystems(cfg Config, r *report.Report) { - filesystems := map[string]struct{}{"root": {}} - for _, filesystem := range cfg.Storage.Filesystems { - filesystems[filesystem.Name] = struct{}{} - } - for _, file := range cfg.Storage.Files { - r.Merge(checkNodeFilesystems(file.Node, filesystems, "File")) - } - for _, link := range cfg.Storage.Links { - r.Merge(checkNodeFilesystems(link.Node, filesystems, "Link")) - } - for _, dir := range cfg.Storage.Directories { - r.Merge(checkNodeFilesystems(dir.Node, filesystems, "Directory")) - } -} - -func checkDuplicateFilesystems(cfg Config, r *report.Report) { - filesystems := map[string]struct{}{"root": {}} - for _, filesystem := range cfg.Storage.Filesystems { - if _, ok := filesystems[filesystem.Name]; ok { - r.Add(report.Entry{ - Kind: report.EntryWarning, - Message: fmt.Sprintf("Filesystem %q shadows exising filesystem definition", filesystem.Name), - }) - } - filesystems[filesystem.Name] = struct{}{} - } -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/directory.go b/vendor/github.com/coreos/ignition/config/v2_2/types/directory.go deleted file mode 100644 index 9fdc732a64..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/directory.go +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (d Directory) ValidateMode() report.Report { - r := report.Report{} - if err := validateMode(d.Mode); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - if d.Mode == nil { - r.Add(report.Entry{ - Message: errors.ErrPermissionsUnset.Error(), - Kind: report.EntryWarning, - }) - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/disk.go b/vendor/github.com/coreos/ignition/config/v2_2/types/disk.go deleted file mode 100644 index f0af504a17..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/disk.go +++ /dev/null @@ -1,128 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (n Disk) Validate() report.Report { - return report.Report{} -} - -func (n Disk) ValidateDevice() report.Report { - if len(n.Device) == 0 { - return report.ReportFromError(errors.ErrDiskDeviceRequired, report.EntryError) - } - if err := validatePath(string(n.Device)); err != nil { - return report.ReportFromError(err, report.EntryError) - } - return report.Report{} -} - -func (n Disk) ValidatePartitions() report.Report { - r := report.Report{} - if n.partitionNumbersCollide() { - r.Add(report.Entry{ - Message: errors.ErrPartitionNumbersCollide.Error(), - Kind: report.EntryError, - }) - } - if n.partitionsOverlap() { - r.Add(report.Entry{ - Message: errors.ErrPartitionsOverlap.Error(), - Kind: report.EntryError, - }) - } - if n.partitionsMisaligned() { - r.Add(report.Entry{ - Message: errors.ErrPartitionsMisaligned.Error(), - Kind: report.EntryError, - }) - } - // Disks which have no errors at this point will likely succeed in sgdisk - return r -} - -// partitionNumbersCollide returns true if partition numbers in n.Partitions are not unique. -func (n Disk) partitionNumbersCollide() bool { - m := map[int][]Partition{} - for _, p := range n.Partitions { - if p.Number != 0 { - // a number of 0 means next available number, multiple devices can specify this - m[p.Number] = append(m[p.Number], p) - } - } - for _, n := range m { - if len(n) > 1 { - // TODO(vc): return information describing the collision for logging - return true - } - } - return false -} - -// end returns the last sector of a partition. -func (p Partition) end() int { - if p.Size == 0 { - // a size of 0 means "fill available", just return the start as the end for those. - return p.Start - } - return p.Start + p.Size - 1 -} - -// partitionsOverlap returns true if any explicitly dimensioned partitions overlap -func (n Disk) partitionsOverlap() bool { - for _, p := range n.Partitions { - // Starts of 0 are placed by sgdisk into the "largest available block" at that time. - // We aren't going to check those for overlap since we don't have the disk geometry. - if p.Start == 0 { - continue - } - - for _, o := range n.Partitions { - if p == o || o.Start == 0 { - continue - } - - // is p.Start within o? - if p.Start >= o.Start && p.Start <= o.end() { - return true - } - - // is p.end() within o? - if p.end() >= o.Start && p.end() <= o.end() { - return true - } - - // do p.Start and p.end() straddle o? - if p.Start < o.Start && p.end() > o.end() { - return true - } - } - } - return false -} - -// partitionsMisaligned returns true if any of the partitions don't start on a 2048-sector (1MiB) boundary. -func (n Disk) partitionsMisaligned() bool { - for _, p := range n.Partitions { - if (p.Start & (2048 - 1)) != 0 { - return true - } - } - return false -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/file.go b/vendor/github.com/coreos/ignition/config/v2_2/types/file.go deleted file mode 100644 index b235d16c09..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/file.go +++ /dev/null @@ -1,69 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (f File) Validate() report.Report { - if f.Overwrite != nil && *f.Overwrite && f.Append { - return report.ReportFromError(errors.ErrAppendAndOverwrite, report.EntryError) - } - return report.Report{} -} - -func (f File) ValidateMode() report.Report { - r := report.Report{} - if err := validateMode(f.Mode); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - if f.Mode == nil { - r.Add(report.Entry{ - Message: errors.ErrPermissionsUnset.Error(), - Kind: report.EntryWarning, - }) - } - return r -} - -func (fc FileContents) ValidateCompression() report.Report { - r := report.Report{} - switch fc.Compression { - case "", "gzip": - default: - r.Add(report.Entry{ - Message: errors.ErrCompressionInvalid.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (fc FileContents) ValidateSource() report.Report { - r := report.Report{} - err := validateURL(fc.Source) - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/filesystem.go b/vendor/github.com/coreos/ignition/config/v2_2/types/filesystem.go deleted file mode 100644 index a2e43ffda1..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/filesystem.go +++ /dev/null @@ -1,144 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (f Filesystem) Validate() report.Report { - r := report.Report{} - if f.Mount == nil && f.Path == nil { - r.Add(report.Entry{ - Message: errors.ErrFilesystemNoMountPath.Error(), - Kind: report.EntryError, - }) - } - if f.Mount != nil { - if f.Path != nil { - r.Add(report.Entry{ - Message: errors.ErrFilesystemMountAndPath.Error(), - Kind: report.EntryError, - }) - } - if f.Mount.Create != nil { - if f.Mount.WipeFilesystem { - r.Add(report.Entry{ - Message: errors.ErrUsedCreateAndWipeFilesystem.Error(), - Kind: report.EntryError, - }) - } - if len(f.Mount.Options) > 0 { - r.Add(report.Entry{ - Message: errors.ErrUsedCreateAndMountOpts.Error(), - Kind: report.EntryError, - }) - } - r.Add(report.Entry{ - Message: errors.ErrWarningCreateDeprecated.Error(), - Kind: report.EntryWarning, - }) - } - } - return r -} - -func (f Filesystem) ValidatePath() report.Report { - r := report.Report{} - if f.Path != nil && validatePath(*f.Path) != nil { - r.Add(report.Entry{ - Message: errors.ErrPathRelative.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (m Mount) Validate() report.Report { - r := report.Report{} - switch m.Format { - case "ext4", "btrfs", "xfs", "swap", "vfat": - default: - r.Add(report.Entry{ - Message: errors.ErrFilesystemInvalidFormat.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (m Mount) ValidateDevice() report.Report { - r := report.Report{} - if err := validatePath(m.Device); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (m Mount) ValidateLabel() report.Report { - r := report.Report{} - if m.Label == nil { - return r - } - switch m.Format { - case "ext4": - if len(*m.Label) > 16 { - // source: man mkfs.ext4 - r.Add(report.Entry{ - Message: errors.ErrExt4LabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "btrfs": - if len(*m.Label) > 256 { - // source: man mkfs.btrfs - r.Add(report.Entry{ - Message: errors.ErrBtrfsLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "xfs": - if len(*m.Label) > 12 { - // source: man mkfs.xfs - r.Add(report.Entry{ - Message: errors.ErrXfsLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "swap": - // mkswap's man page does not state a limit on label size, but through - // experimentation it appears that mkswap will truncate long labels to - // 15 characters, so let's enforce that. - if len(*m.Label) > 15 { - r.Add(report.Entry{ - Message: errors.ErrSwapLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "vfat": - if len(*m.Label) > 11 { - // source: man mkfs.fat - r.Add(report.Entry{ - Message: errors.ErrVfatLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/ignition.go b/vendor/github.com/coreos/ignition/config/v2_2/types/ignition.go deleted file mode 100644 index bddf495833..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/ignition.go +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/go-semver/semver" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (c ConfigReference) ValidateSource() report.Report { - r := report.Report{} - err := validateURL(c.Source) - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (v Ignition) Semver() (*semver.Version, error) { - return semver.NewVersion(v.Version) -} - -func (v Ignition) Validate() report.Report { - tv, err := v.Semver() - if err != nil { - return report.ReportFromError(errors.ErrInvalidVersion, report.EntryError) - } - if MaxVersion.Major > tv.Major { - return report.ReportFromError(errors.ErrOldVersion, report.EntryError) - } - if MaxVersion.LessThan(*tv) { - return report.ReportFromError(errors.ErrNewVersion, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/link.go b/vendor/github.com/coreos/ignition/config/v2_2/types/link.go deleted file mode 100644 index f028442528..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/link.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/validate/report" -) - -func (s LinkEmbedded1) ValidateTarget() report.Report { - r := report.Report{} - if !s.Hard { - err := validatePath(s.Target) - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/node.go b/vendor/github.com/coreos/ignition/config/v2_2/types/node.go deleted file mode 100644 index 50badfdfb9..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/node.go +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "path/filepath" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (n Node) ValidateFilesystem() report.Report { - r := report.Report{} - if n.Filesystem == "" { - r.Add(report.Entry{ - Message: errors.ErrNoFilesystem.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (n Node) ValidatePath() report.Report { - r := report.Report{} - if err := validatePath(n.Path); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (n Node) Depth() int { - count := 0 - for p := filepath.Clean(string(n.Path)); p != "/"; count++ { - p = filepath.Dir(p) - } - return count -} - -func (nu NodeUser) Validate() report.Report { - r := report.Report{} - if nu.ID != nil && nu.Name != "" { - r.Add(report.Entry{ - Message: errors.ErrBothIDAndNameSet.Error(), - Kind: report.EntryError, - }) - } - return r -} -func (ng NodeGroup) Validate() report.Report { - r := report.Report{} - if ng.ID != nil && ng.Name != "" { - r.Add(report.Entry{ - Message: errors.ErrBothIDAndNameSet.Error(), - Kind: report.EntryError, - }) - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/partition.go b/vendor/github.com/coreos/ignition/config/v2_2/types/partition.go deleted file mode 100644 index 084dce7ce2..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/partition.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - "regexp" - "strings" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -const ( - guidRegexStr = "^(|[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12})$" -) - -func (p Partition) ValidateLabel() report.Report { - r := report.Report{} - // http://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_entries: - // 56 (0x38) 72 bytes Partition name (36 UTF-16LE code units) - - // XXX(vc): note GPT calls it a name, we're using label for consistency - // with udev naming /dev/disk/by-partlabel/*. - if len(p.Label) > 36 { - r.Add(report.Entry{ - Message: errors.ErrLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - - // sgdisk uses colons for delimitting compound arguments and does not allow escaping them. - if strings.Contains(p.Label, ":") { - r.Add(report.Entry{ - Message: errors.ErrLabelContainsColon.Error(), - Kind: report.EntryWarning, - }) - } - return r -} - -func (p Partition) ValidateTypeGUID() report.Report { - return validateGUID(p.TypeGUID) -} - -func (p Partition) ValidateGUID() report.Report { - return validateGUID(p.GUID) -} - -func validateGUID(guid string) report.Report { - r := report.Report{} - ok, err := regexp.MatchString(guidRegexStr, guid) - if err != nil { - r.Add(report.Entry{ - Message: fmt.Sprintf("error matching guid regexp: %v", err), - Kind: report.EntryError, - }) - } else if !ok { - r.Add(report.Entry{ - Message: errors.ErrDoesntMatchGUIDRegex.Error(), - Kind: report.EntryError, - }) - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/passwd.go b/vendor/github.com/coreos/ignition/config/v2_2/types/passwd.go deleted file mode 100644 index 10508c56c0..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/passwd.go +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (p PasswdUser) Validate() report.Report { - r := report.Report{} - if p.Create != nil { - r.Add(report.Entry{ - Message: errors.ErrPasswdCreateDeprecated.Error(), - Kind: report.EntryWarning, - }) - addErr := func(err error) { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - if p.Gecos != "" { - addErr(errors.ErrPasswdCreateAndGecos) - } - if len(p.Groups) > 0 { - addErr(errors.ErrPasswdCreateAndGroups) - } - if p.HomeDir != "" { - addErr(errors.ErrPasswdCreateAndHomeDir) - } - if p.NoCreateHome { - addErr(errors.ErrPasswdCreateAndNoCreateHome) - } - if p.NoLogInit { - addErr(errors.ErrPasswdCreateAndNoLogInit) - } - if p.NoUserGroup { - addErr(errors.ErrPasswdCreateAndNoUserGroup) - } - if p.PrimaryGroup != "" { - addErr(errors.ErrPasswdCreateAndPrimaryGroup) - } - if p.Shell != "" { - addErr(errors.ErrPasswdCreateAndShell) - } - if p.System { - addErr(errors.ErrPasswdCreateAndSystem) - } - if p.UID != nil { - addErr(errors.ErrPasswdCreateAndUID) - } - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/path.go b/vendor/github.com/coreos/ignition/config/v2_2/types/path.go deleted file mode 100644 index 780607c31a..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/path.go +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "path" - - "github.com/coreos/ignition/config/shared/errors" -) - -func validatePath(p string) error { - if !path.IsAbs(p) { - return errors.ErrPathRelative - } - return nil -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/raid.go b/vendor/github.com/coreos/ignition/config/v2_2/types/raid.go deleted file mode 100644 index 3aceaa9faa..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/raid.go +++ /dev/null @@ -1,57 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (n Raid) ValidateLevel() report.Report { - r := report.Report{} - switch n.Level { - case "linear", "raid0", "0", "stripe": - if n.Spares != 0 { - r.Add(report.Entry{ - Message: errors.ErrSparesUnsupportedForLevel.Error(), - Kind: report.EntryError, - }) - } - case "raid1", "1", "mirror": - case "raid4", "4": - case "raid5", "5": - case "raid6", "6": - case "raid10", "10": - default: - r.Add(report.Entry{ - Message: errors.ErrUnrecognizedRaidLevel.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (n Raid) ValidateDevices() report.Report { - r := report.Report{} - for _, d := range n.Devices { - if err := validatePath(string(d)); err != nil { - r.Add(report.Entry{ - Message: errors.ErrPathRelative.Error(), - Kind: report.EntryError, - }) - } - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/schema.go b/vendor/github.com/coreos/ignition/config/v2_2/types/schema.go deleted file mode 100644 index 4b32b337b3..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/schema.go +++ /dev/null @@ -1,246 +0,0 @@ -package types - -// generated by "schematyper --package=types schema/ignition.json -o config/types/schema.go --root-type=Config" -- DO NOT EDIT - -type CaReference struct { - Source string `json:"source,omitempty"` - Verification Verification `json:"verification,omitempty"` -} - -type Config struct { - Ignition Ignition `json:"ignition"` - Networkd Networkd `json:"networkd,omitempty"` - Passwd Passwd `json:"passwd,omitempty"` - Storage Storage `json:"storage,omitempty"` - Systemd Systemd `json:"systemd,omitempty"` -} - -type ConfigReference struct { - Source string `json:"source,omitempty"` - Verification Verification `json:"verification,omitempty"` -} - -type Create struct { - Force bool `json:"force,omitempty"` - Options []CreateOption `json:"options,omitempty"` -} - -type CreateOption string - -type Device string - -type Directory struct { - Node - DirectoryEmbedded1 -} - -type DirectoryEmbedded1 struct { - Mode *int `json:"mode,omitempty"` -} - -type Disk struct { - Device string `json:"device,omitempty"` - Partitions []Partition `json:"partitions,omitempty"` - WipeTable bool `json:"wipeTable,omitempty"` -} - -type File struct { - Node - FileEmbedded1 -} - -type FileContents struct { - Compression string `json:"compression,omitempty"` - Source string `json:"source,omitempty"` - Verification Verification `json:"verification,omitempty"` -} - -type FileEmbedded1 struct { - Append bool `json:"append,omitempty"` - Contents FileContents `json:"contents,omitempty"` - Mode *int `json:"mode,omitempty"` -} - -type Filesystem struct { - Mount *Mount `json:"mount,omitempty"` - Name string `json:"name,omitempty"` - Path *string `json:"path,omitempty"` -} - -type Group string - -type Ignition struct { - Config IgnitionConfig `json:"config,omitempty"` - Security Security `json:"security,omitempty"` - Timeouts Timeouts `json:"timeouts,omitempty"` - Version string `json:"version,omitempty"` -} - -type IgnitionConfig struct { - Append []ConfigReference `json:"append,omitempty"` - Replace *ConfigReference `json:"replace,omitempty"` -} - -type Link struct { - Node - LinkEmbedded1 -} - -type LinkEmbedded1 struct { - Hard bool `json:"hard,omitempty"` - Target string `json:"target,omitempty"` -} - -type Mount struct { - Create *Create `json:"create,omitempty"` - Device string `json:"device,omitempty"` - Format string `json:"format,omitempty"` - Label *string `json:"label,omitempty"` - Options []MountOption `json:"options,omitempty"` - UUID *string `json:"uuid,omitempty"` - WipeFilesystem bool `json:"wipeFilesystem,omitempty"` -} - -type MountOption string - -type Networkd struct { - Units []Networkdunit `json:"units,omitempty"` -} - -type NetworkdDropin struct { - Contents string `json:"contents,omitempty"` - Name string `json:"name,omitempty"` -} - -type Networkdunit struct { - Contents string `json:"contents,omitempty"` - Dropins []NetworkdDropin `json:"dropins,omitempty"` - Name string `json:"name,omitempty"` -} - -type Node struct { - Filesystem string `json:"filesystem,omitempty"` - Group *NodeGroup `json:"group,omitempty"` - Overwrite *bool `json:"overwrite,omitempty"` - Path string `json:"path,omitempty"` - User *NodeUser `json:"user,omitempty"` -} - -type NodeGroup struct { - ID *int `json:"id,omitempty"` - Name string `json:"name,omitempty"` -} - -type NodeUser struct { - ID *int `json:"id,omitempty"` - Name string `json:"name,omitempty"` -} - -type Partition struct { - GUID string `json:"guid,omitempty"` - Label string `json:"label,omitempty"` - Number int `json:"number,omitempty"` - Size int `json:"size,omitempty"` - Start int `json:"start,omitempty"` - TypeGUID string `json:"typeGuid,omitempty"` -} - -type Passwd struct { - Groups []PasswdGroup `json:"groups,omitempty"` - Users []PasswdUser `json:"users,omitempty"` -} - -type PasswdGroup struct { - Gid *int `json:"gid,omitempty"` - Name string `json:"name,omitempty"` - PasswordHash string `json:"passwordHash,omitempty"` - System bool `json:"system,omitempty"` -} - -type PasswdUser struct { - Create *Usercreate `json:"create,omitempty"` - Gecos string `json:"gecos,omitempty"` - Groups []Group `json:"groups,omitempty"` - HomeDir string `json:"homeDir,omitempty"` - Name string `json:"name,omitempty"` - NoCreateHome bool `json:"noCreateHome,omitempty"` - NoLogInit bool `json:"noLogInit,omitempty"` - NoUserGroup bool `json:"noUserGroup,omitempty"` - PasswordHash *string `json:"passwordHash,omitempty"` - PrimaryGroup string `json:"primaryGroup,omitempty"` - SSHAuthorizedKeys []SSHAuthorizedKey `json:"sshAuthorizedKeys,omitempty"` - Shell string `json:"shell,omitempty"` - System bool `json:"system,omitempty"` - UID *int `json:"uid,omitempty"` -} - -type Raid struct { - Devices []Device `json:"devices,omitempty"` - Level string `json:"level,omitempty"` - Name string `json:"name,omitempty"` - Options []RaidOption `json:"options,omitempty"` - Spares int `json:"spares,omitempty"` -} - -type RaidOption string - -type SSHAuthorizedKey string - -type Security struct { - TLS TLS `json:"tls,omitempty"` -} - -type Storage struct { - Directories []Directory `json:"directories,omitempty"` - Disks []Disk `json:"disks,omitempty"` - Files []File `json:"files,omitempty"` - Filesystems []Filesystem `json:"filesystems,omitempty"` - Links []Link `json:"links,omitempty"` - Raid []Raid `json:"raid,omitempty"` -} - -type Systemd struct { - Units []Unit `json:"units,omitempty"` -} - -type SystemdDropin struct { - Contents string `json:"contents,omitempty"` - Name string `json:"name,omitempty"` -} - -type TLS struct { - CertificateAuthorities []CaReference `json:"certificateAuthorities,omitempty"` -} - -type Timeouts struct { - HTTPResponseHeaders *int `json:"httpResponseHeaders,omitempty"` - HTTPTotal *int `json:"httpTotal,omitempty"` -} - -type Unit struct { - Contents string `json:"contents,omitempty"` - Dropins []SystemdDropin `json:"dropins,omitempty"` - Enable bool `json:"enable,omitempty"` - Enabled *bool `json:"enabled,omitempty"` - Mask bool `json:"mask,omitempty"` - Name string `json:"name,omitempty"` -} - -type Usercreate struct { - Gecos string `json:"gecos,omitempty"` - Groups []UsercreateGroup `json:"groups,omitempty"` - HomeDir string `json:"homeDir,omitempty"` - NoCreateHome bool `json:"noCreateHome,omitempty"` - NoLogInit bool `json:"noLogInit,omitempty"` - NoUserGroup bool `json:"noUserGroup,omitempty"` - PrimaryGroup string `json:"primaryGroup,omitempty"` - Shell string `json:"shell,omitempty"` - System bool `json:"system,omitempty"` - UID *int `json:"uid,omitempty"` -} - -type UsercreateGroup string - -type Verification struct { - Hash *string `json:"hash,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/unit.go b/vendor/github.com/coreos/ignition/config/v2_2/types/unit.go deleted file mode 100644 index 70fe1179a4..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/unit.go +++ /dev/null @@ -1,131 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - "path" - "strings" - - "github.com/coreos/go-systemd/unit" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/shared/validations" - "github.com/coreos/ignition/config/validate/report" -) - -func (u Unit) ValidateContents() report.Report { - r := report.Report{} - opts, err := validateUnitContent(u.Contents) - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - - isEnabled := u.Enable || (u.Enabled != nil && *u.Enabled) - r.Merge(validations.ValidateInstallSection(u.Name, isEnabled, u.Contents == "", opts)) - - return r -} - -func (u Unit) ValidateName() report.Report { - r := report.Report{} - switch path.Ext(u.Name) { - case ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice", ".scope": - default: - r.Add(report.Entry{ - Message: errors.ErrInvalidSystemdExt.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (d SystemdDropin) Validate() report.Report { - r := report.Report{} - - if _, err := validateUnitContent(d.Contents); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - - switch path.Ext(d.Name) { - case ".conf": - default: - r.Add(report.Entry{ - Message: errors.ErrInvalidSystemdDropinExt.Error(), - Kind: report.EntryError, - }) - } - - return r -} - -func (u Networkdunit) Validate() report.Report { - r := report.Report{} - - if _, err := validateUnitContent(u.Contents); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - - switch path.Ext(u.Name) { - case ".link", ".netdev", ".network": - default: - r.Add(report.Entry{ - Message: errors.ErrInvalidNetworkdExt.Error(), - Kind: report.EntryError, - }) - } - - return r -} - -func (d NetworkdDropin) Validate() report.Report { - r := report.Report{} - - if _, err := validateUnitContent(d.Contents); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - - switch path.Ext(d.Name) { - case ".conf": - default: - r.Add(report.Entry{ - Message: errors.ErrInvalidNetworkdDropinExt.Error(), - Kind: report.EntryError, - }) - } - - return r -} - -func validateUnitContent(content string) ([]*unit.UnitOption, error) { - c := strings.NewReader(content) - opts, err := unit.Deserialize(c) - if err != nil { - return nil, fmt.Errorf("invalid unit content: %s", err) - } - return opts, nil -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/config.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/config.go deleted file mode 100644 index cfef0ed9da..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/config.go +++ /dev/null @@ -1,92 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - - "github.com/coreos/go-semver/semver" - - "github.com/coreos/ignition/config/validate/report" -) - -var ( - MaxVersion = semver.Version{ - Major: 2, - Minor: 3, - PreRelease: "experimental", - } -) - -func (c Config) Validate() report.Report { - r := report.Report{} - rules := []rule{ - checkFilesFilesystems, - checkDuplicateFilesystems, - } - - for _, rule := range rules { - rule(c, &r) - } - return r -} - -type rule func(cfg Config, report *report.Report) - -func checkNodeFilesystems(node Node, filesystems map[string]struct{}, nodeType string) report.Report { - r := report.Report{} - if node.Filesystem == "" { - // Filesystem was not specified. This is an error, but its handled in types.File's Validate, not here - return r - } - _, ok := filesystems[node.Filesystem] - if !ok { - r.Add(report.Entry{ - Kind: report.EntryWarning, - Message: fmt.Sprintf("%v %q references nonexistent filesystem %q. (This is ok if it is defined in a referenced config)", - nodeType, node.Path, node.Filesystem), - }) - } - return r -} - -func checkFilesFilesystems(cfg Config, r *report.Report) { - filesystems := map[string]struct{}{"root": {}} - for _, filesystem := range cfg.Storage.Filesystems { - filesystems[filesystem.Name] = struct{}{} - } - for _, file := range cfg.Storage.Files { - r.Merge(checkNodeFilesystems(file.Node, filesystems, "File")) - } - for _, link := range cfg.Storage.Links { - r.Merge(checkNodeFilesystems(link.Node, filesystems, "Link")) - } - for _, dir := range cfg.Storage.Directories { - r.Merge(checkNodeFilesystems(dir.Node, filesystems, "Directory")) - } -} - -func checkDuplicateFilesystems(cfg Config, r *report.Report) { - filesystems := map[string]struct{}{"root": {}} - for _, filesystem := range cfg.Storage.Filesystems { - if _, ok := filesystems[filesystem.Name]; ok { - r.Add(report.Entry{ - Kind: report.EntryWarning, - Message: fmt.Sprintf("Filesystem %q shadows exising filesystem definition", filesystem.Name), - }) - } - filesystems[filesystem.Name] = struct{}{} - } -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/directory.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/directory.go deleted file mode 100644 index 9fdc732a64..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/directory.go +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (d Directory) ValidateMode() report.Report { - r := report.Report{} - if err := validateMode(d.Mode); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - if d.Mode == nil { - r.Add(report.Entry{ - Message: errors.ErrPermissionsUnset.Error(), - Kind: report.EntryWarning, - }) - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/file.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/file.go deleted file mode 100644 index 1897dc42c8..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/file.go +++ /dev/null @@ -1,71 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (f File) Validate() report.Report { - if f.Overwrite != nil && *f.Overwrite && f.Append { - return report.ReportFromError(errors.ErrAppendAndOverwrite, report.EntryError) - } - return report.Report{} -} - -func (f File) ValidateMode() report.Report { - r := report.Report{} - if err := validateMode(f.Mode); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - if f.Mode == nil { - r.Add(report.Entry{ - Message: errors.ErrPermissionsUnset.Error(), - Kind: report.EntryWarning, - }) - } - return r -} - -func (fc FileContents) ValidateCompression() report.Report { - r := report.Report{} - switch fc.Compression { - case "", "gzip": - default: - r.Add(report.Entry{ - Message: errors.ErrCompressionInvalid.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (fc FileContents) ValidateSource() report.Report { - r := report.Report{} - err := validateURL(fc.Source) - if err != nil { - r.Add(report.Entry{ - Message: fmt.Sprintf("invalid url %q: %v", fc.Source, err), - Kind: report.EntryError, - }) - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/filesystem.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/filesystem.go deleted file mode 100644 index 2e847da69d..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/filesystem.go +++ /dev/null @@ -1,146 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (f Filesystem) Validate() report.Report { - r := report.Report{} - if f.Mount == nil && f.Path == nil { - r.Add(report.Entry{ - Message: errors.ErrFilesystemNoMountPath.Error(), - Kind: report.EntryError, - }) - } - if f.Mount != nil { - if f.Path != nil { - r.Add(report.Entry{ - Message: errors.ErrFilesystemMountAndPath.Error(), - Kind: report.EntryError, - }) - } - if f.Mount.Create != nil { - if f.Mount.WipeFilesystem { - r.Add(report.Entry{ - Message: errors.ErrUsedCreateAndWipeFilesystem.Error(), - Kind: report.EntryError, - }) - } - if len(f.Mount.Options) > 0 { - r.Add(report.Entry{ - Message: errors.ErrUsedCreateAndMountOpts.Error(), - Kind: report.EntryError, - }) - } - r.Add(report.Entry{ - Message: errors.ErrWarningCreateDeprecated.Error(), - Kind: report.EntryWarning, - }) - } - } - return r -} - -func (f Filesystem) ValidatePath() report.Report { - r := report.Report{} - if f.Path != nil && validatePath(*f.Path) != nil { - r.Add(report.Entry{ - Message: fmt.Sprintf("filesystem %q: path not absolute", f.Name), - Kind: report.EntryError, - }) - } - return r -} - -func (m Mount) Validate() report.Report { - r := report.Report{} - switch m.Format { - case "ext4", "btrfs", "xfs", "swap", "vfat": - default: - r.Add(report.Entry{ - Message: errors.ErrFilesystemInvalidFormat.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (m Mount) ValidateDevice() report.Report { - r := report.Report{} - if err := validatePath(m.Device); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (m Mount) ValidateLabel() report.Report { - r := report.Report{} - if m.Label == nil { - return r - } - switch m.Format { - case "ext4": - if len(*m.Label) > 16 { - // source: man mkfs.ext4 - r.Add(report.Entry{ - Message: errors.ErrExt4LabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "btrfs": - if len(*m.Label) > 256 { - // source: man mkfs.btrfs - r.Add(report.Entry{ - Message: errors.ErrBtrfsLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "xfs": - if len(*m.Label) > 12 { - // source: man mkfs.xfs - r.Add(report.Entry{ - Message: errors.ErrXfsLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "swap": - // mkswap's man page does not state a limit on label size, but through - // experimentation it appears that mkswap will truncate long labels to - // 15 characters, so let's enforce that. - if len(*m.Label) > 15 { - r.Add(report.Entry{ - Message: errors.ErrSwapLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - case "vfat": - if len(*m.Label) > 11 { - // source: man mkfs.fat - r.Add(report.Entry{ - Message: errors.ErrVfatLabelTooLong.Error(), - Kind: report.EntryError, - }) - } - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/ignition.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/ignition.go deleted file mode 100644 index bddf495833..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/ignition.go +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/go-semver/semver" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (c ConfigReference) ValidateSource() report.Report { - r := report.Report{} - err := validateURL(c.Source) - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (v Ignition) Semver() (*semver.Version, error) { - return semver.NewVersion(v.Version) -} - -func (v Ignition) Validate() report.Report { - tv, err := v.Semver() - if err != nil { - return report.ReportFromError(errors.ErrInvalidVersion, report.EntryError) - } - if MaxVersion.Major > tv.Major { - return report.ReportFromError(errors.ErrOldVersion, report.EntryError) - } - if MaxVersion.LessThan(*tv) { - return report.ReportFromError(errors.ErrNewVersion, report.EntryError) - } - return report.Report{} -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/mode.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/mode.go deleted file mode 100644 index d06045d675..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/mode.go +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" -) - -func validateMode(m *int) error { - if m != nil && (*m < 0 || *m > 07777) { - return errors.ErrFileIllegalMode - } - return nil -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/node.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/node.go deleted file mode 100644 index 50badfdfb9..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/node.go +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "path/filepath" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (n Node) ValidateFilesystem() report.Report { - r := report.Report{} - if n.Filesystem == "" { - r.Add(report.Entry{ - Message: errors.ErrNoFilesystem.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (n Node) ValidatePath() report.Report { - r := report.Report{} - if err := validatePath(n.Path); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (n Node) Depth() int { - count := 0 - for p := filepath.Clean(string(n.Path)); p != "/"; count++ { - p = filepath.Dir(p) - } - return count -} - -func (nu NodeUser) Validate() report.Report { - r := report.Report{} - if nu.ID != nil && nu.Name != "" { - r.Add(report.Entry{ - Message: errors.ErrBothIDAndNameSet.Error(), - Kind: report.EntryError, - }) - } - return r -} -func (ng NodeGroup) Validate() report.Report { - r := report.Report{} - if ng.ID != nil && ng.Name != "" { - r.Add(report.Entry{ - Message: errors.ErrBothIDAndNameSet.Error(), - Kind: report.EntryError, - }) - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/passwd.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/passwd.go deleted file mode 100644 index 10508c56c0..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/passwd.go +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright 2017 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -func (p PasswdUser) Validate() report.Report { - r := report.Report{} - if p.Create != nil { - r.Add(report.Entry{ - Message: errors.ErrPasswdCreateDeprecated.Error(), - Kind: report.EntryWarning, - }) - addErr := func(err error) { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - if p.Gecos != "" { - addErr(errors.ErrPasswdCreateAndGecos) - } - if len(p.Groups) > 0 { - addErr(errors.ErrPasswdCreateAndGroups) - } - if p.HomeDir != "" { - addErr(errors.ErrPasswdCreateAndHomeDir) - } - if p.NoCreateHome { - addErr(errors.ErrPasswdCreateAndNoCreateHome) - } - if p.NoLogInit { - addErr(errors.ErrPasswdCreateAndNoLogInit) - } - if p.NoUserGroup { - addErr(errors.ErrPasswdCreateAndNoUserGroup) - } - if p.PrimaryGroup != "" { - addErr(errors.ErrPasswdCreateAndPrimaryGroup) - } - if p.Shell != "" { - addErr(errors.ErrPasswdCreateAndShell) - } - if p.System { - addErr(errors.ErrPasswdCreateAndSystem) - } - if p.UID != nil { - addErr(errors.ErrPasswdCreateAndUID) - } - } - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/schema.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/schema.go deleted file mode 100644 index 73424c546e..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/schema.go +++ /dev/null @@ -1,248 +0,0 @@ -package types - -// generated by "schematyper --package=types schema/ignition.json -o internal/config/types/schema.go --root-type=Config" -- DO NOT EDIT - -type CaReference struct { - Source string `json:"source,omitempty"` - Verification Verification `json:"verification,omitempty"` -} - -type Config struct { - Ignition Ignition `json:"ignition"` - Networkd Networkd `json:"networkd,omitempty"` - Passwd Passwd `json:"passwd,omitempty"` - Storage Storage `json:"storage,omitempty"` - Systemd Systemd `json:"systemd,omitempty"` -} - -type ConfigReference struct { - Source string `json:"source,omitempty"` - Verification Verification `json:"verification,omitempty"` -} - -type Create struct { - Force bool `json:"force,omitempty"` - Options []CreateOption `json:"options,omitempty"` -} - -type CreateOption string - -type Device string - -type Directory struct { - Node - DirectoryEmbedded1 -} - -type DirectoryEmbedded1 struct { - Mode *int `json:"mode,omitempty"` -} - -type Disk struct { - Device string `json:"device,omitempty"` - Partitions []Partition `json:"partitions,omitempty"` - WipeTable bool `json:"wipeTable,omitempty"` -} - -type File struct { - Node - FileEmbedded1 -} - -type FileContents struct { - Compression string `json:"compression,omitempty"` - Source string `json:"source,omitempty"` - Verification Verification `json:"verification,omitempty"` -} - -type FileEmbedded1 struct { - Append bool `json:"append,omitempty"` - Contents FileContents `json:"contents,omitempty"` - Mode *int `json:"mode,omitempty"` -} - -type Filesystem struct { - Mount *Mount `json:"mount,omitempty"` - Name string `json:"name,omitempty"` - Path *string `json:"path,omitempty"` -} - -type Group string - -type Ignition struct { - Config IgnitionConfig `json:"config,omitempty"` - Security Security `json:"security,omitempty"` - Timeouts Timeouts `json:"timeouts,omitempty"` - Version string `json:"version,omitempty"` -} - -type IgnitionConfig struct { - Append []ConfigReference `json:"append,omitempty"` - Replace *ConfigReference `json:"replace,omitempty"` -} - -type Link struct { - Node - LinkEmbedded1 -} - -type LinkEmbedded1 struct { - Hard bool `json:"hard,omitempty"` - Target string `json:"target,omitempty"` -} - -type Mount struct { - Create *Create `json:"create,omitempty"` - Device string `json:"device,omitempty"` - Format string `json:"format,omitempty"` - Label *string `json:"label,omitempty"` - Options []MountOption `json:"options,omitempty"` - UUID *string `json:"uuid,omitempty"` - WipeFilesystem bool `json:"wipeFilesystem,omitempty"` -} - -type MountOption string - -type Networkd struct { - Units []Networkdunit `json:"units,omitempty"` -} - -type NetworkdDropin struct { - Contents string `json:"contents,omitempty"` - Name string `json:"name,omitempty"` -} - -type Networkdunit struct { - Contents string `json:"contents,omitempty"` - Dropins []NetworkdDropin `json:"dropins,omitempty"` - Name string `json:"name,omitempty"` -} - -type Node struct { - Filesystem string `json:"filesystem,omitempty"` - Group *NodeGroup `json:"group,omitempty"` - Overwrite *bool `json:"overwrite,omitempty"` - Path string `json:"path,omitempty"` - User *NodeUser `json:"user,omitempty"` -} - -type NodeGroup struct { - ID *int `json:"id,omitempty"` - Name string `json:"name,omitempty"` -} - -type NodeUser struct { - ID *int `json:"id,omitempty"` - Name string `json:"name,omitempty"` -} - -type Partition struct { - GUID string `json:"guid,omitempty"` - Label *string `json:"label,omitempty"` - Number int `json:"number,omitempty"` - ShouldExist *bool `json:"shouldExist,omitempty"` - Size *int `json:"size,omitempty"` - Start *int `json:"start,omitempty"` - TypeGUID string `json:"typeGuid,omitempty"` - WipePartitionEntry bool `json:"wipePartitionEntry,omitempty"` -} - -type Passwd struct { - Groups []PasswdGroup `json:"groups,omitempty"` - Users []PasswdUser `json:"users,omitempty"` -} - -type PasswdGroup struct { - Gid *int `json:"gid,omitempty"` - Name string `json:"name,omitempty"` - PasswordHash string `json:"passwordHash,omitempty"` - System bool `json:"system,omitempty"` -} - -type PasswdUser struct { - Create *Usercreate `json:"create,omitempty"` - Gecos string `json:"gecos,omitempty"` - Groups []Group `json:"groups,omitempty"` - HomeDir string `json:"homeDir,omitempty"` - Name string `json:"name,omitempty"` - NoCreateHome bool `json:"noCreateHome,omitempty"` - NoLogInit bool `json:"noLogInit,omitempty"` - NoUserGroup bool `json:"noUserGroup,omitempty"` - PasswordHash *string `json:"passwordHash,omitempty"` - PrimaryGroup string `json:"primaryGroup,omitempty"` - SSHAuthorizedKeys []SSHAuthorizedKey `json:"sshAuthorizedKeys,omitempty"` - Shell string `json:"shell,omitempty"` - System bool `json:"system,omitempty"` - UID *int `json:"uid,omitempty"` -} - -type Raid struct { - Devices []Device `json:"devices,omitempty"` - Level string `json:"level,omitempty"` - Name string `json:"name,omitempty"` - Options []RaidOption `json:"options,omitempty"` - Spares int `json:"spares,omitempty"` -} - -type RaidOption string - -type SSHAuthorizedKey string - -type Security struct { - TLS TLS `json:"tls,omitempty"` -} - -type Storage struct { - Directories []Directory `json:"directories,omitempty"` - Disks []Disk `json:"disks,omitempty"` - Files []File `json:"files,omitempty"` - Filesystems []Filesystem `json:"filesystems,omitempty"` - Links []Link `json:"links,omitempty"` - Raid []Raid `json:"raid,omitempty"` -} - -type Systemd struct { - Units []Unit `json:"units,omitempty"` -} - -type SystemdDropin struct { - Contents string `json:"contents,omitempty"` - Name string `json:"name,omitempty"` -} - -type TLS struct { - CertificateAuthorities []CaReference `json:"certificateAuthorities,omitempty"` -} - -type Timeouts struct { - HTTPResponseHeaders *int `json:"httpResponseHeaders,omitempty"` - HTTPTotal *int `json:"httpTotal,omitempty"` -} - -type Unit struct { - Contents string `json:"contents,omitempty"` - Dropins []SystemdDropin `json:"dropins,omitempty"` - Enable bool `json:"enable,omitempty"` - Enabled *bool `json:"enabled,omitempty"` - Mask bool `json:"mask,omitempty"` - Name string `json:"name,omitempty"` -} - -type Usercreate struct { - Gecos string `json:"gecos,omitempty"` - Groups []UsercreateGroup `json:"groups,omitempty"` - HomeDir string `json:"homeDir,omitempty"` - NoCreateHome bool `json:"noCreateHome,omitempty"` - NoLogInit bool `json:"noLogInit,omitempty"` - NoUserGroup bool `json:"noUserGroup,omitempty"` - PrimaryGroup string `json:"primaryGroup,omitempty"` - Shell string `json:"shell,omitempty"` - System bool `json:"system,omitempty"` - UID *int `json:"uid,omitempty"` -} - -type UsercreateGroup string - -type Verification struct { - Hash *string `json:"hash,omitempty"` -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/unit.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/unit.go deleted file mode 100644 index 70fe1179a4..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/unit.go +++ /dev/null @@ -1,131 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "fmt" - "path" - "strings" - - "github.com/coreos/go-systemd/unit" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/shared/validations" - "github.com/coreos/ignition/config/validate/report" -) - -func (u Unit) ValidateContents() report.Report { - r := report.Report{} - opts, err := validateUnitContent(u.Contents) - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - - isEnabled := u.Enable || (u.Enabled != nil && *u.Enabled) - r.Merge(validations.ValidateInstallSection(u.Name, isEnabled, u.Contents == "", opts)) - - return r -} - -func (u Unit) ValidateName() report.Report { - r := report.Report{} - switch path.Ext(u.Name) { - case ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice", ".scope": - default: - r.Add(report.Entry{ - Message: errors.ErrInvalidSystemdExt.Error(), - Kind: report.EntryError, - }) - } - return r -} - -func (d SystemdDropin) Validate() report.Report { - r := report.Report{} - - if _, err := validateUnitContent(d.Contents); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - - switch path.Ext(d.Name) { - case ".conf": - default: - r.Add(report.Entry{ - Message: errors.ErrInvalidSystemdDropinExt.Error(), - Kind: report.EntryError, - }) - } - - return r -} - -func (u Networkdunit) Validate() report.Report { - r := report.Report{} - - if _, err := validateUnitContent(u.Contents); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - - switch path.Ext(u.Name) { - case ".link", ".netdev", ".network": - default: - r.Add(report.Entry{ - Message: errors.ErrInvalidNetworkdExt.Error(), - Kind: report.EntryError, - }) - } - - return r -} - -func (d NetworkdDropin) Validate() report.Report { - r := report.Report{} - - if _, err := validateUnitContent(d.Contents); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - - switch path.Ext(d.Name) { - case ".conf": - default: - r.Add(report.Entry{ - Message: errors.ErrInvalidNetworkdDropinExt.Error(), - Kind: report.EntryError, - }) - } - - return r -} - -func validateUnitContent(content string) ([]*unit.UnitOption, error) { - c := strings.NewReader(content) - opts, err := unit.Deserialize(c) - if err != nil { - return nil, fmt.Errorf("invalid unit content: %s", err) - } - return opts, nil -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/url.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/url.go deleted file mode 100644 index 2e90ff6d07..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/url.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "net/url" - - "github.com/vincent-petithory/dataurl" - - "github.com/coreos/ignition/config/shared/errors" -) - -func validateURL(s string) error { - // Empty url is valid, indicates an empty file - if s == "" { - return nil - } - u, err := url.Parse(s) - if err != nil { - return errors.ErrInvalidUrl - } - - switch u.Scheme { - case "http", "https", "oem", "tftp", "s3": - return nil - case "data": - if _, err := dataurl.DecodeString(s); err != nil { - return err - } - return nil - default: - return errors.ErrInvalidScheme - } -} diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/verification.go b/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/verification.go deleted file mode 100644 index 51e7d1550a..0000000000 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/verification.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2016 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package types - -import ( - "crypto" - "encoding/hex" - "strings" - - "github.com/coreos/ignition/config/shared/errors" - "github.com/coreos/ignition/config/validate/report" -) - -// HashParts will return the sum and function (in that order) of the hash stored -// in this Verification, or an error if there is an issue during parsing. -func (v Verification) HashParts() (string, string, error) { - if v.Hash == nil { - // The hash can be nil - return "", "", nil - } - parts := strings.SplitN(*v.Hash, "-", 2) - if len(parts) != 2 { - return "", "", errors.ErrHashMalformed - } - - return parts[0], parts[1], nil -} - -func (v Verification) Validate() report.Report { - r := report.Report{} - - if v.Hash == nil { - // The hash can be nil - return r - } - - function, sum, err := v.HashParts() - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - return r - } - var hash crypto.Hash - switch function { - case "sha512": - hash = crypto.SHA512 - default: - r.Add(report.Entry{ - Message: errors.ErrHashUnrecognized.Error(), - Kind: report.EntryError, - }) - return r - } - - if len(sum) != hex.EncodedLen(hash.Size()) { - r.Add(report.Entry{ - Message: errors.ErrHashWrongSize.Error(), - Kind: report.EntryError, - }) - } - - return r -} diff --git a/vendor/github.com/coreos/ignition/config/v1/config.go b/vendor/github.com/coreos/ignition/config/v3_0/config.go similarity index 64% rename from vendor/github.com/coreos/ignition/config/v1/config.go rename to vendor/github.com/coreos/ignition/config/v3_0/config.go index 21e79f81e5..78d6494943 100644 --- a/vendor/github.com/coreos/ignition/config/v1/config.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/config.go @@ -12,38 +12,45 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v1 +package v3_0 import ( + "reflect" + + "github.com/coreos/ignition/config/merge" "github.com/coreos/ignition/config/shared/errors" "github.com/coreos/ignition/config/util" - "github.com/coreos/ignition/config/v1/types" + "github.com/coreos/ignition/config/v3_0/types" "github.com/coreos/ignition/config/validate" "github.com/coreos/ignition/config/validate/report" - json "github.com/ajeddeloh/go-json" + "github.com/coreos/go-semver/semver" ) +func Merge(parent, child types.Config) types.Config { + vParent := reflect.ValueOf(parent) + vChild := reflect.ValueOf(child) + + vRes := merge.MergeStruct(vParent, vChild) + res := vRes.Interface().(types.Config) + return res +} + +// Parse parses the raw config into a types.Config struct and generates a report of any +// errors, warnings, info, and deprecations it encountered func Parse(rawConfig []byte) (types.Config, report.Report, error) { if isEmpty(rawConfig) { return types.Config{}, report.Report{}, errors.ErrEmpty - } else if isCloudConfig(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrCloudConfig - } else if isScript(rawConfig) { - return types.Config{}, report.Report{}, errors.ErrScript } - var err error var config types.Config - - err = json.Unmarshal(rawConfig, &config) - if err != nil { - rpt, err := util.HandleParseErrors(rawConfig) - // HandleParseErrors always returns an error + if rpt, err := util.HandleParseErrors(rawConfig, &config); err != nil { return types.Config{}, rpt, err } - if config.Version != types.Version { + version, err := semver.NewVersion(config.Ignition.Version) + + if err != nil || *version != types.MaxVersion { return types.Config{}, report.Report{}, errors.ErrUnknownVersion } @@ -51,6 +58,7 @@ func Parse(rawConfig []byte) (types.Config, report.Report, error) { if rpt.IsFatal() { return types.Config{}, rpt, errors.ErrInvalid } + return config, rpt, nil } diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/ca.go b/vendor/github.com/coreos/ignition/config/v3_0/types/ca.go similarity index 78% rename from vendor/github.com/coreos/ignition/config/v2_3_experimental/types/ca.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/ca.go index 7440e1e2f3..3b8889dea7 100644 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/ca.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/ca.go @@ -18,10 +18,11 @@ import ( "github.com/coreos/ignition/config/validate/report" ) -func (c CaReference) ValidateSource() report.Report { - err := validateURL(c.Source) - if err != nil { - return report.ReportFromError(err, report.EntryError) - } - return report.Report{} +func (c CaReference) Key() string { + return c.Source +} + +func (c CaReference) ValidateSource() (r report.Report) { + r.AddOnError(validateURL(c.Source)) + return } diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/link.go b/vendor/github.com/coreos/ignition/config/v3_0/types/config.go similarity index 69% rename from vendor/github.com/coreos/ignition/config/v2_3_experimental/types/link.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/config.go index f028442528..8b6e121f28 100644 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/link.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/config.go @@ -1,4 +1,4 @@ -// Copyright 2017 CoreOS, Inc. +// Copyright 2015 CoreOS, Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,19 +15,26 @@ package types import ( + "github.com/coreos/go-semver/semver" + "github.com/coreos/ignition/config/validate/report" ) -func (s LinkEmbedded1) ValidateTarget() report.Report { +var ( + MaxVersion = semver.Version{ + Major: 3, + Minor: 0, + } +) + +func (c Config) Validate() report.Report { r := report.Report{} - if !s.Hard { - err := validatePath(s.Target) - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } + rules := []rule{} + + for _, rule := range rules { + rule(c, &r) } return r } + +type rule func(cfg Config, report *report.Report) diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/directory.go b/vendor/github.com/coreos/ignition/config/v3_0/types/directory.go similarity index 76% rename from vendor/github.com/coreos/ignition/config/v2_1/types/directory.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/directory.go index 16adad0591..eeddcf3333 100644 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/directory.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/directory.go @@ -15,16 +15,14 @@ package types import ( + "github.com/coreos/ignition/config/shared/errors" "github.com/coreos/ignition/config/validate/report" ) -func (d Directory) ValidateMode() report.Report { - r := report.Report{} - if err := validateMode(d.Mode); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) +func (d Directory) ValidateMode() (r report.Report) { + r.AddOnError(validateMode(d.Mode)) + if d.Mode == nil { + r.AddOnWarning(errors.ErrDirectoryPermissionsUnset) } return r } diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/disk.go b/vendor/github.com/coreos/ignition/config/v3_0/types/disk.go similarity index 72% rename from vendor/github.com/coreos/ignition/config/v2_3_experimental/types/disk.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/disk.go index ebffc2cd67..00f8f58adb 100644 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/disk.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/disk.go @@ -19,48 +19,43 @@ import ( "github.com/coreos/ignition/config/validate/report" ) +func (d Disk) Key() string { + return d.Device +} + func (n Disk) Validate() report.Report { return report.Report{} } -func (n Disk) ValidateDevice() report.Report { +func (n Disk) ValidateDevice() (r report.Report) { if len(n.Device) == 0 { - return report.ReportFromError(errors.ErrDiskDeviceRequired, report.EntryError) - } - if err := validatePath(string(n.Device)); err != nil { - return report.ReportFromError(err, report.EntryError) + r.AddOnError(errors.ErrDiskDeviceRequired) + return } - return report.Report{} + r.AddOnError(validatePath(n.Device)) + return } -func (n Disk) ValidatePartitions() report.Report { - r := report.Report{} +func (n Disk) ValidatePartitions() (r report.Report) { if n.partitionNumbersCollide() { - r.Add(report.Entry{ - Message: errors.ErrPartitionNumbersCollide.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrPartitionNumbersCollide) } if n.partitionsOverlap() { - r.Add(report.Entry{ - Message: errors.ErrPartitionsOverlap.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrPartitionsOverlap) } if n.partitionsMisaligned() { - r.Add(report.Entry{ - Message: errors.ErrPartitionsMisaligned.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrPartitionsMisaligned) } if n.partitionsMixZeroesAndNonexistence() { - r.Add(report.Entry{ - Message: errors.ErrZeroesWithShouldNotExist.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrZeroesWithShouldNotExist) + } + if n.partitionsUnitsMismatch() { + r.AddOnError(errors.ErrPartitionsUnitsMismatch) } - // Disks which have no errors at this point will likely succeed in sgdisk - return r + if n.partitionLabelsCollide() { + r.AddOnError(errors.ErrDuplicateLabels) + } + return } // partitionNumbersCollide returns true if partition numbers in n.Partitions are not unique. @@ -81,6 +76,20 @@ func (n Disk) partitionNumbersCollide() bool { return false } +func (d Disk) partitionLabelsCollide() bool { + m := map[string]struct{}{} + for _, p := range d.Partitions { + if p.Label != nil { + // a number of 0 means next available number, multiple devices can specify this + if _, exists := m[*p.Label]; exists { + return true + } + m[*p.Label] = struct{}{} + } + } + return false +} + // end returns the last sector of a partition. Only used by partitionsOverlap. Requires non-nil Start and Size. func (p Partition) end() int { if *p.Size == 0 { @@ -142,3 +151,17 @@ func (n Disk) partitionsMixZeroesAndNonexistence() bool { } return hasZero && hasShouldNotExist } + +func (n Disk) partitionsUnitsMismatch() bool { + partsInMb := false + partsNotInMb := false + for _, p := range n.Partitions { + if p.Size != nil || p.Start != nil { + partsNotInMb = true + } + if p.SizeMiB != nil || p.StartMiB != nil { + partsInMb = true + } + } + return partsInMb && partsNotInMb +} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/file.go b/vendor/github.com/coreos/ignition/config/v3_0/types/file.go similarity index 54% rename from vendor/github.com/coreos/ignition/config/v2_1/types/file.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/file.go index ac79cd8585..3d9447f964 100644 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/file.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/file.go @@ -15,42 +15,45 @@ package types import ( + "fmt" + "github.com/coreos/ignition/config/shared/errors" "github.com/coreos/ignition/config/validate/report" ) -func (f File) ValidateMode() report.Report { - r := report.Report{} - if err := validateMode(f.Mode); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) +func (f File) ValidateMode() (r report.Report) { + r.AddOnError(validateMode(f.Mode)) + if f.Mode == nil { + r.AddOnWarning(errors.ErrFilePermissionsUnset) } return r } -func (fc FileContents) ValidateCompression() report.Report { - r := report.Report{} - switch fc.Compression { +func (f FileEmbedded1) IgnoreDuplicates() map[string]struct{} { + return map[string]struct{}{ + "Append": {}, + } +} + +func (fc FileContents) ValidateCompression() (r report.Report) { + if fc.Compression == nil { + return + } + switch *fc.Compression { case "", "gzip": default: - r.Add(report.Entry{ - Message: errors.ErrCompressionInvalid.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrCompressionInvalid) } - return r + return } -func (fc FileContents) ValidateSource() report.Report { - r := report.Report{} - err := validateURL(fc.Source) +func (fc FileContents) ValidateSource() (r report.Report) { + if fc.Source == nil { + return + } + err := validateURL(*fc.Source) if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) + r.AddOnError(fmt.Errorf("invalid url %q: %v", *fc.Source, err)) } - return r + return } diff --git a/vendor/github.com/coreos/ignition/config/v3_0/types/filesystem.go b/vendor/github.com/coreos/ignition/config/v3_0/types/filesystem.go new file mode 100644 index 0000000000..d0e0d07914 --- /dev/null +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/filesystem.go @@ -0,0 +1,102 @@ +// Copyright 2016 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package types + +import ( + "github.com/coreos/ignition/config/shared/errors" + "github.com/coreos/ignition/config/validate/report" +) + +func (f Filesystem) Key() string { + return f.Device +} + +func (f Filesystem) IgnoreDuplicates() map[string]struct{} { + return map[string]struct{}{ + "Options": {}, + } +} + +func (f Filesystem) ValidatePath() (r report.Report) { + if f.Path == nil || *f.Path == "" { + return + } + r.AddOnError(validatePath(*f.Path)) + return +} + +func (f Filesystem) ValidateDevice() (r report.Report) { + r.AddOnError(validatePath(f.Device)) + return +} + +func (f Filesystem) ValidateFormat() (r report.Report) { + if f.Format == nil || *f.Format == "" { + if (f.Path == nil || *f.Path == "") && + (f.Label == nil || *f.Label == "") && + (f.UUID == nil || *f.UUID == "") && + len(f.Options) == 0 { + return + } + r.AddOnError(errors.ErrFormatNilWithOthers) + return + } + switch *f.Format { + case "ext4", "btrfs", "xfs", "swap", "vfat": + default: + r.AddOnError(errors.ErrFilesystemInvalidFormat) + } + return +} + +func (f Filesystem) ValidateLabel() (r report.Report) { + if f.Label == nil || *f.Label == "" { + return + } + if f.Format == nil || *f.Format == "" { + r.AddOnError(errors.ErrLabelNeedsFormat) + return + } + switch *f.Format { + case "ext4": + if len(*f.Label) > 16 { + // source: man mkfs.ext4 + r.AddOnError(errors.ErrExt4LabelTooLong) + } + case "btrfs": + if len(*f.Label) > 256 { + // source: man mkfs.btrfs + r.AddOnError(errors.ErrBtrfsLabelTooLong) + } + case "xfs": + if len(*f.Label) > 12 { + // source: man mkfs.xfs + r.AddOnError(errors.ErrXfsLabelTooLong) + } + case "swap": + // mkswap's man page does not state a limit on label size, but through + // experimentation it appears that mkswap will truncate long labels to + // 15 characters, so let's enforce that. + if len(*f.Label) > 15 { + r.AddOnError(errors.ErrSwapLabelTooLong) + } + case "vfat": + if len(*f.Label) > 11 { + // source: man mkfs.fat + r.AddOnError(errors.ErrVfatLabelTooLong) + } + } + return +} diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/ignition.go b/vendor/github.com/coreos/ignition/config/v3_0/types/ignition.go similarity index 71% rename from vendor/github.com/coreos/ignition/config/v2_1/types/ignition.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/ignition.go index bddf495833..067af88c93 100644 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/ignition.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/ignition.go @@ -21,16 +21,19 @@ import ( "github.com/coreos/ignition/config/validate/report" ) -func (c ConfigReference) ValidateSource() report.Report { - r := report.Report{} - err := validateURL(c.Source) - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) +func (c ConfigReference) Key() string { + if c.Source == nil { + return "" + } + return *c.Source +} + +func (c ConfigReference) ValidateSource() (r report.Report) { + if c.Source == nil { + return } - return r + r.AddOnError(validateURL(*c.Source)) + return } func (v Ignition) Semver() (*semver.Version, error) { @@ -42,11 +45,9 @@ func (v Ignition) Validate() report.Report { if err != nil { return report.ReportFromError(errors.ErrInvalidVersion, report.EntryError) } - if MaxVersion.Major > tv.Major { - return report.ReportFromError(errors.ErrOldVersion, report.EntryError) - } - if MaxVersion.LessThan(*tv) { - return report.ReportFromError(errors.ErrNewVersion, report.EntryError) + + if MaxVersion != *tv { + return report.ReportFromError(errors.ErrUnknownVersion, report.EntryError) } return report.Report{} } diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/mode.go b/vendor/github.com/coreos/ignition/config/v3_0/types/mode.go similarity index 100% rename from vendor/github.com/coreos/ignition/config/v2_2/types/mode.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/mode.go diff --git a/vendor/github.com/coreos/ignition/config/v1/types/file.go b/vendor/github.com/coreos/ignition/config/v3_0/types/node.go similarity index 54% rename from vendor/github.com/coreos/ignition/config/v1/types/file.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/node.go index 8775c19fd5..9336fc8978 100644 --- a/vendor/github.com/coreos/ignition/config/v1/types/file.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/node.go @@ -15,25 +15,38 @@ package types import ( - "os" + "path/filepath" "github.com/coreos/ignition/config/shared/errors" "github.com/coreos/ignition/config/validate/report" ) -type FileMode os.FileMode +func (n Node) Key() string { + return n.Path +} + +func (n Node) ValidatePath() (r report.Report) { + r.AddOnError(validatePath(n.Path)) + return +} -type File struct { - Path Path `json:"path,omitempty"` - Contents string `json:"contents,omitempty"` - Mode FileMode `json:"mode,omitempty"` - Uid int `json:"uid,omitempty"` - Gid int `json:"gid,omitempty"` +func (n Node) Depth() int { + count := 0 + for p := filepath.Clean(string(n.Path)); p != "/"; count++ { + p = filepath.Dir(p) + } + return count } -func (m FileMode) Validate() report.Report { - if (m &^ 07777) != 0 { - return report.ReportFromError(errors.ErrFileIllegalMode, report.EntryError) +func (nu NodeUser) Validate() (r report.Report) { + if nu.ID != nil && (nu.Name != nil && *nu.Name != "") { + r.AddOnError(errors.ErrBothIDAndNameSet) + } + return +} +func (ng NodeGroup) Validate() (r report.Report) { + if ng.ID != nil && (ng.Name != nil && *ng.Name != "") { + r.AddOnError(errors.ErrBothIDAndNameSet) } - return report.Report{} + return } diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/partition.go b/vendor/github.com/coreos/ignition/config/v3_0/types/partition.go similarity index 56% rename from vendor/github.com/coreos/ignition/config/v2_3_experimental/types/partition.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/partition.go index 4e962b6391..1169e7d272 100644 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/partition.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/partition.go @@ -27,18 +27,45 @@ const ( guidRegexStr = "^(|[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12})$" ) -func (p Partition) Validate() report.Report { +func (p Partition) Key() string { + if p.Number != 0 { + return fmt.Sprintf("number:%d", p.Number) + } else { + return fmt.Sprintf("label:%s", *p.Label) + } +} + +func (p Partition) Validate() (r report.Report) { + if (p.Start != nil || p.Size != nil) && (p.StartMiB != nil || p.SizeMiB != nil) { + r.AddOnError(errors.ErrPartitionsUnitsMismatch) + } if p.ShouldExist != nil && !*p.ShouldExist && - (p.Label != nil || p.TypeGUID != "" || p.GUID != "" || p.Start != nil || p.Size != nil) { - return report.ReportFromError(errors.ErrShouldNotExistWithOthers, report.EntryError) + (p.Label != nil || (p.TypeGUID != nil && *p.TypeGUID != "") || (p.GUID != nil && *p.GUID != "") || p.Start != nil || p.Size != nil) { + r.AddOnError(errors.ErrShouldNotExistWithOthers) } - return report.Report{} + if p.Number == 0 && p.Label == nil { + r.AddOnError(errors.ErrNeedLabelOrNumber) + } + return } -func (p Partition) ValidateLabel() report.Report { - r := report.Report{} +func (p Partition) ValidateSize() (r report.Report) { + if p.Size != nil { + r.AddOnDeprecated(errors.ErrSizeDeprecated) + } + return +} + +func (p Partition) ValidateStart() (r report.Report) { + if p.Start != nil { + r.AddOnDeprecated(errors.ErrStartDeprecated) + } + return +} + +func (p Partition) ValidateLabel() (r report.Report) { if p.Label == nil { - return r + return } // http://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_entries: // 56 (0x38) 72 bytes Partition name (36 UTF-16LE code units) @@ -46,20 +73,14 @@ func (p Partition) ValidateLabel() report.Report { // XXX(vc): note GPT calls it a name, we're using label for consistency // with udev naming /dev/disk/by-partlabel/*. if len(*p.Label) > 36 { - r.Add(report.Entry{ - Message: errors.ErrLabelTooLong.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrLabelTooLong) } // sgdisk uses colons for delimitting compound arguments and does not allow escaping them. if strings.Contains(*p.Label, ":") { - r.Add(report.Entry{ - Message: errors.ErrLabelContainsColon.Error(), - Kind: report.EntryWarning, - }) + r.AddOnError(errors.ErrLabelContainsColon) } - return r + return } func (p Partition) ValidateTypeGUID() report.Report { @@ -70,19 +91,16 @@ func (p Partition) ValidateGUID() report.Report { return validateGUID(p.GUID) } -func validateGUID(guid string) report.Report { - r := report.Report{} +func validateGUID(guidPointer *string) (r report.Report) { + if guidPointer == nil { + return + } + guid := *guidPointer ok, err := regexp.MatchString(guidRegexStr, guid) if err != nil { - r.Add(report.Entry{ - Message: fmt.Sprintf("error matching guid regexp: %v", err), - Kind: report.EntryError, - }) + r.AddOnError(fmt.Errorf("error matching guid regexp: %v", err)) } else if !ok { - r.Add(report.Entry{ - Message: errors.ErrDoesntMatchGUIDRegex.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrDoesntMatchGUIDRegex) } return r } diff --git a/vendor/github.com/coreos/ignition/config/v1/types/passwd.go b/vendor/github.com/coreos/ignition/config/v3_0/types/passwd.go similarity index 81% rename from vendor/github.com/coreos/ignition/config/v1/types/passwd.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/passwd.go index 0ffff43bb8..ff25eac381 100644 --- a/vendor/github.com/coreos/ignition/config/v1/types/passwd.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/passwd.go @@ -1,4 +1,4 @@ -// Copyright 2016 CoreOS, Inc. +// Copyright 2017 CoreOS, Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -14,7 +14,10 @@ package types -type Passwd struct { - Users []User `json:"users,omitempty"` - Groups []Group `json:"groups,omitempty"` +func (p PasswdUser) Key() string { + return p.Name +} + +func (g PasswdGroup) Key() string { + return g.Name } diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/path.go b/vendor/github.com/coreos/ignition/config/v3_0/types/path.go similarity index 88% rename from vendor/github.com/coreos/ignition/config/v2_3_experimental/types/path.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/path.go index 780607c31a..193120176c 100644 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/path.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/path.go @@ -21,8 +21,14 @@ import ( ) func validatePath(p string) error { + if p == "" { + return errors.ErrNoPath + } if !path.IsAbs(p) { return errors.ErrPathRelative } + if path.Clean(p) != p { + return errors.ErrDirtyPath + } return nil } diff --git a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/raid.go b/vendor/github.com/coreos/ignition/config/v3_0/types/raid.go similarity index 66% rename from vendor/github.com/coreos/ignition/config/v2_3_experimental/types/raid.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/raid.go index 3aceaa9faa..4e05b7b945 100644 --- a/vendor/github.com/coreos/ignition/config/v2_3_experimental/types/raid.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/raid.go @@ -19,15 +19,21 @@ import ( "github.com/coreos/ignition/config/validate/report" ) -func (n Raid) ValidateLevel() report.Report { - r := report.Report{} +func (r Raid) Key() string { + return r.Name +} + +func (r Raid) IgnoreDuplicates() map[string]struct{} { + return map[string]struct{}{ + "Options": {}, + } +} + +func (n Raid) ValidateLevel() (r report.Report) { switch n.Level { case "linear", "raid0", "0", "stripe": - if n.Spares != 0 { - r.Add(report.Entry{ - Message: errors.ErrSparesUnsupportedForLevel.Error(), - Kind: report.EntryError, - }) + if n.Spares != nil && *n.Spares != 0 { + r.AddOnError(errors.ErrSparesUnsupportedForLevel) } case "raid1", "1", "mirror": case "raid4", "4": @@ -35,23 +41,16 @@ func (n Raid) ValidateLevel() report.Report { case "raid6", "6": case "raid10", "10": default: - r.Add(report.Entry{ - Message: errors.ErrUnrecognizedRaidLevel.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrUnrecognizedRaidLevel) } return r } -func (n Raid) ValidateDevices() report.Report { - r := report.Report{} +func (n Raid) ValidateDevices() (r report.Report) { for _, d := range n.Devices { if err := validatePath(string(d)); err != nil { - r.Add(report.Entry{ - Message: errors.ErrPathRelative.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrPathRelative) } } - return r + return } diff --git a/vendor/github.com/coreos/ignition/config/v3_0/types/schema.go b/vendor/github.com/coreos/ignition/config/v3_0/types/schema.go new file mode 100644 index 0000000000..a00a27e9d2 --- /dev/null +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/schema.go @@ -0,0 +1,203 @@ +package types + +// generated by "schematyper --package=types config/v3_0/schema/ignition.json -o config/v3_0/types/schema.go --root-type=Config" -- DO NOT EDIT + +type CaReference struct { + Source string `json:"source"` + Verification Verification `json:"verification,omitempty"` +} + +type Config struct { + Ignition Ignition `json:"ignition"` + Passwd Passwd `json:"passwd,omitempty"` + Storage Storage `json:"storage,omitempty"` + Systemd Systemd `json:"systemd,omitempty"` +} + +type ConfigReference struct { + Source *string `json:"source"` + Verification Verification `json:"verification,omitempty"` +} + +type Device string + +type Directory struct { + Node + DirectoryEmbedded1 +} + +type DirectoryEmbedded1 struct { + Mode *int `json:"mode,omitempty"` +} + +type Disk struct { + Device string `json:"device"` + Partitions []Partition `json:"partitions,omitempty"` + WipeTable *bool `json:"wipeTable,omitempty"` +} + +type Dropin struct { + Contents *string `json:"contents,omitempty"` + Name string `json:"name"` +} + +type File struct { + Node + FileEmbedded1 +} + +type FileContents struct { + Compression *string `json:"compression,omitempty"` + Source *string `json:"source,omitempty"` + Verification Verification `json:"verification,omitempty"` +} + +type FileEmbedded1 struct { + Append []FileContents `json:"append,omitempty"` + Contents FileContents `json:"contents,omitempty"` + Mode *int `json:"mode,omitempty"` +} + +type Filesystem struct { + Device string `json:"device"` + Format *string `json:"format,omitempty"` + Label *string `json:"label,omitempty"` + Options []FilesystemOption `json:"options,omitempty"` + Path *string `json:"path,omitempty"` + UUID *string `json:"uuid,omitempty"` + WipeFilesystem *bool `json:"wipeFilesystem,omitempty"` +} + +type FilesystemOption string + +type Group string + +type Ignition struct { + Config IgnitionConfig `json:"config,omitempty"` + Security Security `json:"security,omitempty"` + Timeouts Timeouts `json:"timeouts,omitempty"` + Version string `json:"version,omitempty"` +} + +type IgnitionConfig struct { + Merge []ConfigReference `json:"merge,omitempty"` + Replace ConfigReference `json:"replace,omitempty"` +} + +type Link struct { + Node + LinkEmbedded1 +} + +type LinkEmbedded1 struct { + Hard *bool `json:"hard,omitempty"` + Target string `json:"target"` +} + +type Node struct { + Group NodeGroup `json:"group,omitempty"` + Overwrite *bool `json:"overwrite,omitempty"` + Path string `json:"path"` + User NodeUser `json:"user,omitempty"` +} + +type NodeGroup struct { + ID *int `json:"id,omitempty"` + Name *string `json:"name,omitempty"` +} + +type NodeUser struct { + ID *int `json:"id,omitempty"` + Name *string `json:"name,omitempty"` +} + +type Partition struct { + GUID *string `json:"guid,omitempty"` + Label *string `json:"label,omitempty"` + Number int `json:"number,omitempty"` + ShouldExist *bool `json:"shouldExist,omitempty"` + Size *int `json:"size,omitempty"` + SizeMiB *int `json:"sizeMiB,omitempty"` + Start *int `json:"start,omitempty"` + StartMiB *int `json:"startMiB,omitempty"` + TypeGUID *string `json:"typeGuid,omitempty"` + WipePartitionEntry *bool `json:"wipePartitionEntry,omitempty"` +} + +type Passwd struct { + Groups []PasswdGroup `json:"groups,omitempty"` + Users []PasswdUser `json:"users,omitempty"` +} + +type PasswdGroup struct { + Gid *int `json:"gid,omitempty"` + Name string `json:"name"` + PasswordHash *string `json:"passwordHash,omitempty"` + System *bool `json:"system,omitempty"` +} + +type PasswdUser struct { + Gecos *string `json:"gecos,omitempty"` + Groups []Group `json:"groups,omitempty"` + HomeDir *string `json:"homeDir,omitempty"` + Name string `json:"name"` + NoCreateHome *bool `json:"noCreateHome,omitempty"` + NoLogInit *bool `json:"noLogInit,omitempty"` + NoUserGroup *bool `json:"noUserGroup,omitempty"` + PasswordHash *string `json:"passwordHash,omitempty"` + PrimaryGroup *string `json:"primaryGroup,omitempty"` + SSHAuthorizedKeys []SSHAuthorizedKey `json:"sshAuthorizedKeys,omitempty"` + Shell *string `json:"shell,omitempty"` + System *bool `json:"system,omitempty"` + UID *int `json:"uid,omitempty"` +} + +type Raid struct { + Devices []Device `json:"devices"` + Level string `json:"level"` + Name string `json:"name"` + Options []RaidOption `json:"options,omitempty"` + Spares *int `json:"spares,omitempty"` +} + +type RaidOption string + +type SSHAuthorizedKey string + +type Security struct { + TLS TLS `json:"tls,omitempty"` +} + +type Storage struct { + Directories []Directory `json:"directories,omitempty"` + Disks []Disk `json:"disks,omitempty"` + Files []File `json:"files,omitempty"` + Filesystems []Filesystem `json:"filesystems,omitempty"` + Links []Link `json:"links,omitempty"` + Raid []Raid `json:"raid,omitempty"` +} + +type Systemd struct { + Units []Unit `json:"units,omitempty"` +} + +type TLS struct { + CertificateAuthorities []CaReference `json:"certificateAuthorities,omitempty"` +} + +type Timeouts struct { + HTTPResponseHeaders *int `json:"httpResponseHeaders,omitempty"` + HTTPTotal *int `json:"httpTotal,omitempty"` +} + +type Unit struct { + Contents *string `json:"contents,omitempty"` + Dropins []Dropin `json:"dropins,omitempty"` + Enabled *bool `json:"enabled,omitempty"` + Mask *bool `json:"mask,omitempty"` + Name string `json:"name"` +} + +type Verification struct { + Hash *string `json:"hash,omitempty"` +} diff --git a/vendor/github.com/coreos/ignition/config/v1/types/systemd.go b/vendor/github.com/coreos/ignition/config/v3_0/types/storage.go similarity index 75% rename from vendor/github.com/coreos/ignition/config/v1/types/systemd.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/storage.go index 97194b9115..d9a4c554a1 100644 --- a/vendor/github.com/coreos/ignition/config/v1/types/systemd.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/storage.go @@ -1,4 +1,4 @@ -// Copyright 2016 CoreOS, Inc. +// Copyright 2019 Red Hat, Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -14,6 +14,10 @@ package types -type Systemd struct { - Units []SystemdUnit `json:"units,omitempty"` +func (s Storage) MergedKeys() map[string]string { + return map[string]string{ + "Directories": "Node", + "Files": "Node", + "Links": "Node", + } } diff --git a/vendor/github.com/coreos/ignition/config/v2_1/types/unit.go b/vendor/github.com/coreos/ignition/config/v3_0/types/unit.go similarity index 51% rename from vendor/github.com/coreos/ignition/config/v2_1/types/unit.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/unit.go index 07e6fe6f5c..9f6d1a9818 100644 --- a/vendor/github.com/coreos/ignition/config/v2_1/types/unit.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/unit.go @@ -26,81 +26,53 @@ import ( "github.com/coreos/ignition/config/validate/report" ) -func (u Unit) ValidateContents() report.Report { - r := report.Report{} +func (u Unit) Key() string { + return u.Name +} + +func (d Dropin) Key() string { + return d.Name +} + +func (u Unit) ValidateContents() (r report.Report) { opts, err := validateUnitContent(u.Contents) - if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } + r.AddOnError(err) - isEnabled := u.Enable || (u.Enabled != nil && *u.Enabled) - r.Merge(validations.ValidateInstallSection(u.Name, isEnabled, u.Contents == "", opts)) + isEnabled := u.Enabled != nil && *u.Enabled + r.Merge(validations.ValidateInstallSection(u.Name, isEnabled, (u.Contents == nil || *u.Contents == ""), opts)) return r } -func (u Unit) ValidateName() report.Report { - r := report.Report{} +func (u Unit) ValidateName() (r report.Report) { switch path.Ext(u.Name) { case ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice", ".scope": default: - r.Add(report.Entry{ - Message: errors.ErrInvalidSystemdExt.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrInvalidSystemdExt) } - return r + return } func (d Dropin) Validate() report.Report { r := report.Report{} - if _, err := validateUnitContent(d.Contents); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } + _, err := validateUnitContent(d.Contents) + r.AddOnError(err) switch path.Ext(d.Name) { case ".conf": default: - r.Add(report.Entry{ - Message: errors.ErrInvalidSystemdDropinExt.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrInvalidSystemdDropinExt) } return r } -func (u Networkdunit) Validate() report.Report { - r := report.Report{} - - if _, err := validateUnitContent(u.Contents); err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - } - - switch path.Ext(u.Name) { - case ".link", ".netdev", ".network": - default: - r.Add(report.Entry{ - Message: errors.ErrInvalidNetworkdExt.Error(), - Kind: report.EntryError, - }) +func validateUnitContent(content *string) ([]*unit.UnitOption, error) { + if content == nil { + return []*unit.UnitOption{}, nil } - - return r -} - -func validateUnitContent(content string) ([]*unit.UnitOption, error) { - c := strings.NewReader(content) + c := strings.NewReader(*content) opts, err := unit.Deserialize(c) if err != nil { return nil, fmt.Errorf("invalid unit content: %s", err) diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/url.go b/vendor/github.com/coreos/ignition/config/v3_0/types/url.go similarity index 85% rename from vendor/github.com/coreos/ignition/config/v2_2/types/url.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/url.go index 2e90ff6d07..008cf68bd0 100644 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/url.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/url.go @@ -33,7 +33,14 @@ func validateURL(s string) error { } switch u.Scheme { - case "http", "https", "oem", "tftp", "s3": + case "http", "https", "tftp": + return nil + case "s3": + if v, ok := u.Query()["versionId"]; ok { + if len(v) == 0 || v[0] == "" { + return errors.ErrInvalidS3ObjectVersionId + } + } return nil case "data": if _, err := dataurl.DecodeString(s); err != nil { diff --git a/vendor/github.com/coreos/ignition/config/v2_2/types/verification.go b/vendor/github.com/coreos/ignition/config/v3_0/types/verification.go similarity index 77% rename from vendor/github.com/coreos/ignition/config/v2_2/types/verification.go rename to vendor/github.com/coreos/ignition/config/v3_0/types/verification.go index 51e7d1550a..5b9a81efe5 100644 --- a/vendor/github.com/coreos/ignition/config/v2_2/types/verification.go +++ b/vendor/github.com/coreos/ignition/config/v3_0/types/verification.go @@ -38,40 +38,29 @@ func (v Verification) HashParts() (string, string, error) { return parts[0], parts[1], nil } -func (v Verification) Validate() report.Report { - r := report.Report{} - +func (v Verification) Validate() (r report.Report) { if v.Hash == nil { // The hash can be nil - return r + return } function, sum, err := v.HashParts() if err != nil { - r.Add(report.Entry{ - Message: err.Error(), - Kind: report.EntryError, - }) - return r + r.AddOnError(err) + return } var hash crypto.Hash switch function { case "sha512": hash = crypto.SHA512 default: - r.Add(report.Entry{ - Message: errors.ErrHashUnrecognized.Error(), - Kind: report.EntryError, - }) - return r + r.AddOnError(errors.ErrHashUnrecognized) + return } if len(sum) != hex.EncodedLen(hash.Size()) { - r.Add(report.Entry{ - Message: errors.ErrHashWrongSize.Error(), - Kind: report.EntryError, - }) + r.AddOnError(errors.ErrHashWrongSize) } - return r + return } diff --git a/vendor/github.com/coreos/ignition/config/validate/astjson/node.go b/vendor/github.com/coreos/ignition/config/validate/astjson/node.go index 6735fa0ab3..85279e50a2 100644 --- a/vendor/github.com/coreos/ignition/config/validate/astjson/node.go +++ b/vendor/github.com/coreos/ignition/config/validate/astjson/node.go @@ -15,11 +15,9 @@ package astjson import ( - "io" - json "github.com/ajeddeloh/go-json" "github.com/coreos/ignition/config/validate/astnode" - "go4.org/errorutil" + "github.com/coreos/ignition/config/validate/util" ) type JsonNode json.Node @@ -28,11 +26,11 @@ func FromJsonRoot(n json.Node) JsonNode { return JsonNode(n) } -func (n JsonNode) ValueLineCol(source io.ReadSeeker) (int, int, string) { +func (n JsonNode) ValueLineCol(source []byte) (int, int, string) { return posFromOffset(n.End, source) } -func (n JsonNode) KeyLineCol(source io.ReadSeeker) (int, int, string) { +func (n JsonNode) KeyLineCol(source []byte) (int, int, string) { return posFromOffset(n.KeyEnd, source) } @@ -63,11 +61,9 @@ func (n JsonNode) Tag() string { } // wrapper for errorutil that handles missing sources sanely and resets the reader afterwards -func posFromOffset(offset int, source io.ReadSeeker) (int, int, string) { +func posFromOffset(offset int, source []byte) (int, int, string) { if source == nil { return 0, 0, "" } - line, col, highlight := errorutil.HighlightBytePosition(source, int64(offset)) - source.Seek(0, 0) // Reset the reader to the start so the next call isn't relative to this position - return line, col, highlight + return util.Highlight(source, int64(offset)) } diff --git a/vendor/github.com/coreos/ignition/config/validate/astnode/astnode.go b/vendor/github.com/coreos/ignition/config/validate/astnode/astnode.go index d1c1d9c242..db19d09fc0 100644 --- a/vendor/github.com/coreos/ignition/config/validate/astnode/astnode.go +++ b/vendor/github.com/coreos/ignition/config/validate/astnode/astnode.go @@ -14,20 +14,16 @@ package astnode -import ( - "io" -) - // AstNode abstracts the differences between yaml and json nodes, providing a // common interface type AstNode interface { // ValueLineCol returns the line, column, and highlight string of the value of // this node in the source. - ValueLineCol(source io.ReadSeeker) (int, int, string) + ValueLineCol(source []byte) (int, int, string) // KeyLineCol returns the line, column, and highlight string of the key for the // value of this node in the source. - KeyLineCol(source io.ReadSeeker) (int, int, string) + KeyLineCol(source []byte) (int, int, string) // LiteralValue returns the value of this node. LiteralValue() interface{} diff --git a/vendor/github.com/coreos/ignition/config/validate/report/report.go b/vendor/github.com/coreos/ignition/config/validate/report/report.go index e0d4fed8dc..18aec1ef9d 100644 --- a/vendor/github.com/coreos/ignition/config/validate/report/report.go +++ b/vendor/github.com/coreos/ignition/config/validate/report/report.go @@ -43,6 +43,33 @@ func ReportFromError(err error, severity entryKind) Report { } } +// Helpers to cut verbosity +func (r *Report) addFromError(err error, severity entryKind) { + if err == nil { + return + } + r.Add(Entry{ + Kind: severity, + Message: err.Error(), + }) +} + +func (r *Report) AddOnError(err error) { + r.addFromError(err, EntryError) +} + +func (r *Report) AddOnWarning(err error) { + r.addFromError(err, EntryWarning) +} + +func (r *Report) AddOnInfo(err error) { + r.addFromError(err, EntryInfo) +} + +func (r *Report) AddOnDeprecated(err error) { + r.addFromError(err, EntryDeprecated) +} + // Sort sorts the entries by line number, then column number func (r *Report) Sort() { sort.Sort(entries(r.Entries)) diff --git a/vendor/github.com/coreos/ignition/config/validate/util/highlight.go b/vendor/github.com/coreos/ignition/config/validate/util/highlight.go new file mode 100644 index 0000000000..f1560e1b4c --- /dev/null +++ b/vendor/github.com/coreos/ignition/config/validate/util/highlight.go @@ -0,0 +1,43 @@ +// Copyright 2015 Red Hat, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package util + +import ( + "fmt" + "strings" +) + +func Highlight(srcb []byte, offset int64) (int, int, string) { + src := string(srcb) + + startOfLine := strings.LastIndex(src[:offset], "\n") + 1 + if startOfLine == len(src) { + startOfLine-- + } + + endOfLine := strings.Index(src[offset:], "\n") + if endOfLine == -1 { + endOfLine = len(src) - 1 + } else { + endOfLine += int(offset) + } + + line := strings.Count(src[:offset], "\n") + 1 + col := int(offset) - startOfLine + 1 + + lineh := strings.Replace(src[startOfLine:endOfLine], "\t", " ", -1) + highlight := fmt.Sprintf("%s\n%s^\n", lineh, strings.Repeat(" ", col-1)) + return line, col, highlight +} diff --git a/vendor/github.com/coreos/ignition/config/validate/validate.go b/vendor/github.com/coreos/ignition/config/validate/validate.go index 12f9bf205f..bcb92895e5 100644 --- a/vendor/github.com/coreos/ignition/config/validate/validate.go +++ b/vendor/github.com/coreos/ignition/config/validate/validate.go @@ -15,13 +15,12 @@ package validate import ( - "bytes" "fmt" - "io" "reflect" "strings" json "github.com/ajeddeloh/go-json" + "github.com/coreos/ignition/config/util" "github.com/coreos/ignition/config/validate/astjson" "github.com/coreos/ignition/config/validate/astnode" "github.com/coreos/ignition/config/validate/report" @@ -44,7 +43,7 @@ func ValidateConfig(rawConfig []byte, config interface{}) report.Report { }) r.Merge(ValidateWithoutSource(configValue)) } else { - r.Merge(Validate(configValue, astjson.FromJsonRoot(ast), bytes.NewReader(rawConfig), true)) + r.Merge(Validate(configValue, astjson.FromJsonRoot(ast), rawConfig, true)) } return r } @@ -52,7 +51,7 @@ func ValidateConfig(rawConfig []byte, config interface{}) report.Report { // Validate walks down a struct tree calling Validate on every node that implements it, building // A report of all the errors, warnings, info, and deprecations it encounters. If checkUnusedKeys // is true, Validate will generate warnings for unused keys in the ast, otherwise it will not. -func Validate(vObj reflect.Value, ast astnode.AstNode, source io.ReadSeeker, checkUnusedKeys bool) (r report.Report) { +func Validate(vObj reflect.Value, ast astnode.AstNode, source []byte, checkUnusedKeys bool) (r report.Report) { if !vObj.IsValid() { return } @@ -134,7 +133,7 @@ func getFields(vObj reflect.Value) []field { return ret } -func validateStruct(vObj reflect.Value, ast astnode.AstNode, source io.ReadSeeker, checkUnusedKeys bool) report.Report { +func validateStruct(vObj reflect.Value, ast astnode.AstNode, source []byte, checkUnusedKeys bool) report.Report { r := report.Report{} // isFromObject will be true if this struct was unmarshalled from a JSON object. @@ -149,12 +148,28 @@ func validateStruct(vObj reflect.Value, ast astnode.AstNode, source io.ReadSeeke // Maintain a list of all the tags in the struct for fuzzy matching later. tags := []string{} + // We need to do duplication checking at the struct level even though its lists that can't have duplicates. + // This is because some parts (i.e. links, files, dirs) can't have duplicates across the sum of all their members. + // map of field names to sets of strings from Key() + dupLists := map[string]map[string]struct{}{} + // List of fields that are lists that cannot include duplicates across themselves. Use the first element in the list + // to refer to the collective set + mergedKeys := map[string]string{} + if merger, ok := vObj.Interface().(util.MergesKeys); ok { + mergedKeys = merger.MergedKeys() + } + + ignoreDupsList := map[string]struct{}{} + if ignorer, ok := vObj.Interface().(util.IgnoresDups); ok { + ignoreDupsList = ignorer.IgnoreDuplicates() + } + for _, f := range getFields(vObj) { // Default to nil astnode.AstNode if the field's corrosponding node cannot be found. var sub_node astnode.AstNode // Default to passing a nil source if the field's corrosponding node cannot be found. // This ensures the line numbers reported from all sub-structs are 0 and will be changed by AddPosition - var src io.ReadSeeker + var src []byte // Try to determine the json.Node that corrosponds with the struct field if isFromObject { @@ -194,6 +209,48 @@ func validateStruct(vObj reflect.Value, ast astnode.AstNode, source io.ReadSeeke sub_report := Validate(f.Value, sub_node, src, checkUnusedKeys) sub_report.AddPosition(line, col, highlight) + + // duplicate checking time + if f.Value.Kind() == reflect.Slice { + // get the correct list of dups + dupListKey := f.Type.Name + if k, ok := mergedKeys[dupListKey]; ok { + dupListKey = k + } + if dupLists[dupListKey] == nil { + dupLists[dupListKey] = map[string]struct{}{} + } + + if _, ignored := ignoreDupsList[f.Type.Name]; !ignored { + for i := 0; i < f.Value.Len(); i++ { + key := "" + if f.Value.Index(i).Kind() == reflect.String { + key = f.Value.Index(i).Convert(reflect.TypeOf("")).Interface().(string) + } else { + key = f.Value.Index(i).Interface().(util.Keyed).Key() + } + if _, alreadyDefined := dupLists[dupListKey][key]; alreadyDefined { + // duplicate entry! + line, col, highlight := 0, 0, "" + if sub_node != nil { + sub_sub_node, ok := sub_node.SliceChild(i) + if sub_sub_node != nil && ok { + line, col, highlight = sub_sub_node.ValueLineCol(src) + } + } + sub_report.Add(report.Entry{ + Message: fmt.Sprintf("Entry defined by %q is already defined in this config", key), + Kind: report.EntryError, + Line: line, + Column: col, + Highlight: highlight, + }) + } + dupLists[dupListKey][key] = struct{}{} + } + } + } + r.Merge(sub_report) } if !isFromObject || !checkUnusedKeys { diff --git a/vendor/github.com/spf13/cobra/cobra/cmd/license_agpl.go b/vendor/github.com/spf13/cobra/cobra/cmd/license_agpl.go new file mode 100644 index 0000000000..bc22e9732b --- /dev/null +++ b/vendor/github.com/spf13/cobra/cobra/cmd/license_agpl.go @@ -0,0 +1,683 @@ +package cmd + +func initAgpl() { + Licenses["agpl"] = License{ + Name: "GNU Affero General Public License", + PossibleMatches: []string{"agpl", "affero gpl", "gnu agpl"}, + Header: ` +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see .`, + Text: ` GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. +`, + } +} diff --git a/vendor/go4.org/LICENSE b/vendor/github.com/spf13/cobra/cobra/cmd/license_apache_2.go similarity index 88% rename from vendor/go4.org/LICENSE rename to vendor/github.com/spf13/cobra/cobra/cmd/license_apache_2.go index 8f71f43fee..38393d5417 100644 --- a/vendor/go4.org/LICENSE +++ b/vendor/github.com/spf13/cobra/cobra/cmd/license_apache_2.go @@ -1,3 +1,37 @@ +// Copyright © 2015 Steve Francia . +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Parts inspired by https://github.com/ryanuber/go-license + +package cmd + +func initApache2() { + Licenses["apache"] = License{ + Name: "Apache 2.0", + PossibleMatches: []string{"apache", "apache20", "apache 2.0", "apache2.0", "apache-2.0"}, + Header: ` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License.`, + Text: ` Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ @@ -178,7 +212,7 @@ APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" + boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a @@ -186,7 +220,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright {yyyy} {name of copyright owner} + Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -199,4 +233,6 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - +`, + } +} diff --git a/vendor/github.com/spf13/cobra/cobra/cmd/license_bsd_clause_2.go b/vendor/github.com/spf13/cobra/cobra/cmd/license_bsd_clause_2.go new file mode 100644 index 0000000000..4a847e04a0 --- /dev/null +++ b/vendor/github.com/spf13/cobra/cobra/cmd/license_bsd_clause_2.go @@ -0,0 +1,71 @@ +// Copyright © 2015 Steve Francia . +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Parts inspired by https://github.com/ryanuber/go-license + +package cmd + +func initBsdClause2() { + Licenses["freebsd"] = License{ + Name: "Simplified BSD License", + PossibleMatches: []string{"freebsd", "simpbsd", "simple bsd", "2-clause bsd", + "2 clause bsd", "simplified bsd license"}, + Header: `All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE.`, + Text: `{{ .copyright }} +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +`, + } +} diff --git a/vendor/github.com/spf13/cobra/cobra/cmd/license_bsd_clause_3.go b/vendor/github.com/spf13/cobra/cobra/cmd/license_bsd_clause_3.go new file mode 100644 index 0000000000..c7476b31f5 --- /dev/null +++ b/vendor/github.com/spf13/cobra/cobra/cmd/license_bsd_clause_3.go @@ -0,0 +1,78 @@ +// Copyright © 2015 Steve Francia . +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Parts inspired by https://github.com/ryanuber/go-license + +package cmd + +func initBsdClause3() { + Licenses["bsd"] = License{ + Name: "NewBSD", + PossibleMatches: []string{"bsd", "newbsd", "3 clause bsd", "3-clause bsd"}, + Header: `All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE.`, + Text: `{{ .copyright }} +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +`, + } +} diff --git a/vendor/github.com/spf13/cobra/cobra/cmd/license_gpl_2.go b/vendor/github.com/spf13/cobra/cobra/cmd/license_gpl_2.go new file mode 100644 index 0000000000..03e05b3a7e --- /dev/null +++ b/vendor/github.com/spf13/cobra/cobra/cmd/license_gpl_2.go @@ -0,0 +1,376 @@ +// Copyright © 2015 Steve Francia . +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Parts inspired by https://github.com/ryanuber/go-license + +package cmd + +func initGpl2() { + Licenses["gpl2"] = License{ + Name: "GNU General Public License 2.0", + PossibleMatches: []string{"gpl2", "gnu gpl2", "gplv2"}, + Header: ` +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU Lesser General Public License +along with this program. If not, see .`, + Text: ` GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type 'show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type 'show c' for details. + +The hypothetical commands 'show w' and 'show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than 'show w' and 'show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + 'Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. +`, + } +} diff --git a/vendor/github.com/spf13/cobra/cobra/cmd/license_gpl_3.go b/vendor/github.com/spf13/cobra/cobra/cmd/license_gpl_3.go new file mode 100644 index 0000000000..ce07679c77 --- /dev/null +++ b/vendor/github.com/spf13/cobra/cobra/cmd/license_gpl_3.go @@ -0,0 +1,711 @@ +// Copyright © 2015 Steve Francia . +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Parts inspired by https://github.com/ryanuber/go-license + +package cmd + +func initGpl3() { + Licenses["gpl3"] = License{ + Name: "GNU General Public License 3.0", + PossibleMatches: []string{"gpl3", "gplv3", "gpl", "gnu gpl3", "gnu gpl"}, + Header: ` +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see .`, + Text: ` GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type 'show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type 'show c' for details. + +The hypothetical commands 'show w' and 'show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. +`, + } +} diff --git a/vendor/github.com/spf13/cobra/cobra/cmd/license_lgpl.go b/vendor/github.com/spf13/cobra/cobra/cmd/license_lgpl.go new file mode 100644 index 0000000000..0f8b96cad0 --- /dev/null +++ b/vendor/github.com/spf13/cobra/cobra/cmd/license_lgpl.go @@ -0,0 +1,186 @@ +package cmd + +func initLgpl() { + Licenses["lgpl"] = License{ + Name: "GNU Lesser General Public License", + PossibleMatches: []string{"lgpl", "lesser gpl", "gnu lgpl"}, + Header: ` +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Lesser General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public License +along with this program. If not, see .`, + Text: ` GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this + License, and the Corresponding Application Code in a form + suitable for, and under terms that permit, the user to + recombine or relink the Application with a modified version of + the Linked Version to produce a modified Combined Work, in the + manner specified by section 6 of the GNU GPL for conveying + Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (a) uses at run time + a copy of the Library already present on the user's computer + system, and (b) will operate properly with a modified version + of the Library that is interface-compatible with the Linked + Version. + + e) Provide Installation Information, but only if you would otherwise + be required to provide such information under section 6 of the + GNU GPL, and only to the extent that such information is + necessary to install and execute a modified version of the + Combined Work produced by recombining or relinking the + Application with a modified version of the Linked Version. (If + you use option 4d0, the Installation Information must accompany + the Minimal Corresponding Source and Corresponding Application + Code. If you use option 4d1, you must provide the Installation + Information in the manner specified by section 6 of the GNU GPL + for conveying Corresponding Source.) + + 5. Combined Libraries. + + You may place library facilities that are a work based on the +Library side by side in a single library together with other library +facilities that are not Applications and are not covered by this +License, and convey such a combined library under terms of your +choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities, + conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it + is a work based on the Library, and explaining where to find the + accompanying uncombined form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + + The Free Software Foundation may publish revised and/or new versions +of the GNU Lesser General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Library as you received it specifies that a certain numbered version +of the GNU Lesser General Public License "or any later version" +applies to it, you have the option of following the terms and +conditions either of that published version or of any later version +published by the Free Software Foundation. If the Library as you +received it does not specify a version number of the GNU Lesser +General Public License, you may choose any version of the GNU Lesser +General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide +whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is +permanent authorization for you to choose that version for the +Library.`, + } +} diff --git a/vendor/github.com/spf13/cobra/cobra/cmd/license_mit.go b/vendor/github.com/spf13/cobra/cobra/cmd/license_mit.go new file mode 100644 index 0000000000..bd2d0c4fa8 --- /dev/null +++ b/vendor/github.com/spf13/cobra/cobra/cmd/license_mit.go @@ -0,0 +1,63 @@ +// Copyright © 2015 Steve Francia . +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Parts inspired by https://github.com/ryanuber/go-license + +package cmd + +func initMit() { + Licenses["mit"] = License{ + Name: "MIT License", + PossibleMatches: []string{"mit"}, + Header: ` +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE.`, + Text: `The MIT License (MIT) + +{{ .copyright }} + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +`, + } +} diff --git a/vendor/github.com/spf13/cobra/cobra/cmd/licenses.go b/vendor/github.com/spf13/cobra/cobra/cmd/licenses.go new file mode 100644 index 0000000000..a070134ddc --- /dev/null +++ b/vendor/github.com/spf13/cobra/cobra/cmd/licenses.go @@ -0,0 +1,118 @@ +// Copyright © 2015 Steve Francia . +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Parts inspired by https://github.com/ryanuber/go-license + +package cmd + +import ( + "strings" + "time" + + "github.com/spf13/viper" +) + +// Licenses contains all possible licenses a user can choose from. +var Licenses = make(map[string]License) + +// License represents a software license agreement, containing the Name of +// the license, its possible matches (on the command line as given to cobra), +// the header to be used with each file on the file's creating, and the text +// of the license +type License struct { + Name string // The type of license in use + PossibleMatches []string // Similar names to guess + Text string // License text data + Header string // License header for source files +} + +func init() { + // Allows a user to not use a license. + Licenses["none"] = License{"None", []string{"none", "false"}, "", ""} + + initApache2() + initMit() + initBsdClause3() + initBsdClause2() + initGpl2() + initGpl3() + initLgpl() + initAgpl() +} + +// getLicense returns license specified by user in flag or in config. +// If user didn't specify the license, it returns Apache License 2.0. +// +// TODO: Inspect project for existing license +func getLicense() License { + // If explicitly flagged, use that. + if userLicense != "" { + return findLicense(userLicense) + } + + // If user wants to have custom license, use that. + if viper.IsSet("license.header") || viper.IsSet("license.text") { + return License{Header: viper.GetString("license.header"), + Text: viper.GetString("license.text")} + } + + // If user wants to have built-in license, use that. + if viper.IsSet("license") { + return findLicense(viper.GetString("license")) + } + + // If user didn't set any license, use Apache 2.0 by default. + return Licenses["apache"] +} + +func copyrightLine() string { + author := viper.GetString("author") + + year := viper.GetString("year") // For tests. + if year == "" { + year = time.Now().Format("2006") + } + + return "Copyright © " + year + " " + author +} + +// findLicense looks for License object of built-in licenses. +// If it didn't find license, then the app will be terminated and +// error will be printed. +func findLicense(name string) License { + found := matchLicense(name) + if found == "" { + er("unknown license: " + name) + } + return Licenses[found] +} + +// matchLicense compares the given a license name +// to PossibleMatches of all built-in licenses. +// It returns blank string, if name is blank string or it didn't find +// then appropriate match to name. +func matchLicense(name string) string { + if name == "" { + return "" + } + + for key, lic := range Licenses { + for _, match := range lic.PossibleMatches { + if strings.EqualFold(name, match) { + return key + } + } + } + + return "" +} diff --git a/vendor/go4.org/AUTHORS b/vendor/go4.org/AUTHORS deleted file mode 100644 index d1ad485f52..0000000000 --- a/vendor/go4.org/AUTHORS +++ /dev/null @@ -1,8 +0,0 @@ -# This is the official list of go4 authors for copyright purposes. -# This is distinct from the CONTRIBUTORS file, which is the list of -# people who have contributed, even if they don't own the copyright on -# their work. - -Mathieu Lonjaret -Daniel Theophanes -Google diff --git a/vendor/go4.org/errorutil/highlight.go b/vendor/go4.org/errorutil/highlight.go deleted file mode 100644 index 1b1efb0f68..0000000000 --- a/vendor/go4.org/errorutil/highlight.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2011 Google Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package errorutil helps make better error messages. -package errorutil // import "go4.org/errorutil" - -import ( - "bufio" - "bytes" - "fmt" - "io" - "strings" -) - -// HighlightBytePosition takes a reader and the location in bytes of a parse -// error (for instance, from json.SyntaxError.Offset) and returns the line, column, -// and pretty-printed context around the error with an arrow indicating the exact -// position of the syntax error. -func HighlightBytePosition(f io.Reader, pos int64) (line, col int, highlight string) { - line = 1 - br := bufio.NewReader(f) - lastLine := "" - thisLine := new(bytes.Buffer) - for n := int64(0); n < pos; n++ { - b, err := br.ReadByte() - if err != nil { - break - } - if b == '\n' { - lastLine = thisLine.String() - thisLine.Reset() - line++ - col = 1 - } else { - col++ - thisLine.WriteByte(b) - } - } - if line > 1 { - highlight += fmt.Sprintf("%5d: %s\n", line-1, lastLine) - } - highlight += fmt.Sprintf("%5d: %s\n", line, thisLine.String()) - highlight += fmt.Sprintf("%s^\n", strings.Repeat(" ", col+5)) - return -}