From a4be43c2b7121d92f160e0e0e788aa79d0e9839b Mon Sep 17 00:00:00 2001 From: Predrag Knezevic Date: Thu, 12 Mar 2020 19:06:24 +0100 Subject: [PATCH 1/4] Added ability to configure Helm chart repository accessible within cluster * Introduced `HelmChartRepository` top-level CR modelled according to chartrepo.Entry from https://github.com/helm/helm/blob/master/pkg/repo/chartrepo.go#L42 * The corresponding enchancement: openshift/enhancements/pull/175 --- Makefile | 3 +- hack/update-deepcopy.sh | 2 +- hack/verify-crds.sh | 1 + .../0000_10-helm-chart-repository.crd.yaml | 138 ++++++++++++++++ helm/v1alpha1/doc.go | 8 + helm/v1alpha1/register.go | 38 +++++ helm/v1alpha1/types_helm.go | 108 +++++++++++++ helm/v1alpha1/zz_generated.deepcopy.go | 152 ++++++++++++++++++ 8 files changed, 448 insertions(+), 2 deletions(-) create mode 100644 helm/v1alpha1/0000_10-helm-chart-repository.crd.yaml create mode 100644 helm/v1alpha1/doc.go create mode 100644 helm/v1alpha1/register.go create mode 100644 helm/v1alpha1/types_helm.go create mode 100644 helm/v1alpha1/zz_generated.deepcopy.go diff --git a/Makefile b/Makefile index 4043bf04fd1..0146804a4ad 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,7 @@ GO_LD_FLAGS:= # $4 - output $(call add-crd-gen,authorization,./authorization/v1,./authorization/v1,./authorization/v1) $(call add-crd-gen,config,./config/v1,./config/v1,./config/v1) +$(call add-crd-gen,helm,./helm/v1alpha1,./helm/v1alpha1,./helm/v1alpha1) $(call add-crd-gen,console,./console/v1,./console/v1,./console/v1) $(call add-crd-gen,imageregistry,./imageregistry/v1,./imageregistry/v1,./imageregistry/v1) $(call add-crd-gen,operator,./operator/v1,./operator/v1,./operator/v1) @@ -52,4 +53,4 @@ update: update-scripts update-codegen-crds generate-with-container: Dockerfile.build $(RUNTIME) build -t $(RUNTIME_IMAGE_NAME) -f Dockerfile.build . - $(RUNTIME) run -ti --rm -v $(PWD):/go/src/github.com/openshift/api:z -w /go/src/github.com/openshift/api $(RUNTIME_IMAGE_NAME) make update-scripts + $(RUNTIME) run -ti --rm -v $(PWD):/go/src/github.com/openshift/api:z -w /go/src/github.com/openshift/api $(RUNTIME_IMAGE_NAME) make update diff --git a/hack/update-deepcopy.sh b/hack/update-deepcopy.sh index 02066be7ed0..4c3fd7f63e0 100755 --- a/hack/update-deepcopy.sh +++ b/hack/update-deepcopy.sh @@ -10,7 +10,7 @@ verify="${VERIFY:-}" GOFLAGS="" bash ${CODEGEN_PKG}/generate-groups.sh "deepcopy" \ github.com/openshift/api/generated \ github.com/openshift/api \ - "apps:v1 authorization:v1 build:v1 config:v1 console:v1 image:v1,docker10,dockerpre012 imageregistry:v1 kubecontrolplane:v1 legacyconfig:v1 network:v1 oauth:v1 openshiftcontrolplane:v1 operator:v1 operator:v1alpha1 operatorcontrolplane:v1alpha1 operatoringress:v1 osin:v1 project:v1 quota:v1 route:v1 samples:v1 security:v1 servicecertsigner:v1alpha1 template:v1 user:v1" \ + "apps:v1 authorization:v1 build:v1 config:v1 helm:v1alpha1 console:v1 image:v1,docker10,dockerpre012 imageregistry:v1 kubecontrolplane:v1 legacyconfig:v1 network:v1 oauth:v1 openshiftcontrolplane:v1 operator:v1 operator:v1alpha1 operatorcontrolplane:v1alpha1 operatoringress:v1 osin:v1 project:v1 quota:v1 route:v1 samples:v1 security:v1 servicecertsigner:v1alpha1 template:v1 user:v1" \ --go-header-file ${SCRIPT_ROOT}/hack/empty.txt \ ${verify} diff --git a/hack/verify-crds.sh b/hack/verify-crds.sh index a9f035938bc..8fb2721914a 100755 --- a/hack/verify-crds.sh +++ b/hack/verify-crds.sh @@ -8,6 +8,7 @@ fi FILES="authorization/v1/*.crd.yaml config/v1/*.crd.yaml +helm/v1alpha1/*.crd.yaml console/v1/*.crd.yaml imageregistry/v1/*crd.yaml operator/v1/*.crd.yaml diff --git a/helm/v1alpha1/0000_10-helm-chart-repository.crd.yaml b/helm/v1alpha1/0000_10-helm-chart-repository.crd.yaml new file mode 100644 index 00000000000..42475342a5c --- /dev/null +++ b/helm/v1alpha1/0000_10-helm-chart-repository.crd.yaml @@ -0,0 +1,138 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: helmchartrepositories.helm.openshift.io +spec: + scope: Cluster + preserveUnknownFields: false + group: helm.openshift.io + names: + kind: HelmChartRepository + listKind: HelmChartRepositoryList + plural: helmchartrepositories + singular: helmchartrepository + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: HelmChartRepository holds cluster-wide configuration for proxied + Helm chart repository + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing + the PEM-encoded CA bundle. It is used as a trust anchor to validate + the TLS certificate presented by the remote server. The key "ca.crt" + is used to locate the data. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + description: + description: Optional human readable repository description, it can + be used by UI for displaying purposes + type: string + minLength: 1 + insecure_skip_tls_verify: + description: Skip verification of the chart repo certificate + type: boolean + name: + description: Optional associated human readable repository name, it + can be used by UI for displaying purposes + type: string + minLength: 1 + password: + description: Password is an optional reference to a secret by name that + contains the password used for authenticating access to the chart + repository The key "password" is used to locate the data. The namespace + for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a secret by name + that contains the PEM-encoded TLS client certificate to present when + connecting to the server. The key "client.crt" is used to locate the + data. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsClientKey: + description: tlsClientKey is an optional reference to a secret by name + that contains the PEM-encoded TLS private key for the client certificate + referenced in tlsClientCert. The key "client.key" is used to locate + the data. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: Chart repository URL + type: string + pattern: ^https?:\/\/ + username: + description: Optional Username used for authenticating access to the + chart repository + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: HelmChartRepositoryCondition is just the standard condition + fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string diff --git a/helm/v1alpha1/doc.go b/helm/v1alpha1/doc.go new file mode 100644 index 00000000000..f6ca5ef3b67 --- /dev/null +++ b/helm/v1alpha1/doc.go @@ -0,0 +1,8 @@ +// +k8s:deepcopy-gen=package,register +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true + +// +kubebuilder:validation:Optional +// +groupName=helm.openshift.io +// Package v1 is the v1 version of the API. +package v1alpha1 diff --git a/helm/v1alpha1/register.go b/helm/v1alpha1/register.go new file mode 100644 index 00000000000..d55bb0037a3 --- /dev/null +++ b/helm/v1alpha1/register.go @@ -0,0 +1,38 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "helm.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = schemeBuilder.AddToScheme +) + +// Resource generated code relies on this being here, but it logically belongs to the group +// DEPRECATED +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, + &HelmChartRepository{}, + &HelmChartRepositoryList{}, + ) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/helm/v1alpha1/types_helm.go b/helm/v1alpha1/types_helm.go new file mode 100644 index 00000000000..9e80664188c --- /dev/null +++ b/helm/v1alpha1/types_helm.go @@ -0,0 +1,108 @@ +package v1alpha1 + +import ( + configv1 "github.com/openshift/api/config/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:plural=helmchartrepositories + +// HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository +type HelmChartRepository struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec HelmChartRepositorySpec `json:"spec"` + + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status HelmChartRepositoryStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type HelmChartRepositoryList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []HelmChartRepository `json:"items"` +} + +// Helm chart repository exposed within the cluster +type HelmChartRepositorySpec struct { + + // Chart repository URL + // +kubebuilder:validation:Pattern=`^https?:\/\/` + URL string `json:"url"` + + // Optional associated human readable repository name, it can be used by UI for displaying purposes + // +kubebuilder:validation:MinLength=1 + // +optional + DisplayName string `json:"name,omitempty"` + + // Optional human readable repository description, it can be used by UI for displaying purposes + // +kubebuilder:validation:MinLength=1 + // +optional + Description string `json:"description,omitempty"` + + // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. + // It is used as a trust anchor to validate the TLS certificate presented by the remote server. + // The key "ca.crt" is used to locate the data. + // If empty, the default system roots are used. + // The namespace for this config map is openshift-config. + // +optional + CA *configv1.ConfigMapNameReference `json:"ca,omitempty"` + + // tlsClientCert is an optional reference to a secret by name that contains the + // PEM-encoded TLS client certificate to present when connecting to the server. + // The key "client.crt" is used to locate the data. + // The namespace for this secret is openshift-config. + // +optional + TLSClientCert *configv1.SecretNameReference `json:"tlsClientCert,omitempty"` + + // tlsClientKey is an optional reference to a secret by name that contains the + // PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. + // The key "client.key" is used to locate the data. + // The namespace for this secret is openshift-config. + // +optional + TLSClientKey *configv1.SecretNameReference `json:"tlsClientKey,omitempty"` + + // Skip verification of the chart repo certificate + // +optional + InsecureSkipTLSVerify bool `json:"insecure_skip_tls_verify,omitempty"` + + // Optional Username used for authenticating access to the chart repository + // +optional + Username *string `json:"username,omitempty"` + + // Password is an optional reference to a secret by name that contains + // the password used for authenticating access to the chart repository + // The key "password" is used to locate the data. + // The namespace for this secret is openshift-config. + // +optional + Password *configv1.SecretNameReference `json:"password,omitempty"` +} + +type HelmChartRepositoryStatus struct { + + // conditions is a list of conditions and their status + // +optional + Conditions []HelmChartRepositoryCondition `json:"conditions,omitempty"` +} + +// HelmChartRepositoryCondition is just the standard condition fields. +type HelmChartRepositoryCondition struct { + Type string `json:"type"` + Status ConditionStatus `json:"status"` + LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` + Reason string `json:"reason,omitempty"` + Message string `json:"message,omitempty"` +} + +type ConditionStatus string diff --git a/helm/v1alpha1/zz_generated.deepcopy.go b/helm/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..925e85bff1f --- /dev/null +++ b/helm/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,152 @@ +// +build !ignore_autogenerated + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "github.com/openshift/api/config/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartRepository) DeepCopyInto(out *HelmChartRepository) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartRepository. +func (in *HelmChartRepository) DeepCopy() *HelmChartRepository { + if in == nil { + return nil + } + out := new(HelmChartRepository) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HelmChartRepository) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartRepositoryCondition) DeepCopyInto(out *HelmChartRepositoryCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartRepositoryCondition. +func (in *HelmChartRepositoryCondition) DeepCopy() *HelmChartRepositoryCondition { + if in == nil { + return nil + } + out := new(HelmChartRepositoryCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartRepositoryList) DeepCopyInto(out *HelmChartRepositoryList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]HelmChartRepository, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartRepositoryList. +func (in *HelmChartRepositoryList) DeepCopy() *HelmChartRepositoryList { + if in == nil { + return nil + } + out := new(HelmChartRepositoryList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HelmChartRepositoryList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartRepositorySpec) DeepCopyInto(out *HelmChartRepositorySpec) { + *out = *in + if in.CA != nil { + in, out := &in.CA, &out.CA + *out = new(v1.ConfigMapNameReference) + **out = **in + } + if in.TLSClientCert != nil { + in, out := &in.TLSClientCert, &out.TLSClientCert + *out = new(v1.SecretNameReference) + **out = **in + } + if in.TLSClientKey != nil { + in, out := &in.TLSClientKey, &out.TLSClientKey + *out = new(v1.SecretNameReference) + **out = **in + } + if in.Username != nil { + in, out := &in.Username, &out.Username + *out = new(string) + **out = **in + } + if in.Password != nil { + in, out := &in.Password, &out.Password + *out = new(v1.SecretNameReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartRepositorySpec. +func (in *HelmChartRepositorySpec) DeepCopy() *HelmChartRepositorySpec { + if in == nil { + return nil + } + out := new(HelmChartRepositorySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartRepositoryStatus) DeepCopyInto(out *HelmChartRepositoryStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]HelmChartRepositoryCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartRepositoryStatus. +func (in *HelmChartRepositoryStatus) DeepCopy() *HelmChartRepositoryStatus { + if in == nil { + return nil + } + out := new(HelmChartRepositoryStatus) + in.DeepCopyInto(out) + return out +} From 70e8339a6e1fff23e68c7a7b714d0c2faf0747f9 Mon Sep 17 00:00:00 2001 From: Predrag Knezevic Date: Fri, 24 Jul 2020 15:56:53 +0200 Subject: [PATCH 2/4] addressed reviewer comments --- Makefile | 2 +- hack/update-deepcopy.sh | 2 +- hack/verify-crds.sh | 2 +- .../0000_10-helm-chart-repository.crd.yaml | 83 +++++++++++++------ helm/{v1alpha1 => v1beta1}/doc.go | 2 +- helm/{v1alpha1 => v1beta1}/register.go | 4 +- helm/{v1alpha1 => v1beta1}/types_helm.go | 49 ++++------- .../zz_generated.deepcopy.go | 79 ++++++++---------- 8 files changed, 113 insertions(+), 110 deletions(-) rename helm/{v1alpha1 => v1beta1}/0000_10-helm-chart-repository.crd.yaml (55%) rename helm/{v1alpha1 => v1beta1}/doc.go (92%) rename helm/{v1alpha1 => v1beta1}/register.go (97%) rename helm/{v1alpha1 => v1beta1}/types_helm.go (68%) rename helm/{v1alpha1 => v1beta1}/zz_generated.deepcopy.go (85%) diff --git a/Makefile b/Makefile index 0146804a4ad..b5692fd0058 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ GO_LD_FLAGS:= # $4 - output $(call add-crd-gen,authorization,./authorization/v1,./authorization/v1,./authorization/v1) $(call add-crd-gen,config,./config/v1,./config/v1,./config/v1) -$(call add-crd-gen,helm,./helm/v1alpha1,./helm/v1alpha1,./helm/v1alpha1) +$(call add-crd-gen,helm,./helm/v1beta1,./helm/v1beta1,./helm/v1beta1) $(call add-crd-gen,console,./console/v1,./console/v1,./console/v1) $(call add-crd-gen,imageregistry,./imageregistry/v1,./imageregistry/v1,./imageregistry/v1) $(call add-crd-gen,operator,./operator/v1,./operator/v1,./operator/v1) diff --git a/hack/update-deepcopy.sh b/hack/update-deepcopy.sh index 4c3fd7f63e0..25114bb9f40 100755 --- a/hack/update-deepcopy.sh +++ b/hack/update-deepcopy.sh @@ -10,7 +10,7 @@ verify="${VERIFY:-}" GOFLAGS="" bash ${CODEGEN_PKG}/generate-groups.sh "deepcopy" \ github.com/openshift/api/generated \ github.com/openshift/api \ - "apps:v1 authorization:v1 build:v1 config:v1 helm:v1alpha1 console:v1 image:v1,docker10,dockerpre012 imageregistry:v1 kubecontrolplane:v1 legacyconfig:v1 network:v1 oauth:v1 openshiftcontrolplane:v1 operator:v1 operator:v1alpha1 operatorcontrolplane:v1alpha1 operatoringress:v1 osin:v1 project:v1 quota:v1 route:v1 samples:v1 security:v1 servicecertsigner:v1alpha1 template:v1 user:v1" \ + "apps:v1 authorization:v1 build:v1 config:v1 helm:v1beta1 console:v1 image:v1,docker10,dockerpre012 imageregistry:v1 kubecontrolplane:v1 legacyconfig:v1 network:v1 oauth:v1 openshiftcontrolplane:v1 operator:v1 operator:v1alpha1 operatorcontrolplane:v1alpha1 operatoringress:v1 osin:v1 project:v1 quota:v1 route:v1 samples:v1 security:v1 servicecertsigner:v1alpha1 template:v1 user:v1" \ --go-header-file ${SCRIPT_ROOT}/hack/empty.txt \ ${verify} diff --git a/hack/verify-crds.sh b/hack/verify-crds.sh index 8fb2721914a..9724f5a4948 100755 --- a/hack/verify-crds.sh +++ b/hack/verify-crds.sh @@ -8,7 +8,7 @@ fi FILES="authorization/v1/*.crd.yaml config/v1/*.crd.yaml -helm/v1alpha1/*.crd.yaml +helm/v1beta1/*.crd.yaml console/v1/*.crd.yaml imageregistry/v1/*crd.yaml operator/v1/*.crd.yaml diff --git a/helm/v1alpha1/0000_10-helm-chart-repository.crd.yaml b/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml similarity index 55% rename from helm/v1alpha1/0000_10-helm-chart-repository.crd.yaml rename to helm/v1beta1/0000_10-helm-chart-repository.crd.yaml index 42475342a5c..4902ac6cc62 100644 --- a/helm/v1alpha1/0000_10-helm-chart-repository.crd.yaml +++ b/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml @@ -11,8 +11,10 @@ spec: listKind: HelmChartRepositoryList plural: helmchartrepositories singular: helmchartrepository + shortNames: + - hcr versions: - - name: v1alpha1 + - name: v1beta1 served: true storage: true subresources: @@ -60,26 +62,11 @@ spec: be used by UI for displaying purposes type: string minLength: 1 - insecure_skip_tls_verify: - description: Skip verification of the chart repo certificate - type: boolean name: description: Optional associated human readable repository name, it can be used by UI for displaying purposes type: string minLength: 1 - password: - description: Password is an optional reference to a secret by name that - contains the password used for authenticating access to the chart - repository The key "password" is used to locate the data. The namespace - for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string tlsClientCert: description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when @@ -108,31 +95,77 @@ spec: description: Chart repository URL type: string pattern: ^https?:\/\/ - username: - description: Optional Username used for authenticating access to the - chart repository - type: string status: - description: status holds observed values from the cluster. They may not - be overridden. + description: Observed status of the repository within the cluster.. type: object properties: conditions: - description: conditions is a list of conditions and their status + description: conditions is a list of conditions and their statuses type: array items: - description: HelmChartRepositoryCondition is just the standard condition - fields. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // + +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" type: object + required: + - lastTransitionTime + - message + - reason + - status + - type properties: lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. type: string format: date-time message: + description: message is a human readable message indicating details + about the transition. This may be an empty string. type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + type: integer + format: int64 + minimum: 0 reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers of + specific condition types may define expected values and meanings + for this field, and whether the values are considered a guaranteed + API. The value should be a CamelCase string. This field may + not be empty. type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ status: + description: status of the condition, one of True, False, Unknown. type: string + enum: + - "True" + - "False" + - Unknown type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ diff --git a/helm/v1alpha1/doc.go b/helm/v1beta1/doc.go similarity index 92% rename from helm/v1alpha1/doc.go rename to helm/v1beta1/doc.go index f6ca5ef3b67..8a45cd1c81b 100644 --- a/helm/v1alpha1/doc.go +++ b/helm/v1beta1/doc.go @@ -5,4 +5,4 @@ // +kubebuilder:validation:Optional // +groupName=helm.openshift.io // Package v1 is the v1 version of the API. -package v1alpha1 +package v1beta1 diff --git a/helm/v1alpha1/register.go b/helm/v1beta1/register.go similarity index 97% rename from helm/v1alpha1/register.go rename to helm/v1beta1/register.go index d55bb0037a3..890474569a1 100644 --- a/helm/v1alpha1/register.go +++ b/helm/v1beta1/register.go @@ -1,4 +1,4 @@ -package v1alpha1 +package v1beta1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -8,7 +8,7 @@ import ( var ( GroupName = "helm.openshift.io" - GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha"} + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // Install is a function which adds this version to a scheme Install = schemeBuilder.AddToScheme diff --git a/helm/v1alpha1/types_helm.go b/helm/v1beta1/types_helm.go similarity index 68% rename from helm/v1alpha1/types_helm.go rename to helm/v1beta1/types_helm.go index 9e80664188c..417b97e69d9 100644 --- a/helm/v1alpha1/types_helm.go +++ b/helm/v1beta1/types_helm.go @@ -1,4 +1,4 @@ -package v1alpha1 +package v1beta1 import ( configv1 "github.com/openshift/api/config/v1" @@ -20,13 +20,12 @@ type HelmChartRepository struct { // +required Spec HelmChartRepositorySpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. + // Observed status of the repository within the cluster.. // +optional Status HelmChartRepositoryStatus `json:"status"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - type HelmChartRepositoryList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` @@ -37,10 +36,6 @@ type HelmChartRepositoryList struct { // Helm chart repository exposed within the cluster type HelmChartRepositorySpec struct { - // Chart repository URL - // +kubebuilder:validation:Pattern=`^https?:\/\/` - URL string `json:"url"` - // Optional associated human readable repository name, it can be used by UI for displaying purposes // +kubebuilder:validation:MinLength=1 // +optional @@ -51,6 +46,16 @@ type HelmChartRepositorySpec struct { // +optional Description string `json:"description,omitempty"` + // Required configuration for connecting to the chart repo + ConnectionConfig `json:",inline"` +} + +type ConnectionConfig struct { + + // Chart repository URL + // +kubebuilder:validation:Pattern=`^https?:\/\/` + URL string `json:"url"` + // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. // It is used as a trust anchor to validate the TLS certificate presented by the remote server. // The key "ca.crt" is used to locate the data. @@ -72,37 +77,11 @@ type HelmChartRepositorySpec struct { // The namespace for this secret is openshift-config. // +optional TLSClientKey *configv1.SecretNameReference `json:"tlsClientKey,omitempty"` - - // Skip verification of the chart repo certificate - // +optional - InsecureSkipTLSVerify bool `json:"insecure_skip_tls_verify,omitempty"` - - // Optional Username used for authenticating access to the chart repository - // +optional - Username *string `json:"username,omitempty"` - - // Password is an optional reference to a secret by name that contains - // the password used for authenticating access to the chart repository - // The key "password" is used to locate the data. - // The namespace for this secret is openshift-config. - // +optional - Password *configv1.SecretNameReference `json:"password,omitempty"` } type HelmChartRepositoryStatus struct { - // conditions is a list of conditions and their status + // conditions is a list of conditions and their statuses // +optional - Conditions []HelmChartRepositoryCondition `json:"conditions,omitempty"` + Conditions []metav1.Condition `json:"conditions,omitempty"` } - -// HelmChartRepositoryCondition is just the standard condition fields. -type HelmChartRepositoryCondition struct { - Type string `json:"type"` - Status ConditionStatus `json:"status"` - LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` - Reason string `json:"reason,omitempty"` - Message string `json:"message,omitempty"` -} - -type ConditionStatus string diff --git a/helm/v1alpha1/zz_generated.deepcopy.go b/helm/v1beta1/zz_generated.deepcopy.go similarity index 85% rename from helm/v1alpha1/zz_generated.deepcopy.go rename to helm/v1beta1/zz_generated.deepcopy.go index 925e85bff1f..acdfebc899a 100644 --- a/helm/v1alpha1/zz_generated.deepcopy.go +++ b/helm/v1beta1/zz_generated.deepcopy.go @@ -2,13 +2,45 @@ // Code generated by deepcopy-gen. DO NOT EDIT. -package v1alpha1 +package v1beta1 import ( v1 "github.com/openshift/api/config/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConnectionConfig) DeepCopyInto(out *ConnectionConfig) { + *out = *in + if in.CA != nil { + in, out := &in.CA, &out.CA + *out = new(v1.ConfigMapNameReference) + **out = **in + } + if in.TLSClientCert != nil { + in, out := &in.TLSClientCert, &out.TLSClientCert + *out = new(v1.SecretNameReference) + **out = **in + } + if in.TLSClientKey != nil { + in, out := &in.TLSClientKey, &out.TLSClientKey + *out = new(v1.SecretNameReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionConfig. +func (in *ConnectionConfig) DeepCopy() *ConnectionConfig { + if in == nil { + return nil + } + out := new(ConnectionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HelmChartRepository) DeepCopyInto(out *HelmChartRepository) { *out = *in @@ -37,23 +69,6 @@ func (in *HelmChartRepository) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HelmChartRepositoryCondition) DeepCopyInto(out *HelmChartRepositoryCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartRepositoryCondition. -func (in *HelmChartRepositoryCondition) DeepCopy() *HelmChartRepositoryCondition { - if in == nil { - return nil - } - out := new(HelmChartRepositoryCondition) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HelmChartRepositoryList) DeepCopyInto(out *HelmChartRepositoryList) { *out = *in @@ -90,31 +105,7 @@ func (in *HelmChartRepositoryList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HelmChartRepositorySpec) DeepCopyInto(out *HelmChartRepositorySpec) { *out = *in - if in.CA != nil { - in, out := &in.CA, &out.CA - *out = new(v1.ConfigMapNameReference) - **out = **in - } - if in.TLSClientCert != nil { - in, out := &in.TLSClientCert, &out.TLSClientCert - *out = new(v1.SecretNameReference) - **out = **in - } - if in.TLSClientKey != nil { - in, out := &in.TLSClientKey, &out.TLSClientKey - *out = new(v1.SecretNameReference) - **out = **in - } - if in.Username != nil { - in, out := &in.Username, &out.Username - *out = new(string) - **out = **in - } - if in.Password != nil { - in, out := &in.Password, &out.Password - *out = new(v1.SecretNameReference) - **out = **in - } + in.ConnectionConfig.DeepCopyInto(&out.ConnectionConfig) return } @@ -133,7 +124,7 @@ func (in *HelmChartRepositoryStatus) DeepCopyInto(out *HelmChartRepositoryStatus *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]HelmChartRepositoryCondition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } From 5af197adc03602a68e08cb5e6acb2395b9c048cf Mon Sep 17 00:00:00 2001 From: Predrag Knezevic Date: Fri, 24 Jul 2020 18:46:50 +0200 Subject: [PATCH 3/4] second round of reviews --- helm/install.go | 26 +++++++ .../0000_10-helm-chart-repository.crd.yaml | 75 +++++++++---------- helm/v1beta1/types_helm.go | 22 ++---- helm/v1beta1/zz_generated.deepcopy.go | 26 ++----- install.go | 2 + 5 files changed, 76 insertions(+), 75 deletions(-) create mode 100644 helm/install.go diff --git a/helm/install.go b/helm/install.go new file mode 100644 index 00000000000..6c8f51892a4 --- /dev/null +++ b/helm/install.go @@ -0,0 +1,26 @@ +package helm + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + + helmv1beta1 "github.com/openshift/api/helm/v1beta1" +) + +const ( + GroupName = "helm.openshift.io" +) + +var ( + schemeBuilder = runtime.NewSchemeBuilder(helmv1beta1.Install) + // Install is a function which adds every version of this group to a scheme + Install = schemeBuilder.AddToScheme +) + +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +func Kind(kind string) schema.GroupKind { + return schema.GroupKind{Group: GroupName, Kind: kind} +} diff --git a/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml b/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml index 4902ac6cc62..7cd8114d9dd 100644 --- a/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml +++ b/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml @@ -11,8 +11,6 @@ spec: listKind: HelmChartRepositoryList plural: helmchartrepositories singular: helmchartrepository - shortNames: - - hcr versions: - name: v1beta1 served: true @@ -43,20 +41,43 @@ spec: description: spec holds user settable values for configuration type: object properties: - ca: - description: ca is an optional reference to a config map by name containing - the PEM-encoded CA bundle. It is used as a trust anchor to validate - the TLS certificate presented by the remote server. The key "ca.crt" - is used to locate the data. If empty, the default system roots are - used. The namespace for this config map is openshift-config. + connectionConfig: + description: Required configuration for connecting to the chart repo type: object - required: - - name properties: - name: - description: name is the metadata.name of the referenced config - map + ca: + description: ca is an optional reference to a config map by name + containing the PEM-encoded CA bundle. It is used as a trust anchor + to validate the TLS certificate presented by the remote server. + The key "ca-bundle.crt" is used to locate the data. If empty, + the default system roots are used. The namespace for this config + map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + tlsClientConfig: + description: tlsClientConfig is an optional reference to a secret + by name that contains the PEM-encoded TLS client certificate and + private key to present when connecting to the server. The key + "tls.crt" is used to locate the client certificate. The key "tls.key" + is used to locate the private key. The namespace for this secret + is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: Chart repository URL type: string + pattern: ^https?:\/\/ description: description: Optional human readable repository description, it can be used by UI for displaying purposes @@ -67,34 +88,6 @@ spec: can be used by UI for displaying purposes type: string minLength: 1 - tlsClientCert: - description: tlsClientCert is an optional reference to a secret by name - that contains the PEM-encoded TLS client certificate to present when - connecting to the server. The key "client.crt" is used to locate the - data. The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - tlsClientKey: - description: tlsClientKey is an optional reference to a secret by name - that contains the PEM-encoded TLS private key for the client certificate - referenced in tlsClientCert. The key "client.key" is used to locate - the data. The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - url: - description: Chart repository URL - type: string - pattern: ^https?:\/\/ status: description: Observed status of the repository within the cluster.. type: object diff --git a/helm/v1beta1/types_helm.go b/helm/v1beta1/types_helm.go index 417b97e69d9..927d3ef9ec5 100644 --- a/helm/v1beta1/types_helm.go +++ b/helm/v1beta1/types_helm.go @@ -47,7 +47,7 @@ type HelmChartRepositorySpec struct { Description string `json:"description,omitempty"` // Required configuration for connecting to the chart repo - ConnectionConfig `json:",inline"` + ConnectionConfig ConnectionConfig `json:"connectionConfig"` } type ConnectionConfig struct { @@ -58,25 +58,19 @@ type ConnectionConfig struct { // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. // It is used as a trust anchor to validate the TLS certificate presented by the remote server. - // The key "ca.crt" is used to locate the data. + // The key "ca-bundle.crt" is used to locate the data. // If empty, the default system roots are used. // The namespace for this config map is openshift-config. // +optional - CA *configv1.ConfigMapNameReference `json:"ca,omitempty"` + CA configv1.ConfigMapNameReference `json:"ca,omitempty"` - // tlsClientCert is an optional reference to a secret by name that contains the - // PEM-encoded TLS client certificate to present when connecting to the server. - // The key "client.crt" is used to locate the data. + // tlsClientConfig is an optional reference to a secret by name that contains the + // PEM-encoded TLS client certificate and private key to present when connecting to the server. + // The key "tls.crt" is used to locate the client certificate. + // The key "tls.key" is used to locate the private key. // The namespace for this secret is openshift-config. // +optional - TLSClientCert *configv1.SecretNameReference `json:"tlsClientCert,omitempty"` - - // tlsClientKey is an optional reference to a secret by name that contains the - // PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. - // The key "client.key" is used to locate the data. - // The namespace for this secret is openshift-config. - // +optional - TLSClientKey *configv1.SecretNameReference `json:"tlsClientKey,omitempty"` + TLSClientConfig configv1.SecretNameReference `json:"tlsClientConfig,omitempty"` } type HelmChartRepositoryStatus struct { diff --git a/helm/v1beta1/zz_generated.deepcopy.go b/helm/v1beta1/zz_generated.deepcopy.go index acdfebc899a..bf7df6c8fc0 100644 --- a/helm/v1beta1/zz_generated.deepcopy.go +++ b/helm/v1beta1/zz_generated.deepcopy.go @@ -5,29 +5,15 @@ package v1beta1 import ( - v1 "github.com/openshift/api/config/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConnectionConfig) DeepCopyInto(out *ConnectionConfig) { *out = *in - if in.CA != nil { - in, out := &in.CA, &out.CA - *out = new(v1.ConfigMapNameReference) - **out = **in - } - if in.TLSClientCert != nil { - in, out := &in.TLSClientCert, &out.TLSClientCert - *out = new(v1.SecretNameReference) - **out = **in - } - if in.TLSClientKey != nil { - in, out := &in.TLSClientKey, &out.TLSClientKey - *out = new(v1.SecretNameReference) - **out = **in - } + out.CA = in.CA + out.TLSClientConfig = in.TLSClientConfig return } @@ -46,7 +32,7 @@ func (in *HelmChartRepository) DeepCopyInto(out *HelmChartRepository) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) + out.Spec = in.Spec in.Status.DeepCopyInto(&out.Status) return } @@ -105,7 +91,7 @@ func (in *HelmChartRepositoryList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HelmChartRepositorySpec) DeepCopyInto(out *HelmChartRepositorySpec) { *out = *in - in.ConnectionConfig.DeepCopyInto(&out.ConnectionConfig) + out.ConnectionConfig = in.ConnectionConfig return } @@ -124,7 +110,7 @@ func (in *HelmChartRepositoryStatus) DeepCopyInto(out *HelmChartRepositoryStatus *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]metav1.Condition, len(*in)) + *out = make([]v1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/install.go b/install.go index 11c6512c526..8422d201582 100644 --- a/install.go +++ b/install.go @@ -37,6 +37,7 @@ import ( "github.com/openshift/api/authorization" "github.com/openshift/api/build" "github.com/openshift/api/config" + "github.com/openshift/api/helm" "github.com/openshift/api/image" "github.com/openshift/api/imageregistry" "github.com/openshift/api/kubecontrolplane" @@ -65,6 +66,7 @@ var ( authorization.Install, build.Install, config.Install, + helm.Install, image.Install, imageregistry.Install, kubecontrolplane.Install, From 3b19d3ca3d33f2fabc253dfb6c1f829c37919931 Mon Sep 17 00:00:00 2001 From: Predrag Knezevic Date: Mon, 27 Jul 2020 16:56:18 +0200 Subject: [PATCH 4/4] set maxLength on HelmChartRepositorySpec.DisplayName, Description and URL field --- helm/v1beta1/0000_10-helm-chart-repository.crd.yaml | 3 +++ helm/v1beta1/types_helm.go | 3 +++ 2 files changed, 6 insertions(+) diff --git a/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml b/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml index 7cd8114d9dd..a7f8d994b6d 100644 --- a/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml +++ b/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml @@ -77,16 +77,19 @@ spec: url: description: Chart repository URL type: string + maxLength: 2048 pattern: ^https?:\/\/ description: description: Optional human readable repository description, it can be used by UI for displaying purposes type: string + maxLength: 2048 minLength: 1 name: description: Optional associated human readable repository name, it can be used by UI for displaying purposes type: string + maxLength: 100 minLength: 1 status: description: Observed status of the repository within the cluster.. diff --git a/helm/v1beta1/types_helm.go b/helm/v1beta1/types_helm.go index 927d3ef9ec5..33613f65cf3 100644 --- a/helm/v1beta1/types_helm.go +++ b/helm/v1beta1/types_helm.go @@ -38,11 +38,13 @@ type HelmChartRepositorySpec struct { // Optional associated human readable repository name, it can be used by UI for displaying purposes // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=100 // +optional DisplayName string `json:"name,omitempty"` // Optional human readable repository description, it can be used by UI for displaying purposes // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 // +optional Description string `json:"description,omitempty"` @@ -54,6 +56,7 @@ type ConnectionConfig struct { // Chart repository URL // +kubebuilder:validation:Pattern=`^https?:\/\/` + // +kubebuilder:validation:MaxLength=2048 URL string `json:"url"` // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.