From 3a68e991be9ea9e3c568c4a50426f73b73f5f959 Mon Sep 17 00:00:00 2001 From: Matthew Barnes Date: Mon, 18 Mar 2024 09:57:53 -0400 Subject: [PATCH] api: Synchronize with API specification This uses OpenShift API types for the internal representation of a cluster's ExternalAuths. The types are not a 100% match to our representation (data is stored in what are supposed to be config map or secret name references) but it's close enough. Adds a dependency on github.com/openshift/api. --- go.work.sum | 21 ++ internal/api/enums.go | 40 +++ internal/api/enums_test.go | 65 ++++ internal/api/hcpopenshiftcluster.go | 140 ++++---- internal/api/hcpopenshiftclusternodepool.go | 28 ++ internal/api/registry.go | 8 - internal/api/v20240610preview/enums.go | 46 ++- internal/api/v20240610preview/enums_test.go | 65 ++++ .../v20240610preview/hcpopenshiftcluster.go | 165 ++++++--- .../hcpopenshiftcluster_methods.go | 340 ++++++++++++++---- .../hcpopenshiftclusternodepool.go | 33 +- .../hcpopenshiftclusternodepool_methods.go | 44 ++- .../api/v20240610preview/nodepoolprofile.go | 32 -- .../nodepoolprofile_methods.go | 60 ---- internal/go.mod | 24 +- internal/go.sum | 93 +++++ 16 files changed, 912 insertions(+), 292 deletions(-) create mode 100644 go.work.sum delete mode 100644 internal/api/v20240610preview/nodepoolprofile.go delete mode 100644 internal/api/v20240610preview/nodepoolprofile_methods.go diff --git a/go.work.sum b/go.work.sum new file mode 100644 index 000000000..f533cb0bc --- /dev/null +++ b/go.work.sum @@ -0,0 +1,21 @@ +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/internal/api/enums.go b/internal/api/enums.go index caaeaa27f..2cbf6757f 100644 --- a/internal/api/enums.go +++ b/internal/api/enums.go @@ -5,6 +5,46 @@ package api import "fmt" +// NetworkType represents an OpenShift cluster network plugin. +type NetworkType int + +const ( + NetworkTypeOpenShiftSDN NetworkType = iota + NetworkTypeOVNKubernetes + + NetworkTypeOther // catch-all, must be last +) + +func (v NetworkType) String() string { + switch v { + case NetworkTypeOpenShiftSDN: + return "OpenShiftSDN" + case NetworkTypeOVNKubernetes: + return "OVNKubernetes" + default: + return "Other" + } +} + +func (v NetworkType) MarshalText() (text []byte, err error) { + // NetworkTypeOther is a catch-all value. + text = []byte(v.String()) + return +} + +func (v *NetworkType) UnmarshalText(text []byte) error { + for i := range NetworkTypeOther { + if i.String() == string(text) { + *v = i + return nil + } + } + + // NetworkTypeOther is a catch-all value. + *v = NetworkTypeOther + return nil +} + // OutboundType represents a routing strategy to provide egress to the Internet. type OutboundType int diff --git a/internal/api/enums_test.go b/internal/api/enums_test.go index 505305290..5ed5966c6 100644 --- a/internal/api/enums_test.go +++ b/internal/api/enums_test.go @@ -10,6 +10,71 @@ import ( "testing" ) +func TestNetworkType(t *testing.T) { + // Ensure NetworkType implementes these interfaces + var i NetworkType + _ = fmt.Stringer(i) + _ = encoding.TextMarshaler(i) + _ = encoding.TextUnmarshaler(&i) + + for _, tt := range []struct { + name string + val int + str string + skipMarshal bool + skipUnmarshal bool + }{ + { + name: "NetworkTypeOpenShiftSDN", + val: int(NetworkTypeOpenShiftSDN), + str: fmt.Sprintf("%q", NetworkTypeOpenShiftSDN), + }, + { + name: "NetworkTypeOVNKubernetes", + val: int(NetworkTypeOVNKubernetes), + str: fmt.Sprintf("%q", NetworkTypeOVNKubernetes), + }, + { + name: "NetworkTypeOther", + val: int(NetworkTypeOther), + str: fmt.Sprintf("%q", NetworkTypeOther), + }, + { + name: "Unknown NetworkType string", + val: int(NetworkTypeOther), + str: "\"unknown\"", + skipMarshal: true, + }, + { + name: "Unknown NetworkType value", + val: -1, + str: fmt.Sprintf("%q", NetworkTypeOther), + skipUnmarshal: true, + }, + } { + if !tt.skipMarshal { + t.Logf("Marshaling %d", tt.val) + data, err := json.Marshal(NetworkType(tt.val)) + if err != nil { + t.Fatalf("Marshal: Unexpected error: %s", err) + } else if string(data) != tt.str { + t.Fatalf("Marshal: Expected %s, got %s", tt.str, string(data)) + } + } + + if !tt.skipUnmarshal { + var val NetworkType + t.Logf("Unmarshaling %s", tt.str) + err := json.Unmarshal([]byte(tt.str), &val) + if err != nil { + t.Fatalf("Unmarshal: Unexpected error: %s", err) + } else if int(val) != tt.val { + t.Fatalf("Unmarshal: Expected %d, got %d", tt.val, val) + } + } + } +} + func TestOutboundType(t *testing.T) { // Ensure OutboundType implements these interfaces var i OutboundType diff --git a/internal/api/hcpopenshiftcluster.go b/internal/api/hcpopenshiftcluster.go index ec268c598..c50586a0d 100644 --- a/internal/api/hcpopenshiftcluster.go +++ b/internal/api/hcpopenshiftcluster.go @@ -6,6 +6,8 @@ package api import ( "net" + configv1 "github.com/openshift/api/config/v1" + "github.com/Azure/ARO-HCP/internal/api/arm" "github.com/Azure/ARO-HCP/internal/api/json" ) @@ -19,106 +21,102 @@ type HCPOpenShiftCluster struct { // HCPOpenShiftClusterProperties represents the property bag of a HCPOpenShiftCluster resource. type HCPOpenShiftClusterProperties struct { ProvisioningState arm.ProvisioningState `json:"provisioningState,omitempty" visibility:"read"` - ClusterProfile ClusterProfile `json:"clusterProfile,omitempty" visibility:"read,create,update"` - ProxyProfile ProxyProfile `json:"proxyProfile,omitempty" visibility:"read,create,update"` - APIProfile APIProfile `json:"apiProfile,omitempty" visibility:"read,create"` - ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty" visibility:"read,create,update"` - IngressProfile IngressProfile `json:"ingressProfile,omitempty" visibility:"read,create"` - NetworkProfile NetworkProfile `json:"networkProfile,omitempty" visibility:"read,create"` - NodePoolProfiles []*NodePoolProfile `json:"nodePoolProfiles,omitempty" visibility:"read"` - EtcdEncryption EtcdEncryptionProfile `json:"etcdEncryption,omitempty" visibility:"read,create"` + Spec ClusterSpec `json:"spec,omitempty" visibility:"read,create,update"` } -// ClusterProfile represents a high level cluster configuration. -type ClusterProfile struct { - ControlPlaneVersion string `json:"controlPlaneVersion,omitempty" visibility:"read,create,update"` - SubnetID string `json:"subnetId,omitempty" visibility:"read,create"` - ManagedResourceGroup string `json:"managedResourceGroup,omitempty" visibility:"read,create"` - OIDCIssuerURL json.URL `json:"oidcIssuerUrl,omitempty" visibility:"read"` +// ClusterSpec represents a high level cluster configuration. +type ClusterSpec struct { + Version VersionProfile `json:"version,omitempty" visibility:"read,create,update"` + DNS DNSProfile `json:"dns,omitempty" visibility:"read,create,update"` + Network NetworkProfile `json:"network,omitempty" visibility:"read,create"` + Console ConsoleProfile `json:"console,omitempty" visibility:"read"` + API APIProfile `json:"api,omitempty" visibility:"read,create"` + FIPS bool `json:"fips,omitempty" visibility:"read,create"` + EtcdEncryption bool `json:"etcdEncryption,omitempty" visibility:"read,create"` + DisableUserWorkloadMonitoring bool `json:"disableUserWorkloadMonitoring,omitempty" visibility:"read,create,update"` + Proxy ProxyProfile `json:"proxy,omitempty" visibility:"read,create,update"` + Platform PlatformProfile `json:"platform,omitempty" visibility:"read,create"` + IssuerURL json.URL `json:"issuerUrl,omitempty" visibility:"read"` + ExternalAuth ExternalAuthConfigProfile `json:"externalAuth,omitempty visibility:"read,create"` + Ingress []*IngressProfile `json:"ingressProfile,omitempty" visibility:"read,create"` } -// ProxyProfile represents the cluster proxy configuration. -// Visibility for the entire struct is "read,create,update". -type ProxyProfile struct { - HTTPProxy string `json:"httpProxy,omitempty"` - HTTPSProxy string `json:"httpsProxy,omitempty"` - NoProxy string `json:"noProxy,omitempty"` - TrustedCA string `json:"trustedCa,omitempty"` +// VersionProfile represents the cluster control plane version. +type VersionProfile struct { + ID string `json:"id,omitempty" visibility:"read,create,update"` + ChannelGroup string `json:"channelGroup,omitempty" visibility:"read,create"` + AvailableUpgrades []string `json:"availableUpgrades,omitempty" visibility:"read"` } -// APIProfile represents a cluster API server configuration. +// DNSProfile represents the DNS configuration of the cluster. +type DNSProfile struct { + BaseDomain string `json:"baseDomain,omitempty" visibility:"read"` + BaseDomainPrefix string `json:"baseDomainPrefix,omitempty" visibility:"read,create"` +} + +// NetworkProfile represents a cluster network configuration. // Visibility for the entire struct is "read,create". -type APIProfile struct { - URL json.URL `json:"url,omitempty"` - IP net.IP `json:"ip,omitempty"` - Visibility Visibility `json:"visibility,omitempty"` +type NetworkProfile struct { + NetworkType NetworkType `json:"networkType,omitempty"` + PodCIDR json.IPNet `json:"podCidr,omitempty"` + ServiceCIDR json.IPNet `json:"serviceCidr,omitempty"` + MachineCIDR json.IPNet `json:"machineCidr,omitempty"` + HostPrefix int32 `json:"hostPrefix,omitempty"` } // ConsoleProfile represents a cluster web console configuration. +// Visibility for the entire struct is "read". type ConsoleProfile struct { - URL json.URL `json:"url,omitempty" visibility:"read"` - FIPS bool `json:"fips,omitempty" visibility:"read,create,update"` + URL json.URL `json:"url,omitempty"` } -// IngressProfile represents a cluster ingress configuration. -type IngressProfile struct { - IP net.IP `json:"ip,omitempty" visibility:"read"` +// APIProfile represents a cluster API server configuration. +type APIProfile struct { URL json.URL `json:"url,omitempty" visibility:"read"` + IP net.IP `json:"ip,omitempty" visibility:"read"` Visibility Visibility `json:"visibility,omitempty" visibility:"read,create"` } -// NetworkProfile represents a cluster network configuration. -// Visibility for the entire struct is "read,create". -type NetworkProfile struct { - PodCIDR json.IPNet `json:"podCidr,omitempty"` - ServiceCIDR json.IPNet `json:"serviceCidr,omitempty"` - MachineCIDR json.IPNet `json:"machineCidr,omitempty"` - HostPrefix int32 `json:"hostPrefix,omitempty"` - OutboundType OutboundType `json:"outboundType,omitempty"` - PreconfiguredNSGs bool `json:"preconfiguredNsgs,omitempty"` +// ProxyProfile represents the cluster proxy configuration. +// Visibility for the entire struct is "read,create,update". +type ProxyProfile struct { + HTTPProxy string `json:"httpProxy,omitempty"` + HTTPSProxy string `json:"httpsProxy,omitempty"` + NoProxy string `json:"noProxy,omitempty"` + TrustedCA string `json:"trustedCa,omitempty"` } -// NodePoolAutoscaling represents a node pool autoscaling configuration. -// Visibility for the entire struct is "read". -type NodePoolAutoscaling struct { - MinReplicas int32 `json:"minReplicas,omitempty"` - MaxReplicas int32 `json:"maxReplicas,omitempty"` +// PlatformProfile represents the Azure platform configuration. +// Visibility for the entire struct is "read,create". +type PlatformProfile struct { + ManagedResourceGroup string `json:"managedResourceGroup,omitempty"` + SubnetID string `json:"subnetId,omitempty"` + OutboundType OutboundType `json:"outboundType,omitempty"` + PreconfiguredNSGs bool `json:"preconfiguredNsgs,omitempty"` + EtcdEncryptionSetID string `json:"etcdEncryptionSetId,omitempty"` } -// NodePoolProfile represents a worker node pool configuration. -// Visibility for the entire struct is "read". -type NodePoolProfile struct { - Name string `json:"name,omitempty"` - Version string `json:"version,omitempty"` - Labels []string `json:"labels,omitempty"` - Taints []string `json:"taints,omitempty"` - DiskSize int32 `json:"diskSize,omitempty"` - EphemeralOSDisk bool `json:"ephemeralOsDisk,omitempty"` - Replicas int32 `json:"replicas,omitempty"` - SubnetID string `json:"subnetId,omitempty"` - EncryptionAtHost bool `json:"encryptionAtHost,omitempty"` - AutoRepair bool `json:"autoRepair,omitempty"` - DiscEncryptionSetID string `json:"discEncryptionSetId,omitempty"` - TuningConfigs []string `json:"tuningConfigs,omitempty"` - AvailabilityZone string `json:"availabilityZone,omitempty"` - DiscStorageAccountType string `json:"discStorageAccountType,omitempty"` - VMSize string `json:"vmSize,omitempty"` - Autoscaling NodePoolAutoscaling `json:"autoscaling,omitempty"` +// ExternalAuthConfigProfile represents the external authentication configuration. +type ExternalAuthConfigProfile struct { + Enabled bool `json:"enabled,omitempty" visibility:"read,create"` + ExternalAuths []*configv1.OIDCProvider `json:"externalAuths,omitempty" visibility:"read"` } -// EtcdEncryptionProfile represents the configuration needed for customer -// provided keys to encrypt etcd storage. -// Visibility for the entire struct is "read,create". -type EtcdEncryptionProfile struct { - DiscEncryptionSetID string `json:"discEncryptionSetId,omitempty"` +// IngressProfile represents a cluster ingress configuration. +type IngressProfile struct { + IP net.IP `json:"ip,omitempty" visibility:"read"` + URL json.URL `json:"url,omitempty" visibility:"read"` + Visibility Visibility `json:"visibility,omitempty" visibility:"read,create"` } // Creates an HCPOpenShiftCluster with any non-zero default values. func NewDefaultHCPOpenShiftCluster() *HCPOpenShiftCluster { return &HCPOpenShiftCluster{ Properties: HCPOpenShiftClusterProperties{ - NetworkProfile: NetworkProfile{ - HostPrefix: 23, + Spec: ClusterSpec{ + Network: NetworkProfile{ + HostPrefix: 23, + }, }, }, } diff --git a/internal/api/hcpopenshiftclusternodepool.go b/internal/api/hcpopenshiftclusternodepool.go index b502b34ed..1c049092b 100644 --- a/internal/api/hcpopenshiftclusternodepool.go +++ b/internal/api/hcpopenshiftclusternodepool.go @@ -20,3 +20,31 @@ type HCPOpenShiftClusterNodePoolProperties struct { ProvisioningState arm.ProvisioningState `json:"provisioningState,omitempty" visibility:"read"` Profile NodePoolProfile `json:"profile,omitempty" visibility:"read,create,update"` } + +// NodePoolProfile represents a worker node pool configuration. +// Visibility for the entire struct is "read". +type NodePoolProfile struct { + Name string `json:"name,omitempty"` + Version string `json:"version,omitempty"` + Labels []string `json:"labels,omitempty"` + Taints []string `json:"taints,omitempty"` + DiskSize int32 `json:"diskSize,omitempty"` + EphemeralOSDisk bool `json:"ephemeralOsDisk,omitempty"` + Replicas int32 `json:"replicas,omitempty"` + SubnetID string `json:"subnetId,omitempty"` + EncryptionAtHost bool `json:"encryptionAtHost,omitempty"` + AutoRepair bool `json:"autoRepair,omitempty"` + DiscEncryptionSetID string `json:"discEncryptionSetId,omitempty"` + TuningConfigs []string `json:"tuningConfigs,omitempty"` + AvailabilityZone string `json:"availabilityZone,omitempty"` + DiscStorageAccountType string `json:"discStorageAccountType,omitempty"` + VMSize string `json:"vmSize,omitempty"` + Autoscaling NodePoolAutoscaling `json:"autoscaling,omitempty"` +} + +// NodePoolAutoscaling represents a node pool autoscaling configuration. +// Visibility for the entire struct is "read". +type NodePoolAutoscaling struct { + MinReplicas int32 `json:"minReplicas,omitempty"` + MaxReplicas int32 `json:"maxReplicas,omitempty"` +} diff --git a/internal/api/registry.go b/internal/api/registry.go index 3317da19c..8b9173c4c 100644 --- a/internal/api/registry.go +++ b/internal/api/registry.go @@ -13,18 +13,10 @@ type VersionedHCPOpenShiftClusterNodePool interface { ValidateStatic() error } -type VersionedNodePoolProfile interface { - Normalize(*NodePoolProfile) - ValidateStatic() error -} - type Version interface { // Resource Types NewHCPOpenShiftCluster(*HCPOpenShiftCluster) VersionedHCPOpenShiftCluster NewHCPOpenShiftClusterNodePool(*HCPOpenShiftClusterNodePool) VersionedHCPOpenShiftClusterNodePool - - // Component Types - NewNodePoolProfile(*NodePoolProfile) VersionedNodePoolProfile } // APIs is the map of registered API versions diff --git a/internal/api/v20240610preview/enums.go b/internal/api/v20240610preview/enums.go index cbdf16e0c..d9f79b90a 100644 --- a/internal/api/v20240610preview/enums.go +++ b/internal/api/v20240610preview/enums.go @@ -5,12 +5,53 @@ package v20240610preview import "fmt" +// NetworkType represents an OpenShift cluster network plugin. +type NetworkType int + +const ( + NetworkTypeOpenShiftSDN NetworkType = iota + NetworkTypeOVNKubernetes + + NetworkTypeOther // catch-all, must be last +) + +func (v NetworkType) String() string { + switch v { + case NetworkTypeOpenShiftSDN: + return "OpenShiftSDN" + case NetworkTypeOVNKubernetes: + return "OVNKubernetes" + default: + return "Other" + } +} + +func (v NetworkType) MarshalText() (text []byte, err error) { + // NetworkTypeOther is a catch-all value. + text = []byte(v.String()) + return +} + +func (v *NetworkType) UnmarshalText(text []byte) error { + for i := range NetworkTypeOther { + if i.String() == string(text) { + *v = i + return nil + } + } + + // NetworkTypeOther is a catch-all value. + *v = NetworkTypeOther + return nil +} + // OutboundType represents a routing strategy to provide egress to the Internet. type OutboundType int const ( OutboundTypeLoadBalancer OutboundType = iota - outboundTypeLength + + outboundTypeLength // private, must be last ) func (v OutboundType) String() string { @@ -47,7 +88,8 @@ type Visibility int const ( VisibilityPublic Visibility = iota VisibilityPrivate - visibilityLength + + visibilityLength // private, must be last ) func (v Visibility) String() string { diff --git a/internal/api/v20240610preview/enums_test.go b/internal/api/v20240610preview/enums_test.go index 842ffe714..7df01dc88 100644 --- a/internal/api/v20240610preview/enums_test.go +++ b/internal/api/v20240610preview/enums_test.go @@ -10,6 +10,71 @@ import ( "testing" ) +func TestNetworkType(t *testing.T) { + // Ensure NetworkType implementes these interfaces + var i NetworkType + _ = fmt.Stringer(i) + _ = encoding.TextMarshaler(i) + _ = encoding.TextUnmarshaler(&i) + + for _, tt := range []struct { + name string + val int + str string + skipMarshal bool + skipUnmarshal bool + }{ + { + name: "NetworkTypeOpenShiftSDN", + val: int(NetworkTypeOpenShiftSDN), + str: fmt.Sprintf("%q", NetworkTypeOpenShiftSDN), + }, + { + name: "NetworkTypeOVNKubernetes", + val: int(NetworkTypeOVNKubernetes), + str: fmt.Sprintf("%q", NetworkTypeOVNKubernetes), + }, + { + name: "NetworkTypeOther", + val: int(NetworkTypeOther), + str: fmt.Sprintf("%q", NetworkTypeOther), + }, + { + name: "Unknown NetworkType string", + val: int(NetworkTypeOther), + str: "\"unknown\"", + skipMarshal: true, + }, + { + name: "Unknown NetworkType value", + val: -1, + str: fmt.Sprintf("%q", NetworkTypeOther), + skipUnmarshal: true, + }, + } { + if !tt.skipMarshal { + t.Logf("Marshaling %d", tt.val) + data, err := json.Marshal(NetworkType(tt.val)) + if err != nil { + t.Fatalf("Marshal: Unexpected error: %s", err) + } else if string(data) != tt.str { + t.Fatalf("Marshal: Expected %s, got %s", tt.str, string(data)) + } + } + + if !tt.skipUnmarshal { + var val NetworkType + t.Logf("Unmarshaling %s", tt.str) + err := json.Unmarshal([]byte(tt.str), &val) + if err != nil { + t.Fatalf("Unmarshal: Unexpected error: %s", err) + } else if int(val) != tt.val { + t.Fatalf("Unmarshal: Expected %d, got %d", tt.val, val) + } + } + } +} + func TestOutboundType(t *testing.T) { // Ensure OutboundType implements these interfaces var i OutboundType diff --git a/internal/api/v20240610preview/hcpopenshiftcluster.go b/internal/api/v20240610preview/hcpopenshiftcluster.go index e37f52ec1..49a49b508 100644 --- a/internal/api/v20240610preview/hcpopenshiftcluster.go +++ b/internal/api/v20240610preview/hcpopenshiftcluster.go @@ -6,7 +6,6 @@ package v20240610preview import ( "net" - "github.com/Azure/ARO-HCP/internal/api" "github.com/Azure/ARO-HCP/internal/api/arm" "github.com/Azure/ARO-HCP/internal/api/json" ) @@ -19,23 +18,61 @@ type HCPOpenShiftCluster struct { // HCPOpenShiftClusterProperties represents the property bag of a HCPOpenShiftCluster resource. type HCPOpenShiftClusterProperties struct { - ProvisioningState arm.ProvisioningState `json:"provisioningState,omitempty" visibility:"read"` - ClusterProfile ClusterProfile `json:"clusterProfile,omitempty" visibility:"read,create,update"` - ProxyProfile ProxyProfile `json:"proxyProfile,omitempty" visibility:"read,create,update"` - APIProfile APIProfile `json:"apiProfile,omitempty" visibility:"read,create"` - ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty" visibility:"read,create,update"` - IngressProfile IngressProfile `json:"ingressProfile,omitempty" visibility:"read,create"` - NetworkProfile NetworkProfile `json:"networkProfile,omitempty" visibility:"read,create"` - NodePoolProfiles []api.VersionedNodePoolProfile `json:"nodePoolProfiles,omitempty" visibility:"read"` - EtcdEncryption EtcdEncryptionProfile `json:"etcdEncryption,omitempty" visibility:"read,create"` + ProvisioningState arm.ProvisioningState `json:"provisioningState,omitempty" visibility:"read"` + Spec ClusterSpec `json:"spec,omitempty" visibility:"read,create,update"` } -// ClusterProfile represents a high level cluster configuration. -type ClusterProfile struct { - ControlPlaneVersion string `json:"controlPlaneVersion,omitempty" visibility:"read,create,update"` - SubnetID string `json:"subnetId,omitempty" visibility:"read,create"` - ManagedResourceGroup string `json:"managedResourceGroup,omitempty" visibility:"read,create"` - OIDCIssuerURL json.URL `json:"oidcIssuerUrl,omitempty" visibility:"read"` +// ClusterSpec represents a high level cluster configuration. +type ClusterSpec struct { + Version VersionProfile `json:"version,omitempty" visibility:"read,create,update"` + DNS DNSProfile `json:"dns,omitempty" visibility:"read,create,update"` + Network NetworkProfile `json:"network,omitempty" visibility:"read,create"` + Console ConsoleProfile `json:"console,omitempty" visibility:"read"` + API APIProfile `json:"api,omitempty" visibility:"read,create"` + FIPS bool `json:"fips,omitempty" visibility:"read,create"` + EtcdEncryption bool `json:"etcdEncryption,omitempty" visibility:"read,create"` + DisableUserWorkloadMonitoring bool `json:"disableUserWorkloadMonitoring,omitempty" visibility:"read,create,update"` + Proxy ProxyProfile `json:"proxy,omitempty" visibility:"read,create,update"` + Platform PlatformProfile `json:"platform,omitempty" visibility:"read,create"` + IssuerURL json.URL `json:"issuerUrl,omitempty" visibility:"read"` + ExternalAuth ExternalAuthConfigProfile `json:"externalAuth,omitempty visibility:"read,create"` + Ingress []*IngressProfile `json:"ingressProfile,omitempty" visibility:"read,create"` +} + +// VersionProfile represents the cluster control plane version. +type VersionProfile struct { + ID string `json:"id,omitempty" visibility:"read,create,update"` + ChannelGroup string `json:"channelGroup,omitempty" visibility:"read,create"` + AvailableUpgrades []string `json:"availableUpgrades,omitempty" visibility:"read"` +} + +// DNSProfile represents the DNS configuration of the cluster. +type DNSProfile struct { + BaseDomain string `json:"baseDomain,omitempty" visibility:"read"` + BaseDomainPrefix string `json:"baseDomainPrefix,omitempty" visibility:"read,create"` +} + +// NetworkProfile represents a cluster network configuration. +// Visibility for the entire struct is "read,create". +type NetworkProfile struct { + NetworkType NetworkType `json:"networkType,omitempty"` + PodCIDR json.IPNet `json:"podCidr,omitempty"` + ServiceCIDR json.IPNet `json:"serviceCidr,omitempty"` + MachineCIDR json.IPNet `json:"machineCidr,omitempty"` + HostPrefix int32 `json:"hostPrefix,omitempty"` +} + +// ConsoleProfile represents a cluster web console configuration. +// Visibility for the entire struct is "read". +type ConsoleProfile struct { + URL json.URL `json:"url,omitempty"` +} + +// APIProfile represents a cluster API server configuration. +type APIProfile struct { + URL json.URL `json:"url,omitempty" visibility:"read"` + IP net.IP `json:"ip,omitempty" visibility:"read"` + Visibility Visibility `json:"visibility,omitempty" visibility:"read,create"` } // ProxyProfile represents the cluster proxy configuration. @@ -47,18 +84,69 @@ type ProxyProfile struct { TrustedCA string `json:"trustedCa,omitempty"` } -// APIProfile represents a cluster API server configuration. +// PlatformProfile represents the Azure platform configuration. // Visibility for the entire struct is "read,create". -type APIProfile struct { - URL json.URL `json:"url,omitempty"` - IP net.IP `json:"ip,omitempty"` - Visibility Visibility `json:"visibility,omitempty"` +type PlatformProfile struct { + ManagedResourceGroup string `json:"managedResourceGroup,omitempty"` + SubnetID string `json:"subnetId,omitempty"` + OutboundType OutboundType `json:"outboundType,omitempty"` + PreconfiguredNSGs bool `json:"preconfiguredNsgs,omitempty"` + EtcdEncryptionSetID string `json:"etcdEncryptionSetId,omitempty"` } -// ConsoleProfile represents a cluster web console configuration. -type ConsoleProfile struct { - URL json.URL `json:"url,omitempty" visibility:"read"` - FIPS bool `json:"fips,omitempty" visibility:"read,create,update"` +// ExternalAuthConfigProfile represents the external authentication configuration. +type ExternalAuthConfigProfile struct { + Enabled bool `json:"enabled,omitempty" visibility:"read,create"` + ExternalAuths []*ExternalAuthProfile `json:"externalAuths,omitempty" visibility:"read"` +} + +// ExternalAuthProfile represents the configuration of an authentication provider. +// Visibility for the entire struct is "read". +type ExternalAuthProfile struct { + Issuer TokenIssuerProfile `json:"issuer,omitempty"` + Clients []*ExternalAuthClientProfile `json:"clients,omitempty"` + Claim ExternalAuthClaimProfile `json:"claim,omitempty"` +} + +type TokenIssuerProfile struct { + // Just use a string URL so we can convert to + // configv1.TokenIssuer without parsing errors. + URL string `json:"url,omitempty"` + Audiences []string `json:"audiences,omitempty"` + CA string `json:"ca,omitempty"` +} + +type ExternalAuthClientProfile struct { + Component ExternalAuthClientComponentProfile `json:"component,omitempty"` + ID string `json:"id,omitempty"` + Secret string `json:"secret,omitempty"` + ExtraScopes []string `json:"extraScopes,omitempty"` +} + +type ExternalAuthClientComponentProfile struct { + Name string `json:"name,omitempty"` + AuthClientNamespace string `json:"authClientNamespace,omitempty"` +} + +type ExternalAuthClaimProfile struct { + Mappings TokenClaimMappingsProfile `json:"mappings,omitempty"` + ValidationRules []*TokenClaimValidationRuleProfile `json:"validationRules,omitempty"` +} + +type TokenClaimMappingsProfile struct { + Username ClaimProfile `json:"username,omitempty"` + Groups ClaimProfile `json:"groups,omitempty"` +} + +type ClaimProfile struct { + Claim string `json:"claim,omitempty"` + Prefix string `json:"prefix,omitempty"` + PrefixPolicy string `json:"prefixPolicy,omitempty"` +} + +type TokenClaimValidationRuleProfile struct { + Claim string `json:"claim,omitempty"` + RequiredValue string `json:"requiredValue,omitempty"` } // IngressProfile represents a cluster ingress configuration. @@ -68,20 +156,15 @@ type IngressProfile struct { Visibility Visibility `json:"visibility,omitempty" visibility:"read,create"` } -// NetworkProfile represents a cluster network configuration. -// Visibility for the entire struct is "read,create". -type NetworkProfile struct { - PodCIDR json.IPNet `json:"podCidr,omitempty"` - ServiceCIDR json.IPNet `json:"serviceCidr,omitempty"` - MachineCIDR json.IPNet `json:"machineCidr,omitempty"` - HostPrefix int32 `json:"hostPrefix,omitempty"` - OutboundType OutboundType `json:"outboundType,omitempty"` - PreconfiguredNSGs bool `json:"preconfiguredNsgs,omitempty"` -} - -// EtcdEncryptionProfile represents the configuration needed for customer -// provided keys to encrypt etcd storage. -// Visibility for the entire struct is "read,create". -type EtcdEncryptionProfile struct { - DiscEncryptionSetID string `json:"discEncryptionSetId,omitempty"` +// Creates an HCPOpenShiftCluster with any non-zero default values. +func NewDefaultHCPOpenShiftCluster() *HCPOpenShiftCluster { + return &HCPOpenShiftCluster{ + Properties: HCPOpenShiftClusterProperties{ + Spec: ClusterSpec{ + Network: NetworkProfile{ + HostPrefix: 23, + }, + }, + }, + } } diff --git a/internal/api/v20240610preview/hcpopenshiftcluster_methods.go b/internal/api/v20240610preview/hcpopenshiftcluster_methods.go index 2cd3724e9..7ecbd83f2 100644 --- a/internal/api/v20240610preview/hcpopenshiftcluster_methods.go +++ b/internal/api/v20240610preview/hcpopenshiftcluster_methods.go @@ -4,60 +4,152 @@ package v20240610preview // Licensed under the Apache License 2.0. import ( + "slices" + + configv1 "github.com/openshift/api/config/v1" + "github.com/Azure/ARO-HCP/internal/api" ) +func newIngressProfile(from *api.IngressProfile) *IngressProfile { + return &IngressProfile{ + IP: from.IP, + URL: from.URL, + Visibility: Visibility(from.Visibility), + } +} + +func newExternalAuthProfile(from *configv1.OIDCProvider) *ExternalAuthProfile { + out := &ExternalAuthProfile{ + Issuer: TokenIssuerProfile{ + URL: from.Issuer.URL, + Audiences: make([]string, 0, len(from.Issuer.Audiences)), + CA: from.Issuer.CertificateAuthority.Name, + }, + Clients: make([]*ExternalAuthClientProfile, 0, len(from.OIDCClients)), + Claim: ExternalAuthClaimProfile{ + Mappings: TokenClaimMappingsProfile{ + Username: ClaimProfile{ + Claim: from.ClaimMappings.Username.Claim, + PrefixPolicy: string(from.ClaimMappings.Username.PrefixPolicy), + }, + Groups: ClaimProfile{ + Claim: from.ClaimMappings.Groups.Claim, + Prefix: from.ClaimMappings.Groups.Prefix, + }, + }, + ValidationRules: make([]*TokenClaimValidationRuleProfile, 0, len(from.ClaimValidationRules)), + }, + } + + for _, item := range from.Issuer.Audiences { + out.Issuer.Audiences = append(out.Issuer.Audiences, string(item)) + } + + for _, item := range from.OIDCClients { + out.Clients = append(out.Clients, newExternalAuthClientProfile(item)) + } + + if from.ClaimMappings.Username.Prefix != nil { + out.Claim.Mappings.Username.Prefix = from.ClaimMappings.Username.Prefix.PrefixString + } + + for _, item := range from.ClaimValidationRules { + out.Claim.ValidationRules = append(out.Claim.ValidationRules, newTokenClaimValidationRuleProfile(item)) + } + + return out +} + +func newTokenClaimValidationRuleProfile(from configv1.TokenClaimValidationRule) *TokenClaimValidationRuleProfile { + if from.RequiredClaim == nil { + // Should never happen since we create these rules. + panic("TokenClaimValidationRule has no RequiredClaim") + } + + return &TokenClaimValidationRuleProfile{ + Claim: from.RequiredClaim.Claim, + RequiredValue: from.RequiredClaim.RequiredValue, + } +} + +func newExternalAuthClientProfile(from configv1.OIDCClientConfig) *ExternalAuthClientProfile { + return &ExternalAuthClientProfile{ + Component: ExternalAuthClientComponentProfile{ + Name: from.ComponentName, + AuthClientNamespace: from.ComponentNamespace, + }, + ID: from.ClientID, + Secret: from.ClientSecret.Name, + ExtraScopes: slices.Clone(from.ExtraScopes), + } +} + func (v *version) NewHCPOpenShiftCluster(from *api.HCPOpenShiftCluster) api.VersionedHCPOpenShiftCluster { out := &HCPOpenShiftCluster{ Properties: HCPOpenShiftClusterProperties{ ProvisioningState: from.Properties.ProvisioningState, - ClusterProfile: ClusterProfile{ - ControlPlaneVersion: from.Properties.ClusterProfile.ControlPlaneVersion, - SubnetID: from.Properties.ClusterProfile.SubnetID, - ManagedResourceGroup: from.Properties.ClusterProfile.ManagedResourceGroup, - OIDCIssuerURL: from.Properties.ClusterProfile.OIDCIssuerURL, - }, - ProxyProfile: ProxyProfile{ - HTTPProxy: from.Properties.ProxyProfile.HTTPProxy, - HTTPSProxy: from.Properties.ProxyProfile.HTTPSProxy, - NoProxy: from.Properties.ProxyProfile.NoProxy, - TrustedCA: from.Properties.ProxyProfile.TrustedCA, - }, - APIProfile: APIProfile{ - URL: from.Properties.APIProfile.URL, - IP: from.Properties.APIProfile.IP, - Visibility: Visibility(from.Properties.APIProfile.Visibility), - }, - ConsoleProfile: ConsoleProfile{ - URL: from.Properties.ConsoleProfile.URL, - FIPS: from.Properties.ConsoleProfile.FIPS, - }, - IngressProfile: IngressProfile{ - IP: from.Properties.IngressProfile.IP, - URL: from.Properties.IngressProfile.URL, - Visibility: Visibility(from.Properties.IngressProfile.Visibility), - }, - NetworkProfile: NetworkProfile{ - PodCIDR: from.Properties.NetworkProfile.PodCIDR, - ServiceCIDR: from.Properties.NetworkProfile.ServiceCIDR, - MachineCIDR: from.Properties.NetworkProfile.MachineCIDR, - HostPrefix: from.Properties.NetworkProfile.HostPrefix, - OutboundType: OutboundType(from.Properties.NetworkProfile.OutboundType), - PreconfiguredNSGs: from.Properties.NetworkProfile.PreconfiguredNSGs, - }, - NodePoolProfiles: make([]api.VersionedNodePoolProfile, 0, len(from.Properties.NodePoolProfiles)), - EtcdEncryption: EtcdEncryptionProfile{ - DiscEncryptionSetID: from.Properties.EtcdEncryption.DiscEncryptionSetID, + Spec: ClusterSpec{ + Version: VersionProfile{ + ID: from.Properties.Spec.Version.ID, + ChannelGroup: from.Properties.Spec.Version.ChannelGroup, + AvailableUpgrades: slices.Clone(from.Properties.Spec.Version.AvailableUpgrades), + }, + DNS: DNSProfile{ + BaseDomain: from.Properties.Spec.DNS.BaseDomain, + BaseDomainPrefix: from.Properties.Spec.DNS.BaseDomainPrefix, + }, + Network: NetworkProfile{ + NetworkType: NetworkType(from.Properties.Spec.Network.NetworkType), + PodCIDR: from.Properties.Spec.Network.PodCIDR, + ServiceCIDR: from.Properties.Spec.Network.ServiceCIDR, + MachineCIDR: from.Properties.Spec.Network.MachineCIDR, + HostPrefix: from.Properties.Spec.Network.HostPrefix, + }, + Console: ConsoleProfile{ + URL: from.Properties.Spec.Console.URL, + }, + API: APIProfile{ + URL: from.Properties.Spec.API.URL, + IP: from.Properties.Spec.API.IP, + Visibility: Visibility(from.Properties.Spec.API.Visibility), + }, + FIPS: from.Properties.Spec.FIPS, + EtcdEncryption: from.Properties.Spec.EtcdEncryption, + DisableUserWorkloadMonitoring: from.Properties.Spec.DisableUserWorkloadMonitoring, + Proxy: ProxyProfile{ + HTTPProxy: from.Properties.Spec.Proxy.HTTPProxy, + HTTPSProxy: from.Properties.Spec.Proxy.HTTPSProxy, + NoProxy: from.Properties.Spec.Proxy.NoProxy, + TrustedCA: from.Properties.Spec.Proxy.TrustedCA, + }, + Platform: PlatformProfile{ + ManagedResourceGroup: from.Properties.Spec.Platform.ManagedResourceGroup, + SubnetID: from.Properties.Spec.Platform.SubnetID, + OutboundType: OutboundType(from.Properties.Spec.Platform.OutboundType), + PreconfiguredNSGs: from.Properties.Spec.Platform.PreconfiguredNSGs, + EtcdEncryptionSetID: from.Properties.Spec.Platform.EtcdEncryptionSetID, + }, + IssuerURL: from.Properties.Spec.IssuerURL, + ExternalAuth: ExternalAuthConfigProfile{ + Enabled: from.Properties.Spec.ExternalAuth.Enabled, + ExternalAuths: make([]*ExternalAuthProfile, 0, len(from.Properties.Spec.ExternalAuth.ExternalAuths)), + }, + Ingress: make([]*IngressProfile, 0, len(from.Properties.Spec.Ingress)), }, }, } out.TrackedResource.Copy(&from.TrackedResource) - for _, item := range from.Properties.NodePoolProfiles { - out.Properties.NodePoolProfiles = append( - out.Properties.NodePoolProfiles, - v.NewNodePoolProfile(item)) + for _, item := range from.Properties.Spec.ExternalAuth.ExternalAuths { + out.Properties.Spec.ExternalAuth.ExternalAuths = append( + out.Properties.Spec.ExternalAuth.ExternalAuths, newExternalAuthProfile(item)) + } + + for _, item := range from.Properties.Spec.Ingress { + out.Properties.Spec.Ingress = append( + out.Properties.Spec.Ingress, newIngressProfile(item)) } return out @@ -66,40 +158,144 @@ func (v *version) NewHCPOpenShiftCluster(from *api.HCPOpenShiftCluster) api.Vers func (c *HCPOpenShiftCluster) Normalize(out *api.HCPOpenShiftCluster) { c.TrackedResource.Copy(&out.TrackedResource) out.Properties.ProvisioningState = c.Properties.ProvisioningState - out.Properties.ClusterProfile.ControlPlaneVersion = c.Properties.ClusterProfile.ControlPlaneVersion - out.Properties.ClusterProfile.SubnetID = c.Properties.ClusterProfile.SubnetID - out.Properties.ClusterProfile.ManagedResourceGroup = c.Properties.ClusterProfile.ManagedResourceGroup - out.Properties.ClusterProfile.OIDCIssuerURL = c.Properties.ClusterProfile.OIDCIssuerURL - out.Properties.ProxyProfile.HTTPProxy = c.Properties.ProxyProfile.HTTPProxy - out.Properties.ProxyProfile.HTTPSProxy = c.Properties.ProxyProfile.HTTPSProxy - out.Properties.ProxyProfile.NoProxy = c.Properties.ProxyProfile.NoProxy - out.Properties.ProxyProfile.TrustedCA = c.Properties.ProxyProfile.TrustedCA - out.Properties.APIProfile.URL = c.Properties.APIProfile.URL - out.Properties.APIProfile.IP = c.Properties.APIProfile.IP - out.Properties.APIProfile.Visibility = api.Visibility(c.Properties.APIProfile.Visibility) - out.Properties.ConsoleProfile.URL = c.Properties.ConsoleProfile.URL - out.Properties.ConsoleProfile.FIPS = c.Properties.ConsoleProfile.FIPS - out.Properties.IngressProfile.IP = c.Properties.IngressProfile.IP - out.Properties.IngressProfile.URL = c.Properties.IngressProfile.URL - out.Properties.IngressProfile.Visibility = api.Visibility(c.Properties.IngressProfile.Visibility) - out.Properties.NetworkProfile.PodCIDR = c.Properties.NetworkProfile.PodCIDR - out.Properties.NetworkProfile.ServiceCIDR = c.Properties.NetworkProfile.ServiceCIDR - out.Properties.NetworkProfile.MachineCIDR = c.Properties.NetworkProfile.MachineCIDR - out.Properties.NetworkProfile.HostPrefix = c.Properties.NetworkProfile.HostPrefix - out.Properties.NetworkProfile.OutboundType = api.OutboundType(c.Properties.NetworkProfile.OutboundType) - out.Properties.NetworkProfile.PreconfiguredNSGs = c.Properties.NetworkProfile.PreconfiguredNSGs - out.Properties.NodePoolProfiles = make([]*api.NodePoolProfile, 0, len(c.Properties.NodePoolProfiles)) - for _, item := range c.Properties.NodePoolProfiles { - npp := &api.NodePoolProfile{} - item.Normalize(npp) - out.Properties.NodePoolProfiles = append( - out.Properties.NodePoolProfiles, npp) - } - out.Properties.EtcdEncryption = api.EtcdEncryptionProfile{ - DiscEncryptionSetID: c.Properties.EtcdEncryption.DiscEncryptionSetID, + c.Properties.Spec.Version.Normalize(&out.Properties.Spec.Version) + c.Properties.Spec.DNS.Normalize(&out.Properties.Spec.DNS) + c.Properties.Spec.Network.Normalize(&out.Properties.Spec.Network) + c.Properties.Spec.Console.Normalize(&out.Properties.Spec.Console) + c.Properties.Spec.API.Normalize(&out.Properties.Spec.API) + out.Properties.Spec.FIPS = c.Properties.Spec.FIPS + out.Properties.Spec.EtcdEncryption = c.Properties.Spec.EtcdEncryption + out.Properties.Spec.DisableUserWorkloadMonitoring = c.Properties.Spec.DisableUserWorkloadMonitoring + c.Properties.Spec.Proxy.Normalize(&out.Properties.Spec.Proxy) + c.Properties.Spec.Platform.Normalize(&out.Properties.Spec.Platform) + out.Properties.Spec.IssuerURL = c.Properties.Spec.IssuerURL + c.Properties.Spec.ExternalAuth.Normalize(&out.Properties.Spec.ExternalAuth) + out.Properties.Spec.Ingress = make([]*api.IngressProfile, 0, len(c.Properties.Spec.Ingress)) + for _, item := range c.Properties.Spec.Ingress { + out.Properties.Spec.Ingress = append( + out.Properties.Spec.Ingress, item.Normalize()) } } func (c *HCPOpenShiftCluster) ValidateStatic() error { return nil } + +func (p *VersionProfile) Normalize(out *api.VersionProfile) { + out.ID = p.ID + out.ChannelGroup = p.ChannelGroup + out.AvailableUpgrades = slices.Clone(p.AvailableUpgrades) +} + +func (p *DNSProfile) Normalize(out *api.DNSProfile) { + out.BaseDomain = p.BaseDomain + out.BaseDomainPrefix = p.BaseDomainPrefix +} + +func (p *NetworkProfile) Normalize(out *api.NetworkProfile) { + out.NetworkType = api.NetworkType(p.NetworkType) + out.PodCIDR = p.PodCIDR + out.ServiceCIDR = p.ServiceCIDR + out.MachineCIDR = p.MachineCIDR + out.HostPrefix = p.HostPrefix +} + +func (p *ConsoleProfile) Normalize(out *api.ConsoleProfile) { + out.URL = p.URL +} + +func (p *APIProfile) Normalize(out *api.APIProfile) { + out.URL = p.URL + out.IP = p.IP + out.Visibility = api.Visibility(p.Visibility) +} + +func (p *ProxyProfile) Normalize(out *api.ProxyProfile) { + out.HTTPProxy = p.HTTPProxy + out.HTTPSProxy = p.HTTPSProxy + out.NoProxy = p.NoProxy + out.TrustedCA = p.TrustedCA +} + +func (p *PlatformProfile) Normalize(out *api.PlatformProfile) { + out.ManagedResourceGroup = p.ManagedResourceGroup + out.SubnetID = p.SubnetID + out.OutboundType = api.OutboundType(p.OutboundType) + out.PreconfiguredNSGs = p.PreconfiguredNSGs + out.EtcdEncryptionSetID = p.EtcdEncryptionSetID +} + +func (p *ExternalAuthConfigProfile) Normalize(out *api.ExternalAuthConfigProfile) { + out.Enabled = p.Enabled + out.ExternalAuths = make([]*configv1.OIDCProvider, 0, len(p.ExternalAuths)) + for _, item := range p.ExternalAuths { + provider := &configv1.OIDCProvider{ + Issuer: configv1.TokenIssuer{ + URL: item.Issuer.URL, + Audiences: make([]configv1.TokenAudience, len(item.Issuer.Audiences)), + // Slight misuse of the field. It's meant to name a config map holding a + // "ca-bundle.crt" key, whereas we store the data directly in the Name field. + CertificateAuthority: configv1.ConfigMapNameReference{ + Name: item.Issuer.CA, + }, + }, + OIDCClients: make([]configv1.OIDCClientConfig, len(item.Clients)), + ClaimMappings: configv1.TokenClaimMappings{ + Username: configv1.UsernameClaimMapping{ + TokenClaimMapping: configv1.TokenClaimMapping{ + Claim: item.Claim.Mappings.Username.Claim, + }, + PrefixPolicy: configv1.UsernamePrefixPolicy(item.Claim.Mappings.Username.PrefixPolicy), + Prefix: &configv1.UsernamePrefix{ + PrefixString: item.Claim.Mappings.Username.Prefix, + }, + }, + Groups: configv1.PrefixedClaimMapping{ + TokenClaimMapping: configv1.TokenClaimMapping{ + Claim: item.Claim.Mappings.Groups.Claim, + }, + Prefix: item.Claim.Mappings.Groups.Prefix, + }, + }, + ClaimValidationRules: make([]configv1.TokenClaimValidationRule, len(item.Claim.ValidationRules)), + } + + for index, audience := range item.Issuer.Audiences { + provider.Issuer.Audiences[index] = configv1.TokenAudience(audience) + } + + for index, client := range item.Clients { + provider.OIDCClients[index] = configv1.OIDCClientConfig{ + ComponentName: client.Component.Name, + ComponentNamespace: client.Component.AuthClientNamespace, + ClientID: client.ID, + // Slight misuse of the field. It's meant to name a secret holding a + // "clientSecret" key, whereas we store the data directly in the Name field. + ClientSecret: configv1.SecretNameReference{ + Name: client.Secret, + }, + ExtraScopes: slices.Clone(client.ExtraScopes), + } + } + + for index, rule := range item.Claim.ValidationRules { + provider.ClaimValidationRules[index] = configv1.TokenClaimValidationRule{ + Type: configv1.TokenValidationRuleTypeRequiredClaim, + RequiredClaim: &configv1.TokenRequiredClaim{ + Claim: rule.Claim, + RequiredValue: rule.RequiredValue, + }, + } + } + + out.ExternalAuths = append(out.ExternalAuths, provider) + } +} + +func (p *IngressProfile) Normalize() *api.IngressProfile { + return &api.IngressProfile{ + IP: p.IP, + URL: p.URL, + Visibility: api.Visibility(p.Visibility), + } +} diff --git a/internal/api/v20240610preview/hcpopenshiftclusternodepool.go b/internal/api/v20240610preview/hcpopenshiftclusternodepool.go index bdb4c3ab8..9629ff757 100644 --- a/internal/api/v20240610preview/hcpopenshiftclusternodepool.go +++ b/internal/api/v20240610preview/hcpopenshiftclusternodepool.go @@ -4,7 +4,6 @@ package v20240610preview // Licensed under the Apache License 2.0. import ( - "github.com/Azure/ARO-HCP/internal/api" "github.com/Azure/ARO-HCP/internal/api/arm" ) @@ -18,6 +17,34 @@ type HCPOpenShiftClusterNodePool struct { // HCPOpenShiftClusterNodePoolProperties represents the property bag of a // HCPOpenShiftClusterNodePool resource. type HCPOpenShiftClusterNodePoolProperties struct { - ProvisioningState arm.ProvisioningState `json:"provisioningState,omitempty" visibility:"read"` - Profile api.VersionedNodePoolProfile `json:"profile,omitempty" visibility:"read,create,update"` + ProvisioningState arm.ProvisioningState `json:"provisioningState,omitempty" visibility:"read"` + Profile NodePoolProfile `json:"profile,omitempty" visibility:"read,create,update"` +} + +// NodePoolProfile represents a worker node pool configuration. +// Visibility for the entire struct is "read". +type NodePoolProfile struct { + Name string `json:"name,omitempty"` + Version string `json:"version,omitempty"` + Labels []string `json:"labels,omitempty"` + Taints []string `json:"taints,omitempty"` + DiskSize int32 `json:"diskSize,omitempty"` + EphemeralOSDisk bool `json:"ephemeralOsDisk,omitempty"` + Replicas int32 `json:"replicas,omitempty"` + SubnetID string `json:"subnetId,omitempty"` + EncryptionAtHost bool `json:"encryptionAtHost,omitempty"` + AutoRepair bool `json:"autoRepair,omitempty"` + DiscEncryptionSetID string `json:"discEncryptionSetId,omitempty"` + TuningConfigs []string `json:"tuningConfigs,omitempty"` + AvailabilityZone string `json:"availabilityZone,omitempty"` + DiscStorageAccountType string `json:"discStorageAccountType,omitempty"` + VMSize string `json:"vmSize,omitempty"` + Autoscaling NodePoolAutoscaling `json:"autoscaling,omitempty"` +} + +// NodePoolAutoscaling represents a node pool autoscaling configuration. +// Visibility for the entire struct is "read". +type NodePoolAutoscaling struct { + MinReplicas int32 `json:"minReplicas,omitempty"` + MaxReplicas int32 `json:"maxReplicas,omitempty"` } diff --git a/internal/api/v20240610preview/hcpopenshiftclusternodepool_methods.go b/internal/api/v20240610preview/hcpopenshiftclusternodepool_methods.go index d622940e6..b90428577 100644 --- a/internal/api/v20240610preview/hcpopenshiftclusternodepool_methods.go +++ b/internal/api/v20240610preview/hcpopenshiftclusternodepool_methods.go @@ -4,6 +4,8 @@ package v20240610preview // Licensed under the Apache License 2.0. import ( + "slices" + "github.com/Azure/ARO-HCP/internal/api" ) @@ -11,7 +13,27 @@ func (v *version) NewHCPOpenShiftClusterNodePool(from *api.HCPOpenShiftClusterNo out := &HCPOpenShiftClusterNodePool{ Properties: HCPOpenShiftClusterNodePoolProperties{ ProvisioningState: from.Properties.ProvisioningState, - Profile: v.NewNodePoolProfile(&from.Properties.Profile), + Profile: NodePoolProfile{ + Name: from.Properties.Profile.Name, + Version: from.Properties.Profile.Version, + Labels: slices.Clone(from.Properties.Profile.Labels), + Taints: slices.Clone(from.Properties.Profile.Taints), + DiskSize: from.Properties.Profile.DiskSize, + EphemeralOSDisk: from.Properties.Profile.EphemeralOSDisk, + Replicas: from.Properties.Profile.Replicas, + SubnetID: from.Properties.Profile.SubnetID, + EncryptionAtHost: from.Properties.Profile.EncryptionAtHost, + AutoRepair: from.Properties.Profile.AutoRepair, + DiscEncryptionSetID: from.Properties.Profile.DiscEncryptionSetID, + TuningConfigs: slices.Clone(from.Properties.Profile.TuningConfigs), + AvailabilityZone: from.Properties.Profile.AvailabilityZone, + DiscStorageAccountType: from.Properties.Profile.DiscStorageAccountType, + VMSize: from.Properties.Profile.VMSize, + Autoscaling: NodePoolAutoscaling{ + MinReplicas: from.Properties.Profile.Autoscaling.MinReplicas, + MaxReplicas: from.Properties.Profile.Autoscaling.MaxReplicas, + }, + }, }, } @@ -22,7 +44,25 @@ func (v *version) NewHCPOpenShiftClusterNodePool(from *api.HCPOpenShiftClusterNo func (np *HCPOpenShiftClusterNodePool) Normalize(out *api.HCPOpenShiftClusterNodePool) { out.Properties.ProvisioningState = np.Properties.ProvisioningState - np.Properties.Profile.Normalize(&out.Properties.Profile) + out.Properties.Profile.Name = np.Properties.Profile.Name + out.Properties.Profile.Version = np.Properties.Profile.Version + out.Properties.Profile.Labels = slices.Clone(np.Properties.Profile.Labels) + out.Properties.Profile.Taints = slices.Clone(np.Properties.Profile.Taints) + out.Properties.Profile.DiskSize = np.Properties.Profile.DiskSize + out.Properties.Profile.EphemeralOSDisk = np.Properties.Profile.EphemeralOSDisk + out.Properties.Profile.Replicas = np.Properties.Profile.Replicas + out.Properties.Profile.SubnetID = np.Properties.Profile.SubnetID + out.Properties.Profile.EncryptionAtHost = np.Properties.Profile.EncryptionAtHost + out.Properties.Profile.AutoRepair = np.Properties.Profile.AutoRepair + out.Properties.Profile.DiscEncryptionSetID = np.Properties.Profile.DiscEncryptionSetID + out.Properties.Profile.TuningConfigs = slices.Clone(np.Properties.Profile.TuningConfigs) + out.Properties.Profile.AvailabilityZone = np.Properties.Profile.AvailabilityZone + out.Properties.Profile.DiscStorageAccountType = np.Properties.Profile.DiscStorageAccountType + out.Properties.Profile.VMSize = np.Properties.Profile.VMSize + out.Properties.Profile.Autoscaling = api.NodePoolAutoscaling{ + MinReplicas: np.Properties.Profile.Autoscaling.MinReplicas, + MaxReplicas: np.Properties.Profile.Autoscaling.MaxReplicas, + } } func (np *HCPOpenShiftClusterNodePool) ValidateStatic() error { diff --git a/internal/api/v20240610preview/nodepoolprofile.go b/internal/api/v20240610preview/nodepoolprofile.go deleted file mode 100644 index aa52a0031..000000000 --- a/internal/api/v20240610preview/nodepoolprofile.go +++ /dev/null @@ -1,32 +0,0 @@ -package v20240610preview - -// Copyright (c) Microsoft Corporation -// Licensed under the Apache License 2.0. - -// NodePoolAutoscaling represents a node pool autoscaling configuration. -// Visibility for the entire struct is "read". -type NodePoolAutoscaling struct { - MinReplicas int32 `json:"minReplicas,omitempty"` - MaxReplicas int32 `json:"maxReplicas,omitempty"` -} - -// NodePoolProfile represents a worker node pool configuration. -// Visibility for the entire struct is "read". -type NodePoolProfile struct { - Name string `json:"name,omitempty"` - Version string `json:"version,omitempty"` - Labels []string `json:"labels,omitempty"` - Taints []string `json:"taints,omitempty"` - DiskSize int32 `json:"diskSize,omitempty"` - EphemeralOSDisk bool `json:"ephemeralOsDisk,omitempty"` - Replicas int32 `json:"replicas,omitempty"` - SubnetID string `json:"subnetId,omitempty"` - EncryptionAtHost bool `json:"encryptionAtHost,omitempty"` - AutoRepair bool `json:"autoRepair,omitempty"` - DiscEncryptionSetID string `json:"discEncryptionSetId,omitempty"` - TuningConfigs []string `json:"tuningConfigs,omitempty"` - AvailabilityZone string `json:"availabilityZone,omitempty"` - DiscStorageAccountType string `json:"discStorageAccountType,omitempty"` - VMSize string `json:"vmSize,omitempty"` - Autoscaling NodePoolAutoscaling `json:"autoscaling,omitempty"` -} diff --git a/internal/api/v20240610preview/nodepoolprofile_methods.go b/internal/api/v20240610preview/nodepoolprofile_methods.go deleted file mode 100644 index 52eccd7a9..000000000 --- a/internal/api/v20240610preview/nodepoolprofile_methods.go +++ /dev/null @@ -1,60 +0,0 @@ -package v20240610preview - -// Copyright (c) Microsoft Corporation. -// Licensed under the Apache License 2.0. - -import ( - "slices" - - "github.com/Azure/ARO-HCP/internal/api" -) - -func (v *version) NewNodePoolProfile(from *api.NodePoolProfile) api.VersionedNodePoolProfile { - return &NodePoolProfile{ - Name: from.Name, - Version: from.Version, - Labels: slices.Clone(from.Labels), - Taints: slices.Clone(from.Taints), - DiskSize: from.DiskSize, - EphemeralOSDisk: from.EphemeralOSDisk, - Replicas: from.Replicas, - SubnetID: from.SubnetID, - EncryptionAtHost: from.EncryptionAtHost, - AutoRepair: from.AutoRepair, - DiscEncryptionSetID: from.DiscEncryptionSetID, - TuningConfigs: slices.Clone(from.TuningConfigs), - AvailabilityZone: from.AvailabilityZone, - DiscStorageAccountType: from.DiscStorageAccountType, - VMSize: from.VMSize, - Autoscaling: NodePoolAutoscaling{ - MinReplicas: from.Autoscaling.MinReplicas, - MaxReplicas: from.Autoscaling.MaxReplicas, - }, - } -} - -func (npp *NodePoolProfile) Normalize(out *api.NodePoolProfile) { - out.Name = npp.Name - out.Version = npp.Version - out.Labels = slices.Clone(npp.Labels) - out.Taints = slices.Clone(npp.Taints) - out.DiskSize = npp.DiskSize - out.EphemeralOSDisk = npp.EphemeralOSDisk - out.Replicas = npp.Replicas - out.SubnetID = npp.SubnetID - out.EncryptionAtHost = npp.EncryptionAtHost - out.AutoRepair = npp.AutoRepair - out.DiscEncryptionSetID = npp.DiscEncryptionSetID - out.TuningConfigs = slices.Clone(npp.TuningConfigs) - out.AvailabilityZone = npp.AvailabilityZone - out.DiscStorageAccountType = npp.DiscStorageAccountType - out.VMSize = npp.VMSize - out.Autoscaling = api.NodePoolAutoscaling{ - MinReplicas: npp.Autoscaling.MinReplicas, - MaxReplicas: npp.Autoscaling.MaxReplicas, - } -} - -func (npp *NodePoolProfile) ValidateStatic() error { - return nil -} diff --git a/internal/go.mod b/internal/go.mod index a750e0323..a6bd234b0 100644 --- a/internal/go.mod +++ b/internal/go.mod @@ -2,4 +2,26 @@ module github.com/Azure/ARO-HCP/internal go 1.22 -require github.com/google/uuid v1.6.0 +require ( + github.com/google/uuid v1.6.0 + github.com/openshift/api v0.0.0-20240316014254-8ebde957e3a6 +) + +require ( + github.com/go-logr/logr v1.3.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/text v0.13.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + k8s.io/api v0.29.0 // indirect + k8s.io/apimachinery v0.29.0 // indirect + k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect +) diff --git a/internal/go.sum b/internal/go.sum index 7790d7c3e..4182a05c1 100644 --- a/internal/go.sum +++ b/internal/go.sum @@ -1,2 +1,95 @@ +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/openshift/api v0.0.0-20240316014254-8ebde957e3a6 h1:G2VumOYEbLx6aBBSZ5czPAw2DWrqZH8bi3qdfbhU/m8= +github.com/openshift/api v0.0.0-20240316014254-8ebde957e3a6/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= +k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= +k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o= +k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=