From 09dd4b1e3688510bb987159cb046e3bce4b11de1 Mon Sep 17 00:00:00 2001 From: Luis Sanchez Date: Wed, 7 Feb 2024 11:00:28 -0500 Subject: [PATCH 1/4] add token binding options to ocm-o config --- .../stable.openshiftcontrollermanager.testsuite.yaml | 1 + operator/v1/types_openshiftcontrollermanager.go | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml b/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml index 05c1cf66fd4..89fa5fe89af 100644 --- a/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml +++ b/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml @@ -12,5 +12,6 @@ tests: apiVersion: operator.openshift.io/v1 kind: OpenShiftControllerManager spec: + imageRegistryAuthTokenType: Legacy logLevel: Normal operatorLogLevel: Normal diff --git a/operator/v1/types_openshiftcontrollermanager.go b/operator/v1/types_openshiftcontrollermanager.go index fc7cc1086be..709c1923514 100644 --- a/operator/v1/types_openshiftcontrollermanager.go +++ b/operator/v1/types_openshiftcontrollermanager.go @@ -28,8 +28,20 @@ type OpenShiftControllerManager struct { type OpenShiftControllerManagerSpec struct { OperatorSpec `json:",inline"` + + // imageRegistryAuthTokenType specifies the kind of service account token when used + // when generating image pull secrets for the integrated image registry. + // +kubebuilder:validation:Enum=Legacy + // +optional + ImageRegistryAuthTokenType ServiceAccountTokenType `json:"imageRegistryAuthTokenType,omitempty"` } +type ServiceAccountTokenType string + +const ( + ServiceAccountLegacyTokenType ServiceAccountTokenType = "Legacy" +) + type OpenShiftControllerManagerStatus struct { OperatorStatus `json:",inline"` } From 6cc152651315b442e6c2d96982c2de3483ad4c0d Mon Sep 17 00:00:00 2001 From: Luis Sanchez Date: Wed, 7 Feb 2024 11:00:40 -0500 Subject: [PATCH 2/4] make update --- openapi/generated_openapi/zz_generated.openapi.go | 7 +++++++ openapi/openapi.json | 4 ++++ ...enshift-controller-manager-operator_02_config.crd.yaml | 7 +++++++ operator/v1/zz_generated.swagger_doc_generated.go | 8 ++++++++ 4 files changed, 26 insertions(+) diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index fd854563a06..5f0941558a4 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -50215,6 +50215,13 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManagerSpec(ref common. Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, + "imageRegistryAuthTokenType": { + SchemaProps: spec.SchemaProps{ + Description: "imageRegistryAuthTokenType specifies the kind of service account token when used when generating image pull secrets for the integrated image registry.", + Type: []string{"string"}, + Format: "", + }, + }, }, Required: []string{"managementState"}, }, diff --git a/openapi/openapi.json b/openapi/openapi.json index 3e29fa5f4ec..2e48a0d1b7f 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -29375,6 +29375,10 @@ "managementState" ], "properties": { + "imageRegistryAuthTokenType": { + "description": "imageRegistryAuthTokenType specifies the kind of service account token when used when generating image pull secrets for the integrated image registry.", + "type": "string" + }, "logLevel": { "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" diff --git a/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml b/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml index 08c53a233da..e737064bf57 100644 --- a/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml +++ b/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml @@ -39,6 +39,13 @@ spec: type: object spec: properties: + imageRegistryAuthTokenType: + description: imageRegistryAuthTokenType specifies the kind of service + account token when used when generating image pull secrets for the + integrated image registry. + enum: + - Legacy + type: string logLevel: default: Normal description: "logLevel is an intent based logging for an overall component. diff --git a/operator/v1/zz_generated.swagger_doc_generated.go b/operator/v1/zz_generated.swagger_doc_generated.go index 48133af8df4..ef2e6e03c90 100644 --- a/operator/v1/zz_generated.swagger_doc_generated.go +++ b/operator/v1/zz_generated.swagger_doc_generated.go @@ -1648,6 +1648,14 @@ func (OpenShiftControllerManagerList) SwaggerDoc() map[string]string { return map_OpenShiftControllerManagerList } +var map_OpenShiftControllerManagerSpec = map[string]string{ + "imageRegistryAuthTokenType": "imageRegistryAuthTokenType specifies the kind of service account token when used when generating image pull secrets for the integrated image registry.", +} + +func (OpenShiftControllerManagerSpec) SwaggerDoc() map[string]string { + return map_OpenShiftControllerManagerSpec +} + var map_KubeScheduler = map[string]string{ "": "KubeScheduler provides information to configure an operator to manage scheduler.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", From da543b2590eee10f5393975da06f28a1e29e5b59 Mon Sep 17 00:00:00 2001 From: Luis Sanchez Date: Thu, 8 Feb 2024 11:46:28 -0500 Subject: [PATCH 3/4] add Bound ServiceAccountTokenType --- .../v1/stable.openshiftcontrollermanager.testsuite.yaml | 2 +- operator/v1/types_openshiftcontrollermanager.go | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml b/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml index 89fa5fe89af..dd9ae1b488a 100644 --- a/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml +++ b/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml @@ -12,6 +12,6 @@ tests: apiVersion: operator.openshift.io/v1 kind: OpenShiftControllerManager spec: - imageRegistryAuthTokenType: Legacy + imageRegistryAuthTokenType: Bound logLevel: Normal operatorLogLevel: Normal diff --git a/operator/v1/types_openshiftcontrollermanager.go b/operator/v1/types_openshiftcontrollermanager.go index 709c1923514..9199643c99f 100644 --- a/operator/v1/types_openshiftcontrollermanager.go +++ b/operator/v1/types_openshiftcontrollermanager.go @@ -29,9 +29,11 @@ type OpenShiftControllerManager struct { type OpenShiftControllerManagerSpec struct { OperatorSpec `json:",inline"` - // imageRegistryAuthTokenType specifies the kind of service account token when used - // when generating image pull secrets for the integrated image registry. - // +kubebuilder:validation:Enum=Legacy + // imageRegistryAuthTokenType directs the openshift-controller-manager to use either a + // legacy,(unbound, long-lived) service acccount tokens or a bound service account + // token when generating image pull secrets for the integrated image registry. + // +kubebuilder:default=Bound + // +kubebuilder:validation:Enum=Legacy;Bound // +optional ImageRegistryAuthTokenType ServiceAccountTokenType `json:"imageRegistryAuthTokenType,omitempty"` } @@ -40,6 +42,7 @@ type ServiceAccountTokenType string const ( ServiceAccountLegacyTokenType ServiceAccountTokenType = "Legacy" + ServiceAccountBoundTokenType ServiceAccountTokenType = "Bound" ) type OpenShiftControllerManagerStatus struct { From 25ecd10c35d49b5c79ce1404dd5b8935de7ef3f0 Mon Sep 17 00:00:00 2001 From: Luis Sanchez Date: Fri, 9 Feb 2024 11:44:13 -0500 Subject: [PATCH 4/4] make update --- openapi/generated_openapi/zz_generated.openapi.go | 2 +- openapi/openapi.json | 2 +- ...nshift-controller-manager-operator_02_config.crd.yaml | 9 ++++++--- operator/v1/zz_generated.swagger_doc_generated.go | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 5f0941558a4..16206517d17 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -50217,7 +50217,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManagerSpec(ref common. }, "imageRegistryAuthTokenType": { SchemaProps: spec.SchemaProps{ - Description: "imageRegistryAuthTokenType specifies the kind of service account token when used when generating image pull secrets for the integrated image registry.", + Description: "imageRegistryAuthTokenType directs the openshift-controller-manager to use either a legacy,(unbound, long-lived) service acccount tokens or a bound service account token when generating image pull secrets for the integrated image registry.", Type: []string{"string"}, Format: "", }, diff --git a/openapi/openapi.json b/openapi/openapi.json index 2e48a0d1b7f..482ee950b33 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -29376,7 +29376,7 @@ ], "properties": { "imageRegistryAuthTokenType": { - "description": "imageRegistryAuthTokenType specifies the kind of service account token when used when generating image pull secrets for the integrated image registry.", + "description": "imageRegistryAuthTokenType directs the openshift-controller-manager to use either a legacy,(unbound, long-lived) service acccount tokens or a bound service account token when generating image pull secrets for the integrated image registry.", "type": "string" }, "logLevel": { diff --git a/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml b/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml index e737064bf57..84cfc9c24ca 100644 --- a/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml +++ b/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml @@ -40,11 +40,14 @@ spec: spec: properties: imageRegistryAuthTokenType: - description: imageRegistryAuthTokenType specifies the kind of service - account token when used when generating image pull secrets for the - integrated image registry. + default: Bound + description: imageRegistryAuthTokenType directs the openshift-controller-manager + to use either a legacy,(unbound, long-lived) service acccount tokens + or a bound service account token when generating image pull secrets + for the integrated image registry. enum: - Legacy + - Bound type: string logLevel: default: Normal diff --git a/operator/v1/zz_generated.swagger_doc_generated.go b/operator/v1/zz_generated.swagger_doc_generated.go index ef2e6e03c90..ef91df8de1b 100644 --- a/operator/v1/zz_generated.swagger_doc_generated.go +++ b/operator/v1/zz_generated.swagger_doc_generated.go @@ -1649,7 +1649,7 @@ func (OpenShiftControllerManagerList) SwaggerDoc() map[string]string { } var map_OpenShiftControllerManagerSpec = map[string]string{ - "imageRegistryAuthTokenType": "imageRegistryAuthTokenType specifies the kind of service account token when used when generating image pull secrets for the integrated image registry.", + "imageRegistryAuthTokenType": "imageRegistryAuthTokenType directs the openshift-controller-manager to use either a legacy,(unbound, long-lived) service acccount tokens or a bound service account token when generating image pull secrets for the integrated image registry.", } func (OpenShiftControllerManagerSpec) SwaggerDoc() map[string]string {