Merge branch 'openshift:master' into rfe-3765

openshift · Jun 5, 2023 · f8e1a6d · f8e1a6d
2 parents 6939ac5 + 6a9f31b
commit f8e1a6d
Show file tree

Hide file tree

Showing 9 changed files with 25 additions and 10 deletions.
diff --git a/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml b/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml
@@ -53,7 +53,7 @@ spec:
                         privateZoneIAMRole:
                           description: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.
                           type: string
-                          pattern: ^arn:(aws|aws-cn|aws-us-gov):iam:[0-9]{12}:role\/.*$
+                          pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$
                     type:
                       description: "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\". \n Individual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults."
                       type: string

diff --git a/config/v1/0000_10_config-operator_01_dns.crd.yaml b/config/v1/0000_10_config-operator_01_dns.crd.yaml
@@ -6,6 +6,7 @@ metadata:
     include.release.openshift.io/ibm-cloud-managed: "true"
     include.release.openshift.io/self-managed-high-availability: "true"
     include.release.openshift.io/single-node-developer: "true"
+    release.openshift.io/feature-set: Default
   name: dnses.config.openshift.io
 spec:
   group: config.openshift.io

diff --git a/config/v1/feature_gates.go b/config/v1/feature_gates.go
@@ -232,4 +232,14 @@ var (
 		ResponsiblePerson:   "bhb",
 		OwningProduct:       ocpSpecific,
 	}
+
+	FeatureGateAlibabaPlatform = FeatureGateName("AlibabaPlatform")
+	alibabaPlatform            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateAlibabaPlatform,
+		},
+		OwningJiraComponent: "cloud-provider",
+		ResponsiblePerson:   "jspeed",
+		OwningProduct:       ocpSpecific,
+	}
 )
diff --git a/config/v1/techpreview.dns.testsuite.yaml b/config/v1/techpreview.dns.testsuite.yaml
@@ -20,15 +20,15 @@ tests:
         platform:
           type: AWS
           aws:
-            privateZoneIAMRole: arn:aws:iam:123456789012:role/foo
+            privateZoneIAMRole: arn:aws:iam::123456789012:role/foo
     expected: |
       apiVersion: config.openshift.io/v1
       kind: DNS
       spec:
         platform:
           type: AWS
           aws:
-            privateZoneIAMRole: arn:aws:iam:123456789012:role/foo
+            privateZoneIAMRole: arn:aws:iam::123456789012:role/foo
   - name: Should not be able to specify unsupported platform
     initial: |
       apiVersion: config.openshift.io/v1
@@ -37,7 +37,7 @@ tests:
         platform:
           type: Azure
           azure:
-            privateZoneIAMRole: arn:aws:iam:123456789012:role/foo
+            privateZoneIAMRole: arn:aws:iam::123456789012:role/foo
     expectedError: "Invalid value: \"string\": allowed values are '' and 'AWS'"
   - name: Should not be able to specify invalid AWS role ARN
     initial: |
@@ -50,7 +50,7 @@ tests:
           type: AWS
           aws:
             privateZoneIAMRole: arn:aws:iam:bad:123456789012:role/foo
-    expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam:[0-9]{12}:role\\/.*$'"
+    expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$'"
   - name: Should not be able to specify different type and platform
     initial: |
       apiVersion: config.openshift.io/v1
@@ -59,7 +59,7 @@ tests:
         platform:
           type: ""
           aws:
-            privateZoneIAMRole: arn:aws:iam:123456789012:role/foo
+            privateZoneIAMRole: arn:aws:iam::123456789012:role/foo
     expectedError: "Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise"
   onUpdate:
   - name: Can switch from empty (default), to AWS
@@ -76,15 +76,15 @@ tests:
         platform:
           type: AWS
           aws:
-            privateZoneIAMRole: arn:aws:iam:123456789012:role/foo
+            privateZoneIAMRole: arn:aws:iam::123456789012:role/foo
     expected: |
       apiVersion: config.openshift.io/v1
       kind: DNS
       spec:
         platform:
           type: AWS
           aws:
-            privateZoneIAMRole: arn:aws:iam:123456789012:role/foo
+            privateZoneIAMRole: arn:aws:iam::123456789012:role/foo
   - name: Upgrade case is valid
     initial: |
       apiVersion: config.openshift.io/v1

diff --git a/config/v1/types_dns.go b/config/v1/types_dns.go
@@ -130,7 +130,7 @@ type AWSDNSSpec struct {
 	// privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing
 	// operations on the cluster's private hosted zone specified in the cluster DNS config.
 	// When left empty, no role should be assumed.
-	// +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov):iam:[0-9]{12}:role\/.*$`
+	// +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$`
 	// +optional
 	PrivateZoneIAMRole string `json:"privateZoneIAMRole"`
 }
diff --git a/config/v1/types_feature.go b/config/v1/types_feature.go
@@ -179,7 +179,7 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{
 		with(azureWorkloadIdentity).
 		with(gateGatewayAPI).
 		with(maxUnavailableStatefulSet).
-		with(eventedPleg).
+		without(eventedPleg).
 		with(privateHostedZoneAWS).
 		with(sigstoreImageVerification).
 		with(gcpLabelsTags).
@@ -191,6 +191,7 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{
 var defaultFeatures = &FeatureGateEnabledDisabled{
 	Enabled: []FeatureGateDescription{
 		openShiftPodSecurityAdmission,
+		alibabaPlatform, // This is a bug, it should be TechPreviewNoUpgrade. This must be downgraded before 4.14 is shipped.
 	},
 	Disabled: []FeatureGateDescription{
 		retroactiveDefaultStorageClass,

diff --git a/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml b/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml
@@ -45,6 +45,7 @@ spec:
                     - diskplugin.csi.alibabacloud.com
                     - vpc.block.csi.ibm.io
                     - powervs.csi.ibm.com
+                    - secrets-store.csi.k8s.io
                   type: string
               type: object
             spec:

diff --git a/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch b/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch
@@ -19,3 +19,4 @@
       - diskplugin.csi.alibabacloud.com
       - vpc.block.csi.ibm.io
       - powervs.csi.ibm.com
+      - secrets-store.csi.k8s.io
diff --git a/operator/v1/types_csi_cluster_driver.go b/operator/v1/types_csi_cluster_driver.go
@@ -83,6 +83,7 @@ const (
 	AlibabaDiskCSIDriver     CSIDriverName = "diskplugin.csi.alibabacloud.com"
 	IBMVPCBlockCSIDriver     CSIDriverName = "vpc.block.csi.ibm.io"
 	IBMPowerVSBlockCSIDriver CSIDriverName = "powervs.csi.ibm.com"
+	SecretsStoreCSIDriver    CSIDriverName = "secrets-store.csi.k8s.io"
 )
 
 // ClusterCSIDriverSpec is the desired behavior of CSI driver operator