diff --git a/go.mod b/go.mod index 0eaa73fbb..1839af47c 100644 --- a/go.mod +++ b/go.mod @@ -86,18 +86,18 @@ require ( github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.22.1 // indirect github.com/go-openapi/jsonreference v0.21.3 // indirect - github.com/go-openapi/swag v0.25.1 // indirect - github.com/go-openapi/swag/cmdutils v0.25.1 // indirect - github.com/go-openapi/swag/conv v0.25.1 // indirect - github.com/go-openapi/swag/fileutils v0.25.1 // indirect - github.com/go-openapi/swag/jsonname v0.25.1 // indirect - github.com/go-openapi/swag/jsonutils v0.25.1 // indirect - github.com/go-openapi/swag/loading v0.25.1 // indirect - github.com/go-openapi/swag/mangling v0.25.1 // indirect - github.com/go-openapi/swag/netutils v0.25.1 // indirect - github.com/go-openapi/swag/stringutils v0.25.1 // indirect - github.com/go-openapi/swag/typeutils v0.25.1 // indirect - github.com/go-openapi/swag/yamlutils v0.25.1 // indirect + github.com/go-openapi/swag v0.25.4 // indirect + github.com/go-openapi/swag/cmdutils v0.25.4 // indirect + github.com/go-openapi/swag/conv v0.25.4 // indirect + github.com/go-openapi/swag/fileutils v0.25.4 // indirect + github.com/go-openapi/swag/jsonname v0.25.4 // indirect + github.com/go-openapi/swag/jsonutils v0.25.4 // indirect + github.com/go-openapi/swag/loading v0.25.4 // indirect + github.com/go-openapi/swag/mangling v0.25.4 // indirect + github.com/go-openapi/swag/netutils v0.25.4 // indirect + github.com/go-openapi/swag/stringutils v0.25.4 // indirect + github.com/go-openapi/swag/typeutils v0.25.4 // indirect + github.com/go-openapi/swag/yamlutils v0.25.4 // indirect github.com/go-redis/cache/v9 v9.0.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gobuffalo/flect v1.0.3 // indirect @@ -199,24 +199,24 @@ require ( k8s.io/component-base v0.35.1 // indirect k8s.io/component-helpers v0.34.2 // indirect k8s.io/controller-manager v0.34.0 // indirect - k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/klog/v2 v2.140.0 // indirect k8s.io/kube-aggregator v0.34.0 // indirect - k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect + k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288 // indirect k8s.io/kubectl v0.35.1 // indirect k8s.io/kubernetes v1.34.2 // indirect - k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect + k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 // indirect oras.land/oras-go/v2 v2.6.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.1-0.20251003215857-446d8398e19c // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect ) replace ( // Usually not needed unless we have newer k8s.io deps and argocd still uses an old gitops-engine // github.com/argoproj/gitops-engine => github.com/argoproj/gitops-engine v0.0.0-20240905010810-bd7681ae3f8b - github.com/openshift/api => github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a + github.com/openshift/api => github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20251205093018-96a6cbc1420c // Caused by Argo importing 'k8s.io/api' // Override all the v0.0.0 entries diff --git a/go.sum b/go.sum index fa87829ea..62f939c02 100644 --- a/go.sum +++ b/go.sum @@ -167,32 +167,34 @@ github.com/go-openapi/jsonpointer v0.22.1 h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo github.com/go-openapi/jsonpointer v0.22.1/go.mod h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM= github.com/go-openapi/jsonreference v0.21.3 h1:96Dn+MRPa0nYAR8DR1E03SblB5FJvh7W6krPI0Z7qMc= github.com/go-openapi/jsonreference v0.21.3/go.mod h1:RqkUP0MrLf37HqxZxrIAtTWW4ZJIK1VzduhXYBEeGc4= -github.com/go-openapi/swag v0.25.1 h1:6uwVsx+/OuvFVPqfQmOOPsqTcm5/GkBhNwLqIR916n8= -github.com/go-openapi/swag v0.25.1/go.mod h1:bzONdGlT0fkStgGPd3bhZf1MnuPkf2YAys6h+jZipOo= -github.com/go-openapi/swag/cmdutils v0.25.1 h1:nDke3nAFDArAa631aitksFGj2omusks88GF1VwdYqPY= -github.com/go-openapi/swag/cmdutils v0.25.1/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0= -github.com/go-openapi/swag/conv v0.25.1 h1:+9o8YUg6QuqqBM5X6rYL/p1dpWeZRhoIt9x7CCP+he0= -github.com/go-openapi/swag/conv v0.25.1/go.mod h1:Z1mFEGPfyIKPu0806khI3zF+/EUXde+fdeksUl2NiDs= -github.com/go-openapi/swag/fileutils v0.25.1 h1:rSRXapjQequt7kqalKXdcpIegIShhTPXx7yw0kek2uU= -github.com/go-openapi/swag/fileutils v0.25.1/go.mod h1:+NXtt5xNZZqmpIpjqcujqojGFek9/w55b3ecmOdtg8M= -github.com/go-openapi/swag/jsonname v0.25.1 h1:Sgx+qbwa4ej6AomWC6pEfXrA6uP2RkaNjA9BR8a1RJU= -github.com/go-openapi/swag/jsonname v0.25.1/go.mod h1:71Tekow6UOLBD3wS7XhdT98g5J5GR13NOTQ9/6Q11Zo= -github.com/go-openapi/swag/jsonutils v0.25.1 h1:AihLHaD0brrkJoMqEZOBNzTLnk81Kg9cWr+SPtxtgl8= -github.com/go-openapi/swag/jsonutils v0.25.1/go.mod h1:JpEkAjxQXpiaHmRO04N1zE4qbUEg3b7Udll7AMGTNOo= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1 h1:DSQGcdB6G0N9c/KhtpYc71PzzGEIc/fZ1no35x4/XBY= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1/go.mod h1:kjmweouyPwRUEYMSrbAidoLMGeJ5p6zdHi9BgZiqmsg= -github.com/go-openapi/swag/loading v0.25.1 h1:6OruqzjWoJyanZOim58iG2vj934TysYVptyaoXS24kw= -github.com/go-openapi/swag/loading v0.25.1/go.mod h1:xoIe2EG32NOYYbqxvXgPzne989bWvSNoWoyQVWEZicc= -github.com/go-openapi/swag/mangling v0.25.1 h1:XzILnLzhZPZNtmxKaz/2xIGPQsBsvmCjrJOWGNz/ync= -github.com/go-openapi/swag/mangling v0.25.1/go.mod h1:CdiMQ6pnfAgyQGSOIYnZkXvqhnnwOn997uXZMAd/7mQ= -github.com/go-openapi/swag/netutils v0.25.1 h1:2wFLYahe40tDUHfKT1GRC4rfa5T1B4GWZ+msEFA4Fl4= -github.com/go-openapi/swag/netutils v0.25.1/go.mod h1:CAkkvqnUJX8NV96tNhEQvKz8SQo2KF0f7LleiJwIeRE= -github.com/go-openapi/swag/stringutils v0.25.1 h1:Xasqgjvk30eUe8VKdmyzKtjkVjeiXx1Iz0zDfMNpPbw= -github.com/go-openapi/swag/stringutils v0.25.1/go.mod h1:JLdSAq5169HaiDUbTvArA2yQxmgn4D6h4A+4HqVvAYg= -github.com/go-openapi/swag/typeutils v0.25.1 h1:rD/9HsEQieewNt6/k+JBwkxuAHktFtH3I3ysiFZqukA= -github.com/go-openapi/swag/typeutils v0.25.1/go.mod h1:9McMC/oCdS4BKwk2shEB7x17P6HmMmA6dQRtAkSnNb8= -github.com/go-openapi/swag/yamlutils v0.25.1 h1:mry5ez8joJwzvMbaTGLhw8pXUnhDK91oSJLDPF1bmGk= -github.com/go-openapi/swag/yamlutils v0.25.1/go.mod h1:cm9ywbzncy3y6uPm/97ysW8+wZ09qsks+9RS8fLWKqg= +github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU= +github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ= +github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4= +github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0= +github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4= +github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU= +github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y= +github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk= +github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI= +github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag= +github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA= +github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM= +github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s= +github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE= +github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48= +github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg= +github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0= +github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg= +github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8= +github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0= +github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw= +github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE= +github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw= +github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc= +github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4= +github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg= github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= github.com/go-playground/webhooks/v6 v6.4.0 h1:KLa6y7bD19N48rxJDHM0DpE3T4grV7GxMy1b/aHMWPY= @@ -378,8 +380,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a h1:v/W0YkbADTv9bfubadSNIOftvDIA/JwN8zaK79K5Wyc= -github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= +github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 h1:oZkYkIvQHkQV8pN0oe8AfPfc7y9+svwmsQHwbOWyJBw= +github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2/go.mod h1:Jm45pE7O6/G0tYYhiLzNyZykTjmf9BfhsKYuGfLLwTE= github.com/openshift/client-go v0.0.0-20251205093018-96a6cbc1420c h1:TBE0Gl+oCo/SNEhLKZQNNH/SWHXrpGyhAw7P0lAqdHg= github.com/openshift/client-go v0.0.0-20251205093018-96a6cbc1420c/go.mod h1:IsynOWZAfdH+BgWimcFQRtI41Id9sgdhsCEjIk8ACLw= github.com/operator-framework/api v0.33.0 h1:Tdu9doXz6Key2riIiP3/JPahHEgFBXAqyWQN4kOITS8= @@ -688,18 +690,18 @@ k8s.io/component-helpers v0.34.2 h1:RIUGDdU+QFzeVKLZ9f05sXTNAtJrRJ3bnbMLrogCrvM= k8s.io/component-helpers v0.34.2/go.mod h1:pLi+GByuRTeFjjcezln8gHL7LcT6HImkwVQ3A2SQaEE= k8s.io/controller-manager v0.34.2 h1:bjdSLh5nnSde5jfRW/rdPDOSYbwUMxs+9JUcbyL6LP8= k8s.io/controller-manager v0.34.2/go.mod h1:sR6wSdANfbdXBTtg2Fwp1ruo/1TJgSilooT6FDxZj4A= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= +k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= k8s.io/kube-aggregator v0.34.2 h1:Nn0Vksj67WHBL2x7bJ6vuxL44RbMTK6uRtXX+3vMVJk= k8s.io/kube-aggregator v0.34.2/go.mod h1:/tp4cc/1p2AvICsS4mjjSJakdrbhcGbRmj0mdHTdR2Q= -k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE= -k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= +k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288 h1:A7Lby6ekC6nv+6oO38huCMFBRP0Os+tIeq1GkwxOQes= +k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288/go.mod h1:V/QaCUYDa+0QpcHhVVc5l99Uz56wEMEXBSj9oCDkNDY= k8s.io/kubectl v0.34.2 h1:+fWGrVlDONMUmmQLDaGkQ9i91oszjjRAa94cr37hzqA= k8s.io/kubectl v0.34.2/go.mod h1:X2KTOdtZZNrTWmUD4oHApJ836pevSl+zvC5sI6oO2YQ= k8s.io/kubernetes v1.34.2 h1:WQdDvYJazkmkwSncgNwGvVtaCt4TYXIU3wSMRgvp3MI= k8s.io/kubernetes v1.34.2/go.mod h1:m6pZk6a179pRo2wsTiCPORJ86iOEQmfIzUvtyEF8BwA= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU= +k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= oras.land/oras-go/v2 v2.6.1 h1:bonOEkjLfp8tt6qXWRRWP6p1F+9octchOf2EqnWB4Zs= oras.land/oras-go/v2 v2.6.1/go.mod h1:dhtFrFOuZuDtAVeZ9FUnaa5zfzplG3ZnFX9/uH1J/Yk= sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= @@ -716,7 +718,7 @@ sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1-0.20251003215857-446d8398e19c h1:RCkxmWwPjOw2O1RiDgBgI6tfISvB07jAh+GEztp7TWk= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1-0.20251003215857-446d8398e19c/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/vendor/github.com/go-openapi/swag/.golangci.yml b/vendor/github.com/go-openapi/swag/.golangci.yml index 4129e7e57..126264a6b 100644 --- a/vendor/github.com/go-openapi/swag/.golangci.yml +++ b/vendor/github.com/go-openapi/swag/.golangci.yml @@ -21,6 +21,7 @@ linters: - ireturn - lll - musttag + - modernize - nestif - nlreturn - nonamedreturns diff --git a/vendor/github.com/go-openapi/swag/README.md b/vendor/github.com/go-openapi/swag/README.md index 786b92fd3..371fd55fd 100644 --- a/vendor/github.com/go-openapi/swag/README.md +++ b/vendor/github.com/go-openapi/swag/README.md @@ -18,6 +18,7 @@ You may also use it standalone for your projects. * [Contents](#contents) * [Dependencies](#dependencies) * [Release Notes](#release-notes) +* [Licensing](#licensing) * [Note to contributors](#note-to-contributors) * [TODOs, suggestions and plans](#todos-suggestions-and-plans) @@ -62,6 +63,42 @@ dependencies outside of the standard library. ## Release notes +### v0.25.4 + +** mangling** + +Bug fix + +* [x] mangler may panic with pluralized overlapping initialisms + +Tests + +* [x] introduced fuzz tests + +### v0.25.3 + +** mangling** + +Bug fix + +* [x] mangler may panic with pluralized initialisms + +### v0.25.2 + +Minor changes due to internal maintenance that don't affect the behavior of the library. + +* [x] removed indirect test dependencies by switching all tests to `go-openapi/testify`, + a fork of `stretch/testify` with zero-dependencies. +* [x] improvements to CI to catch test reports. +* [x] modernized licensing annotations in source code, using the more compact SPDX annotations + rather than the full license terms. +* [x] simplified a bit JSON & YAML testing by using newly available assertions +* started the journey to an OpenSSF score card badge: + * [x] explicited permissions in CI workflows + * [x] published security policy + * pinned dependencies to github actions + * introduced fuzzing in tests + ### v0.25.1 * fixes a data race that could occur when using the standard library implementation of a JSON ordered map @@ -74,7 +111,7 @@ dependencies outside of the standard library. * removes the dependency to `mailru/easyjson` by default (#68) * functionality remains the same, but performance may somewhat degrade for applications that relied on `easyjson` - * users of the JSON or YAML utilities who want to use `easyjson` as their prefered JSON serializer library + * users of the JSON or YAML utilities who want to use `easyjson` as their preferred JSON serializer library will be able to do so by registering this the corresponding JSON adapter at runtime. See below. * ordered keys in JSON and YAML objects: this feature used to rely solely on `easyjson`. With this release, an implementation relying on the standard `encoding/json` is provided. @@ -96,10 +133,13 @@ Moving forward, we want to : The following would maintain how JSON utilities proposed by `swag` used work, up to `v0.24.1`. ```go - import "github.com/go-openapi/swag/jsonutils/adapters/easyjson/json" + import ( + "github.com/go-openapi/swag/jsonutils/adapters" + easyjson "github.com/go-openapi/swag/jsonutils/adapters/easyjson/json" + ) func init() { - json.Register() + easyjson.Register(adapters.Registry) } ``` @@ -107,6 +147,9 @@ Subsequent calls to `jsonutils.ReadJSON()` or `jsonutils.WriteJSON()` will switc whenever the passed data structures implement the `easyjson.Unmarshaler` or `easyjson.Marshaler` respectively, or fallback to the standard library. +For more details, you may also look at our +[integration tests](jsonutils/adapters/testintegration/integration_suite_test.go#29). + ### v0.24.0 With this release, we have largely modernized the API of `swag`: @@ -133,6 +176,10 @@ With this release, we have largely modernized the API of `swag`: --- +## Licensing + +This library ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE). + ## Note to contributors A mono-repo structure comes with some unavoidable extra pains... diff --git a/vendor/github.com/go-openapi/swag/SECURITY.md b/vendor/github.com/go-openapi/swag/SECURITY.md new file mode 100644 index 000000000..72296a831 --- /dev/null +++ b/vendor/github.com/go-openapi/swag/SECURITY.md @@ -0,0 +1,19 @@ +# Security Policy + +This policy outlines the commitment and practices of the go-openapi maintainers regarding security. + +## Supported Versions + +| Version | Supported | +| ------- | ------------------ | +| 0.25.x | :white_check_mark: | + +## Reporting a vulnerability + +If you become aware of a security vulnerability that affects the current repository, +please report it privately to the maintainers. + +Please follow the instructions provided by github to +[Privately report a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability). + +TL;DR: on Github, navigate to the project's "Security" tab then click on "Report a vulnerability". diff --git a/vendor/github.com/go-openapi/swag/TODO.md b/vendor/github.com/go-openapi/swag/TODO.md deleted file mode 100644 index 129888038..000000000 --- a/vendor/github.com/go-openapi/swag/TODO.md +++ /dev/null @@ -1 +0,0 @@ -fix data race https://github.com/go-openapi/swag/actions/runs/17989156861/job/51174860188 diff --git a/vendor/github.com/go-openapi/swag/cmdutils/cmd_utils.go b/vendor/github.com/go-openapi/swag/cmdutils/cmd_utils.go index bc01ec2bb..6c7bbb26f 100644 --- a/vendor/github.com/go-openapi/swag/cmdutils/cmd_utils.go +++ b/vendor/github.com/go-openapi/swag/cmdutils/cmd_utils.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package cmdutils @@ -20,5 +9,5 @@ package cmdutils type CommandLineOptionsGroup struct { ShortDescription string LongDescription string - Options interface{} + Options any } diff --git a/vendor/github.com/go-openapi/swag/cmdutils/doc.go b/vendor/github.com/go-openapi/swag/cmdutils/doc.go index 63ac1d17e..31f2c3753 100644 --- a/vendor/github.com/go-openapi/swag/cmdutils/doc.go +++ b/vendor/github.com/go-openapi/swag/cmdutils/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package cmdutils brings helpers for CLIs produced by go-openapi package cmdutils diff --git a/vendor/github.com/go-openapi/swag/cmdutils_iface.go b/vendor/github.com/go-openapi/swag/cmdutils_iface.go index 1eaf36f15..bd0c1fc12 100644 --- a/vendor/github.com/go-openapi/swag/cmdutils_iface.go +++ b/vendor/github.com/go-openapi/swag/cmdutils_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag diff --git a/vendor/github.com/go-openapi/swag/conv/convert.go b/vendor/github.com/go-openapi/swag/conv/convert.go index b9b869854..f205c3913 100644 --- a/vendor/github.com/go-openapi/swag/conv/convert.go +++ b/vendor/github.com/go-openapi/swag/conv/convert.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package conv diff --git a/vendor/github.com/go-openapi/swag/conv/convert_types.go b/vendor/github.com/go-openapi/swag/conv/convert_types.go index 423e8663f..cf4c6495e 100644 --- a/vendor/github.com/go-openapi/swag/conv/convert_types.go +++ b/vendor/github.com/go-openapi/swag/conv/convert_types.go @@ -1,20 +1,13 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package conv -// The original version of this file, eons ago, was taken from the aws go sdk +// Unlicensed credits (idea, concept) +// +// The idea to convert values to pointers and the other way around, was inspired, eons ago, by the aws go sdk. +// +// Nowadays, all sensible API sdk's expose a similar functionality. // Pointer returns a pointer to the value passed in. func Pointer[T any](v T) *T { diff --git a/vendor/github.com/go-openapi/swag/conv/doc.go b/vendor/github.com/go-openapi/swag/conv/doc.go index b02711f42..1bd6ead6e 100644 --- a/vendor/github.com/go-openapi/swag/conv/doc.go +++ b/vendor/github.com/go-openapi/swag/conv/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package conv exposes utilities to convert types. // diff --git a/vendor/github.com/go-openapi/swag/conv/format.go b/vendor/github.com/go-openapi/swag/conv/format.go index db7562a4a..5b87b8e14 100644 --- a/vendor/github.com/go-openapi/swag/conv/format.go +++ b/vendor/github.com/go-openapi/swag/conv/format.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package conv diff --git a/vendor/github.com/go-openapi/swag/conv/sizeof.go b/vendor/github.com/go-openapi/swag/conv/sizeof.go index 646f8be9a..494346557 100644 --- a/vendor/github.com/go-openapi/swag/conv/sizeof.go +++ b/vendor/github.com/go-openapi/swag/conv/sizeof.go @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + package conv import "unsafe" diff --git a/vendor/github.com/go-openapi/swag/conv/type_constraints.go b/vendor/github.com/go-openapi/swag/conv/type_constraints.go index 3c6149836..81135e827 100644 --- a/vendor/github.com/go-openapi/swag/conv/type_constraints.go +++ b/vendor/github.com/go-openapi/swag/conv/type_constraints.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package conv diff --git a/vendor/github.com/go-openapi/swag/conv_iface.go b/vendor/github.com/go-openapi/swag/conv_iface.go index 9991acb65..eea7b2e56 100644 --- a/vendor/github.com/go-openapi/swag/conv_iface.go +++ b/vendor/github.com/go-openapi/swag/conv_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag diff --git a/vendor/github.com/go-openapi/swag/doc.go b/vendor/github.com/go-openapi/swag/doc.go index a079fe810..b54b57478 100644 --- a/vendor/github.com/go-openapi/swag/doc.go +++ b/vendor/github.com/go-openapi/swag/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package swag contains a bunch of helper functions for go-openapi and go-swagger projects. // diff --git a/vendor/github.com/go-openapi/swag/fileutils/doc.go b/vendor/github.com/go-openapi/swag/fileutils/doc.go index 4b48e7196..859a200d8 100644 --- a/vendor/github.com/go-openapi/swag/fileutils/doc.go +++ b/vendor/github.com/go-openapi/swag/fileutils/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package fileutils exposes utilities to deal with files and paths. // diff --git a/vendor/github.com/go-openapi/swag/fileutils/file.go b/vendor/github.com/go-openapi/swag/fileutils/file.go index b17eaba58..5ad4cfaea 100644 --- a/vendor/github.com/go-openapi/swag/fileutils/file.go +++ b/vendor/github.com/go-openapi/swag/fileutils/file.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package fileutils diff --git a/vendor/github.com/go-openapi/swag/fileutils/path.go b/vendor/github.com/go-openapi/swag/fileutils/path.go index 0de77e12d..dd09f690b 100644 --- a/vendor/github.com/go-openapi/swag/fileutils/path.go +++ b/vendor/github.com/go-openapi/swag/fileutils/path.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package fileutils diff --git a/vendor/github.com/go-openapi/swag/fileutils_iface.go b/vendor/github.com/go-openapi/swag/fileutils_iface.go index 0c639e8c1..f3e79a0e4 100644 --- a/vendor/github.com/go-openapi/swag/fileutils_iface.go +++ b/vendor/github.com/go-openapi/swag/fileutils_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag diff --git a/vendor/github.com/go-openapi/swag/go.work.sum b/vendor/github.com/go-openapi/swag/go.work.sum index bee4481a7..c1308cafa 100644 --- a/vendor/github.com/go-openapi/swag/go.work.sum +++ b/vendor/github.com/go-openapi/swag/go.work.sum @@ -1,4 +1,7 @@ -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= -github.com/stretchr/testify v1.11.0/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= -go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= +github.com/go-openapi/testify/v2 v2.0.1/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= +golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= diff --git a/vendor/github.com/go-openapi/swag/jsonname/doc.go b/vendor/github.com/go-openapi/swag/jsonname/doc.go index b2e0c80fc..79232eaca 100644 --- a/vendor/github.com/go-openapi/swag/jsonname/doc.go +++ b/vendor/github.com/go-openapi/swag/jsonname/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package jsonname is a provider of json property names from go properties. package jsonname diff --git a/vendor/github.com/go-openapi/swag/jsonname/name_provider.go b/vendor/github.com/go-openapi/swag/jsonname/name_provider.go index e87aac2f7..8eaf1bece 100644 --- a/vendor/github.com/go-openapi/swag/jsonname/name_provider.go +++ b/vendor/github.com/go-openapi/swag/jsonname/name_provider.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package jsonname @@ -90,7 +79,7 @@ func newNameIndex(tpe reflect.Type) nameIndex { } // GetJSONNames gets all the json property names for a type -func (n *NameProvider) GetJSONNames(subject interface{}) []string { +func (n *NameProvider) GetJSONNames(subject any) []string { n.lock.Lock() defer n.lock.Unlock() tpe := reflect.Indirect(reflect.ValueOf(subject)).Type() @@ -107,7 +96,7 @@ func (n *NameProvider) GetJSONNames(subject interface{}) []string { } // GetJSONName gets the json name for a go property name -func (n *NameProvider) GetJSONName(subject interface{}, name string) (string, bool) { +func (n *NameProvider) GetJSONName(subject any, name string) (string, bool) { tpe := reflect.Indirect(reflect.ValueOf(subject)).Type() return n.GetJSONNameForType(tpe, name) } @@ -125,7 +114,7 @@ func (n *NameProvider) GetJSONNameForType(tpe reflect.Type, name string) (string } // GetGoName gets the go name for a json property name -func (n *NameProvider) GetGoName(subject interface{}, name string) (string, bool) { +func (n *NameProvider) GetGoName(subject any, name string) (string, bool) { tpe := reflect.Indirect(reflect.ValueOf(subject)).Type() return n.GetGoNameForType(tpe, name) } diff --git a/vendor/github.com/go-openapi/swag/jsonname_iface.go b/vendor/github.com/go-openapi/swag/jsonname_iface.go index 555369d75..303a007f6 100644 --- a/vendor/github.com/go-openapi/swag/jsonname_iface.go +++ b/vendor/github.com/go-openapi/swag/jsonname_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag diff --git a/vendor/github.com/go-openapi/swag/jsonutils/README.md b/vendor/github.com/go-openapi/swag/jsonutils/README.md index c8d0cab67..d745cdb46 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/README.md +++ b/vendor/github.com/go-openapi/swag/jsonutils/README.md @@ -78,7 +78,7 @@ Each adapter is an independent go module. Hence you'll pick its dependencies onl At this moment we provide: * `stdlib`: JSON adapter based on the standard library -* `easyjson`: JSON adapter based on the `github.com/mailru/easyyjson` +* `easyjson`: JSON adapter based on the `github.com/mailru/easyjson` The adapters provide the basic `Marshal` and `Unmarshal` capabilities, plus an implementation of the `MapSlice` pattern. diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/doc.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/doc.go index dbb38c2f0..76d3898fc 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/doc.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package adapters exposes a registry of adapters to multiple // JSON serialization libraries. diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/doc.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/doc.go index 49649859a..1fd43a1fa 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/doc.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/doc.go @@ -1,2 +1,5 @@ +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + // Package ifaces exposes all interfaces to work with adapters. package ifaces diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/ifaces.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/ifaces.go index 4927d872d..7805e5e5e 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/ifaces.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/ifaces.go @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + package ifaces import ( diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/registry_iface.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/registry_iface.go index d1fe6a0ad..2d6c69f4e 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/registry_iface.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/registry_iface.go @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + package ifaces import ( diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/registry.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/registry.go index b34a23051..3062acaff 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/registry.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/registry.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package adapters diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/adapter.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/adapter.go index 4df831b62..0213ff5c2 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/adapter.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/adapter.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package json diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/doc.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/doc.go index 2ff6b212f..5ea1b4404 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/doc.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package json implements an [ifaces.Adapter] using the standard library. package json diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/lexer.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/lexer.go index 6d919199d..b5aa1c797 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/lexer.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/lexer.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package json diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/ordered_map.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/ordered_map.go index 18e6294e5..54deef406 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/ordered_map.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/ordered_map.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package json diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/pool.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/pool.go index 0f51d3a20..709b97c30 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/pool.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/pool.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package json diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/register.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/register.go index 18bbc3774..fc8818694 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/register.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/register.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package json diff --git a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/writer.go b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/writer.go index 38e9b6e03..dc2325c1a 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/writer.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/writer.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package json diff --git a/vendor/github.com/go-openapi/swag/jsonutils/concat.go b/vendor/github.com/go-openapi/swag/jsonutils/concat.go index 049d4698b..2068503af 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/concat.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/concat.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package jsonutils @@ -34,7 +23,7 @@ func init() { // ConcatJSON concatenates multiple json objects or arrays efficiently. // -// Note that [ConcatJSON] performs a very simmple (and fast) concatenation +// Note that [ConcatJSON] performs a very simple (and fast) concatenation // operation: it does not attempt to merge objects. func ConcatJSON(blobs ...[]byte) []byte { if len(blobs) == 0 { diff --git a/vendor/github.com/go-openapi/swag/jsonutils/doc.go b/vendor/github.com/go-openapi/swag/jsonutils/doc.go index 495ef8341..3926cc58d 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/doc.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package jsonutils provides helpers to work with JSON. // diff --git a/vendor/github.com/go-openapi/swag/jsonutils/json.go b/vendor/github.com/go-openapi/swag/jsonutils/json.go index a33b89bd4..40753ce03 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/json.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/json.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package jsonutils diff --git a/vendor/github.com/go-openapi/swag/jsonutils/ordered_map.go b/vendor/github.com/go-openapi/swag/jsonutils/ordered_map.go index 931ce2559..38dd3e244 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils/ordered_map.go +++ b/vendor/github.com/go-openapi/swag/jsonutils/ordered_map.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package jsonutils diff --git a/vendor/github.com/go-openapi/swag/jsonutils_iface.go b/vendor/github.com/go-openapi/swag/jsonutils_iface.go index 63e23f0b6..7bd4105fa 100644 --- a/vendor/github.com/go-openapi/swag/jsonutils_iface.go +++ b/vendor/github.com/go-openapi/swag/jsonutils_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag @@ -33,17 +22,17 @@ type JSONMapItem = jsonutils.JSONMapItem // WriteJSON writes json data. // // Deprecated: use [jsonutils.WriteJSON] instead. -func WriteJSON(data interface{}) ([]byte, error) { return jsonutils.WriteJSON(data) } +func WriteJSON(data any) ([]byte, error) { return jsonutils.WriteJSON(data) } // ReadJSON reads json data. // // Deprecated: use [jsonutils.ReadJSON] instead. -func ReadJSON(data []byte, value interface{}) error { return jsonutils.ReadJSON(data, value) } +func ReadJSON(data []byte, value any) error { return jsonutils.ReadJSON(data, value) } // DynamicJSONToStruct converts an untyped JSON structure into a target data type. // // Deprecated: use [jsonutils.FromDynamicJSON] instead. -func DynamicJSONToStruct(data interface{}, target interface{}) error { +func DynamicJSONToStruct(data any, target any) error { return jsonutils.FromDynamicJSON(data, target) } @@ -57,8 +46,8 @@ func ConcatJSON(blobs ...[]byte) []byte { return jsonutils.ConcatJSON(blobs...) // It is the same as [FromDynamicJSON], but doesn't check for errors. // // Deprecated: this function is a misnomer and is unsafe. Use [jsonutils.FromDynamicJSON] instead. -func ToDynamicJSON(value interface{}) interface{} { - var res interface{} +func ToDynamicJSON(value any) any { + var res any if err := FromDynamicJSON(value, &res); err != nil { log.Println(err) } @@ -68,9 +57,9 @@ func ToDynamicJSON(value interface{}) interface{} { // FromDynamicJSON turns a go value into a properly JSON typed structure. // -// "Dynamic JSON" refers to what you get when unmarshaling JSON into an untyped interface{}, -// i.e. objects are represented by map[string]interface{}, arrays by []interface{}, and all -// scalar values are interface{}. +// "Dynamic JSON" refers to what you get when unmarshaling JSON into an untyped any, +// i.e. objects are represented by map[string]any, arrays by []any, and all +// scalar values are any. // // Deprecated: use [jsonutils.FromDynamicJSON] instead. -func FromDynamicJSON(data, target interface{}) error { return jsonutils.FromDynamicJSON(data, target) } +func FromDynamicJSON(data, target any) error { return jsonutils.FromDynamicJSON(data, target) } diff --git a/vendor/github.com/go-openapi/swag/loading/doc.go b/vendor/github.com/go-openapi/swag/loading/doc.go index 62585615e..8cf7bcb8b 100644 --- a/vendor/github.com/go-openapi/swag/loading/doc.go +++ b/vendor/github.com/go-openapi/swag/loading/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package loading provides tools to load a file from http or from a local file system. package loading diff --git a/vendor/github.com/go-openapi/swag/loading/errors.go b/vendor/github.com/go-openapi/swag/loading/errors.go index ca45732a7..b3964289c 100644 --- a/vendor/github.com/go-openapi/swag/loading/errors.go +++ b/vendor/github.com/go-openapi/swag/loading/errors.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package loading diff --git a/vendor/github.com/go-openapi/swag/loading/json.go b/vendor/github.com/go-openapi/swag/loading/json.go index aadf99913..59db12f5c 100644 --- a/vendor/github.com/go-openapi/swag/loading/json.go +++ b/vendor/github.com/go-openapi/swag/loading/json.go @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + package loading import ( diff --git a/vendor/github.com/go-openapi/swag/loading/loading.go b/vendor/github.com/go-openapi/swag/loading/loading.go index bd955535f..269fb74d1 100644 --- a/vendor/github.com/go-openapi/swag/loading/loading.go +++ b/vendor/github.com/go-openapi/swag/loading/loading.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package loading diff --git a/vendor/github.com/go-openapi/swag/loading/options.go b/vendor/github.com/go-openapi/swag/loading/options.go index a51329e93..6674ac69e 100644 --- a/vendor/github.com/go-openapi/swag/loading/options.go +++ b/vendor/github.com/go-openapi/swag/loading/options.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package loading @@ -81,7 +70,7 @@ func WithCustomHeaders(headers map[string]string) Option { } } -// WithHTTClient overrides the default HTTP client used to fetch a remote file. +// WithHTTPClient overrides the default HTTP client used to fetch a remote file. // // By default, [http.DefaultClient] is used. func WithHTTPClient(client *http.Client) Option { @@ -90,7 +79,7 @@ func WithHTTPClient(client *http.Client) Option { } } -// WithFileFS sets a file system for the local file loader. +// WithFS sets a file system for the local file loader. // // If the provided file system is a [fs.ReadFileFS], the ReadFile function is used. // Otherwise, ReadFile is wrapped using [fs.ReadFile]. diff --git a/vendor/github.com/go-openapi/swag/loading/yaml.go b/vendor/github.com/go-openapi/swag/loading/yaml.go index 40bd2a769..3ebb53668 100644 --- a/vendor/github.com/go-openapi/swag/loading/yaml.go +++ b/vendor/github.com/go-openapi/swag/loading/yaml.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package loading @@ -38,7 +27,7 @@ func YAMLDoc(path string, opts ...Option) (json.RawMessage, error) { } // YAMLData loads a yaml document from either http or a file. -func YAMLData(path string, opts ...Option) (interface{}, error) { +func YAMLData(path string, opts ...Option) (any, error) { data, err := LoadFromFileOrHTTP(path, opts...) if err != nil { return nil, err diff --git a/vendor/github.com/go-openapi/swag/loading_iface.go b/vendor/github.com/go-openapi/swag/loading_iface.go index 38d825bc5..27ec3fb8c 100644 --- a/vendor/github.com/go-openapi/swag/loading_iface.go +++ b/vendor/github.com/go-openapi/swag/loading_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag @@ -84,7 +73,7 @@ func YAMLDoc(path string) (json.RawMessage, error) { // YAMLData loads a yaml document from either http or a file. // // Deprecated: use [loading.YAMLData] instead. -func YAMLData(path string) (interface{}, error) { +func YAMLData(path string) (any, error) { return loading.YAMLData(path) } diff --git a/vendor/github.com/go-openapi/swag/mangling/doc.go b/vendor/github.com/go-openapi/swag/mangling/doc.go index dbe806828..ce0d89048 100644 --- a/vendor/github.com/go-openapi/swag/mangling/doc.go +++ b/vendor/github.com/go-openapi/swag/mangling/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package mangling provides name mangling capabilities. // diff --git a/vendor/github.com/go-openapi/swag/mangling/initialism_index.go b/vendor/github.com/go-openapi/swag/mangling/initialism_index.go index cf0786f81..e5b70c149 100644 --- a/vendor/github.com/go-openapi/swag/mangling/initialism_index.go +++ b/vendor/github.com/go-openapi/swag/mangling/initialism_index.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package mangling @@ -190,6 +179,19 @@ const ( simplePlural ) +func (f pluralForm) String() string { + switch f { + case notPlural: + return "notPlural" + case invariantPlural: + return "invariantPlural" + case simplePlural: + return "simplePlural" + default: + return "" + } +} + // pluralForm indicates how we want to pluralize a given initialism. // // Besides configured invariant forms (like HTTP and HTTPS), diff --git a/vendor/github.com/go-openapi/swag/mangling/name_lexem.go b/vendor/github.com/go-openapi/swag/mangling/name_lexem.go index 02004b4f3..bc837e3b9 100644 --- a/vendor/github.com/go-openapi/swag/mangling/name_lexem.go +++ b/vendor/github.com/go-openapi/swag/mangling/name_lexem.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package mangling diff --git a/vendor/github.com/go-openapi/swag/mangling/name_mangler.go b/vendor/github.com/go-openapi/swag/mangling/name_mangler.go index 94ae555a7..da685681d 100644 --- a/vendor/github.com/go-openapi/swag/mangling/name_mangler.go +++ b/vendor/github.com/go-openapi/swag/mangling/name_mangler.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package mangling diff --git a/vendor/github.com/go-openapi/swag/mangling/options.go b/vendor/github.com/go-openapi/swag/mangling/options.go index 66ad2e46c..3c92b2f18 100644 --- a/vendor/github.com/go-openapi/swag/mangling/options.go +++ b/vendor/github.com/go-openapi/swag/mangling/options.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package mangling diff --git a/vendor/github.com/go-openapi/swag/mangling/pools.go b/vendor/github.com/go-openapi/swag/mangling/pools.go index d85b40387..f81043514 100644 --- a/vendor/github.com/go-openapi/swag/mangling/pools.go +++ b/vendor/github.com/go-openapi/swag/mangling/pools.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package mangling diff --git a/vendor/github.com/go-openapi/swag/mangling/split.go b/vendor/github.com/go-openapi/swag/mangling/split.go index 40e4a2e0e..ed12ea256 100644 --- a/vendor/github.com/go-openapi/swag/mangling/split.go +++ b/vendor/github.com/go-openapi/swag/mangling/split.go @@ -1,20 +1,10 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package mangling import ( + "fmt" "unicode" ) @@ -47,6 +37,13 @@ type ( initialismMatches []initialismMatch ) +// String representation of a match, e.g. for debugging. +func (m initialismMatch) String() string { + return fmt.Sprintf("{body: %s (%d), start: %d, end; %d, complete: %t, hasPlural: %v}", + string(m.body), len(m.body), m.start, m.end, m.complete, m.hasPlural, + ) +} + func (m initialismMatch) isZero() bool { return m.start == 0 && m.end == 0 } @@ -83,116 +80,148 @@ func (s splitter) split(name string) *[]nameLexem { } func (s splitter) gatherInitialismMatches(nameRunes []rune) *initialismMatches { - var matches *initialismMatches + matches := poolOfMatches.BorrowMatches() + const minLenInitialism = 1 + if len(nameRunes) < minLenInitialism+1 { + // can't match initialism with 0 or 1 rune + return matches + } + + // first iteration + s.findMatches(matches, nameRunes, nameRunes[0], 0) - for currentRunePosition, currentRune := range nameRunes { - // recycle these allocations as we loop over runes + for i, currentRune := range nameRunes[1:] { + currentRunePosition := i + 1 + // recycle allocations as we loop over runes // with such recycling, only 2 slices should be allocated per call // instead of o(n). + // + // BorrowMatches always yields slices with zero length (with some capacity) newMatches := poolOfMatches.BorrowMatches() // check current initialism matches - if matches != nil { // skip first iteration - for _, match := range *matches { - if keepCompleteMatch := match.complete; keepCompleteMatch { - *newMatches = append(*newMatches, match) - - // the match is complete: keep it then move on to next rune - continue - } + for _, match := range *matches { + if keepCompleteMatch := match.complete; keepCompleteMatch { + // the match is already complete: keep it then move on to the next match + *newMatches = append(*newMatches, match) + continue + } - currentMatchRune := match.body[currentRunePosition-match.start] - if currentMatchRune != currentRune { - // failed match, move on to next rune - continue - } + if currentRunePosition-match.start == len(match.body) { + // unmatched: skip + continue + } - // try to complete ongoing match - if currentRunePosition-match.start == len(match.body)-1 { - // we are close; the next step is to check the symbol ahead - // if it is a lowercase letter, then it is not the end of match - // but the beginning of the next word. - // - // NOTE(fredbi): this heuristic sometimes leads to counterintuitive splits and - // perhaps (not sure yet) we should check against case _alternance_. - // - // Example: - // - // In the current version, in the sentence "IDS initialism", "ID" is recognized as an initialism, - // leading to a split like "id_s_initialism" (or IDSInitialism), - // whereas in the sentence "IDx initialism", it is not and produces something like - // "i_d_x_initialism" (or IDxInitialism). The generated file name is not great. - // - // Both go identifiers are tolerated by linters. - // - // Notice that the slightly different input "IDs initialism" is correctly detected - // as a pluralized initialism and produces something like "ids_initialism" (or IDsInitialism). - - if currentRunePosition < len(nameRunes)-1 { - nextRune := nameRunes[currentRunePosition+1] - - // recognize a plural form for this initialism (only simple pluralization is supported) - if nextRune == 's' && match.hasPlural == simplePlural { - // detected a pluralized initialism - match.body = append(match.body, nextRune) - currentRunePosition++ - if currentRunePosition < len(nameRunes)-1 { - nextRune = nameRunes[currentRunePosition+1] - if newWord := unicode.IsLower(nextRune); newWord { - // it is the start of a new word. - // Match is only partial and the initialism is not recognized : move on - continue - } - } + // 1. by construction of the matches, we can't have currentRunePosition - match.start < 0 + // because matches have been computed with their start <= currentRunePosition in the previous + // iterations. + // 2. by construction of the matches, we can't have currentRunePosition - match.start >= len(match.body) - // this is a pluralized match: keep it - match.complete = true - match.hasPlural = simplePlural - match.end = currentRunePosition - *newMatches = append(*newMatches, match) + currentMatchRune := match.body[currentRunePosition-match.start] + if currentMatchRune != currentRune { + // failed match, discard it then move on to the next match + continue + } - // match is complete: keep it then move on to next rune - continue + // try to complete the current match + if currentRunePosition-match.start == len(match.body)-1 { + // we are close: the next step is to check the symbol ahead + // if it is a lowercase letter, then it is not the end of match + // but the beginning of the next word. + // + // NOTE(fredbi): this heuristic sometimes leads to counterintuitive splits and + // perhaps (not sure yet) we should check against case _alternance_. + // + // Example: + // + // In the current version, in the sentence "IDS initialism", "ID" is recognized as an initialism, + // leading to a split like "id_s_initialism" (or IDSInitialism), + // whereas in the sentence "IDx initialism", it is not and produces something like + // "i_d_x_initialism" (or IDxInitialism). The generated file name is not great. + // + // Both go identifiers are tolerated by linters. + // + // Notice that the slightly different input "IDs initialism" is correctly detected + // as a pluralized initialism and produces something like "ids_initialism" (or IDsInitialism). + + if currentRunePosition < len(nameRunes)-1 { // when before the last rune + nextRune := nameRunes[currentRunePosition+1] + + // recognize a plural form for this initialism (only simple english pluralization is supported). + if nextRune == 's' && match.hasPlural == simplePlural { + // detected a pluralized initialism + match.body = append(match.body, nextRune) + lookAhead := currentRunePosition + 1 + if lookAhead < len(nameRunes)-1 { + nextRune = nameRunes[lookAhead+1] + if newWord := unicode.IsLower(nextRune); newWord { + // it is the start of a new word. + // Match is only partial and the initialism is not recognized: + // move on to the next match, but do not advance the rune position + continue + } } - if newWord := unicode.IsLower(nextRune); newWord { - // it is the start of a new word - // Match is only partial and the initialism is not recognized : move on - continue - } + // this is a pluralized match: keep it + currentRunePosition++ + match.complete = true + match.hasPlural = simplePlural + match.end = currentRunePosition + *newMatches = append(*newMatches, match) + + // match is complete: keep it then move on to the next match + continue } - match.complete = true - match.end = currentRunePosition + // other cases + // example: invariant plural such as "TLS" + if newWord := unicode.IsLower(nextRune); newWord { + // it is the start of a new word + // Match is only partial and the initialism is not recognized : move on + continue + } } - // append the ongoing matching attempt (not necessarily complete) - *newMatches = append(*newMatches, match) + match.complete = true + match.end = currentRunePosition } - } - // check for new initialism matches - for i, r := range s.initialismsRunes { - if r[0] == currentRune { - *newMatches = append(*newMatches, initialismMatch{ - start: currentRunePosition, - body: r, - complete: false, - hasPlural: s.initialismsPluralForm[i], - }) - } + // append the ongoing matching attempt: it is not necessarily complete, but was successful so far. + // Let's see if it still matches on the next rune. + *newMatches = append(*newMatches, match) } - if matches != nil { - poolOfMatches.RedeemMatches(matches) - } + s.findMatches(newMatches, nameRunes, currentRune, currentRunePosition) + + poolOfMatches.RedeemMatches(matches) matches = newMatches } - // up to the caller to redeem this last slice + // it is up to the caller to redeem this last slice return matches } +func (s splitter) findMatches(newMatches *initialismMatches, nameRunes []rune, currentRune rune, currentRunePosition int) { + // check for new initialism matches, based on the first character + for i, r := range s.initialismsRunes { + if r[0] != currentRune { + continue + } + + if currentRunePosition+len(r) > len(nameRunes) { + continue // not eligible: would spilll over the initial string + } + + // possible matches: all initialisms starting with the current rune and that can fit the given string (nameRunes) + *newMatches = append(*newMatches, initialismMatch{ + start: currentRunePosition, + body: r, + complete: false, + hasPlural: s.initialismsPluralForm[i], + }) + } +} + func (s splitter) mapMatchesToNameLexems(nameRunes []rune, matches *initialismMatches) *[]nameLexem { nameLexems := poolOfLexems.BorrowLexems() diff --git a/vendor/github.com/go-openapi/swag/mangling/string_bytes.go b/vendor/github.com/go-openapi/swag/mangling/string_bytes.go index 06351434d..28daaf72b 100644 --- a/vendor/github.com/go-openapi/swag/mangling/string_bytes.go +++ b/vendor/github.com/go-openapi/swag/mangling/string_bytes.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package mangling diff --git a/vendor/github.com/go-openapi/swag/mangling/util.go b/vendor/github.com/go-openapi/swag/mangling/util.go index c289dc6bd..0636417e3 100644 --- a/vendor/github.com/go-openapi/swag/mangling/util.go +++ b/vendor/github.com/go-openapi/swag/mangling/util.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package mangling diff --git a/vendor/github.com/go-openapi/swag/mangling_iface.go b/vendor/github.com/go-openapi/swag/mangling_iface.go index 2d0d07ddb..98b9a9992 100644 --- a/vendor/github.com/go-openapi/swag/mangling_iface.go +++ b/vendor/github.com/go-openapi/swag/mangling_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag diff --git a/vendor/github.com/go-openapi/swag/netutils/doc.go b/vendor/github.com/go-openapi/swag/netutils/doc.go index ed6d8a022..74282f8e5 100644 --- a/vendor/github.com/go-openapi/swag/netutils/doc.go +++ b/vendor/github.com/go-openapi/swag/netutils/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package netutils provides helpers for network-related tasks. package netutils diff --git a/vendor/github.com/go-openapi/swag/netutils/net.go b/vendor/github.com/go-openapi/swag/netutils/net.go index 3d0182fc5..82a1544af 100644 --- a/vendor/github.com/go-openapi/swag/netutils/net.go +++ b/vendor/github.com/go-openapi/swag/netutils/net.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package netutils diff --git a/vendor/github.com/go-openapi/swag/netutils_iface.go b/vendor/github.com/go-openapi/swag/netutils_iface.go index 537314e36..d658de25b 100644 --- a/vendor/github.com/go-openapi/swag/netutils_iface.go +++ b/vendor/github.com/go-openapi/swag/netutils_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag diff --git a/vendor/github.com/go-openapi/swag/stringutils/collection_formats.go b/vendor/github.com/go-openapi/swag/stringutils/collection_formats.go index 1ff96dcbd..28056ad25 100644 --- a/vendor/github.com/go-openapi/swag/stringutils/collection_formats.go +++ b/vendor/github.com/go-openapi/swag/stringutils/collection_formats.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package stringutils diff --git a/vendor/github.com/go-openapi/swag/stringutils/doc.go b/vendor/github.com/go-openapi/swag/stringutils/doc.go index b5d18e517..c6d17a116 100644 --- a/vendor/github.com/go-openapi/swag/stringutils/doc.go +++ b/vendor/github.com/go-openapi/swag/stringutils/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package stringutils exposes helpers to search and process strings. package stringutils diff --git a/vendor/github.com/go-openapi/swag/stringutils/strings.go b/vendor/github.com/go-openapi/swag/stringutils/strings.go index 086592317..cd792b7d0 100644 --- a/vendor/github.com/go-openapi/swag/stringutils/strings.go +++ b/vendor/github.com/go-openapi/swag/stringutils/strings.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package stringutils diff --git a/vendor/github.com/go-openapi/swag/stringutils_iface.go b/vendor/github.com/go-openapi/swag/stringutils_iface.go index 00d7e0212..dbfa48484 100644 --- a/vendor/github.com/go-openapi/swag/stringutils_iface.go +++ b/vendor/github.com/go-openapi/swag/stringutils_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag diff --git a/vendor/github.com/go-openapi/swag/typeutils/doc.go b/vendor/github.com/go-openapi/swag/typeutils/doc.go index 67e49d12e..66bed20df 100644 --- a/vendor/github.com/go-openapi/swag/typeutils/doc.go +++ b/vendor/github.com/go-openapi/swag/typeutils/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package typeutils exposes utilities to inspect generic types. package typeutils diff --git a/vendor/github.com/go-openapi/swag/typeutils/types.go b/vendor/github.com/go-openapi/swag/typeutils/types.go index f0ddd3cd3..55487a673 100644 --- a/vendor/github.com/go-openapi/swag/typeutils/types.go +++ b/vendor/github.com/go-openapi/swag/typeutils/types.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package typeutils diff --git a/vendor/github.com/go-openapi/swag/typeutils_iface.go b/vendor/github.com/go-openapi/swag/typeutils_iface.go index b104a8040..b63813ea4 100644 --- a/vendor/github.com/go-openapi/swag/typeutils_iface.go +++ b/vendor/github.com/go-openapi/swag/typeutils_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag @@ -20,4 +9,4 @@ import "github.com/go-openapi/swag/typeutils" // This allows for safer checking of interface values. // // Deprecated: use [typeutils.IsZero] instead. -func IsZero(data interface{}) bool { return typeutils.IsZero(data) } +func IsZero(data any) bool { return typeutils.IsZero(data) } diff --git a/vendor/github.com/go-openapi/swag/yamlutils/doc.go b/vendor/github.com/go-openapi/swag/yamlutils/doc.go index 4aeadc224..7bb92a82f 100644 --- a/vendor/github.com/go-openapi/swag/yamlutils/doc.go +++ b/vendor/github.com/go-openapi/swag/yamlutils/doc.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 // Package yamlutils provides utilities to work with YAML documents. // diff --git a/vendor/github.com/go-openapi/swag/yamlutils/errors.go b/vendor/github.com/go-openapi/swag/yamlutils/errors.go index 014f227d9..e87bc5e8b 100644 --- a/vendor/github.com/go-openapi/swag/yamlutils/errors.go +++ b/vendor/github.com/go-openapi/swag/yamlutils/errors.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package yamlutils diff --git a/vendor/github.com/go-openapi/swag/yamlutils/ordered_map.go b/vendor/github.com/go-openapi/swag/yamlutils/ordered_map.go index af1d7bb51..3daf68dbb 100644 --- a/vendor/github.com/go-openapi/swag/yamlutils/ordered_map.go +++ b/vendor/github.com/go-openapi/swag/yamlutils/ordered_map.go @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + package yamlutils import ( diff --git a/vendor/github.com/go-openapi/swag/yamlutils/yaml.go b/vendor/github.com/go-openapi/swag/yamlutils/yaml.go index 67fba8fd7..e3aff3c2f 100644 --- a/vendor/github.com/go-openapi/swag/yamlutils/yaml.go +++ b/vendor/github.com/go-openapi/swag/yamlutils/yaml.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package yamlutils diff --git a/vendor/github.com/go-openapi/swag/yamlutils_iface.go b/vendor/github.com/go-openapi/swag/yamlutils_iface.go index 49e646486..57767efc5 100644 --- a/vendor/github.com/go-openapi/swag/yamlutils_iface.go +++ b/vendor/github.com/go-openapi/swag/yamlutils_iface.go @@ -1,16 +1,5 @@ -// Copyright 2015 go-swagger maintainers -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 package swag @@ -23,9 +12,9 @@ import ( // YAMLToJSON converts YAML unmarshaled data into json compatible data // // Deprecated: use [yamlutils.YAMLToJSON] instead. -func YAMLToJSON(data interface{}) (json.RawMessage, error) { return yamlutils.YAMLToJSON(data) } +func YAMLToJSON(data any) (json.RawMessage, error) { return yamlutils.YAMLToJSON(data) } // BytesToYAMLDoc converts a byte slice into a YAML document // // Deprecated: use [yamlutils.BytesToYAMLDoc] instead. -func BytesToYAMLDoc(data []byte) (interface{}, error) { return yamlutils.BytesToYAMLDoc(data) } +func BytesToYAMLDoc(data []byte) (any, error) { return yamlutils.BytesToYAMLDoc(data) } diff --git a/vendor/github.com/openshift/api/config/v1/doc.go b/vendor/github.com/openshift/api/config/v1/doc.go index f99454758..867a4f43f 100644 --- a/vendor/github.com/openshift/api/config/v1/doc.go +++ b/vendor/github.com/openshift/api/config/v1/doc.go @@ -1,6 +1,7 @@ // +k8s:deepcopy-gen=package,register // +k8s:defaulter-gen=TypeMeta // +k8s:openapi-gen=true +// +k8s:openapi-model-package=com.github.openshift.api.config.v1 // +openshift:featuregated-schema-gen=true // +kubebuilder:validation:Optional diff --git a/vendor/github.com/openshift/api/config/v1/register.go b/vendor/github.com/openshift/api/config/v1/register.go index eac29a236..222c7f0cc 100644 --- a/vendor/github.com/openshift/api/config/v1/register.go +++ b/vendor/github.com/openshift/api/config/v1/register.go @@ -76,6 +76,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ImagePolicyList{}, &ClusterImagePolicy{}, &ClusterImagePolicyList{}, + &InsightsDataGather{}, + &InsightsDataGatherList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/config/v1/types.go b/vendor/github.com/openshift/api/config/v1/types.go index 3e17ca0cc..e7106ef7a 100644 --- a/vendor/github.com/openshift/api/config/v1/types.go +++ b/vendor/github.com/openshift/api/config/v1/types.go @@ -284,7 +284,12 @@ type ClientConnectionOverrides struct { } // GenericControllerConfig provides information to configure a controller +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type GenericControllerConfig struct { + metav1.TypeMeta `json:",inline"` + // servingInfo is the HTTP serving information for the controller's endpoints ServingInfo HTTPServingInfo `json:"servingInfo"` diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index 0afe7b1d8..7de714ebf 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -34,6 +34,7 @@ type APIServer struct { Status APIServerStatus `json:"status"` } +// +openshift:validation:FeatureGateAwareXValidation:featureGate=TLSAdherence,rule="has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true",message="tlsAdherence may not be removed once set" type APIServerSpec struct { // servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates // will be used for serving secure traffic. @@ -62,6 +63,39 @@ type APIServerSpec struct { // The current default is the Intermediate profile. // +optional TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` + // tlsAdherence controls if components in the cluster adhere to the TLS security profile + // configured on this APIServer resource. + // + // Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + // + // When set to "LegacyAdheringComponentsOnly", components that already honor the + // cluster-wide TLS profile continue to do so. Components that do not already honor + // it continue to use their individual TLS configurations. + // + // When set to "StrictAllComponents", all components must honor the configured TLS + // profile unless they have a component-specific TLS configuration that overrides + // it. This mode is recommended for security-conscious deployments and is required + // for certain compliance frameworks. + // + // Note: Some components such as Kubelet and IngressController have their own + // dedicated TLS configuration mechanisms via KubeletConfig and IngressController + // CRs respectively. When these component-specific TLS configurations are set, + // they take precedence over the cluster-wide tlsSecurityProfile. When not set, + // these components fall back to the cluster-wide default. + // + // Components that encounter an unknown value for tlsAdherence should treat it + // as "StrictAllComponents" and log a warning to ensure forward compatibility + // while defaulting to the more secure behavior. + // + // This field is optional. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is LegacyAdheringComponentsOnly. + // + // Once set, this field may be changed to a different value, but may not be removed. + // +openshift:enable:FeatureGate=TLSAdherence + // +optional + TLSAdherence TLSAdherencePolicy `json:"tlsAdherence,omitempty"` // audit specifies the settings for audit configuration to be applied to all OpenShift-provided // API servers in the cluster. // +optional @@ -175,7 +209,7 @@ type APIServerNamedServingCert struct { } // APIServerEncryption is used to encrypt sensitive resources on the cluster. -// +openshift:validation:FeatureGateAwareXValidation:featureGate=KMSEncryptionProvider,rule="has(self.type) && self.type == 'KMS' ? has(self.kms) : !has(self.kms)",message="kms config is required when encryption type is KMS, and forbidden otherwise" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=KMSEncryption,rule="has(self.type) && self.type == 'KMS' ? has(self.kms) : !has(self.kms)",message="kms config is required when encryption type is KMS, and forbidden otherwise" // +union type APIServerEncryption struct { // type defines what encryption type should be used to encrypt resources at the datastore layer. @@ -204,14 +238,14 @@ type APIServerEncryption struct { // managing the lifecyle of the encryption keys outside of the control plane. // This allows integration with an external provider to manage the data encryption keys securely. // - // +openshift:enable:FeatureGate=KMSEncryptionProvider + // +openshift:enable:FeatureGate=KMSEncryption // +unionMember // +optional - KMS *KMSConfig `json:"kms,omitempty"` + KMS KMSPluginConfig `json:"kms,omitempty,omitzero"` } // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum="";identity;aescbc;aesgcm -// +openshift:validation:FeatureGateAwareEnum:featureGate=KMSEncryptionProvider,enum="";identity;aescbc;aesgcm;KMS +// +openshift:validation:FeatureGateAwareEnum:featureGate=KMSEncryption,enum="";identity;aescbc;aesgcm;KMS type EncryptionType string const ( @@ -236,6 +270,35 @@ const ( type APIServerStatus struct { } +// TLSAdherencePolicy defines which components adhere to the TLS security profile. +// Implementors should use the ShouldHonorClusterTLSProfile helper function from library-go +// rather than checking these values directly. +// +kubebuilder:validation:Enum=LegacyAdheringComponentsOnly;StrictAllComponents +type TLSAdherencePolicy string + +const ( + // TLSAdherencePolicyNoOpinion represents an empty/unset value for tlsAdherence. + // This value cannot be explicitly set and is only present when the field is omitted. + // When the field is omitted, the cluster defaults to LegacyAdheringComponentsOnly + // behavior. Components should treat this the same as LegacyAdheringComponentsOnly. + TLSAdherencePolicyNoOpinion TLSAdherencePolicy = "" + + // TLSAdherencePolicyLegacyAdheringComponentsOnly maintains backward-compatible behavior. + // Components that already honor the cluster-wide TLS profile (such as kube-apiserver, + // openshift-apiserver, oauth-apiserver, and others) continue to do so. Components that do + // not already honor it continue to use their individual TLS configurations (e.g., + // IngressController.spec.tlsSecurityProfile, KubeletConfig.spec.tlsSecurityProfile, + // or component defaults). No additional components are required to start honoring the + // cluster-wide profile in this mode. + TLSAdherencePolicyLegacyAdheringComponentsOnly TLSAdherencePolicy = "LegacyAdheringComponentsOnly" + + // TLSAdherencePolicyStrictAllComponents means all components must honor the configured TLS + // profile unless they have a component-specific TLS configuration that overrides it. + // This mode is recommended for security-conscious deployments and is required + // for certain compliance frameworks. + TLSAdherencePolicyStrictAllComponents TLSAdherencePolicy = "StrictAllComponents" +) + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 52a41b2fe..348ee0401 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -5,7 +5,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC;ExternalOIDCWithUIDAndExtraClaimMappings,rule="!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))",message="all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC;ExternalOIDCWithUIDAndExtraClaimMappings;ExternalOIDCWithUpstreamParity;ExternalOIDCExternalClaimsSourcing,rule="!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))",message="all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" // Authentication specifies cluster-wide settings for authentication (like OAuth and // webhook token authenticators). The canonical name of an instance is `cluster`. @@ -80,8 +80,7 @@ type AuthenticationSpec struct { // +optional ServiceAccountIssuer string `json:"serviceAccountIssuer"` - // oidcProviders are OIDC identity providers that can issue tokens - // for this cluster + // oidcProviders are OIDC identity providers that can issue tokens for this cluster // Can only be set if "Type" is set to "OIDC". // // At most one provider can be configured. @@ -91,6 +90,8 @@ type AuthenticationSpec struct { // +kubebuilder:validation:MaxItems=1 // +openshift:enable:FeatureGate=ExternalOIDC // +openshift:enable:FeatureGate=ExternalOIDCWithUIDAndExtraClaimMappings + // +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity + // +openshift:enable:FeatureGate=ExternalOIDCExternalClaimsSourcing // +optional OIDCProviders []OIDCProvider `json:"oidcProviders,omitempty"` } @@ -112,8 +113,7 @@ type AuthenticationStatus struct { // +optional IntegratedOAuthMetadata ConfigMapNameReference `json:"integratedOAuthMetadata"` - // oidcClients is where participating operators place the current OIDC client status - // for OIDC clients that can be customized by the cluster-admin. + // oidcClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin. // // +listType=map // +listMapKey=componentNamespace @@ -145,8 +145,7 @@ type AuthenticationType string const ( // None means that no cluster managed authentication system is in place. - // Note that user login will only work if a manually configured system is in place and - // referenced in authentication spec via oauthMetadata and + // Note that user login will only work if a manually configured system is in place and referenced in authentication spec via oauthMetadata and // webhookTokenAuthenticator/oidcProviders AuthenticationTypeNone AuthenticationType = "None" @@ -198,10 +197,8 @@ const ( ) type OIDCProvider struct { - // name is a required field that configures the unique human-readable identifier - // associated with the identity provider. - // It is used to distinguish between multiple identity providers - // and has no impact on token validation or authentication mechanics. + // name is a required field that configures the unique human-readable identifier associated with the identity provider. + // It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics. // // name must not be an empty string (""). // @@ -209,15 +206,12 @@ type OIDCProvider struct { // +required Name string `json:"name"` - // issuer is a required field that configures how the platform interacts - // with the identity provider and how tokens issued from the identity provider - // are evaluated by the Kubernetes API server. + // issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server. // // +required Issuer TokenIssuer `json:"issuer"` - // oidcClients is an optional field that configures how on-cluster, - // platform clients should request tokens from the identity provider. + // oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. // oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs. // // +listType=map @@ -227,32 +221,70 @@ type OIDCProvider struct { // +optional OIDCClients []OIDCClientConfig `json:"oidcClients"` - // claimMappings is a required field that configures the rules to be used by - // the Kubernetes API server for translating claims in a JWT token, issued - // by the identity provider, to a cluster identity. + // claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity. // // +required ClaimMappings TokenClaimMappings `json:"claimMappings"` - // claimValidationRules is an optional field that configures the rules to - // be used by the Kubernetes API server for validating the claims in a JWT - // token issued by the identity provider. + // claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider. // // Validation rules are joined via an AND operation. // // +listType=atomic // +optional ClaimValidationRules []TokenClaimValidationRule `json:"claimValidationRules,omitempty"` + + // userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. + // Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. + // If any rule in the chain of rules evaluates to 'false', authentication will fail. + // When specified, at least one rule must be specified and no more than 64 rules may be specified. + // + // +kubebuilder:validation:MaxItems=64 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=expression + // +optional + // +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity + UserValidationRules []TokenUserValidationRule `json:"userValidationRules,omitempty"` + + // externalClaimsSources is an optional field that can be used to configure + // sources, external to the token provided in a request, in which claims + // should be fetched from and made available to the claim mapping process + // that is used to build the identity of a token holder. + // + // For example, fetching additional user metadata from an OIDC provider's UserInfo endpoint. + // + // When not specified, only claims present in the token itself will be available + // in the claim mapping process. + // + // When specified, at least one external claim source must be specified and no more than 5 + // sources may be specified. + // All external claim sources must have unique claim mappings. + // When an external source responds and resolves additional claims successfully, they will + // be made available as claims during the claim mapping process. + // Externally sourced claims with the same name as a claim existing within the token will + // overwrite the claim data from the token with the externally sourced information. + // If an external source does not respond, responds with an error, or the additional + // claim data cannot be resolved from the response successfully it will not be + // included in the claim data passed to the claim mapping process. + // + // +openshift:enable:FeatureGate=ExternalOIDCExternalClaimsSourcing + // + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:XValidation:rule="self.all(s, s.mappings.all(m, self.filter(s2, s2.mappings.exists(m2, m2.name == m.name)).size() == 1))",message="mapping names must be unique across all external claim sources." + // +listType=atomic + ExternalClaimsSources []ExternalClaimsSource `json:"externalClaimsSources,omitempty"` } // +kubebuilder:validation:MinLength=1 type TokenAudience string +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="self.?discoveryURL.orValue(\"\").size() > 0 ? (self.issuerURL.size() == 0 || self.discoveryURL.find('^.+[^/]') != self.issuerURL.find('^.+[^/]')) : true",message="discoveryURL must be different from issuerURL" type TokenIssuer struct { - // issuerURL is a required field that configures the URL used to issue tokens - // by the identity provider. - // The Kubernetes API server determines how authentication tokens should be handled - // by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers. + // issuerURL is a required field that configures the URL used to issue tokens by the identity provider. + // The Kubernetes API server determines how authentication tokens should be handled by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers. // // Must be at least 1 character and must not exceed 512 characters in length. // Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user. @@ -267,8 +299,7 @@ type TokenIssuer struct { // +required URL string `json:"issuerURL"` - // audiences is a required field that configures the acceptable audiences - // the JWT token, issued by the identity provider, must be issued to. + // audiences is a required field that configures the acceptable audiences the JWT token, issued by the identity provider, must be issued to. // At least one of the entries must match the 'aud' claim in the JWT token. // // audiences must contain at least one entry and must not exceed ten entries. @@ -279,54 +310,65 @@ type TokenIssuer struct { // +required Audiences []TokenAudience `json:"audiences"` - // issuerCertificateAuthority is an optional field that configures the - // certificate authority, used by the Kubernetes API server, to validate - // the connection to the identity provider when fetching discovery information. + // issuerCertificateAuthority is an optional field that configures the certificate authority, used by the Kubernetes API server, to validate the connection to the identity provider when fetching discovery information. // // When not specified, the system trust is used. // - // When specified, it must reference a ConfigMap in the openshift-config - // namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' - // key in the data field of the ConfigMap. + // When specified, it must reference a ConfigMap in the openshift-config namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' key in the data field of the ConfigMap. // // +optional CertificateAuthority ConfigMapNameReference `json:"issuerCertificateAuthority"` + // discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. + // By default, the discovery URL is derived from `issuerURL` as "{issuerURL}/.well-known/openid-configuration". + // + // The discoveryURL must be a valid absolute HTTPS URL. + // It must not contain query parameters, user information, or fragments. + // Additionally, it must differ from the value of `issuerURL` (ignoring trailing slashes). + // The discoveryURL value must be at least 1 character long and no longer than 2048 characters. + // + // +optional + // +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="discoveryURL must be a valid URL" + // +kubebuilder:validation:XValidation:rule="url(self).getScheme() == 'https'",message="discoveryURL must be a valid https URL" + // +kubebuilder:validation:XValidation:rule="url(self).getQuery().size() == 0",message="discoveryURL must not contain query parameters" + // +kubebuilder:validation:XValidation:rule="self.matches('^[^#]*$')",message="discoveryURL must not contain fragments" + // +kubebuilder:validation:XValidation:rule="!self.matches('^https://.+:.+@.+/.*$')",message="discoveryURL must not contain user info" + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 + DiscoveryURL string `json:"discoveryURL,omitempty"` } type TokenClaimMappings struct { - // username is a required field that configures how the username of a cluster identity - // should be constructed from the claims in a JWT token issued by the identity provider. + // username is a required field that configures how the username of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider. // // +required Username UsernameClaimMapping `json:"username"` - // groups is an optional field that configures how the groups of a cluster identity - // should be constructed from the claims in a JWT token issued - // by the identity provider. - // When referencing a claim, if the claim is present in the JWT - // token, its value must be a list of groups separated by a comma (','). + // groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider. + // + // When referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (','). + // // For example - '"example"' and '"exampleOne", "exampleTwo", "exampleThree"' are valid claim values. // // +optional Groups PrefixedClaimMapping `json:"groups,omitempty"` - // uid is an optional field for configuring the claim mapping - // used to construct the uid for the cluster identity. + // uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity. // // When using uid.claim to specify the claim it must be a single string value. // When using uid.expression the expression must result in a single string value. // - // When omitted, this means the user has no opinion and the platform - // is left to choose a default, which is subject to change over time. + // When omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time. + // // The current default is to use the 'sub' claim. // // +optional // +openshift:enable:FeatureGate=ExternalOIDCWithUIDAndExtraClaimMappings UID *TokenClaimOrExpressionMapping `json:"uid,omitempty"` - // extra is an optional field for configuring the mappings - // used to construct the extra attribute for the cluster identity. + // extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. // When omitted, no extra attributes will be present on the cluster identity. + // // key values for extra mappings must be unique. // A maximum of 32 extra attribute mappings may be provided. // @@ -338,52 +380,63 @@ type TokenClaimMappings struct { Extra []ExtraMapping `json:"extra,omitempty"` } -// TokenClaimMapping allows specifying a JWT token -// claim to be used when mapping claims from an -// authentication token to cluster identities. +// TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities. +// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUIDAndExtraClaimMappings,rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="(size(self.?claim.orValue(\"\")) > 0) ? !has(self.expression) : true",message="expression must not be set if claim is specified and is not an empty string" type TokenClaimMapping struct { - // claim is a required field that configures the JWT token - // claim whose value is assigned to the cluster identity - // field associated with this mapping. + // claim is an optional field for specifying the JWT token claim that is used in the mapping. + // The value of this claim will be assigned to the field in which this mapping is associated. + // claim must not exceed 256 characters in length. + // When set to the empty string `""`, this means that no named claim should be used for the group mapping. + // claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. // - // +required + // +optional + // +kubebuilder:validation:MaxLength=256 Claim string `json:"claim"` + + // expression is an optional CEL expression used to derive + // group values from JWT claims. + // + // CEL expressions have access to the token claims through a CEL variable, 'claims'. + // + // expression must be at least 1 character and must not exceed 1024 characters in length . + // + // When specified, claim must not be set or be explicitly set to the empty string (`""`). + // + // +optional + // +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Expression string `json:"expression,omitempty"` } -// TokenClaimOrExpressionMapping allows specifying either a JWT -// token claim or CEL expression to be used when mapping claims -// from an authentication token to cluster identities. +// TokenClaimOrExpressionMapping allows specifying either a JWT token claim or CEL expression to be used when mapping claims from an authentication token to cluster identities. // +kubebuilder:validation:XValidation:rule="has(self.claim) ? !has(self.expression) : has(self.expression)",message="precisely one of claim or expression must be set" type TokenClaimOrExpressionMapping struct { - // claim is an optional field for specifying the - // JWT token claim that is used in the mapping. - // The value of this claim will be assigned to - // the field in which this mapping is associated. + // claim is an optional field for specifying the JWT token claim that is used in the mapping. + // The value of this claim will be assigned to the field in which this mapping is associated. // // Precisely one of claim or expression must be set. // claim must not be specified when expression is set. - // When specified, claim must be at least 1 character in length - // and must not exceed 256 characters in length. + // When specified, claim must be at least 1 character in length and must not exceed 256 characters in length. // // +optional // +kubebuilder:validation:MaxLength=256 // +kubebuilder:validation:MinLength=1 Claim string `json:"claim,omitempty"` - // expression is an optional field for specifying a - // CEL expression that produces a string value from - // JWT token claims. + // expression is an optional field for specifying a CEL expression that produces a string value from JWT token claims. // - // CEL expressions have access to the token claims - // through a CEL variable, 'claims'. + // CEL expressions have access to the token claims through a CEL variable, 'claims'. // 'claims' is a map of claim names to claim values. // For example, the 'sub' claim value can be accessed as 'claims.sub'. // Nested claims can be accessed using dot notation ('claims.foo.bar'). // // Precisely one of claim or expression must be set. // expression must not be specified when claim is set. - // When specified, expression must be at least 1 character in length - // and must not exceed 1024 characters in length. + // When specified, expression must be at least 1 character in length and must not exceed 1024 characters in length. // // +optional // +kubebuilder:validation:MaxLength=1024 @@ -391,13 +444,10 @@ type TokenClaimOrExpressionMapping struct { Expression string `json:"expression,omitempty"` } -// ExtraMapping allows specifying a key and CEL expression -// to evaluate the keys' value. It is used to create additional -// mappings and attributes added to a cluster identity from -// a provided authentication token. +// ExtraMapping allows specifying a key and CEL expression to evaluate the keys' value. +// It is used to create additional mappings and attributes added to a cluster identity from a provided authentication token. type ExtraMapping struct { - // key is a required field that specifies the string - // to use as the extra attribute key. + // key is a required field that specifies the string to use as the extra attribute key. // // key must be a domain-prefix path (e.g 'example.org/foo'). // key must not exceed 510 characters in length. @@ -410,8 +460,7 @@ type ExtraMapping struct { // It must only contain lower case alphanumeric characters and '-' or '.'. // It must not use the reserved domains, or be subdomains of, "kubernetes.io", "k8s.io", and "openshift.io". // - // The path portion of the key (string of characters after the '/') must not be empty and must consist of at least one - // alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. + // The path portion of the key (string of characters after the '/') must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. // It must not exceed 256 characters in length. // // +required @@ -433,14 +482,12 @@ type ExtraMapping struct { // +kubebuilder:validation:XValidation:rule="self.split('/', 2)[1].size() <= 256",message="the path of the key must not exceed 256 characters in length" Key string `json:"key"` - // valueExpression is a required field to specify the CEL expression to extract - // the extra attribute value from a JWT token's claims. + // valueExpression is a required field to specify the CEL expression to extract the extra attribute value from a JWT token's claims. // valueExpression must produce a string or string array value. // "", [], and null are treated as the extra mapping not being present. // Empty string values within an array are filtered out. // - // CEL expressions have access to the token claims - // through a CEL variable, 'claims'. + // CEL expressions have access to the token claims through a CEL variable, 'claims'. // 'claims' is a map of claim names to claim values. // For example, the 'sub' claim value can be accessed as 'claims.sub'. // Nested claims can be accessed using dot notation ('claims.foo.bar'). @@ -454,12 +501,10 @@ type ExtraMapping struct { ValueExpression string `json:"valueExpression"` } -// OIDCClientConfig configures how platform clients -// interact with identity providers as an authentication -// method +// OIDCClientConfig configures how platform clients interact with identity providers as an authentication method. type OIDCClientConfig struct { - // componentName is a required field that specifies the name of the platform - // component being configured to use the identity provider as an authentication mode. + // componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode. + // // It is used in combination with componentNamespace as a unique identifier. // // componentName must not be an empty string ("") and must not exceed 256 characters in length. @@ -469,9 +514,8 @@ type OIDCClientConfig struct { // +required ComponentName string `json:"componentName"` - // componentNamespace is a required field that specifies the namespace in which the - // platform component being configured to use the identity provider as an authentication - // mode is running. + // componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running. + // // It is used in combination with componentName as a unique identifier. // // componentNamespace must not be an empty string ("") and must not exceed 63 characters in length. @@ -481,11 +525,8 @@ type OIDCClientConfig struct { // +required ComponentNamespace string `json:"componentNamespace"` - // clientID is a required field that configures the client identifier, from - // the identity provider, that the platform component uses for authentication - // requests made to the identity provider. - // The identity provider must accept this identifier for platform components - // to be able to use the identity provider as an authentication mode. + // clientID is a required field that configures the client identifier, from the identity provider, that the platform component uses for authentication requests made to the identity provider. + // The identity provider must accept this identifier for platform components to be able to use the identity provider as an authentication mode. // // clientID must not be an empty string (""). // @@ -493,27 +534,21 @@ type OIDCClientConfig struct { // +required ClientID string `json:"clientID"` - // clientSecret is an optional field that configures the client secret used - // by the platform component when making authentication requests to the identity provider. + // clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider. // - // When not specified, no client secret will be used when making authentication requests - // to the identity provider. + // When not specified, no client secret will be used when making authentication requests to the identity provider. + // + // When specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field. // - // When specified, clientSecret references a Secret in the 'openshift-config' - // namespace that contains the client secret in the 'clientSecret' key of the '.data' field. // The client secret will be used when making authentication requests to the identity provider. // - // Public clients do not require a client secret but private - // clients do require a client secret to work with the identity provider. + // Public clients do not require a client secret but private clients do require a client secret to work with the identity provider. // // +optional ClientSecret SecretNameReference `json:"clientSecret"` - // extraScopes is an optional field that configures the extra scopes that should - // be requested by the platform component when making authentication requests to the - // identity provider. - // This is useful if you have configured claim mappings that requires specific - // scopes to be requested beyond the standard OIDC scopes. + // extraScopes is an optional field that configures the extra scopes that should be requested by the platform component when making authentication requests to the identity provider. + // This is useful if you have configured claim mappings that requires specific scopes to be requested beyond the standard OIDC scopes. // // When omitted, no additional scopes are requested. // @@ -526,8 +561,7 @@ type OIDCClientConfig struct { // of platform components and how they interact with // the configured identity providers. type OIDCClientStatus struct { - // componentName is a required field that specifies the name of the platform - // component using the identity provider as an authentication mode. + // componentName is a required field that specifies the name of the platform component using the identity provider as an authentication mode. // It is used in combination with componentNamespace as a unique identifier. // // componentName must not be an empty string ("") and must not exceed 256 characters in length. @@ -537,9 +571,8 @@ type OIDCClientStatus struct { // +required ComponentName string `json:"componentName"` - // componentNamespace is a required field that specifies the namespace in which the - // platform component using the identity provider as an authentication - // mode is running. + // componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running. + // // It is used in combination with componentName as a unique identifier. // // componentNamespace must not be an empty string ("") and must not exceed 63 characters in length. @@ -550,6 +583,7 @@ type OIDCClientStatus struct { ComponentNamespace string `json:"componentNamespace"` // currentOIDCClients is an optional list of clients that the component is currently using. + // // Entries must have unique issuerURL/clientID pairs. // // +listType=map @@ -558,8 +592,7 @@ type OIDCClientStatus struct { // +optional CurrentOIDCClients []OIDCClientReference `json:"currentOIDCClients"` - // consumingUsers is an optional list of ServiceAccounts requiring - // read permissions on the `clientSecret` secret. + // consumingUsers is an optional list of ServiceAccounts requiring read permissions on the `clientSecret` secret. // // consumingUsers must not exceed 5 entries. // @@ -585,8 +618,7 @@ type OIDCClientStatus struct { // OIDCClientReference is a reference to a platform component // client configuration. type OIDCClientReference struct { - // oidcProviderName is a required reference to the 'name' of the identity provider - // configured in 'oidcProviders' that this client is associated with. + // oidcProviderName is a required reference to the 'name' of the identity provider configured in 'oidcProviders' that this client is associated with. // // oidcProviderName must not be an empty string (""). // @@ -594,8 +626,7 @@ type OIDCClientReference struct { // +required OIDCProviderName string `json:"oidcProviderName"` - // issuerURL is a required field that specifies the URL of the identity - // provider that this client is configured to make requests against. + // issuerURL is a required field that specifies the URL of the identity provider that this client is configured to make requests against. // // issuerURL must use the 'https' scheme. // @@ -603,9 +634,7 @@ type OIDCClientReference struct { // +required IssuerURL string `json:"issuerURL"` - // clientID is a required field that specifies the client identifier, from - // the identity provider, that the platform component is using for authentication - // requests made to the identity provider. + // clientID is a required field that specifies the client identifier, from the identity provider, that the platform component is using for authentication requests made to the identity provider. // // clientID must not be empty. // @@ -616,35 +645,51 @@ type OIDCClientReference struct { // +kubebuilder:validation:XValidation:rule="has(self.prefixPolicy) && self.prefixPolicy == 'Prefix' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)",message="prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" // +union +// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUIDAndExtraClaimMappings,rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="has(self.claim) ? !has(self.expression) : has(self.expression)",message="precisely one of claim or expression must be set" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="has(self.expression) && size(self.expression) > 0 ? !has(self.prefixPolicy) || self.prefixPolicy != 'Prefix' : true",message="prefixPolicy must not be set to 'Prefix' when expression is set" type UsernameClaimMapping struct { - // claim is a required field that configures the JWT token - // claim whose value is assigned to the cluster identity - // field associated with this mapping. + // claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + // claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + // When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set. // // claim must not be an empty string ("") and must not exceed 256 characters. // - // +required + // +optional // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=256 - Claim string `json:"claim"` + Claim string `json:"claim,omitempty"` + + // expression is an optional CEL expression used to derive + // the username from JWT claims. + // + // CEL expressions have access to the token claims + // through a CEL variable, 'claims'. + // + // expression must be at least 1 character and must not exceed 1024 characters in length. + // expression must not be set when claim is set. + // + // +optional + // +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Expression string `json:"expression,omitempty"` - // prefixPolicy is an optional field that configures how a prefix should be - // applied to the value of the JWT claim specified in the 'claim' field. + // prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field. // // Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). // - // When set to 'Prefix', the value specified in the prefix field will be - // prepended to the value of the JWT claim. + // When set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. // The prefix field must be set when prefixPolicy is 'Prefix'. + // Must not be set to 'Prefix' when expression is set. + // When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. + // When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. + // Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. // - // When set to 'NoPrefix', no prefix will be prepended to the value - // of the JWT claim. - // - // When omitted, this means no opinion and the platform is left to choose - // any prefixes that are applied which is subject to change over time. - // Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim - // when the claim is not 'email'. // As an example, consider the following scenario: + // // `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, // the JWT claims include "username":"userA" and "email":"userA@myoidc.tld", // and `claim` is set to: @@ -656,8 +701,7 @@ type UsernameClaimMapping struct { // +unionDiscriminator PrefixPolicy UsernamePrefixPolicy `json:"prefixPolicy"` - // prefix configures the prefix that should be prepended to the value - // of the JWT claim. + // prefix configures the prefix that should be prepended to the value of the JWT claim. // // prefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise. // @@ -666,13 +710,11 @@ type UsernameClaimMapping struct { Prefix *UsernamePrefix `json:"prefix"` } -// UsernamePrefixPolicy configures how prefixes should be applied -// to values extracted from the JWT claims during the process of mapping -// JWT claims to cluster identity attributes. +// UsernamePrefixPolicy configures how prefixes should be applied to values extracted from the JWT claims during the process of mapping JWT claims to cluster identity attributes. // +enum type UsernamePrefixPolicy string -var ( +const ( // NoOpinion let's the cluster assign prefixes. If the username claim is email, there is no prefix // If the username claim is anything else, it is prefixed by the issuerURL NoOpinion UsernamePrefixPolicy = "" @@ -687,9 +729,7 @@ var ( // UsernamePrefix configures the string that should // be used as a prefix for username claim mappings. type UsernamePrefix struct { - // prefixString is a required field that configures the prefix that will - // be applied to cluster identity username attribute - // during the process of mapping JWT claims to cluster identity attributes. + // prefixString is a required field that configures the prefix that will be applied to cluster identity username attribute during the process of mapping JWT claims to cluster identity attributes. // // prefixString must not be an empty string (""). // @@ -700,54 +740,67 @@ type UsernamePrefix struct { // PrefixedClaimMapping configures a claim mapping // that allows for an optional prefix. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="has(self.expression) && size(self.expression) > 0 ? (!has(self.prefix) || size(self.prefix) == 0) : true",message="prefix must not be set to a non-empty value when expression is set" type PrefixedClaimMapping struct { TokenClaimMapping `json:",inline"` - // prefix is an optional field that configures the prefix that will be - // applied to the cluster identity attribute during the process of mapping - // JWT claims to cluster identity attributes. + // prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes. // - // When omitted (""), no prefix is applied to the cluster identity attribute. + // When omitted or set to an empty string (""), no prefix is applied to the cluster identity attribute. + // Must not be set to a non-empty value when expression is set. // - // Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains - // an array of strings "a", "b" and "c", the mapping will result in an - // array of string "myoidc:a", "myoidc:b" and "myoidc:c". + // Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". // // +optional Prefix string `json:"prefix"` } -// TokenValidationRuleType represents the different -// claim validation rule types that can be configured. +// TokenValidationRuleType defines the type of token validation rule. // +enum +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum="RequiredClaim"; +// +openshift:validation:FeatureGateAwareEnum:featureGate=ExternalOIDC,enum="RequiredClaim"; +// +openshift:validation:FeatureGateAwareEnum:featureGate=ExternalOIDCWithUIDAndExtraClaimMappings,enum="RequiredClaim"; +// +openshift:validation:FeatureGateAwareEnum:featureGate=ExternalOIDCWithUpstreamParity,enum="RequiredClaim";"CEL" type TokenValidationRuleType string const ( - TokenValidationRuleTypeRequiredClaim = "RequiredClaim" + // TokenValidationRuleTypeRequiredClaim indicates that the token must contain a specific claim. + // Used as a value for TokenValidationRuleType. + TokenValidationRuleTypeRequiredClaim TokenValidationRuleType = "RequiredClaim" + // TokenValidationRuleTypeCEL indicates that the token validation is defined via a CEL expression. + // Used as a value for TokenValidationRuleType. + TokenValidationRuleTypeCEL TokenValidationRuleType = "CEL" ) +// TokenClaimValidationRule represents a validation rule based on token claims. +// If type is RequiredClaim, requiredClaim must be set. +// If Type is CEL, CEL must be set and RequiredClaim must be omitted. +// +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'RequiredClaim' ? has(self.requiredClaim) : !has(self.requiredClaim)",message="requiredClaim must be set when type is 'RequiredClaim', and forbidden otherwise" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="has(self.type) && self.type == 'CEL' ? has(self.cel) : !has(self.cel)",message="cel must be set when type is 'CEL', and forbidden otherwise" type TokenClaimValidationRule struct { // type is an optional field that configures the type of the validation rule. // - // Allowed values are 'RequiredClaim' and omitted (not provided or an empty string). - // - // When set to 'RequiredClaim', the Kubernetes API server - // will be configured to validate that the incoming JWT - // contains the required claim and that its value matches - // the required value. + // Allowed values are "RequiredClaim" and "CEL". // - // Defaults to 'RequiredClaim'. + // When set to 'RequiredClaim', the Kubernetes API server will be configured to validate that the incoming JWT contains the required claim and that its value matches the required value. // - // +kubebuilder:validation:Enum={"RequiredClaim"} - // +kubebuilder:default="RequiredClaim" + // When set to 'CEL', the Kubernetes API server will be configured to validate the incoming JWT against the configured CEL expression. + // +required Type TokenValidationRuleType `json:"type"` - // requiredClaim is an optional field that configures the required claim - // and value that the Kubernetes API server will use to validate if an incoming - // JWT is valid for this identity provider. + // requiredClaim allows configuring a required claim name and its expected value. + // This field is required when `type` is set to RequiredClaim, and must be omitted when `type` is set to any other value. + // The Kubernetes API server uses this field to validate if an incoming JWT is valid for this identity provider. // // +optional RequiredClaim *TokenRequiredClaim `json:"requiredClaim,omitempty"` + + // cel holds the CEL expression and message for validation. + // Must be set when Type is "CEL", and forbidden otherwise. + // +optional + // +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity + CEL TokenClaimValidationCELRule `json:"cel,omitempty,omitzero"` } type TokenRequiredClaim struct { @@ -760,10 +813,8 @@ type TokenRequiredClaim struct { // +required Claim string `json:"claim"` - // requiredValue is a required field that configures the value that 'claim' must - // have when taken from the incoming JWT claims. - // If the value in the JWT claims does not match, the token - // will be rejected for authentication. + // requiredValue is a required field that configures the value that 'claim' must have when taken from the incoming JWT claims. + // If the value in the JWT claims does not match, the token will be rejected for authentication. // // requiredValue must not be an empty string (""). // @@ -771,3 +822,395 @@ type TokenRequiredClaim struct { // +required RequiredValue string `json:"requiredValue"` } + +type TokenClaimValidationCELRule struct { + // expression is a CEL expression evaluated against token claims. + // expression is required, must be at least 1 character in length and must not exceed 1024 characters. + // The expression must return a boolean value where 'true' signals a valid token and 'false' an invalid one. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + // +required + Expression string `json:"expression,omitempty"` + + // message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. + // message must be at least 1 character in length and must not exceed 256 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Message string `json:"message,omitempty"` +} + +// TokenUserValidationRule provides a CEL-based rule used to validate a token subject. +// Each rule contains a CEL expression that is evaluated against the token’s claims. +type TokenUserValidationRule struct { + // expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc. + // + // The expression must evaluate to a boolean value. + // When the expression evaluates to 'true', the cluster user identity is considered valid. + // When the expression evaluates to 'false', the cluster user identity is not considered valid. + // expression must be at least 1 character in length and must not exceed 1024 characters. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Expression string `json:"expression,omitempty"` + // message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. + // message must be at least 1 character in length and must not exceed 256 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Message string `json:"message,omitempty"` +} + +// ExternalClaimsSource provides the configuration for a single external claim source. +type ExternalClaimsSource struct { + // authentication is an optional field that configures how the apiserver authenticates with an external claims source. + // When not specified, anonymous authentication is used which means no 'Authorization' header + // is sent in the HTTP request to fetch the external claims. + // + // +optional + Authentication ExternalSourceAuthentication `json:"authentication,omitzero"` + + // tls is an optional field that configures the http client TLS + // settings when fetching external claims from this source. + // + // When omitted, system default TLS settings will be used + // for fetching claims from the external source. + // + // +optional + TLS ExternalSourceTLS `json:"tls,omitzero"` + + // url is a required configuration of the URL + // for which the external claims are located. + // + // +required + URL SourceURL `json:"url,omitzero"` + + // mappings is a required list of the claim + // and response handling expression pairs + // that produces the claims from the external source. + // mappings must have at least 1 entry and must not exceed 16 entries. + // Entries must have a unique name across all external claim sources. + // + // +required + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + Mappings []SourcedClaimMapping `json:"mappings,omitempty"` + + // predicates is an optional list of constraints in + // which claims should attempt to be fetched from this + // external source. + // + // When omitted, claims are always fetched + // from this external source. + // + // When specified, all predicates must evaluate to 'true' + // before claims are attempted to be fetched from this external source. + // predicates must have at least 1 entry and must not exceed 16 entries. + // Entries must have unique expressions. + // + // +optional + // +listType=map + // +listMapKey=expression + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + Predicates []ExternalSourcePredicate `json:"predicates,omitempty"` +} + +// ExternalSourceAuthenticationType is the type of authentication that should be used +// when fetching claims from an external source. +// +// +enum +// +kubebuilder:validation:Enum=RequestProvidedToken;ClientCredential +type ExternalSourceAuthenticationType string + +const ( + // ExternalSourceAuthenticationTypeRequestProvidedToken is an ExternalSourceAuthenticationType + // that represents that the token being evaluated for authentication + // should be used for authenticating with the external claims source. + // This is useful for scenarios where a token has multiple audiences + // and scopes so that it can be used to access both the cluster and + // the UserInfo endpoint that contains additional information about the + // user not present in the token. + ExternalSourceAuthenticationTypeRequestProvidedToken ExternalSourceAuthenticationType = "RequestProvidedToken" + + // ExternalSourceAuthenticationTypeClientCredential is an ExternalSourceAuthenticationType + // that represents that the authenticator should use the OAuth2 + // client credentials grant flow to obtain an access token for + // authenticating with the external claims source. + // This is useful for scenarios such as fetching user information + // from Microsoft's Graph API where a separate client credential + // is needed to access the API. + ExternalSourceAuthenticationTypeClientCredential ExternalSourceAuthenticationType = "ClientCredential" +) + +// ExternalSourceAuthentication configures how the apiserver should attempt +// to authenticate with an external claims source. +// +// +kubebuilder:validation:XValidation:rule="self.type == 'ClientCredential' ? has(self.clientCredential) : !has(self.clientCredential)",message="clientCredential is required when type is ClientCredential, and forbidden otherwise" +type ExternalSourceAuthentication struct { + // type is a required field that sets the type of + // authentication method used by the authenticator + // when fetching external claims. + // + // Allowed values are 'RequestProvidedToken' and 'ClientCredential'. + // + // When set to 'RequestProvidedToken', the authenticator will + // use the token provided to the kube-apiserver as part of the + // request to authenticate with the external claims source. + // + // When set to 'ClientCredential', the authenticator will + // use the configured client-id, client-secret, and token endpoint + // to fetch an access token using the OAuth2 client credentials grant + // flow. The fetched access token will then be used to authenticate + // with the external claims source. + // + // +required + Type ExternalSourceAuthenticationType `json:"type,omitempty"` + + // clientCredential configures the client credentials + // and token endpoint to use to get an access token. + // clientCredential is required when type is 'ClientCredential', and forbidden otherwise. + // + // +optional + ClientCredential ClientCredentialConfig `json:"clientCredential,omitzero"` +} + +// ExternalSourceTLS configures the TLS options that the apiserver uses as a client +// when making a request to the external claim source. +type ExternalSourceTLS struct { + // certificateAuthority is a required reference to a ConfigMap in the openshift-config + // namespace that contains the CA certificate to use to validate TLS connections with the external claims source. + // The key "ca-bundle.crt" must be present in the referenced ConfigMap and must contain the CA certificate to be used + // to verify the external source's TLS certificate. + // + // +required + CertificateAuthority ExternalSourceCertificateAuthorityConfigMapReference `json:"certificateAuthority,omitzero"` +} + +// ClientCredentialConfig configures the client credentials and token endpoint +// to use to get an access token via the OAuth2 client credentials grant flow. +type ClientCredentialConfig struct { + // clientID is a required client identifier to use during the OAuth2 client credentials flow. + // clientID must be at least 1 character in length, must not exceed 256 characters in length, + // and must only contain printable ASCII characters. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:XValidation:rule="self.matches('^[[:print:]]+$')",message="clientID must only contain printable ASCII characters" + ClientID string `json:"clientID,omitempty"` + + // clientSecret is a required reference to a Secret in the openshift-config namespace to be used + // as the client secret during the OAuth2 client credentials flow. + // + // The key 'client-secret' is used to locate the client secret data in the Secret. + // + // +required + ClientSecret ClientSecretSecretReference `json:"clientSecret,omitzero"` + + // tokenEndpoint is a required URL to query for an access token using + // the client credential OAuth2 flow. + // tokenEndpoint must be at least 1 character in length and must not exceed 2048 characters in length. + // tokenEndpoint must be a valid HTTPS URL. + // tokenEndpoint must have a host and a path. + // tokenEndpoint must not contain query parameters, fragments, + // or user information (e.g., "user:password@host"). + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="tokenEndpoint must be a valid HTTPS url" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getScheme() == 'https'",message="tokenEndpoint must be a valid HTTPS url" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getHost() != ''",message="tokenEndpoint must have a hostname" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getEscapedPath() != ''",message="tokenEndpoint must have a path" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getQuery() == {}",message="tokenEndpoint must not have query parameters" + // +kubebuilder:validation:XValidation:rule="isURL(self) && self.find('#(.+)$') == ''",message="tokenEndpoint must not have a fragment" + // +kubebuilder:validation:XValidation:rule="isURL(self) && !self.matches('^https://[^/]+@.+$')",message="tokenEndpoint must not have user info" + TokenEndpoint string `json:"tokenEndpoint,omitempty"` + + // scopes is an optional list of OAuth2 scopes to request when obtaining + // an access token. + // + // If not specified, the token endpoint's default scopes + // will be used. + // + // When specified, there must be at least 1 entry and must not exceed 16 entries. + // Each entry must be at least 1 character in length and must not exceed 256 characters in length. + // Each entry must only contain printable ASCII characters, excluding spaces, double quotes and backslashes. + // Entries must be unique. + // + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + // +listType=set + Scopes []OAuth2Scope `json:"scopes,omitempty"` + + // tls is an optional field that allows configuring the TLS + // settings used to interact with the identity provider + // as an OAuth2 client. + // + // When omitted, system default TLS settings will be used + // for the OAuth2 client. + // + // +optional + TLS ExternalSourceTLS `json:"tls,omitzero"` +} + +// OAuth2Scope is a string alias that represents an OAuth2 Scope as defined by https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.4 +// Must be at least 1 character in length, must not exceed 256 characters in length and must only contain printable ASCII characters, excluding spaces, double quotes and backslashes. +// +// +kubebuilder:validation:XValidation:rule="self.matches('^[!#-[\\\\]-~]+$')",message="scopes must only contain printable ASCII characters excluding spaces, double quotes and backslashes" +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=256 +type OAuth2Scope string + +// SourceURL configures the options used to build the URL that is queried for external claims. +type SourceURL struct { + // hostname is a required hostname for which the external claims are located. + // + // It must be a valid DNS subdomain name as per RFC1123. + // + // This means that it must start and end with a lowercase alphanumeric character, + // must only consist of lowercase alphanumeric characters, '-', and '.'. + // hostname may optionally specify a port in the format ':{port}'. + // If a port is specified it must not exceed 65535. + // + // hostname must be at least 1 character in length. + // When specifying a port, hostname must not exceed 259 characters in length. + // When not specifying a port, hostname must not exceed 253 characters in length. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=259 + // +kubebuilder:validation:XValidation:rule="isURL('https://'+self)",message="hostname must be a valid hostname" + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self.split(':')[0]).hasValue()",message="hostname before port must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'" + // +kubebuilder:validation:XValidation:rule="self.split(':').size() > 1 ? int(self.split(':')[1]) <= 65535 : true",message="port must not exceed 65535" + Hostname string `json:"hostname,omitempty"` + + // pathExpression is a required CEL expression that returns a list + // of string values used to construct the URL path. + // Claims from the token used for the request to the kube-apiserver + // are made available via the `claims` variable. + // expression must be at least 1 character in length and must not exceed 1024 characters in length. + // + // Values in the returned list will be joined with the hostname using a forward slash + // (`/`) as a separator. Values in the returned list do not need to include the forward slash. + // If a forward slash is included in a returned value, it will be encoded as `%2F`. + // + // Example of a static path configuration: + // + // pathExpression: ['realms', 'k8s', 'protocol', 'openid-connect', 'userinfo'] + // + // The above example would resolve to the path: '/realms/k8s/protocol/openid-connect/userinfo' + // + // Example of a dynamic path configuration: + // + // pathExpression: "['admin', 'realms', 'k8s', 'users'] + [claims.sub] + ['groups']" + // + // Assuming 'claims.sub' is set to '12345', the above example would resolve to the path: '/admin/realms/k8s/users/12345/groups' + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + PathExpression string `json:"pathExpression,omitempty"` +} + +// SourcedClaimMapping configures the mapping behavior for a single external claim +// from the response the apiserver received from the external claim source. +type SourcedClaimMapping struct { + // name is a required name of the claim that + // will be produced and made available during + // the claim-to-identity mapping process. + // name must consist of only lowercase alpha characters and underscores ('_'). + // name must be at least 1 character and must not exceed 256 characters in length. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-z_]+$')",message="name must consist of only lowercase alpha characters and underscores" + Name string `json:"name,omitempty"` + + // expression is a required CEL expression that + // will produce a value to be assigned to the claim. + // The full response body from the request to the + // external claim source is provided via the + // `response.body` variable. + // + // The contents of the `response.body` variable varies based on the response received + // from the external source. It is the responsibility of those configuring + // this expression to understand what is returned from the external source. + // + // expression must be at least 1 character and must not exceed 1024 characters in length. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Expression string `json:"expression,omitempty"` +} + +// ExternalSourcePredicate configures a singular condition +// that must return true before the external source is queried +// to retrieve external claims. +type ExternalSourcePredicate struct { + // expression is a required CEL expression that + // is used to determine whether or not an external + // source should be used to fetch external claims. + // + // The expression must return a boolean value, + // where true means that the source should be consulted + // and false means that it should not. + // + // Claims from the token used for the request to the kube-apiserver + // are made available via the `claims` variable. + // + // The contents of the `claims` variable varies based on the claims that are + // present in the token being validated. It is the responsibility of those configuring this + // field to understand what claims the identity provider includes when issuing tokens. + // + // expression must be at least 1 character and must not exceed 1024 characters in length. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Expression string `json:"expression,omitempty"` +} + +// ExternalSourceCertificateAuthorityConfigMapReference is a reference to a ConfigMap in the openshift-config +// namespace that should be used for configuring the certificate authority to be +// used when sourcing claims from external sources. +type ExternalSourceCertificateAuthorityConfigMapReference struct { + // name is the required name of the ConfigMap that exists in the openshift-config namespace. + // The key "ca-bundle.crt" must be present and must contain the CA certificate to be used + // to verify the external source's TLS certificate. + // + // It must be at least 1 character in length, must not exceed 253 characters in length, + // must start and end with a lowercase alphanumeric character, and must only contain + // lowercase alphanumeric characters, '-' or '.'. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="name must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'" + Name string `json:"name,omitempty"` +} + +// ClientSecretSecretReference is a reference to a Secret in the openshift-config +// namespace that should be used for configuring the client secret to be +// used when sourcing claims from external sources with the client credential authentication flow. +type ClientSecretSecretReference struct { + // name is the required name of the Secret that exists in the openshift-config namespace. + // + // It must be at least 1 character in length, must not exceed 253 characters in length, + // must start and end with a lowercase alphanumeric character, and must only contain + // lowercase alphanumeric characters, '-' or '.'. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="name must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'" + Name string `json:"name,omitempty"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go index ca604e05c..491390098 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go @@ -52,7 +52,7 @@ type ClusterImagePolicySpec struct { // policy is a required field that contains configuration to allow scopes to be verified, and defines how // images not matching the verification policy will be treated. // +required - Policy Policy `json:"policy"` + Policy ImageSigstoreVerificationPolicy `json:"policy"` } // +k8s:deepcopy-gen=true diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index 832304038..e934e8355 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -160,8 +160,9 @@ const ( // is actively rolling out new code, propagating config changes (e.g, a version change), or otherwise // moving from one steady state to another. Operators should not report // Progressing when they are reconciling (without action) a previously known - // state. Operators should not report Progressing only because DaemonSets owned by them - // are adjusting to a new node from cluster scaleup or a node rebooting from cluster upgrade. + // state. Operators should not report Progressing only because resources owned by them, + // such as DaemonSets and Deployments, are adjusting to a new node from cluster scaleup + // or a node rebooting from cluster upgrade. // If the observed cluster state has changed and the component is // reacting to it (updated proxy configuration for instance), Progressing should become true // since it is moving from one steady state to another. diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index e5aad151e..f8d45114a 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -199,9 +199,23 @@ type ClusterVersionStatus struct { // availableUpdates. This list may be empty if no updates are // recommended, if the update service is unavailable, or if an empty // or invalid channel has been specified. + // +kubebuilder:validation:MaxItems=500 // +listType=atomic // +optional ConditionalUpdates []ConditionalUpdate `json:"conditionalUpdates,omitempty"` + + // conditionalUpdateRisks contains the list of risks associated with conditionalUpdates. + // When performing a conditional update, all its associated risks will be compared with the set of accepted risks in the spec.desiredUpdate.acceptRisks field. + // If all risks for a conditional update are included in the spec.desiredUpdate.acceptRisks set, the conditional update can proceed, otherwise it is blocked. + // The risk names in the list must be unique. + // conditionalUpdateRisks must not contain more than 500 entries. + // +openshift:enable:FeatureGate=ClusterUpdateAcceptRisks + // +kubebuilder:validation:MaxItems=500 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=name + // +optional + ConditionalUpdateRisks []ConditionalUpdateRisk `json:"conditionalUpdateRisks,omitempty"` } // UpdateState is a constant representing whether an update was successfully @@ -258,7 +272,7 @@ type UpdateHistory struct { Verified bool `json:"verified"` // acceptedRisks records risks which were accepted to initiate the update. - // For example, it may menition an Upgradeable=False or missing signature + // For example, it may mention an Upgradeable=False or missing signature // that was overridden via desiredUpdate.force, or an update that was // initiated despite not being in the availableUpdates set of recommended // update targets. @@ -269,6 +283,16 @@ type UpdateHistory struct { // ClusterID is string RFC4122 uuid. type ClusterID string +// UpdateMode defines how an update should be processed. +// +enum +// +kubebuilder:validation:Enum=Preflight +type UpdateMode string + +const ( + // UpdateModePreflight allows an update to be checked for compatibility without committing to updating the cluster. + UpdateModePreflight UpdateMode = "Preflight" +) + // ClusterVersionArchitecture enumerates valid cluster architectures. // +kubebuilder:validation:Enum="Multi";"" type ClusterVersionArchitecture string @@ -732,6 +756,46 @@ type Update struct { // // +optional Force bool `json:"force"` + + // acceptRisks is an optional set of names of conditional update risks that are considered acceptable. + // A conditional update is performed only if all of its risks are acceptable. + // This list may contain entries that apply to current, previous or future updates. + // The entries therefore may not map directly to a risk in .status.conditionalUpdateRisks. + // acceptRisks must not contain more than 1000 entries. + // Entries in this list must be unique. + // +openshift:enable:FeatureGate=ClusterUpdateAcceptRisks + // +kubebuilder:validation:MaxItems=1000 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=name + // +optional + AcceptRisks []AcceptRisk `json:"acceptRisks,omitempty"` + + // mode determines how an update should be processed. + // The only valid value is "Preflight". + // When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. + // This is the standard update behavior. + // When set to "Preflight", the cluster runs compatibility checks against the target release without + // performing an actual update. Compatibility results, including any detected risks, are reported + // in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update + // recommendation service. + // This allows administrators to assess update readiness and address issues before committing to the update. + // Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be + // verified across multiple minor versions. + // When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. + // +openshift:enable:FeatureGate=ClusterUpdatePreflight + // +optional + Mode UpdateMode `json:"mode,omitempty"` +} + +// AcceptRisk represents a risk that is considered acceptable. +type AcceptRisk struct { + // name is the name of the acceptable risk. + // It must be a non-empty string and must not exceed 256 characters. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +required + Name string `json:"name,omitempty"` } // Release represents an OpenShift release image and associated metadata. @@ -787,12 +851,27 @@ type ConditionalUpdate struct { // +required Release Release `json:"release"` + // riskNames represents the set of the names of conditionalUpdateRisks that are relevant to this update for some clusters. + // The Applies condition of each conditionalUpdateRisks entry declares if that risk applies to this cluster. + // A conditional update is accepted only if each of its risks either does not apply to the cluster or is considered acceptable by the cluster administrator. + // The latter means that the risk names are included in value of the spec.desiredUpdate.acceptRisks field. + // Entries must be unique and must not exceed 256 characters. + // riskNames must not contain more than 500 entries. + // +openshift:enable:FeatureGate=ClusterUpdateAcceptRisks + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:items:MaxLength=256 + // +kubebuilder:validation:MaxItems=500 + // +listType=set + // +optional + RiskNames []string `json:"riskNames,omitempty"` + // risks represents the range of issues associated with // updating to the target release. The cluster-version // operator will evaluate all entries, and only recommend the // update if there is at least one entry and all entries // recommend the update. // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=200 // +patchMergeKey=name // +patchStrategy=merge // +listType=map @@ -813,6 +892,20 @@ type ConditionalUpdate struct { // for not recommending a conditional update. // +k8s:deepcopy-gen=true type ConditionalUpdateRisk struct { + // conditions represents the observations of the conditional update + // risk's current status. Known types are: + // * Applies, for whether the risk applies to the current cluster. + // The condition's types in the list must be unique. + // conditions must not contain more than one entry. + // +openshift:enable:FeatureGate=ClusterUpdateAcceptRisks + // +kubebuilder:validation:XValidation:rule="self.exists_one(x, x.type == 'Applies')",message="must contain a condition of type 'Applies'" + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=type + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` + // url contains information about this risk. // +kubebuilder:validation:Format=uri // +kubebuilder:validation:MinLength=1 diff --git a/vendor/github.com/openshift/api/config/v1/types_dns.go b/vendor/github.com/openshift/api/config/v1/types_dns.go index 06eb75ccf..efbdc3ae5 100644 --- a/vendor/github.com/openshift/api/config/v1/types_dns.go +++ b/vendor/github.com/openshift/api/config/v1/types_dns.go @@ -134,7 +134,14 @@ type AWSDNSSpec struct { // privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing // operations on the cluster's private hosted zone specified in the cluster DNS config. // When left empty, no role should be assumed. - // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$` + // + // The ARN must follow the format: arn::iam:::role/, where: + // is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), + // is a 12-digit numeric identifier for the AWS account, + // is the IAM role name. + // + // +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$')`,message=`privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/` + // +openshift:validation:FeatureGateAwareXValidation:featureGate=AWSEuropeanSovereignCloudInstall,rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$')`,message=`privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/` // +optional PrivateZoneIAMRole string `json:"privateZoneIAMRole"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 169e29c5c..e111d518a 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -53,8 +53,12 @@ var ( // your cluster may fail in an unrecoverable way. CustomNoUpgrade FeatureSet = "CustomNoUpgrade" + // OKD turns on features for OKD. Turning this feature set ON is supported for OKD clusters, but NOT for OpenShift clusters. + // Once enabled, this feature set cannot be changed back to Default, but can be changed to other feature sets and it allows upgrades. + OKD FeatureSet = "OKD" + // AllFixedFeatureSets are the featuresets that have known featuregates. Custom doesn't for instance. LatencySensitive is dead - AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade} + AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade, OKD} ) type FeatureGateSpec struct { @@ -67,10 +71,11 @@ type FeatureGateSelection struct { // Turning on or off features may cause irreversible changes in your cluster which cannot be undone. // +unionDiscriminator // +optional - // +kubebuilder:validation:Enum=CustomNoUpgrade;DevPreviewNoUpgrade;TechPreviewNoUpgrade;"" + // +kubebuilder:validation:Enum=CustomNoUpgrade;DevPreviewNoUpgrade;TechPreviewNoUpgrade;OKD;"" // +kubebuilder:validation:XValidation:rule="oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true",message="CustomNoUpgrade may not be changed" // +kubebuilder:validation:XValidation:rule="oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true",message="TechPreviewNoUpgrade may not be changed" // +kubebuilder:validation:XValidation:rule="oldSelf == 'DevPreviewNoUpgrade' ? self == 'DevPreviewNoUpgrade' : true",message="DevPreviewNoUpgrade may not be changed" + // +kubebuilder:validation:XValidation:rule="oldSelf == 'OKD' ? self != '' : true",message="OKD cannot transition to Default" FeatureSet FeatureSet `json:"featureSet,omitempty"` // customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index 82f46c8b6..96fa349a6 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -165,20 +165,50 @@ type RegistryLocation struct { // +kubebuilder:validation:XValidation:rule="has(self.blockedRegistries) ? !has(self.allowedRegistries) : true",message="Only one of blockedRegistries or allowedRegistries may be set" type RegistrySources struct { // insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. + // Each entry must be a valid registry scope in the format hostname[:port][/path], + // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com"). + // The hostname must consist of valid DNS labels separated by dots, where each label + // contains only alphanumeric characters and hyphens and does not start or end with a hyphen. + // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."), + // and must be at most 256 characters in length. The list may contain at most 1024 entries. // +optional // +listType=atomic + // +kubebuilder:validation:MaxItems=1024 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + // +kubebuilder:validation:items:XValidation:rule="self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')",message="each registry must be a valid hostname[:port][/path] or wildcard *.hostname format without tags or digests" InsecureRegistries []string `json:"insecureRegistries,omitempty"` // blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. + // Each entry must be a valid registry scope in the format hostname[:port][/path], + // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com"). + // The hostname must consist of valid DNS labels separated by dots, where each label + // contains only alphanumeric characters and hyphens and does not start or end with a hyphen. + // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."), + // and must be at most 256 characters in length. The list may contain at most 1024 entries. // // Only one of BlockedRegistries or AllowedRegistries may be set. // +optional // +listType=atomic + // +kubebuilder:validation:MaxItems=1024 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + // +kubebuilder:validation:items:XValidation:rule="self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')",message="each registry must be a valid hostname[:port][/path] or wildcard *.hostname format without tags or digests" BlockedRegistries []string `json:"blockedRegistries,omitempty"` // allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. + // Each entry must be a valid registry scope in the format hostname[:port][/path], + // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com"). + // The hostname must consist of valid DNS labels separated by dots, where each label + // contains only alphanumeric characters and hyphens and does not start or end with a hyphen. + // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."), + // and must be at most 256 characters in length. The list may contain at most 1024 entries. // // Only one of BlockedRegistries or AllowedRegistries may be set. // +optional // +listType=atomic + // +kubebuilder:validation:MaxItems=1024 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + // +kubebuilder:validation:items:XValidation:rule="self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')",message="each registry must be a valid hostname[:port][/path] or wildcard *.hostname format without tags or digests" AllowedRegistries []string `json:"allowedRegistries,omitempty"` // containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified // domains in their pull specs. Registries will be searched in the order provided in the list. diff --git a/vendor/github.com/openshift/api/config/v1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1/types_image_policy.go index 54bd21adb..3cc46141c 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1/types_image_policy.go @@ -51,7 +51,7 @@ type ImagePolicySpec struct { // policy is a required field that contains configuration to allow scopes to be verified, and defines how // images not matching the verification policy will be treated. // +required - Policy Policy `json:"policy"` + Policy ImageSigstoreVerificationPolicy `json:"policy"` } // +kubebuilder:validation:XValidation:rule="size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true",message="invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" @@ -60,8 +60,8 @@ type ImagePolicySpec struct { // +kubebuilder:validation:MaxLength=512 type ImageScope string -// Policy defines the verification policy for the items in the scopes list. -type Policy struct { +// ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list. +type ImageSigstoreVerificationPolicy struct { // rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. // This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated. // +required @@ -82,25 +82,25 @@ type PolicyRootOfTrust struct { // Allowed values are "PublicKey", "FulcioCAWithRekor", and "PKI". // When set to "PublicKey", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. // When set to "FulcioCAWithRekor", the policy is based on the Fulcio certification and incorporates a Rekor verification. - // When set to "PKI", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate. + // When set to "PKI", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). // +unionDiscriminator // +required PolicyType PolicyType `json:"policyType"` // publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification. // publicKey is required when policyType is PublicKey, and forbidden otherwise. // +optional - PublicKey *PublicKey `json:"publicKey,omitempty"` + PublicKey *ImagePolicyPublicKeyRootOfTrust `json:"publicKey,omitempty"` // fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key. // fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise // For more information about Fulcio and Rekor, please refer to the document at: // https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor // +optional - FulcioCAWithRekor *FulcioCAWithRekor `json:"fulcioCAWithRekor,omitempty"` + FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrust `json:"fulcioCAWithRekor,omitempty"` // pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. // pki is required when policyType is PKI, and forbidden otherwise. // +optional // +openshift:enable:FeatureGate=SigstoreImageVerificationPKI - PKI *PKI `json:"pki,omitempty"` + PKI *ImagePolicyPKIRootOfTrust `json:"pki,omitempty"` } // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=PublicKey;FulcioCAWithRekor @@ -113,8 +113,8 @@ const ( PKIRootOfTrust PolicyType = "PKI" ) -// PublicKey defines the root of trust based on a sigstore public key. -type PublicKey struct { +// ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key. +type ImagePolicyPublicKeyRootOfTrust struct { // keyData is a required field contains inline base64-encoded data for the PEM format public key. // keyData must be at most 8192 characters. // +required @@ -132,8 +132,8 @@ type PublicKey struct { RekorKeyData []byte `json:"rekorKeyData,omitempty"` } -// FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. -type FulcioCAWithRekor struct { +// ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key. +type ImagePolicyFulcioCAWithRekorRootOfTrust struct { // fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. // fulcioCAData must be at most 8192 characters. // +required @@ -172,8 +172,8 @@ type PolicyFulcioSubject struct { SignedEmail string `json:"signedEmail"` } -// PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates. -type PKI struct { +// ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates. +type ImagePolicyPKIRootOfTrust struct { // caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. // +required // +kubebuilder:validation:MaxLength=8192 diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 313ed57a4..e7680899d 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -102,11 +102,11 @@ type InfrastructureStatus struct { // and the operators should not configure the operand for highly-available operation // The 'External' mode indicates that the control plane is hosted externally to the cluster and that // its components are not visible within the cluster. + // The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes + // that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum. // +kubebuilder:default=HighlyAvailable - // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=HighlyAvailable;SingleReplica;External - // +openshift:validation:FeatureGateAwareEnum:featureGate=HighlyAvailableArbiter,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;External - // +openshift:validation:FeatureGateAwareEnum:featureGate=DualReplica,enum=HighlyAvailable;SingleReplica;DualReplica;External - // +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=HighlyAvailableArbiter;DualReplica,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;DualReplica;External + // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;External + // +openshift:validation:FeatureGateAwareEnum:featureGate=DualReplica,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;DualReplica;External // +optional ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` @@ -295,16 +295,18 @@ type ExternalPlatformSpec struct { // PlatformSpec holds the desired state specific to the underlying infrastructure provider // of the current cluster. Since these are used at spec-level for the underlying cluster, it // is supposed that only one of the spec structs is set. -// +kubebuilder:validation:XValidation:rule="!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters) < 2 : true",message="vcenters can have at most 1 item when configured post-install" +// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="!has(oldSelf.vsphere) && has(self.vsphere) ? (has(self.vsphere.vcenters) && size(self.vsphere.vcenters) < 2) : true",message="vcenters can have at most 1 item when configured post-install" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=VSphereMultiVCenterDay2,rule="oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue() : true",message="vcenters is required once set and cannot be removed" type PlatformSpec struct { // type is the underlying infrastructure provider for the cluster. This // value controls whether infrastructure automation such as service load // balancers, dynamic volume provisioning, machine creation and deletion, and // other integrations are enabled. If None, no infrastructure automation is // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - // "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", - // "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, - // and must handle unrecognized platforms as None if they do not support that platform. + // "OpenStack", "VSphere", "oVirt", "IBMCloud", "KubeVirt", "EquinixMetal", + // "PowerVS", "AlibabaCloud", "Nutanix", "External", and "None". Individual + // components may not support all platforms, and must handle unrecognized + // platforms as None if they do not support that platform. // // +unionDiscriminator Type PlatformType `json:"type"` @@ -786,7 +788,6 @@ type GCPPlatformStatus struct { // // +default={"dnsType": "PlatformDefault"} // +kubebuilder:default={"dnsType": "PlatformDefault"} - // +openshift:enable:FeatureGate=GCPClusterHostedDNSInstall // +optional // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` @@ -1641,21 +1642,24 @@ type VSpherePlatformNodeNetworking struct { // use these fields for configuration. // +kubebuilder:validation:XValidation:rule="!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)",message="apiServerInternalIPs list is required once set" // +kubebuilder:validation:XValidation:rule="!has(oldSelf.ingressIPs) || has(self.ingressIPs)",message="ingressIPs list is required once set" -// +kubebuilder:validation:XValidation:rule="!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters) < 2 : true",message="vcenters can have at most 1 item when configured post-install" type VSpherePlatformSpec struct { // vcenters holds the connection details for services to communicate with vCenter. - // Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. + // Up to 3 vCenters are supported. // Once the cluster has been installed, you are unable to change the current number of defined - // vCenters except in the case where the cluster has been upgraded from a version of OpenShift - // where the vsphere platform spec was not present. You may make modifications to the existing + // vCenters except when 1.) the cluster has been upgraded from a version of OpenShift + // where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and + // remove vCenters but may not remove all vCenters. You may make modifications to the existing // vCenters that are defined in the vcenters list in order to match with any added or modified // failure domains. // --- // + If VCenters is not defined use the existing cloud-config configmap defined // + in openshift-config. - // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=3 - // +kubebuilder:validation:XValidation:rule="size(self) != size(oldSelf) ? size(oldSelf) == 0 && size(self) < 2 : true",message="vcenters cannot be added or removed once set" + // +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="size(self) != size(oldSelf) ? size(oldSelf) == 0 && size(self) < 2 : true",message="vcenters cannot be added or removed once set" + // +openshift:validation:FeatureGateAwareXValidation:featureGate=VSphereMultiVCenterDay2,rule="size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y, y.server == x.server)) : true",message="Cannot add and remove vCenters at the same time" + // +openshift:validation:FeatureGateAwareXValidation:featureGate=VSphereMultiVCenterDay2,rule="size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y, y.server == x.server)) : true",message="Cannot add and remove vCenters at the same time" + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, y.server == x.server))",message="vcenters must have unique server values" // +listType=atomic // +optional VCenters []VSpherePlatformVCenterSpec `json:"vcenters,omitempty"` diff --git a/vendor/github.com/openshift/api/config/v1/types_ingress.go b/vendor/github.com/openshift/api/config/v1/types_ingress.go index f70fe8f44..26e0ebf21 100644 --- a/vendor/github.com/openshift/api/config/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/config/v1/types_ingress.go @@ -43,6 +43,7 @@ type IngressSpec struct { // default ingresscontroller domain will follow this pattern: "*.". // // Once set, changing domain is not currently supported. + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="domain is immutable once set" Domain string `json:"domain"` // appsDomain is an optional domain to use instead of the one specified diff --git a/vendor/github.com/openshift/api/config/v1/types_insights.go b/vendor/github.com/openshift/api/config/v1/types_insights.go new file mode 100644 index 000000000..710d4303d --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/types_insights.go @@ -0,0 +1,231 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// InsightsDataGather provides data gather configuration options for the Insights Operator. +// +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=insightsdatagathers,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2448 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=InsightsConfig +// +openshift:capability=Insights +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type InsightsDataGather struct { + metav1.TypeMeta `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + // spec holds user settable values for configuration + // +required + Spec InsightsDataGatherSpec `json:"spec,omitempty,omitzero"` +} + +// InsightsDataGatherSpec contains the configuration for the data gathering. +type InsightsDataGatherSpec struct { + // gatherConfig is a required spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress. + // +required + GatherConfig GatherConfig `json:"gatherConfig,omitempty,omitzero"` +} + +// GatherConfig provides data gathering configuration options. +type GatherConfig struct { + // dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. + // It may not exceed 2 items and must not contain duplicates. + // Valid values are ObfuscateNetworking and WorkloadNames. + // When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. + // When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. + // When omitted no obfuscation is applied. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))",message="dataPolicy items must be unique" + // +listType=atomic + // +optional + DataPolicy []DataPolicyOption `json:"dataPolicy,omitempty"` + // gatherers is a required field that specifies the configuration of the gatherers. + // +required + Gatherers Gatherers `json:"gatherers,omitempty,omitzero"` + // storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. + // If omitted, the gathering job will use ephemeral storage. + // +optional + Storage Storage `json:"storage,omitempty,omitzero"` +} + +// Gatherers specifies the configuration of the gatherers +// +kubebuilder:validation:XValidation:rule="has(self.mode) && self.mode == 'Custom' ? has(self.custom) : !has(self.custom)",message="custom is required when mode is Custom, and forbidden otherwise" +// +union +type Gatherers struct { + // mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. + // When set to All, all gatherers will run and gather data. + // When set to None, all gatherers will be disabled and no data will be gathered. + // When set to Custom, the custom configuration from the custom field will be applied. + // +unionDiscriminator + // +required + Mode GatheringMode `json:"mode,omitempty"` + // custom provides gathering configuration. + // It is required when mode is Custom, and forbidden otherwise. + // Custom configuration allows user to disable only a subset of gatherers. + // Gatherers that are not explicitly disabled in custom configuration will run. + // +unionMember + // +optional + Custom Custom `json:"custom,omitempty,omitzero"` +} + +// Custom provides the custom configuration of gatherers +type Custom struct { + // configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. + // It may not exceed 100 items and each gatherer can be present only once. + // It is possible to disable an entire set of gatherers while allowing a specific function within that set. + // The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. + // Run the following command to get the names of last active gatherers: + // "oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'" + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=100 + // +listType=map + // +listMapKey=name + // +required + Configs []GathererConfig `json:"configs,omitempty"` +} + +// GatheringMode defines the valid gathering modes. +// +kubebuilder:validation:Enum=All;None;Custom +type GatheringMode string + +const ( + // Enabled enables all gatherers + GatheringModeAll GatheringMode = "All" + // Disabled disables all gatherers + GatheringModeNone GatheringMode = "None" + // Custom applies the configuration from GatheringConfig. + GatheringModeCustom GatheringMode = "Custom" +) + +// DataPolicyOption declares valid data policy options +// +kubebuilder:validation:Enum=ObfuscateNetworking;WorkloadNames +type DataPolicyOption string + +const ( + // IP addresses and cluster domain name are obfuscated + DataPolicyOptionObfuscateNetworking DataPolicyOption = "ObfuscateNetworking" + // Data from Deployment Validation Operator are obfuscated + DataPolicyOptionObfuscateWorkloadNames DataPolicyOption = "WorkloadNames" +) + +// Storage provides persistent storage configuration options for gathering jobs. +// If the type is set to PersistentVolume, then the PersistentVolume must be defined. +// If the type is set to Ephemeral, then the PersistentVolume must not be defined. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'PersistentVolume' ? has(self.persistentVolume) : !has(self.persistentVolume)",message="persistentVolume is required when type is PersistentVolume, and forbidden otherwise" +// +union +type Storage struct { + // type is a required field that specifies the type of storage that will be used to store the Insights data archive. + // Valid values are "PersistentVolume" and "Ephemeral". + // When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. + // When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field. + // +unionDiscriminator + // +required + Type StorageType `json:"type,omitempty"` + // persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. + // The PersistentVolume must be created in the openshift-insights namespace. + // +unionMember + // +optional + PersistentVolume PersistentVolumeConfig `json:"persistentVolume,omitempty,omitzero"` +} + +// StorageType declares valid storage types +// +kubebuilder:validation:Enum=PersistentVolume;Ephemeral +type StorageType string + +const ( + // StorageTypePersistentVolume storage type + StorageTypePersistentVolume StorageType = "PersistentVolume" + // StorageTypeEphemeral storage type + StorageTypeEphemeral StorageType = "Ephemeral" +) + +// PersistentVolumeConfig provides configuration options for PersistentVolume storage. +type PersistentVolumeConfig struct { + // claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. + // The PersistentVolumeClaim must be created in the openshift-insights namespace. + // +required + Claim PersistentVolumeClaimReference `json:"claim,omitempty,omitzero"` + // mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default mount path is /var/lib/insights-operator + // The path may not exceed 1024 characters and must not contain a colon. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:XValidation:rule="!self.contains(':')",message="mountPath must not contain a colon" + // +optional + MountPath string `json:"mountPath,omitempty"` +} + +// PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim. +type PersistentVolumeClaimReference struct { + // name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. + // It is a string that follows the DNS1123 subdomain format. + // It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character. + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +required + Name string `json:"name,omitempty"` +} + +// GathererConfig allows to configure specific gatherers +type GathererConfig struct { + // name is the required name of a specific gatherer. + // It may not exceed 256 characters. + // The format for a gatherer name is: {gatherer}/{function} where the function is optional. + // Gatherer consists of a lowercase letters only that may include underscores (_). + // Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). + // The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. + // Run the following command to get the names of last active gatherers: + // "oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'" + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:XValidation:rule=`self.matches("^[a-z]+[_a-z]*[a-z]([/a-z][_a-z]*)?[a-z]$")`,message=`gatherer name must be in the format of {gatherer}/{function} where the gatherer and function are lowercase letters only that may include underscores (_) and are separated by a forward slash (/) if the function is provided` + // +required + Name string `json:"name,omitempty"` + // state is a required field that allows you to configure specific gatherer. Valid values are "Enabled" and "Disabled". + // When set to Enabled the gatherer will run. + // When set to Disabled the gatherer will not run. + // +required + State GathererState `json:"state,omitempty"` +} + +// GathererState declares valid gatherer state types. +// +kubebuilder:validation:Enum=Enabled;Disabled +type GathererState string + +const ( + // GathererStateEnabled gatherer state, which means that the gatherer will run. + GathererStateEnabled GathererState = "Enabled" + // GathererStateDisabled gatherer state, which means that the gatherer will not run. + GathererStateDisabled GathererState = "Disabled" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// InsightsDataGatherList is a collection of items +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type InsightsDataGatherList struct { + metav1.TypeMeta `json:",inline"` + // metadata is the required standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +required + metav1.ListMeta `json:"metadata,omitempty"` + // items is the required list of InsightsDataGather objects + // it may not exceed 100 items + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=100 + // +required + Items []InsightsDataGather `json:"items,omitempty"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go b/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go index 3293204fa..6b58d9da4 100644 --- a/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go +++ b/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go @@ -1,55 +1,261 @@ package v1 -// KMSConfig defines the configuration for the KMS instance -// that will be used with KMSEncryptionProvider encryption -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'AWS' ? has(self.aws) : !has(self.aws)",message="aws config is required when kms provider type is AWS, and forbidden otherwise" +// KMSPluginConfig defines the configuration for the KMS instance +// that will be used with KMS encryption +// +kubebuilder:validation:XValidation:rule="self.type == 'Vault' ? has(self.vault) : !has(self.vault)",message="vault config is required when kms provider type is Vault, and forbidden otherwise" // +union -type KMSConfig struct { +type KMSPluginConfig struct { // type defines the kind of platform for the KMS provider. - // Available provider types are AWS only. + // Allowed values are Vault. + // When set to Vault, the plugin connects to a HashiCorp Vault server for key management. // // +unionDiscriminator // +required Type KMSProviderType `json:"type"` - // aws defines the key config for using an AWS KMS instance - // for the encryption. The AWS KMS instance is managed + // vault defines the configuration for the Vault KMS plugin. + // The plugin connects to a Vault Enterprise server that is managed // by the user outside the purview of the control plane. + // This field must be set when type is Vault, and must be unset otherwise. // // +unionMember // +optional - AWS *AWSKMSConfig `json:"aws,omitempty"` + Vault VaultKMSPluginConfig `json:"vault,omitempty,omitzero"` + + // --- TOMBSTONE --- + // aws was a field that allowed configuring AWS KMS. + // It was never implemented and has been removed. + // The field name is reserved to prevent reuse. + // + // +optional + // AWS *AWSKMSConfig `json:"aws,omitempty"` } -// AWSKMSConfig defines the KMS config specific to AWS KMS provider -type AWSKMSConfig struct { - // keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. - // The value must adhere to the format `arn:aws:kms:::key/`, where: - // - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - // - `` is a 12-digit numeric identifier for the AWS account. - // - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens. +// --- TOMBSTONE --- +// AWSKMSConfig was a type for AWS KMS configuration that was never implemented. +// The type name is reserved to prevent reuse. +// +// type AWSKMSConfig struct { +// KeyARN string `json:"keyARN"` +// Region string `json:"region"` +// } + +// KMSProviderType is a specific supported KMS provider +// +kubebuilder:validation:Enum=Vault +type KMSProviderType string + +const ( + // VaultKMSProvider represents a supported KMS provider for use with HashiCorp Vault + VaultKMSProvider KMSProviderType = "Vault" + + // --- TOMBSTONE --- + // AWSKMSProvider was a constant for AWS KMS support that was never implemented. + // The constant name is reserved to prevent reuse. + // + // AWSKMSProvider KMSProviderType = "AWS" +) + +// VaultSecretReference references a secret in the openshift-config namespace. +type VaultSecretReference struct { + // name is the metadata.name of the referenced secret in the openshift-config namespace. + // The name must be a valid DNS subdomain name: it must contain no more than 253 characters, + // contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character. // - // +kubebuilder:validation:MaxLength=128 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$')",message="keyARN must follow the format `arn:aws:kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-)." + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="name must be a valid DNS subdomain name: contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character" // +required - KeyARN string `json:"keyARN"` - // region specifies the AWS region where the KMS instance exists, and follows the format - // `--`, e.g.: `us-east-1`. - // Only lowercase letters and hyphens followed by numbers are allowed. + Name string `json:"name,omitempty"` +} + +// VaultConfigMapReference references a ConfigMap in the openshift-config namespace. +type VaultConfigMapReference struct { + // name is the metadata.name of the referenced ConfigMap in the openshift-config namespace. + // The name must be a valid DNS subdomain name: it must contain no more than 253 characters, + // contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character. // - // +kubebuilder:validation:MaxLength=64 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="self.matches('^[a-z0-9]+(-[a-z0-9]+)*$')",message="region must be a valid AWS region, consisting of lowercase characters, digits and hyphens (-) only." + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="name must be a valid DNS subdomain name: contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character" // +required - Region string `json:"region"` + Name string `json:"name,omitempty"` } -// KMSProviderType is a specific supported KMS provider -// +kubebuilder:validation:Enum=AWS -type KMSProviderType string +// VaultAuthentication defines the authentication method used to authenticate with Vault. +// +kubebuilder:validation:XValidation:rule="self.type == 'AppRole' ? has(self.appRole) : !has(self.appRole)",message="appRole config is required when authentication type is AppRole, and forbidden otherwise" +// +union +type VaultAuthentication struct { + // type defines the authentication method used to authenticate with Vault. + // Allowed values are AppRole. + // When set to AppRole, the plugin uses AppRole credentials to authenticate with Vault. + // + // +unionDiscriminator + // +required + Type VaultAuthenticationType `json:"type,omitempty"` + + // appRole defines the configuration for AppRole authentication. + // This field must be set when type is AppRole, and must be unset otherwise. + // + // +unionMember + // +optional + AppRole VaultAppRoleAuthentication `json:"appRole,omitzero"` +} + +// VaultAuthenticationType defines the authentication method type for Vault. +// +kubebuilder:validation:Enum=AppRole +type VaultAuthenticationType string const ( - // AWSKMSProvider represents a supported KMS provider for use with AWS KMS - AWSKMSProvider KMSProviderType = "AWS" + // VaultAuthenticationTypeAppRole represents AppRole authentication method. + VaultAuthenticationTypeAppRole VaultAuthenticationType = "AppRole" ) + +// VaultAppRoleAuthentication defines the configuration for AppRole authentication with Vault. +type VaultAppRoleAuthentication struct { + // secret references a secret in the openshift-config namespace containing + // the AppRole credentials used to authenticate with Vault. + // The referenced Secret must contain two keys: "role-id" for the AppRole Role ID and "secret-id" for the AppRole Secret ID. + // + // +required + Secret VaultSecretReference `json:"secret,omitzero"` +} + +// VaultKMSPluginConfig defines the KMS plugin configuration specific to Vault KMS +type VaultKMSPluginConfig struct { + // kmsPluginImage specifies the container image for the HashiCorp Vault KMS plugin. + // + // The image must be a fully qualified OCI image pull spec with a SHA256 digest. + // The format is: host[:port][/namespace]/name@sha256: + // where the digest must be 64 characters long and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The total length must be between 75 and 447 characters. + // + // Short names (e.g., "vault-plugin" or "hashicorp/vault-plugin") are not allowed. + // The registry hostname must be included and must contain at least one dot. + // Image tags (e.g., ":latest", ":v1.0.0") are not allowed. + // + // Consult the OpenShift documentation for compatible plugin versions with your cluster version, + // then obtain the image digest for that version from HashiCorp's container registry. + // + // For disconnected environments, mirror the plugin image to an accessible registry + // and reference the mirrored location with its digest. + // + // +kubebuilder:validation:MinLength=75 + // +kubebuilder:validation:MaxLength=447 + // +kubebuilder:validation:XValidation:rule=`(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))`,message="the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long" + // +kubebuilder:validation:XValidation:rule=`(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?(/[a-zA-Z0-9-_.]+)+$'))`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme. Short names are not allowed, the registry hostname must be included." + // +required + KMSPluginImage string `json:"kmsPluginImage,omitempty"` + + // vaultAddress specifies the address of the HashiCorp Vault instance. + // The value must be a valid HTTPS URL containing only scheme, host, and optional port. + // Paths, user info, query parameters, and fragments are not allowed. + // + // Format: https://hostname[:port] + // Example: https://vault.example.com:8200 + // + // The value must be between 1 and 512 characters. + // + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getScheme() == 'https'",message="must use the 'https' scheme" + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getEscapedPath() == '' || url(self).getEscapedPath() == '/')",message="must not contain a path" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getQuery() == {}",message="must not have a query" + // +kubebuilder:validation:XValidation:rule="self.find('#(.+)$') == ''",message="must not have a fragment" + // +kubebuilder:validation:XValidation:rule="self.find('@') == ''",message="must not have user info" + // +kubebuilder:validation:MaxLength=512 + // +kubebuilder:validation:MinLength=1 + // +required + VaultAddress string `json:"vaultAddress,omitempty"` + + // vaultNamespace specifies the Vault namespace where the Transit secrets engine is mounted. + // This is only applicable for Vault Enterprise installations. + // When this field is not set, no namespace is used. + // + // The value must be between 1 and 4096 characters. + // The namespace cannot end with a forward slash, cannot contain spaces, and cannot be one of the reserved strings: root, sys, audit, auth, cubbyhole, or identity. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=4096 + // +kubebuilder:validation:XValidation:rule="!self.endsWith('/')",message="vaultNamespace cannot end with a forward slash" + // +kubebuilder:validation:XValidation:rule="!self.contains(' ')",message="vaultNamespace cannot contain spaces" + // +kubebuilder:validation:XValidation:rule="!(self in ['root', 'sys', 'audit', 'auth', 'cubbyhole', 'identity'])",message="vaultNamespace cannot be a reserved string (root, sys, audit, auth, cubbyhole, identity)" + // +optional + VaultNamespace string `json:"vaultNamespace,omitempty"` + + // tls contains the TLS configuration for connecting to the Vault server. + // When this field is not set, system default TLS settings are used. + // +optional + TLS VaultTLSConfig `json:"tls,omitzero"` + + // authentication defines the authentication method used to authenticate with Vault. + // + // +required + Authentication VaultAuthentication `json:"authentication,omitzero"` + + // transitMount specifies the mount path of the Vault Transit engine. + // + // The transit mount must be between 1 and 1024 characters, cannot start or + // end with a forward slash, cannot contain consecutive forward slashes, and + // must only contain RFC 3986 unreserved characters (alphanumeric, hyphen, + // period, underscore, tilde) and forward slashes as path separators. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:XValidation:rule="!self.startsWith('/')",message="transitMount cannot start with a forward slash" + // +kubebuilder:validation:XValidation:rule="!self.endsWith('/')",message="transitMount cannot end with a forward slash" + // +kubebuilder:validation:XValidation:rule="!self.contains('//')",message="transitMount cannot contain consecutive forward slashes" + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._~/-]+$')",message="transitMount must only contain RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward slashes" + // +required + TransitMount string `json:"transitMount,omitempty"` + + // transitKey specifies the name of the encryption key in Vault's Transit engine. + // This key is used to encrypt and decrypt data. + // + // The transit key must be between 1 and 512 characters, cannot contain forward slashes, + // and must only contain alphanumeric characters, hyphens, periods, and underscores. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=512 + // +kubebuilder:validation:XValidation:rule="!self.contains('/')",message="transitKey cannot contain forward slashes" + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="transitKey must only contain alphanumeric characters, hyphens, periods, and underscores" + // +required + TransitKey string `json:"transitKey,omitempty"` +} + +// VaultTLSConfig contains TLS configuration for connecting to Vault. +// +kubebuilder:validation:MinProperties=1 +type VaultTLSConfig struct { + // caBundle references a ConfigMap in the openshift-config namespace containing + // the CA certificate bundle used to verify the TLS connection to the Vault server. + // The referenced ConfigMap must contain the CA bundle in the key "ca-bundle.crt". + // When this field is not set, the system's trusted CA certificates are used. + // + // The namespace for the ConfigMap is openshift-config. + // + // Example ConfigMap: + // apiVersion: v1 + // kind: ConfigMap + // metadata: + // name: vault-ca-bundle + // namespace: openshift-config + // data: + // ca-bundle.crt: | + // -----BEGIN CERTIFICATE----- + // ... + // -----END CERTIFICATE----- + // + // +optional + CABundle VaultConfigMapReference `json:"caBundle,omitzero"` + + // serverName specifies the Server Name Indication (SNI) to use when connecting to Vault via TLS. + // This is useful when the Vault server's hostname doesn't match its TLS certificate. + // When this field is not set, the hostname from vaultAddress is used for SNI. + // + // The value must be a valid DNS hostname: it must contain no more than 253 characters, + // contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character. + // + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="serverName must be a valid DNS hostname: contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character" + // +optional + ServerName string `json:"serverName,omitempty"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index c0d1602b3..5e2eb9337 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -41,7 +41,7 @@ type Network struct { // As a general rule, this SHOULD NOT be read directly. Instead, you should // consume the NetworkStatus, as it indicates the currently deployed configuration. // Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. -// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkDiagnosticsConfig,rule="!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) || self.networkDiagnostics.mode!='Disabled' || !has(self.networkDiagnostics.sourcePlacement) && !has(self.networkDiagnostics.targetPlacement)",message="cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement when networkDiagnostics.mode is Disabled" +// +kubebuilder:validation:XValidation:rule="!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) || self.networkDiagnostics.mode!='Disabled' || !has(self.networkDiagnostics.sourcePlacement) && !has(self.networkDiagnostics.targetPlacement)",message="cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement when networkDiagnostics.mode is Disabled" type NetworkSpec struct { // IP address pool to use for pod IPs. // This field is immutable after installation. @@ -85,8 +85,14 @@ type NetworkSpec struct { // the network diagnostics feature will be disabled. // // +optional - // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig NetworkDiagnostics NetworkDiagnostics `json:"networkDiagnostics"` + + // networkObservability is an optional field that configures network observability installation + // during cluster deployment (day-0). + // When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken. + // +openshift:enable:FeatureGate=NetworkObservabilityInstall + // +optional + NetworkObservability NetworkObservabilitySpec `json:"networkObservability,omitempty,omitzero"` } // NetworkStatus is the current network configuration. @@ -119,7 +125,6 @@ type NetworkStatus struct { // +optional // +listType=map // +listMapKey=type - // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig Conditions []metav1.Condition `json:"conditions,omitempty"` } @@ -306,3 +311,26 @@ type NetworkDiagnosticsTargetPlacement struct { // +listType=atomic Tolerations []corev1.Toleration `json:"tolerations"` } + +// NetworkObservabilityInstallationPolicy is an enumeration of the available network observability installation policies +// Valid values are "InstallAndEnable", "NoAction". +// +kubebuilder:validation:Enum=InstallAndEnable;NoAction +type NetworkObservabilityInstallationPolicy string + +const ( + // NetworkObservabilityInstallAndEnable means that network observability should be installed and enabled during cluster deployment + // Since this was explicitly set to install, if the user remove NetworkObservability, it will be installed again unless the value of InstallationPolicy is changed + NetworkObservabilityInstallAndEnable NetworkObservabilityInstallationPolicy = "InstallAndEnable" + // NetworkObservabilityNoAction means that nothing will be done regarding Network Observability + NetworkObservabilityNoAction NetworkObservabilityInstallationPolicy = "NoAction" +) + +// NetworkObservabilitySpec defines the configuration for network observability installation +type NetworkObservabilitySpec struct { + // installationPolicy controls whether network observability is installed during cluster deployment. + // Valid values are "InstallAndEnable" and "NoAction". + // When set to "InstallAndEnable", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again. + // When set to "NoAction", nothing will be done regarding Network observability. + // +required + InstallationPolicy NetworkObservabilityInstallationPolicy `json:"installationPolicy,omitempty"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go index b18ef647c..2e9be97ae 100644 --- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go +++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go @@ -4,178 +4,137 @@ package v1 // is used by operators to apply TLS security settings to operands. // +union type TLSSecurityProfile struct { - // type is one of Old, Intermediate, Modern or Custom. Custom provides - // the ability to specify individual TLS security profile parameters. - // Old, Intermediate and Modern are TLS security profiles based on: + // type is one of Old, Intermediate, Modern or Custom. Custom provides the + // ability to specify individual TLS security profile parameters. // - // https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + // The cipher and groups lists in these profiles are based on version 5.8 of the + // Mozilla Server Side TLS configuration guidelines. + // See: https://ssl-config.mozilla.org/guidelines/5.8.json // - // The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers - // are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be - // reduced. + // The groups are listed in suggested preference order, with the most preferred group first. + // Note that not all platform components honor the ordering: Go-based components use Go's + // internal preference order and treat this list as a filter of allowed groups rather than + // an ordered preference. + // Note that X25519MLKEM768 is a post-quantum hybrid group that is not + // FIPS-approved and should be ignored by components running in FIPS mode. // - // Note that the Modern profile is currently not supported because it is not - // yet well adopted by common software libraries. + // The profiles are intent based, so they may change over time as new ciphers are + // developed and existing ciphers are found to be insecure. Depending on + // precisely which ciphers are available to a process, the list may be reduced. // // +unionDiscriminator // +optional Type TLSProfileType `json:"type"` - // old is a TLS security profile based on: - // - // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + + // old is a TLS profile for use when services need to be accessed by very old + // clients or libraries and should be used only as a last resort. // - // and looks like this (yaml): + // The supported groups list includes by default the following groups + // in suggested preference order (ordering may not be honored by all implementations): + // X25519MLKEM768, X25519, secp256r1, secp384r1. // + // This profile is equivalent to a Custom profile specified as: + // minTLSVersion: VersionTLS10 // ciphers: - // // - TLS_AES_128_GCM_SHA256 - // // - TLS_AES_256_GCM_SHA384 - // // - TLS_CHACHA20_POLY1305_SHA256 - // // - ECDHE-ECDSA-AES128-GCM-SHA256 - // // - ECDHE-RSA-AES128-GCM-SHA256 - // // - ECDHE-ECDSA-AES256-GCM-SHA384 - // // - ECDHE-RSA-AES256-GCM-SHA384 - // // - ECDHE-ECDSA-CHACHA20-POLY1305 - // // - ECDHE-RSA-CHACHA20-POLY1305 - // - // - DHE-RSA-AES128-GCM-SHA256 - // - // - DHE-RSA-AES256-GCM-SHA384 - // - // - DHE-RSA-CHACHA20-POLY1305 - // // - ECDHE-ECDSA-AES128-SHA256 - // // - ECDHE-RSA-AES128-SHA256 - // // - ECDHE-ECDSA-AES128-SHA - // // - ECDHE-RSA-AES128-SHA - // // - ECDHE-ECDSA-AES256-SHA384 - // // - ECDHE-RSA-AES256-SHA384 - // // - ECDHE-ECDSA-AES256-SHA - // // - ECDHE-RSA-AES256-SHA - // - // - DHE-RSA-AES128-SHA256 - // - // - DHE-RSA-AES256-SHA256 - // // - AES128-GCM-SHA256 - // // - AES256-GCM-SHA384 - // // - AES128-SHA256 - // // - AES256-SHA256 - // // - AES128-SHA - // // - AES256-SHA - // // - DES-CBC3-SHA // - // minTLSVersion: VersionTLS10 - // // +optional // +nullable Old *OldTLSProfile `json:"old,omitempty"` - // intermediate is a TLS security profile based on: - // - // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + + // intermediate is a TLS profile for use when you do not need compatibility with + // legacy clients and want to remain highly secure while being compatible with + // most clients currently in use. // - // and looks like this (yaml): + // The supported groups list includes by default the following groups + // in suggested preference order (ordering may not be honored by all implementations): + // X25519MLKEM768, X25519, secp256r1, secp384r1. // + // This profile is equivalent to a Custom profile specified as: + // minTLSVersion: VersionTLS12 // ciphers: - // // - TLS_AES_128_GCM_SHA256 - // // - TLS_AES_256_GCM_SHA384 - // // - TLS_CHACHA20_POLY1305_SHA256 - // // - ECDHE-ECDSA-AES128-GCM-SHA256 - // // - ECDHE-RSA-AES128-GCM-SHA256 - // // - ECDHE-ECDSA-AES256-GCM-SHA384 - // // - ECDHE-RSA-AES256-GCM-SHA384 - // // - ECDHE-ECDSA-CHACHA20-POLY1305 - // // - ECDHE-RSA-CHACHA20-POLY1305 // - // - DHE-RSA-AES128-GCM-SHA256 - // - // - DHE-RSA-AES256-GCM-SHA384 - // - // minTLSVersion: VersionTLS12 - // // +optional // +nullable Intermediate *IntermediateTLSProfile `json:"intermediate,omitempty"` - // modern is a TLS security profile based on: - // - // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - // - // and looks like this (yaml): - // + + // modern is a TLS security profile for use with clients that support TLS 1.3 and + // do not need backward compatibility for older clients. + // The supported groups list includes by default the following groups + // in suggested preference order (ordering may not be honored by all implementations): + // X25519MLKEM768, X25519, secp256r1, secp384r1. + // This profile is equivalent to a Custom profile specified as: + // minTLSVersion: VersionTLS13 // ciphers: - // // - TLS_AES_128_GCM_SHA256 - // // - TLS_AES_256_GCM_SHA384 - // // - TLS_CHACHA20_POLY1305_SHA256 // - // minTLSVersion: VersionTLS13 - // // +optional // +nullable Modern *ModernTLSProfile `json:"modern,omitempty"` + // custom is a user-defined TLS security profile. Be extremely careful using a custom - // profile as invalid configurations can be catastrophic. An example custom profile - // looks like this: + // profile as invalid configurations can be catastrophic. // - // ciphers: + // The supported groups list for this profile is empty by default. // - // - ECDHE-ECDSA-CHACHA20-POLY1305 + // An example custom profile looks like this: // + // minTLSVersion: VersionTLS11 + // ciphers: + // - ECDHE-ECDSA-CHACHA20-POLY1305 // - ECDHE-RSA-CHACHA20-POLY1305 - // // - ECDHE-RSA-AES128-GCM-SHA256 - // // - ECDHE-ECDSA-AES128-GCM-SHA256 // - // minTLSVersion: VersionTLS11 - // // +optional // +nullable Custom *CustomTLSProfile `json:"custom,omitempty"` } -// OldTLSProfile is a TLS security profile based on: -// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility +// OldTLSProfile is a TLS security profile based on the "old" configuration of +// the Mozilla Server Side TLS configuration guidelines. type OldTLSProfile struct{} -// IntermediateTLSProfile is a TLS security profile based on: -// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 +// IntermediateTLSProfile is a TLS security profile based on the "intermediate" +// configuration of the Mozilla Server Side TLS configuration guidelines. type IntermediateTLSProfile struct{} -// ModernTLSProfile is a TLS security profile based on: -// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility +// ModernTLSProfile is a TLS security profile based on the "modern" configuration +// of the Mozilla Server Side TLS configuration guidelines. type ModernTLSProfile struct{} // CustomTLSProfile is a user-defined TLS security profile. Be extremely careful @@ -189,38 +148,92 @@ type CustomTLSProfile struct { type TLSProfileType string const ( - // Old is a TLS security profile based on: - // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + // TLSProfileOldType sets parameters based on the "old" configuration of + // the Mozilla Server Side TLS configuration guidelines. TLSProfileOldType TLSProfileType = "Old" - // Intermediate is a TLS security profile based on: - // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 + + // TLSProfileIntermediateType sets parameters based on the "intermediate" + // configuration of the Mozilla Server Side TLS configuration guidelines. TLSProfileIntermediateType TLSProfileType = "Intermediate" - // Modern is a TLS security profile based on: - // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + + // TLSProfileModernType sets parameters based on the "modern" configuration + // of the Mozilla Server Side TLS configuration guidelines. TLSProfileModernType TLSProfileType = "Modern" - // Custom is a TLS security profile that allows for user-defined parameters. + + // TLSProfileCustomType is a TLS security profile that allows for user-defined parameters. TLSProfileCustomType TLSProfileType = "Custom" ) +// TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. +// There is a one-to-one mapping between these names and the group IDs defined +// in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: +// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 +// Note that X25519MLKEM768 is a post-quantum hybrid group that is not +// FIPS-approved and should be ignored by components running in FIPS mode. +// +// +kubebuilder:validation:Enum=X25519;secp256r1;secp384r1;secp521r1;X25519MLKEM768;SecP256r1MLKEM768;SecP384r1MLKEM1024 +type TLSGroup string + +const ( + // TLSGroupX25519 represents X25519. + TLSGroupX25519 TLSGroup = "X25519" + // TLSGroupSecP256r1 represents P-256 (secp256r1). + TLSGroupSecP256r1 TLSGroup = "secp256r1" + // TLSGroupSecP384r1 represents P-384 (secp384r1). + TLSGroupSecP384r1 TLSGroup = "secp384r1" + // TLSGroupSecP521r1 represents P-521 (secp521r1). + TLSGroupSecP521r1 TLSGroup = "secp521r1" + // TLSGroupX25519MLKEM768 represents X25519MLKEM768. + TLSGroupX25519MLKEM768 TLSGroup = "X25519MLKEM768" + // TLSGroupSecP256r1MLKEM768 represents SecP256r1MLKEM768. + TLSGroupSecP256r1MLKEM768 TLSGroup = "SecP256r1MLKEM768" + // TLSGroupSecP384r1MLKEM1024 represents SecP384r1MLKEM1024. + TLSGroupSecP384r1MLKEM1024 TLSGroup = "SecP384r1MLKEM1024" +) + // TLSProfileSpec is the desired behavior of a TLSSecurityProfile. type TLSProfileSpec struct { // ciphers is used to specify the cipher algorithms that are negotiated - // during the TLS handshake. Operators may remove entries their operands - // do not support. For example, to use DES-CBC3-SHA (yaml): + // during the TLS handshake. Operators may remove entries that their operands + // do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): // // ciphers: - // - DES-CBC3-SHA + // - ECDHE-RSA-AES128-GCM-SHA256 // + // TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + // and are always enabled when TLS 1.3 is negotiated. // +listType=atomic Ciphers []string `json:"ciphers"` + // groups is an optional, ordered field used to specify the supported groups (formerly known as + // elliptic curves) that are used during the TLS handshake. The order of the groups represents + // a suggested preference, with the most preferred group first. Note that not all platform + // components honor the ordering: Go-based components use Go's internal preference order and + // treat this list as a filter of allowed groups rather than an ordered preference. + // Operators may remove entries their operands do not support. + // + // When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + // subject to change over time and may be different per platform component depending on the underlying TLS + // libraries they use. If specified, the list must contain at least one and at most 7 groups, + // and each group must be unique. + // + // For example, to use X25519 and secp256r1 (yaml): + // + // groups: + // - X25519 + // - secp256r1 + // + // +optional + // +listType=set + // +kubebuilder:validation:MaxItems=7 + // +kubebuilder:validation:MinItems=1 + // +openshift:enable:FeatureGate=TLSGroupPreferences + Groups []TLSGroup `json:"groups,omitempty"` // minTLSVersion is used to specify the minimal version of the TLS protocol // that is negotiated during the TLS handshake. For example, to use TLS // versions 1.1, 1.2 and 1.3 (yaml): // // minTLSVersion: VersionTLS11 // - // NOTE: currently the highest minTLSVersion allowed is VersionTLS12 - // MinTLSVersion TLSProtocolVersion `json:"minTLSVersion"` } @@ -245,11 +258,24 @@ const ( VersionTLS13 TLSProtocolVersion = "VersionTLS13" ) -// TLSProfiles Contains a map of TLSProfileType names to TLSProfileSpec. +// TLSProfiles contains a map of TLSProfileType names to TLSProfileSpec. +// +// The cipher and groups lists in these profiles are based on version 5.8 of the +// Mozilla Server Side TLS configuration guidelines. +// See: https://ssl-config.mozilla.org/guidelines/5.8.json // -// NOTE: The caller needs to make sure to check that these constants are valid for their binary. Not all -// entries map to values for all binaries. In the case of ties, the kube-apiserver wins. Do not fail, -// just be sure to whitelist only and everything will be ok. +// Each Ciphers slice is the configuration's "ciphersuites" followed by the +// "ciphers" from the guidelines JSON. +// +// Groups are listed in suggested preference order, though Go-based components may use +// their own internal ordering. TLSProfiles Old, Intermediate, Modern include by default +// the following groups: X25519MLKEM768, X25519, secp256r1, secp384r1 +// +// NOTE: The caller needs to make sure to check that these constants are valid +// for their binary. Not all entries map to values for all binaries. In the case +// of ties, the kube-apiserver wins. Do not fail, just be sure to include only +// valid entries and everything will be ok. In particular, X25519MLKEM768 is +// not FIPS-approved and must be omitted by components running in FIPS mode. var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ TLSProfileOldType: { Ciphers: []string{ @@ -262,9 +288,6 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", - "DHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", @@ -273,8 +296,6 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "ECDHE-RSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA", - "DHE-RSA-AES128-SHA256", - "DHE-RSA-AES256-SHA256", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA256", @@ -283,6 +304,12 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "AES256-SHA", "DES-CBC3-SHA", }, + Groups: []TLSGroup{ + TLSGroupX25519MLKEM768, + TLSGroupX25519, + TLSGroupSecP256r1, + TLSGroupSecP384r1, + }, MinTLSVersion: VersionTLS10, }, TLSProfileIntermediateType: { @@ -296,8 +323,12 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", + }, + Groups: []TLSGroup{ + TLSGroupX25519MLKEM768, + TLSGroupX25519, + TLSGroupSecP256r1, + TLSGroupSecP384r1, }, MinTLSVersion: VersionTLS12, }, @@ -307,6 +338,12 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", }, + Groups: []TLSGroup{ + TLSGroupX25519MLKEM768, + TLSGroupX25519, + TLSGroupSecP256r1, + TLSGroupSecP384r1, + }, MinTLSVersion: VersionTLS13, }, } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index fe8c11227..13f1bc390 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -42,11 +42,7 @@ func (in *APIServer) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *APIServerEncryption) DeepCopyInto(out *APIServerEncryption) { *out = *in - if in.KMS != nil { - in, out := &in.KMS, &out.KMS - *out = new(KMSConfig) - (*in).DeepCopyInto(*out) - } + out.KMS = in.KMS return } @@ -148,7 +144,7 @@ func (in *APIServerSpec) DeepCopyInto(out *APIServerSpec) { *out = make([]string, len(*in)) copy(*out, *in) } - in.Encryption.DeepCopyInto(&out.Encryption) + out.Encryption = in.Encryption if in.TLSSecurityProfile != nil { in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile *out = new(TLSSecurityProfile) @@ -216,22 +212,6 @@ func (in *AWSIngressSpec) DeepCopy() *AWSIngressSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AWSKMSConfig) DeepCopyInto(out *AWSKMSConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSKMSConfig. -func (in *AWSKMSConfig) DeepCopy() *AWSKMSConfig { - if in == nil { - return nil - } - out := new(AWSKMSConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSPlatformSpec) DeepCopyInto(out *AWSPlatformSpec) { *out = *in @@ -316,6 +296,22 @@ func (in *AWSServiceEndpoint) DeepCopy() *AWSServiceEndpoint { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AcceptRisk) DeepCopyInto(out *AcceptRisk) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AcceptRisk. +func (in *AcceptRisk) DeepCopy() *AcceptRisk { + if in == nil { + return nil + } + out := new(AcceptRisk) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdmissionConfig) DeepCopyInto(out *AdmissionConfig) { *out = *in @@ -940,6 +936,45 @@ func (in *ClientConnectionOverrides) DeepCopy() *ClientConnectionOverrides { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientCredentialConfig) DeepCopyInto(out *ClientCredentialConfig) { + *out = *in + out.ClientSecret = in.ClientSecret + if in.Scopes != nil { + in, out := &in.Scopes, &out.Scopes + *out = make([]OAuth2Scope, len(*in)) + copy(*out, *in) + } + out.TLS = in.TLS + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientCredentialConfig. +func (in *ClientCredentialConfig) DeepCopy() *ClientCredentialConfig { + if in == nil { + return nil + } + out := new(ClientCredentialConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientSecretSecretReference) DeepCopyInto(out *ClientSecretSecretReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientSecretSecretReference. +func (in *ClientSecretSecretReference) DeepCopy() *ClientSecretSecretReference { + if in == nil { + return nil + } + out := new(ClientSecretSecretReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CloudControllerManagerStatus) DeepCopyInto(out *CloudControllerManagerStatus) { *out = *in @@ -1393,7 +1428,7 @@ func (in *ClusterVersionSpec) DeepCopyInto(out *ClusterVersionSpec) { if in.DesiredUpdate != nil { in, out := &in.DesiredUpdate, &out.DesiredUpdate *out = new(Update) - **out = **in + (*in).DeepCopyInto(*out) } if in.Capabilities != nil { in, out := &in.Capabilities, &out.Capabilities @@ -1456,6 +1491,13 @@ func (in *ClusterVersionStatus) DeepCopyInto(out *ClusterVersionStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ConditionalUpdateRisks != nil { + in, out := &in.ConditionalUpdateRisks, &out.ConditionalUpdateRisks + *out = make([]ConditionalUpdateRisk, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -1544,6 +1586,11 @@ func (in *ComponentRouteStatus) DeepCopy() *ComponentRouteStatus { func (in *ConditionalUpdate) DeepCopyInto(out *ConditionalUpdate) { *out = *in in.Release.DeepCopyInto(&out.Release) + if in.RiskNames != nil { + in, out := &in.RiskNames, &out.RiskNames + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.Risks != nil { in, out := &in.Risks, &out.Risks *out = make([]ConditionalUpdateRisk, len(*in)) @@ -1574,6 +1621,13 @@ func (in *ConditionalUpdate) DeepCopy() *ConditionalUpdate { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionalUpdateRisk) DeepCopyInto(out *ConditionalUpdateRisk) { *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.MatchingRules != nil { in, out := &in.MatchingRules, &out.MatchingRules *out = make([]ClusterCondition, len(*in)) @@ -1736,6 +1790,27 @@ func (in *ConsoleStatus) DeepCopy() *ConsoleStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Custom) DeepCopyInto(out *Custom) { + *out = *in + if in.Configs != nil { + in, out := &in.Configs, &out.Configs + *out = make([]GathererConfig, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Custom. +func (in *Custom) DeepCopy() *Custom { + if in == nil { + return nil + } + out := new(Custom) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomFeatureGates) DeepCopyInto(out *CustomFeatureGates) { *out = *in @@ -2047,6 +2122,35 @@ func (in *EtcdStorageConfig) DeepCopy() *EtcdStorageConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalClaimsSource) DeepCopyInto(out *ExternalClaimsSource) { + *out = *in + in.Authentication.DeepCopyInto(&out.Authentication) + out.TLS = in.TLS + out.URL = in.URL + if in.Mappings != nil { + in, out := &in.Mappings, &out.Mappings + *out = make([]SourcedClaimMapping, len(*in)) + copy(*out, *in) + } + if in.Predicates != nil { + in, out := &in.Predicates, &out.Predicates + *out = make([]ExternalSourcePredicate, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalClaimsSource. +func (in *ExternalClaimsSource) DeepCopy() *ExternalClaimsSource { + if in == nil { + return nil + } + out := new(ExternalClaimsSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExternalIPConfig) DeepCopyInto(out *ExternalIPConfig) { *out = *in @@ -2132,6 +2236,72 @@ func (in *ExternalPlatformStatus) DeepCopy() *ExternalPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalSourceAuthentication) DeepCopyInto(out *ExternalSourceAuthentication) { + *out = *in + in.ClientCredential.DeepCopyInto(&out.ClientCredential) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourceAuthentication. +func (in *ExternalSourceAuthentication) DeepCopy() *ExternalSourceAuthentication { + if in == nil { + return nil + } + out := new(ExternalSourceAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalSourceCertificateAuthorityConfigMapReference) DeepCopyInto(out *ExternalSourceCertificateAuthorityConfigMapReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourceCertificateAuthorityConfigMapReference. +func (in *ExternalSourceCertificateAuthorityConfigMapReference) DeepCopy() *ExternalSourceCertificateAuthorityConfigMapReference { + if in == nil { + return nil + } + out := new(ExternalSourceCertificateAuthorityConfigMapReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalSourcePredicate) DeepCopyInto(out *ExternalSourcePredicate) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourcePredicate. +func (in *ExternalSourcePredicate) DeepCopy() *ExternalSourcePredicate { + if in == nil { + return nil + } + out := new(ExternalSourcePredicate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalSourceTLS) DeepCopyInto(out *ExternalSourceTLS) { + *out = *in + out.CertificateAuthority = in.CertificateAuthority + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourceTLS. +func (in *ExternalSourceTLS) DeepCopy() *ExternalSourceTLS { + if in == nil { + return nil + } + out := new(ExternalSourceTLS) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExtraMapping) DeepCopyInto(out *ExtraMapping) { *out = *in @@ -2340,33 +2510,6 @@ func (in *FeatureGateTests) DeepCopy() *FeatureGateTests { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FulcioCAWithRekor) DeepCopyInto(out *FulcioCAWithRekor) { - *out = *in - if in.FulcioCAData != nil { - in, out := &in.FulcioCAData, &out.FulcioCAData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.FulcioSubject = in.FulcioSubject - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FulcioCAWithRekor. -func (in *FulcioCAWithRekor) DeepCopy() *FulcioCAWithRekor { - if in == nil { - return nil - } - out := new(FulcioCAWithRekor) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPPlatformSpec) DeepCopyInto(out *GCPPlatformSpec) { *out = *in @@ -2446,6 +2589,62 @@ func (in *GCPResourceTag) DeepCopy() *GCPResourceTag { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatherConfig) DeepCopyInto(out *GatherConfig) { + *out = *in + if in.DataPolicy != nil { + in, out := &in.DataPolicy, &out.DataPolicy + *out = make([]DataPolicyOption, len(*in)) + copy(*out, *in) + } + in.Gatherers.DeepCopyInto(&out.Gatherers) + out.Storage = in.Storage + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatherConfig. +func (in *GatherConfig) DeepCopy() *GatherConfig { + if in == nil { + return nil + } + out := new(GatherConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GathererConfig) DeepCopyInto(out *GathererConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GathererConfig. +func (in *GathererConfig) DeepCopy() *GathererConfig { + if in == nil { + return nil + } + out := new(GathererConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Gatherers) DeepCopyInto(out *Gatherers) { + *out = *in + in.Custom.DeepCopyInto(&out.Custom) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gatherers. +func (in *Gatherers) DeepCopy() *Gatherers { + if in == nil { + return nil + } + out := new(Gatherers) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) { *out = *in @@ -2475,6 +2674,7 @@ func (in *GenericAPIServerConfig) DeepCopy() *GenericAPIServerConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericControllerConfig) DeepCopyInto(out *GenericControllerConfig) { *out = *in + out.TypeMeta = in.TypeMeta in.ServingInfo.DeepCopyInto(&out.ServingInfo) out.LeaderElection = in.LeaderElection out.Authentication = in.Authentication @@ -3067,6 +3267,33 @@ func (in *ImagePolicy) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopyInto(out *ImagePolicyFulcioCAWithRekorRootOfTrust) { + *out = *in + if in.FulcioCAData != nil { + in, out := &in.FulcioCAData, &out.FulcioCAData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.RekorKeyData != nil { + in, out := &in.RekorKeyData, &out.RekorKeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + out.FulcioSubject = in.FulcioSubject + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyFulcioCAWithRekorRootOfTrust. +func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopy() *ImagePolicyFulcioCAWithRekorRootOfTrust { + if in == nil { + return nil + } + out := new(ImagePolicyFulcioCAWithRekorRootOfTrust) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImagePolicyList) DeepCopyInto(out *ImagePolicyList) { *out = *in @@ -3101,32 +3328,85 @@ func (in *ImagePolicyList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicySpec) DeepCopyInto(out *ImagePolicySpec) { +func (in *ImagePolicyPKIRootOfTrust) DeepCopyInto(out *ImagePolicyPKIRootOfTrust) { *out = *in - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]ImageScope, len(*in)) + if in.CertificateAuthorityRootsData != nil { + in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData + *out = make([]byte, len(*in)) copy(*out, *in) } - in.Policy.DeepCopyInto(&out.Policy) + if in.CertificateAuthorityIntermediatesData != nil { + in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + out.PKICertificateSubject = in.PKICertificateSubject return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicySpec. -func (in *ImagePolicySpec) DeepCopy() *ImagePolicySpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPKIRootOfTrust. +func (in *ImagePolicyPKIRootOfTrust) DeepCopy() *ImagePolicyPKIRootOfTrust { if in == nil { return nil } - out := new(ImagePolicySpec) + out := new(ImagePolicyPKIRootOfTrust) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyStatus) DeepCopyInto(out *ImagePolicyStatus) { +func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopyInto(out *ImagePolicyPublicKeyRootOfTrust) { *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions + if in.KeyData != nil { + in, out := &in.KeyData, &out.KeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.RekorKeyData != nil { + in, out := &in.RekorKeyData, &out.RekorKeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPublicKeyRootOfTrust. +func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopy() *ImagePolicyPublicKeyRootOfTrust { + if in == nil { + return nil + } + out := new(ImagePolicyPublicKeyRootOfTrust) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePolicySpec) DeepCopyInto(out *ImagePolicySpec) { + *out = *in + if in.Scopes != nil { + in, out := &in.Scopes, &out.Scopes + *out = make([]ImageScope, len(*in)) + copy(*out, *in) + } + in.Policy.DeepCopyInto(&out.Policy) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicySpec. +func (in *ImagePolicySpec) DeepCopy() *ImagePolicySpec { + if in == nil { + return nil + } + out := new(ImagePolicySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePolicyStatus) DeepCopyInto(out *ImagePolicyStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) @@ -3145,6 +3425,28 @@ func (in *ImagePolicyStatus) DeepCopy() *ImagePolicyStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageSigstoreVerificationPolicy) DeepCopyInto(out *ImageSigstoreVerificationPolicy) { + *out = *in + in.RootOfTrust.DeepCopyInto(&out.RootOfTrust) + if in.SignedIdentity != nil { + in, out := &in.SignedIdentity, &out.SignedIdentity + *out = new(PolicyIdentity) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSigstoreVerificationPolicy. +func (in *ImageSigstoreVerificationPolicy) DeepCopy() *ImageSigstoreVerificationPolicy { + if in == nil { + return nil + } + out := new(ImageSigstoreVerificationPolicy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImageSpec) DeepCopyInto(out *ImageSpec) { *out = *in @@ -3549,6 +3851,83 @@ func (in *IngressStatus) DeepCopy() *IngressStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InsightsDataGather) DeepCopyInto(out *InsightsDataGather) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGather. +func (in *InsightsDataGather) DeepCopy() *InsightsDataGather { + if in == nil { + return nil + } + out := new(InsightsDataGather) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InsightsDataGather) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InsightsDataGatherList) DeepCopyInto(out *InsightsDataGatherList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]InsightsDataGather, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherList. +func (in *InsightsDataGatherList) DeepCopy() *InsightsDataGatherList { + if in == nil { + return nil + } + out := new(InsightsDataGatherList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InsightsDataGatherList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InsightsDataGatherSpec) DeepCopyInto(out *InsightsDataGatherSpec) { + *out = *in + in.GatherConfig.DeepCopyInto(&out.GatherConfig) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherSpec. +func (in *InsightsDataGatherSpec) DeepCopy() *InsightsDataGatherSpec { + if in == nil { + return nil + } + out := new(InsightsDataGatherSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IntermediateTLSProfile) DeepCopyInto(out *IntermediateTLSProfile) { *out = *in @@ -3566,22 +3945,18 @@ func (in *IntermediateTLSProfile) DeepCopy() *IntermediateTLSProfile { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KMSConfig) DeepCopyInto(out *KMSConfig) { +func (in *KMSPluginConfig) DeepCopyInto(out *KMSPluginConfig) { *out = *in - if in.AWS != nil { - in, out := &in.AWS, &out.AWS - *out = new(AWSKMSConfig) - **out = **in - } + out.Vault = in.Vault return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSConfig. -func (in *KMSConfig) DeepCopy() *KMSConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSPluginConfig. +func (in *KMSPluginConfig) DeepCopy() *KMSPluginConfig { if in == nil { return nil } - out := new(KMSConfig) + out := new(KMSPluginConfig) in.DeepCopyInto(out) return out } @@ -4019,6 +4394,22 @@ func (in *NetworkMigration) DeepCopy() *NetworkMigration { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkObservabilitySpec) DeepCopyInto(out *NetworkObservabilitySpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkObservabilitySpec. +func (in *NetworkObservabilitySpec) DeepCopy() *NetworkObservabilitySpec { + if in == nil { + return nil + } + out := new(NetworkObservabilitySpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = *in @@ -4038,6 +4429,7 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { (*in).DeepCopyInto(*out) } in.NetworkDiagnostics.DeepCopyInto(&out.NetworkDiagnostics) + out.NetworkObservability = in.NetworkObservability return } @@ -4578,6 +4970,18 @@ func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.UserValidationRules != nil { + in, out := &in.UserValidationRules, &out.UserValidationRules + *out = make([]TokenUserValidationRule, len(*in)) + copy(*out, *in) + } + if in.ExternalClaimsSources != nil { + in, out := &in.ExternalClaimsSources, &out.ExternalClaimsSources + *out = make([]ExternalClaimsSource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -4956,44 +5360,50 @@ func (in *OvirtPlatformStatus) DeepCopy() *OvirtPlatformStatus { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PKI) DeepCopyInto(out *PKI) { +func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) { *out = *in - if in.CertificateAuthorityRootsData != nil { - in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.CertificateAuthorityIntermediatesData != nil { - in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData - *out = make([]byte, len(*in)) - copy(*out, *in) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICertificateSubject. +func (in *PKICertificateSubject) DeepCopy() *PKICertificateSubject { + if in == nil { + return nil } - out.PKICertificateSubject = in.PKICertificateSubject + out := new(PKICertificateSubject) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PersistentVolumeClaimReference) DeepCopyInto(out *PersistentVolumeClaimReference) { + *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKI. -func (in *PKI) DeepCopy() *PKI { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimReference. +func (in *PersistentVolumeClaimReference) DeepCopy() *PersistentVolumeClaimReference { if in == nil { return nil } - out := new(PKI) + out := new(PersistentVolumeClaimReference) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) { +func (in *PersistentVolumeConfig) DeepCopyInto(out *PersistentVolumeConfig) { *out = *in + out.Claim = in.Claim return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICertificateSubject. -func (in *PKICertificateSubject) DeepCopy() *PKICertificateSubject { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeConfig. +func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig { if in == nil { return nil } - out := new(PKICertificateSubject) + out := new(PersistentVolumeConfig) in.DeepCopyInto(out) return out } @@ -5170,28 +5580,6 @@ func (in *PlatformStatus) DeepCopy() *PlatformStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Policy) DeepCopyInto(out *Policy) { - *out = *in - in.RootOfTrust.DeepCopyInto(&out.RootOfTrust) - if in.SignedIdentity != nil { - in, out := &in.SignedIdentity, &out.SignedIdentity - *out = new(PolicyIdentity) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. -func (in *Policy) DeepCopy() *Policy { - if in == nil { - return nil - } - out := new(Policy) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PolicyFulcioSubject) DeepCopyInto(out *PolicyFulcioSubject) { *out = *in @@ -5271,17 +5659,17 @@ func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) { *out = *in if in.PublicKey != nil { in, out := &in.PublicKey, &out.PublicKey - *out = new(PublicKey) + *out = new(ImagePolicyPublicKeyRootOfTrust) (*in).DeepCopyInto(*out) } if in.FulcioCAWithRekor != nil { in, out := &in.FulcioCAWithRekor, &out.FulcioCAWithRekor - *out = new(FulcioCAWithRekor) + *out = new(ImagePolicyFulcioCAWithRekorRootOfTrust) (*in).DeepCopyInto(*out) } if in.PKI != nil { in, out := &in.PKI, &out.PKI - *out = new(PKI) + *out = new(ImagePolicyPKIRootOfTrust) (*in).DeepCopyInto(*out) } return @@ -5597,32 +5985,6 @@ func (in *ProxyStatus) DeepCopy() *ProxyStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PublicKey) DeepCopyInto(out *PublicKey) { - *out = *in - if in.KeyData != nil { - in, out := &in.KeyData, &out.KeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKey. -func (in *PublicKey) DeepCopy() *PublicKey { - if in == nil { - return nil - } - out := new(PublicKey) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegistryLocation) DeepCopyInto(out *RegistryLocation) { *out = *in @@ -5960,6 +6322,55 @@ func (in *SignatureStore) DeepCopy() *SignatureStore { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SourceURL) DeepCopyInto(out *SourceURL) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceURL. +func (in *SourceURL) DeepCopy() *SourceURL { + if in == nil { + return nil + } + out := new(SourceURL) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SourcedClaimMapping) DeepCopyInto(out *SourcedClaimMapping) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourcedClaimMapping. +func (in *SourcedClaimMapping) DeepCopy() *SourcedClaimMapping { + if in == nil { + return nil + } + out := new(SourcedClaimMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Storage) DeepCopyInto(out *Storage) { + *out = *in + out.PersistentVolume = in.PersistentVolume + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Storage. +func (in *Storage) DeepCopy() *Storage { + if in == nil { + return nil + } + out := new(Storage) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *StringSource) DeepCopyInto(out *StringSource) { *out = *in @@ -6001,6 +6412,11 @@ func (in *TLSProfileSpec) DeepCopyInto(out *TLSProfileSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]TLSGroup, len(*in)) + copy(*out, *in) + } return } @@ -6201,6 +6617,22 @@ func (in *TokenClaimOrExpressionMapping) DeepCopy() *TokenClaimOrExpressionMappi return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenClaimValidationCELRule) DeepCopyInto(out *TokenClaimValidationCELRule) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenClaimValidationCELRule. +func (in *TokenClaimValidationCELRule) DeepCopy() *TokenClaimValidationCELRule { + if in == nil { + return nil + } + out := new(TokenClaimValidationCELRule) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenClaimValidationRule) DeepCopyInto(out *TokenClaimValidationRule) { *out = *in @@ -6209,6 +6641,7 @@ func (in *TokenClaimValidationRule) DeepCopyInto(out *TokenClaimValidationRule) *out = new(TokenRequiredClaim) **out = **in } + out.CEL = in.CEL return } @@ -6281,9 +6714,30 @@ func (in *TokenRequiredClaim) DeepCopy() *TokenRequiredClaim { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenUserValidationRule) DeepCopyInto(out *TokenUserValidationRule) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenUserValidationRule. +func (in *TokenUserValidationRule) DeepCopy() *TokenUserValidationRule { + if in == nil { + return nil + } + out := new(TokenUserValidationRule) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Update) DeepCopyInto(out *Update) { *out = *in + if in.AcceptRisks != nil { + in, out := &in.AcceptRisks, &out.AcceptRisks + *out = make([]AcceptRisk, len(*in)) + copy(*out, *in) + } return } @@ -6619,6 +7073,107 @@ func (in *VSpherePlatformVCenterSpec) DeepCopy() *VSpherePlatformVCenterSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultAppRoleAuthentication) DeepCopyInto(out *VaultAppRoleAuthentication) { + *out = *in + out.Secret = in.Secret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRoleAuthentication. +func (in *VaultAppRoleAuthentication) DeepCopy() *VaultAppRoleAuthentication { + if in == nil { + return nil + } + out := new(VaultAppRoleAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultAuthentication) DeepCopyInto(out *VaultAuthentication) { + *out = *in + out.AppRole = in.AppRole + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuthentication. +func (in *VaultAuthentication) DeepCopy() *VaultAuthentication { + if in == nil { + return nil + } + out := new(VaultAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultConfigMapReference) DeepCopyInto(out *VaultConfigMapReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultConfigMapReference. +func (in *VaultConfigMapReference) DeepCopy() *VaultConfigMapReference { + if in == nil { + return nil + } + out := new(VaultConfigMapReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultKMSPluginConfig) DeepCopyInto(out *VaultKMSPluginConfig) { + *out = *in + out.TLS = in.TLS + out.Authentication = in.Authentication + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKMSPluginConfig. +func (in *VaultKMSPluginConfig) DeepCopy() *VaultKMSPluginConfig { + if in == nil { + return nil + } + out := new(VaultKMSPluginConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultSecretReference) DeepCopyInto(out *VaultSecretReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretReference. +func (in *VaultSecretReference) DeepCopy() *VaultSecretReference { + if in == nil { + return nil + } + out := new(VaultSecretReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultTLSConfig) DeepCopyInto(out *VaultTLSConfig) { + *out = *in + out.CABundle = in.CABundle + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTLSConfig. +func (in *VaultTLSConfig) DeepCopy() *VaultTLSConfig { + if in == nil { + return nil + } + out := new(VaultTLSConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebhookTokenAuthenticator) DeepCopyInto(out *WebhookTokenAuthenticator) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index e56c1a15a..13635bff4 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -6,7 +6,9 @@ apiservers.config.openshift.io: Capability: "" Category: "" FeatureGates: - - KMSEncryptionProvider + - KMSEncryption + - TLSAdherence + - TLSGroupPreferences FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -30,7 +32,9 @@ authentications.config.openshift.io: Category: "" FeatureGates: - ExternalOIDC + - ExternalOIDCExternalClaimsSourcing - ExternalOIDCWithUIDAndExtraClaimMappings + - ExternalOIDCWithUpstreamParity FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -141,6 +145,8 @@ clusterversions.config.openshift.io: Capability: "" Category: "" FeatureGates: + - ClusterUpdateAcceptRisks + - ClusterUpdatePreflight - ImageStreamImportMode - SignatureStores FilenameOperatorName: cluster-version-operator @@ -201,7 +207,8 @@ dnses.config.openshift.io: CRDName: dnses.config.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - AWSEuropeanSovereignCloudInstall FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -367,13 +374,11 @@ infrastructures.config.openshift.io: - AzureDualStackInstall - DualReplica - DyanmicServiceEndpointIBMCloud - - GCPClusterHostedDNSInstall - - HighlyAvailableArbiter - - HighlyAvailableArbiter+DualReplica - NutanixMultiSubnets - OnPremDNSRecords - VSphereHostVMGroupZonal - VSphereMultiNetworks + - VSphereMultiVCenterDay2 FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -410,6 +415,29 @@ ingresses.config.openshift.io: TopLevelFeatureGates: [] Version: v1 +insightsdatagathers.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/2448 + CRDName: insightsdatagathers.config.openshift.io + Capability: Insights + Category: "" + FeatureGates: + - InsightsConfig + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: false + KindName: InsightsDataGather + Labels: {} + PluralName: insightsdatagathers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - InsightsConfig + Version: v1 + networks.config.openshift.io: Annotations: release.openshift.io/bootstrap-required: "true" @@ -418,7 +446,7 @@ networks.config.openshift.io: Capability: "" Category: "" FeatureGates: - - NetworkDiagnosticsConfig + - NetworkObservabilityInstall FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go new file mode 100644 index 000000000..95c0e67d6 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go @@ -0,0 +1,1546 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1 + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerEncryption) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerEncryption" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerNamedServingCert) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerNamedServingCert" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerServingCerts) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerServingCerts" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSDNSSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSDNSSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSIngressSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSIngressSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSResourceTag) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSResourceTag" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSServiceEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSServiceEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AcceptRisk) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AcceptRisk" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AdmissionConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AdmissionConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AdmissionPluginConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AdmissionPluginConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AlibabaCloudPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AlibabaCloudPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AlibabaCloudResourceTag) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AlibabaCloudResourceTag" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Audit) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Audit" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuditConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AuditConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuditCustomRule) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AuditCustomRule" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Authentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Authentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuthenticationList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AuthenticationList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuthenticationSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AuthenticationSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuthenticationStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AuthenticationStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AzurePlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AzurePlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AzurePlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AzurePlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AzureResourceTag) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AzureResourceTag" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BareMetalPlatformLoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BareMetalPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BareMetalPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BareMetalPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BareMetalPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BasicAuthIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BasicAuthIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Build) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Build" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BuildDefaults) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BuildDefaults" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BuildList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BuildList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BuildOverrides) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BuildOverrides" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BuildSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BuildSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CertInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CertInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClientConnectionOverrides) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClientConnectionOverrides" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClientCredentialConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClientCredentialConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClientSecretSecretReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClientSecretSecretReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CloudControllerManagerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CloudControllerManagerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CloudLoadBalancerConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CloudLoadBalancerConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CloudLoadBalancerIPs) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CloudLoadBalancerIPs" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterCondition) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterCondition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterImagePolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterImagePolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterImagePolicyList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterImagePolicyList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterImagePolicySpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterImagePolicySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterImagePolicyStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterImagePolicyStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterNetworkEntry) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterNetworkEntry" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterOperator) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterOperator" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterOperatorList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterOperatorList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterOperatorSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterOperatorSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterOperatorStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterOperatorStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterOperatorStatusCondition) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterOperatorStatusCondition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersion) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersion" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionCapabilitiesSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionCapabilitiesStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersionList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersionSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersionStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ComponentOverride) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ComponentOverride" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ComponentRouteSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ComponentRouteSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ComponentRouteStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ComponentRouteStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConditionalUpdate) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConditionalUpdate" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConditionalUpdateRisk) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConditionalUpdateRisk" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConfigMapFileReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConfigMapFileReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConfigMapNameReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConfigMapNameReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Console) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Console" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConsoleAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConsoleList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConsoleSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConsoleStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Custom) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Custom" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CustomFeatureGates) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CustomFeatureGates" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CustomTLSProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CustomTLSProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNS) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNS" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNSList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNSPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNSSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNSStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSZone) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNSZone" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DelegatedAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DelegatedAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DelegatedAuthorization) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DelegatedAuthorization" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DeprecatedWebhookTokenAuthenticator) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EquinixMetalPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.EquinixMetalPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EquinixMetalPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.EquinixMetalPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdConnectionInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.EtcdConnectionInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdStorageConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.EtcdStorageConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalClaimsSource) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalClaimsSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalIPConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalIPConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalIPPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalIPPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalSourceAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalSourceAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalSourceCertificateAuthorityConfigMapReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalSourceCertificateAuthorityConfigMapReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalSourcePredicate) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalSourcePredicate" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalSourceTLS) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalSourceTLS" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExtraMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExtraMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGate) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGate" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateAttributes) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateAttributes" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateDetails) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateDetails" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateSelection) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateSelection" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateTests) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateTests" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GCPPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GCPPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPResourceLabel) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GCPResourceLabel" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPResourceTag) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GCPResourceTag" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GatherConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GatherConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GathererConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GathererConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Gatherers) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Gatherers" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GenericAPIServerConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GenericAPIServerConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GenericControllerConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GenericControllerConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GitHubIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GitHubIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GitLabIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GitLabIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GoogleIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GoogleIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HTPasswdIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.HTPasswdIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HTTPServingInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.HTTPServingInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HubSource) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.HubSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HubSourceStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.HubSourceStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IBMCloudPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IBMCloudPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IBMCloudPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IBMCloudPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IBMCloudServiceEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IBMCloudServiceEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IdentityProviderConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IdentityProviderConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Image) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Image" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageContentPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageContentPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageContentPolicyList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageContentPolicyList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageContentPolicySpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageContentPolicySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageDigestMirrorSet) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageDigestMirrorSet" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageDigestMirrorSetList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageDigestMirrorSetList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageDigestMirrorSetSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageDigestMirrorSetStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageDigestMirrors) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageDigestMirrors" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageLabel) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageLabel" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicyFulcioCAWithRekorRootOfTrust) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicyList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicyList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicyPKIRootOfTrust) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicyPublicKeyRootOfTrust) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicySpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicyStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicyStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageSigstoreVerificationPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageTagMirrorSet) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageTagMirrorSet" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageTagMirrorSetList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageTagMirrorSetList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageTagMirrorSetSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageTagMirrorSetSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageTagMirrorSetStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageTagMirrorSetStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageTagMirrors) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageTagMirrors" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Infrastructure) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Infrastructure" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InfrastructureList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InfrastructureList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InfrastructureSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InfrastructureSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InfrastructureStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InfrastructureStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Ingress) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Ingress" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IngressList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IngressPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IngressSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IngressStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGather) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InsightsDataGather" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGatherList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InsightsDataGatherList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGatherSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InsightsDataGatherSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IntermediateTLSProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IntermediateTLSProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KMSPluginConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.KMSPluginConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KeystoneIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.KeystoneIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeClientConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.KubeClientConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubevirtPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.KubevirtPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubevirtPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.KubevirtPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LDAPAttributeMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.LDAPAttributeMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LDAPIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.LDAPIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LeaderElection) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.LeaderElection" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.LoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MTUMigration) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.MTUMigration" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MTUMigrationValues) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.MTUMigrationValues" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MaxAgePolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.MaxAgePolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ModernTLSProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ModernTLSProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NamedCertificate) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NamedCertificate" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Network) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Network" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkDiagnostics) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkDiagnostics" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkDiagnosticsSourcePlacement) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkDiagnosticsTargetPlacement) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkMigration) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkMigration" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkObservabilitySpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkObservabilitySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Node) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Node" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NodeList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NodeSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NodeStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixFailureDomain) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixFailureDomain" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixPlatformLoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixPrismElementEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixPrismElementEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixPrismEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixPrismEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixResourceIdentifier) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixResourceIdentifier" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuth) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuth" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuthList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthRemoteConnectionInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuthRemoteConnectionInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuthSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuthStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthTemplates) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuthTemplates" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OIDCClientConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OIDCClientConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OIDCClientReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OIDCClientReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OIDCClientStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OIDCClientStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OIDCProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OIDCProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ObjectReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ObjectReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OldTLSProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OldTLSProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenIDClaims) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OpenIDClaims" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenIDIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OpenIDIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenStackPlatformLoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenStackPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OpenStackPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenStackPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OpenStackPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperandVersion) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OperandVersion" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorHub) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OperatorHub" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorHubList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OperatorHubList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorHubSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OperatorHubSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorHubStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OperatorHubStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OvirtPlatformLoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OvirtPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OvirtPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OvirtPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OvirtPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PKICertificateSubject) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PKICertificateSubject" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PersistentVolumeClaimReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PersistentVolumeClaimReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PersistentVolumeConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PersistentVolumeConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyFulcioSubject) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PolicyFulcioSubject" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyIdentity) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PolicyIdentity" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyMatchExactRepository) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PolicyMatchExactRepository" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyMatchRemapIdentity) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PolicyMatchRemapIdentity" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyRootOfTrust) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PolicyRootOfTrust" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PowerVSPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PowerVSPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PowerVSPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PowerVSPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PowerVSServiceEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PowerVSServiceEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PrefixedClaimMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PrefixedClaimMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProfileCustomizations) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProfileCustomizations" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Project) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Project" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProjectList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProjectList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProjectSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProjectSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProjectStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProjectStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PromQLClusterCondition) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PromQLClusterCondition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Proxy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Proxy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProxyList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProxyList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProxySpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProxySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProxyStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProxyStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RegistryLocation) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RegistryLocation" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RegistrySources) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RegistrySources" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Release) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Release" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RemoteConnectionInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RemoteConnectionInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RepositoryDigestMirrors) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RepositoryDigestMirrors" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RequestHeaderIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RequestHeaderIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RequiredHSTSPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RequiredHSTSPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Scheduler) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Scheduler" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SchedulerList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SchedulerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SchedulerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SchedulerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SchedulerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SchedulerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretNameReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SecretNameReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServingInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ServingInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SignatureStore) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SignatureStore" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SourceURL) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SourceURL" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SourcedClaimMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SourcedClaimMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Storage) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Storage" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StringSource) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.StringSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StringSourceSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.StringSourceSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TLSProfileSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TLSProfileSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TLSSecurityProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TLSSecurityProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TemplateReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TemplateReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TestDetails) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TestDetails" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TestReporting) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TestReporting" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TestReportingSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TestReportingSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TestReportingStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TestReportingStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenClaimMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenClaimMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenClaimMappings) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenClaimMappings" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenClaimOrExpressionMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenClaimValidationCELRule) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenClaimValidationCELRule" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenClaimValidationRule) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenClaimValidationRule" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenIssuer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenIssuer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenRequiredClaim) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenRequiredClaim" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenUserValidationRule) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenUserValidationRule" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Update) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Update" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in UpdateHistory) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.UpdateHistory" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in UsernameClaimMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.UsernameClaimMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in UsernamePrefix) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.UsernamePrefix" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSphereFailureDomainHostGroup) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSphereFailureDomainRegionAffinity) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSphereFailureDomainZoneAffinity) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformFailureDomainSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformLoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformNodeNetworking) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformNodeNetworkingSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformTopology) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformTopology" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformVCenterSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultAppRoleAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultAppRoleAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultConfigMapReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultConfigMapReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultKMSPluginConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultKMSPluginConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultSecretReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultSecretReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultTLSConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultTLSConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in WebhookTokenAuthenticator) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.WebhookTokenAuthenticator" +} diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 778fed917..1e9c65bf8 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -137,7 +137,7 @@ func (GenericAPIServerConfig) SwaggerDoc() map[string]string { } var map_GenericControllerConfig = map[string]string{ - "": "GenericControllerConfig provides information to configure a controller", + "": "GenericControllerConfig provides information to configure a controller\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "servingInfo": "servingInfo is the HTTP serving information for the controller's endpoints", "leaderElection": "leaderElection provides information to elect a leader. Only override this if you have a specific need", "authentication": "authentication allows configuration of authentication for the endpoints", @@ -319,6 +319,7 @@ var map_APIServerSpec = map[string]string{ "additionalCORSAllowedOrigins": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", "encryption": "encryption allows the configuration of encryption of resources at the datastore layer.", "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is the Intermediate profile.", + "tlsAdherence": "tlsAdherence controls if components in the cluster adhere to the TLS security profile configured on this APIServer resource.\n\nValid values are \"LegacyAdheringComponentsOnly\" and \"StrictAllComponents\".\n\nWhen set to \"LegacyAdheringComponentsOnly\", components that already honor the cluster-wide TLS profile continue to do so. Components that do not already honor it continue to use their individual TLS configurations.\n\nWhen set to \"StrictAllComponents\", all components must honor the configured TLS profile unless they have a component-specific TLS configuration that overrides it. This mode is recommended for security-conscious deployments and is required for certain compliance frameworks.\n\nNote: Some components such as Kubelet and IngressController have their own dedicated TLS configuration mechanisms via KubeletConfig and IngressController CRs respectively. When these component-specific TLS configurations are set, they take precedence over the cluster-wide tlsSecurityProfile. When not set, these components fall back to the cluster-wide default.\n\nComponents that encounter an unknown value for tlsAdherence should treat it as \"StrictAllComponents\" and log a warning to ensure forward compatibility while defaulting to the more secure behavior.\n\nThis field is optional. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is LegacyAdheringComponentsOnly.\n\nOnce set, this field may be changed to a different value, but may not be removed.", "audit": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", } @@ -387,6 +388,28 @@ func (AuthenticationStatus) SwaggerDoc() map[string]string { return map_AuthenticationStatus } +var map_ClientCredentialConfig = map[string]string{ + "": "ClientCredentialConfig configures the client credentials and token endpoint to use to get an access token via the OAuth2 client credentials grant flow.", + "clientID": "clientID is a required client identifier to use during the OAuth2 client credentials flow. clientID must be at least 1 character in length, must not exceed 256 characters in length, and must only contain printable ASCII characters.", + "clientSecret": "clientSecret is a required reference to a Secret in the openshift-config namespace to be used as the client secret during the OAuth2 client credentials flow.\n\nThe key 'client-secret' is used to locate the client secret data in the Secret.", + "tokenEndpoint": "tokenEndpoint is a required URL to query for an access token using the client credential OAuth2 flow. tokenEndpoint must be at least 1 character in length and must not exceed 2048 characters in length. tokenEndpoint must be a valid HTTPS URL. tokenEndpoint must have a host and a path. tokenEndpoint must not contain query parameters, fragments, or user information (e.g., \"user:password@host\").", + "scopes": "scopes is an optional list of OAuth2 scopes to request when obtaining an access token.\n\nIf not specified, the token endpoint's default scopes will be used.\n\nWhen specified, there must be at least 1 entry and must not exceed 16 entries. Each entry must be at least 1 character in length and must not exceed 256 characters in length. Each entry must only contain printable ASCII characters, excluding spaces, double quotes and backslashes. Entries must be unique.", + "tls": "tls is an optional field that allows configuring the TLS settings used to interact with the identity provider as an OAuth2 client.\n\nWhen omitted, system default TLS settings will be used for the OAuth2 client.", +} + +func (ClientCredentialConfig) SwaggerDoc() map[string]string { + return map_ClientCredentialConfig +} + +var map_ClientSecretSecretReference = map[string]string{ + "": "ClientSecretSecretReference is a reference to a Secret in the openshift-config namespace that should be used for configuring the client secret to be used when sourcing claims from external sources with the client credential authentication flow.", + "name": "name is the required name of the Secret that exists in the openshift-config namespace.\n\nIt must be at least 1 character in length, must not exceed 253 characters in length, must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'.", +} + +func (ClientSecretSecretReference) SwaggerDoc() map[string]string { + return map_ClientSecretSecretReference +} + var map_DeprecatedWebhookTokenAuthenticator = map[string]string{ "": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", "kubeConfig": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", @@ -396,6 +419,56 @@ func (DeprecatedWebhookTokenAuthenticator) SwaggerDoc() map[string]string { return map_DeprecatedWebhookTokenAuthenticator } +var map_ExternalClaimsSource = map[string]string{ + "": "ExternalClaimsSource provides the configuration for a single external claim source.", + "authentication": "authentication is an optional field that configures how the apiserver authenticates with an external claims source. When not specified, anonymous authentication is used which means no 'Authorization' header is sent in the HTTP request to fetch the external claims.", + "tls": "tls is an optional field that configures the http client TLS settings when fetching external claims from this source.\n\nWhen omitted, system default TLS settings will be used for fetching claims from the external source.", + "url": "url is a required configuration of the URL for which the external claims are located.", + "mappings": "mappings is a required list of the claim and response handling expression pairs that produces the claims from the external source. mappings must have at least 1 entry and must not exceed 16 entries. Entries must have a unique name across all external claim sources.", + "predicates": "predicates is an optional list of constraints in which claims should attempt to be fetched from this external source.\n\nWhen omitted, claims are always fetched from this external source.\n\nWhen specified, all predicates must evaluate to 'true' before claims are attempted to be fetched from this external source. predicates must have at least 1 entry and must not exceed 16 entries. Entries must have unique expressions.", +} + +func (ExternalClaimsSource) SwaggerDoc() map[string]string { + return map_ExternalClaimsSource +} + +var map_ExternalSourceAuthentication = map[string]string{ + "": "ExternalSourceAuthentication configures how the apiserver should attempt to authenticate with an external claims source.", + "type": "type is a required field that sets the type of authentication method used by the authenticator when fetching external claims.\n\nAllowed values are 'RequestProvidedToken' and 'ClientCredential'.\n\nWhen set to 'RequestProvidedToken', the authenticator will use the token provided to the kube-apiserver as part of the request to authenticate with the external claims source.\n\nWhen set to 'ClientCredential', the authenticator will use the configured client-id, client-secret, and token endpoint to fetch an access token using the OAuth2 client credentials grant flow. The fetched access token will then be used to authenticate with the external claims source.", + "clientCredential": "clientCredential configures the client credentials and token endpoint to use to get an access token. clientCredential is required when type is 'ClientCredential', and forbidden otherwise.", +} + +func (ExternalSourceAuthentication) SwaggerDoc() map[string]string { + return map_ExternalSourceAuthentication +} + +var map_ExternalSourceCertificateAuthorityConfigMapReference = map[string]string{ + "": "ExternalSourceCertificateAuthorityConfigMapReference is a reference to a ConfigMap in the openshift-config namespace that should be used for configuring the certificate authority to be used when sourcing claims from external sources.", + "name": "name is the required name of the ConfigMap that exists in the openshift-config namespace. The key \"ca-bundle.crt\" must be present and must contain the CA certificate to be used to verify the external source's TLS certificate.\n\nIt must be at least 1 character in length, must not exceed 253 characters in length, must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'.", +} + +func (ExternalSourceCertificateAuthorityConfigMapReference) SwaggerDoc() map[string]string { + return map_ExternalSourceCertificateAuthorityConfigMapReference +} + +var map_ExternalSourcePredicate = map[string]string{ + "": "ExternalSourcePredicate configures a singular condition that must return true before the external source is queried to retrieve external claims.", + "expression": "expression is a required CEL expression that is used to determine whether or not an external source should be used to fetch external claims.\n\nThe expression must return a boolean value, where true means that the source should be consulted and false means that it should not.\n\nClaims from the token used for the request to the kube-apiserver are made available via the `claims` variable.\n\nThe contents of the `claims` variable varies based on the claims that are present in the token being validated. It is the responsibility of those configuring this field to understand what claims the identity provider includes when issuing tokens.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length.", +} + +func (ExternalSourcePredicate) SwaggerDoc() map[string]string { + return map_ExternalSourcePredicate +} + +var map_ExternalSourceTLS = map[string]string{ + "": "ExternalSourceTLS configures the TLS options that the apiserver uses as a client when making a request to the external claim source.", + "certificateAuthority": "certificateAuthority is a required reference to a ConfigMap in the openshift-config namespace that contains the CA certificate to use to validate TLS connections with the external claims source. The key \"ca-bundle.crt\" must be present in the referenced ConfigMap and must contain the CA certificate to be used to verify the external source's TLS certificate.", +} + +func (ExternalSourceTLS) SwaggerDoc() map[string]string { + return map_ExternalSourceTLS +} + var map_ExtraMapping = map[string]string{ "": "ExtraMapping allows specifying a key and CEL expression to evaluate the keys' value. It is used to create additional mappings and attributes added to a cluster identity from a provided authentication token.", "key": "key is a required field that specifies the string to use as the extra attribute key.\n\nkey must be a domain-prefix path (e.g 'example.org/foo'). key must not exceed 510 characters in length. key must contain the '/' character, separating the domain and path characters. key must not be empty.\n\nThe domain portion of the key (string of characters prior to the '/') must be a valid RFC1123 subdomain. It must not exceed 253 characters in length. It must start and end with an alphanumeric character. It must only contain lower case alphanumeric characters and '-' or '.'. It must not use the reserved domains, or be subdomains of, \"kubernetes.io\", \"k8s.io\", and \"openshift.io\".\n\nThe path portion of the key (string of characters after the '/') must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. It must not exceed 256 characters in length.", @@ -407,11 +480,11 @@ func (ExtraMapping) SwaggerDoc() map[string]string { } var map_OIDCClientConfig = map[string]string{ - "": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method", - "componentName": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode. It is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", - "componentNamespace": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running. It is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method.", + "componentName": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode.\n\nIt is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", + "componentNamespace": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", "clientID": "clientID is a required field that configures the client identifier, from the identity provider, that the platform component uses for authentication requests made to the identity provider. The identity provider must accept this identifier for platform components to be able to use the identity provider as an authentication mode.\n\nclientID must not be an empty string (\"\").", - "clientSecret": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field. The client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", + "clientSecret": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field.\n\nThe client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", "extraScopes": "extraScopes is an optional field that configures the extra scopes that should be requested by the platform component when making authentication requests to the identity provider. This is useful if you have configured claim mappings that requires specific scopes to be requested beyond the standard OIDC scopes.\n\nWhen omitted, no additional scopes are requested.", } @@ -433,8 +506,8 @@ func (OIDCClientReference) SwaggerDoc() map[string]string { var map_OIDCClientStatus = map[string]string{ "": "OIDCClientStatus represents the current state of platform components and how they interact with the configured identity providers.", "componentName": "componentName is a required field that specifies the name of the platform component using the identity provider as an authentication mode. It is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", - "componentNamespace": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running. It is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", - "currentOIDCClients": "currentOIDCClients is an optional list of clients that the component is currently using. Entries must have unique issuerURL/clientID pairs.", + "componentNamespace": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "currentOIDCClients": "currentOIDCClients is an optional list of clients that the component is currently using.\n\nEntries must have unique issuerURL/clientID pairs.", "consumingUsers": "consumingUsers is an optional list of ServiceAccounts requiring read permissions on the `clientSecret` secret.\n\nconsumingUsers must not exceed 5 entries.", "conditions": "conditions are used to communicate the state of the `oidcClients` entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry.", } @@ -444,11 +517,13 @@ func (OIDCClientStatus) SwaggerDoc() map[string]string { } var map_OIDCProvider = map[string]string{ - "name": "name is a required field that configures the unique human-readable identifier associated with the identity provider. It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").", - "issuer": "issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server.", - "oidcClients": "oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.", - "claimMappings": "claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity.", - "claimValidationRules": "claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider.\n\nValidation rules are joined via an AND operation.", + "name": "name is a required field that configures the unique human-readable identifier associated with the identity provider. It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").", + "issuer": "issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server.", + "oidcClients": "oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.", + "claimMappings": "claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity.", + "claimValidationRules": "claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider.\n\nValidation rules are joined via an AND operation.", + "userValidationRules": "userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. If any rule in the chain of rules evaluates to 'false', authentication will fail. When specified, at least one rule must be specified and no more than 64 rules may be specified.", + "externalClaimsSources": "externalClaimsSources is an optional field that can be used to configure sources, external to the token provided in a request, in which claims should be fetched from and made available to the claim mapping process that is used to build the identity of a token holder.\n\nFor example, fetching additional user metadata from an OIDC provider's UserInfo endpoint.\n\nWhen not specified, only claims present in the token itself will be available in the claim mapping process.\n\nWhen specified, at least one external claim source must be specified and no more than 5 sources may be specified. All external claim sources must have unique claim mappings. When an external source responds and resolves additional claims successfully, they will be made available as claims during the claim mapping process. Externally sourced claims with the same name as a claim existing within the token will overwrite the claim data from the token with the externally sourced information. If an external source does not respond, responds with an error, or the additional claim data cannot be resolved from the response successfully it will not be included in the claim data passed to the claim mapping process.", } func (OIDCProvider) SwaggerDoc() map[string]string { @@ -457,16 +532,37 @@ func (OIDCProvider) SwaggerDoc() map[string]string { var map_PrefixedClaimMapping = map[string]string{ "": "PrefixedClaimMapping configures a claim mapping that allows for an optional prefix.", - "prefix": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + "prefix": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted or set to an empty string (\"\"), no prefix is applied to the cluster identity attribute. Must not be set to a non-empty value when expression is set.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", } func (PrefixedClaimMapping) SwaggerDoc() map[string]string { return map_PrefixedClaimMapping } +var map_SourceURL = map[string]string{ + "": "SourceURL configures the options used to build the URL that is queried for external claims.", + "hostname": "hostname is a required hostname for which the external claims are located.\n\nIt must be a valid DNS subdomain name as per RFC1123.\n\nThis means that it must start and end with a lowercase alphanumeric character, must only consist of lowercase alphanumeric characters, '-', and '.'. hostname may optionally specify a port in the format ':{port}'. If a port is specified it must not exceed 65535.\n\nhostname must be at least 1 character in length. When specifying a port, hostname must not exceed 259 characters in length. When not specifying a port, hostname must not exceed 253 characters in length.", + "pathExpression": "pathExpression is a required CEL expression that returns a list of string values used to construct the URL path. Claims from the token used for the request to the kube-apiserver are made available via the `claims` variable. expression must be at least 1 character in length and must not exceed 1024 characters in length.\n\nValues in the returned list will be joined with the hostname using a forward slash (`/`) as a separator. Values in the returned list do not need to include the forward slash. If a forward slash is included in a returned value, it will be encoded as `%2F`.\n\nExample of a static path configuration:\n\n pathExpression: ['realms', 'k8s', 'protocol', 'openid-connect', 'userinfo']\n\nThe above example would resolve to the path: '/realms/k8s/protocol/openid-connect/userinfo'\n\nExample of a dynamic path configuration:\n\n pathExpression: \"['admin', 'realms', 'k8s', 'users'] + [claims.sub] + ['groups']\"\n\nAssuming 'claims.sub' is set to '12345', the above example would resolve to the path: '/admin/realms/k8s/users/12345/groups'", +} + +func (SourceURL) SwaggerDoc() map[string]string { + return map_SourceURL +} + +var map_SourcedClaimMapping = map[string]string{ + "": "SourcedClaimMapping configures the mapping behavior for a single external claim from the response the apiserver received from the external claim source.", + "name": "name is a required name of the claim that will be produced and made available during the claim-to-identity mapping process. name must consist of only lowercase alpha characters and underscores ('_'). name must be at least 1 character and must not exceed 256 characters in length.", + "expression": "expression is a required CEL expression that will produce a value to be assigned to the claim. The full response body from the request to the external claim source is provided via the `response.body` variable.\n\nThe contents of the `response.body` variable varies based on the response received from the external source. It is the responsibility of those configuring this expression to understand what is returned from the external source.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length.", +} + +func (SourcedClaimMapping) SwaggerDoc() map[string]string { + return map_SourcedClaimMapping +} + var map_TokenClaimMapping = map[string]string{ - "": "TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities.", - "claim": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.", + "": "TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities.", + "claim": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", + "expression": "expression is an optional CEL expression used to derive group values from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length .\n\nWhen specified, claim must not be set or be explicitly set to the empty string (`\"\"`).", } func (TokenClaimMapping) SwaggerDoc() map[string]string { @@ -475,9 +571,9 @@ func (TokenClaimMapping) SwaggerDoc() map[string]string { var map_TokenClaimMappings = map[string]string{ "username": "username is a required field that configures how the username of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.", - "groups": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider. When referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (','). For example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", - "uid": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time. The current default is to use the 'sub' claim.", - "extra": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity. key values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", + "groups": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.\n\nWhen referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (',').\n\nFor example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", + "uid": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time.\n\nThe current default is to use the 'sub' claim.", + "extra": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity.\n\nkey values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", } func (TokenClaimMappings) SwaggerDoc() map[string]string { @@ -494,9 +590,20 @@ func (TokenClaimOrExpressionMapping) SwaggerDoc() map[string]string { return map_TokenClaimOrExpressionMapping } +var map_TokenClaimValidationCELRule = map[string]string{ + "expression": "expression is a CEL expression evaluated against token claims. expression is required, must be at least 1 character in length and must not exceed 1024 characters. The expression must return a boolean value where 'true' signals a valid token and 'false' an invalid one.", + "message": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", +} + +func (TokenClaimValidationCELRule) SwaggerDoc() map[string]string { + return map_TokenClaimValidationCELRule +} + var map_TokenClaimValidationRule = map[string]string{ - "type": "type is an optional field that configures the type of the validation rule.\n\nAllowed values are 'RequiredClaim' and omitted (not provided or an empty string).\n\nWhen set to 'RequiredClaim', the Kubernetes API server will be configured to validate that the incoming JWT contains the required claim and that its value matches the required value.\n\nDefaults to 'RequiredClaim'.", - "requiredClaim": "requiredClaim is an optional field that configures the required claim and value that the Kubernetes API server will use to validate if an incoming JWT is valid for this identity provider.", + "": "TokenClaimValidationRule represents a validation rule based on token claims. If type is RequiredClaim, requiredClaim must be set. If Type is CEL, CEL must be set and RequiredClaim must be omitted.", + "type": "type is an optional field that configures the type of the validation rule.\n\nAllowed values are \"RequiredClaim\" and \"CEL\".\n\nWhen set to 'RequiredClaim', the Kubernetes API server will be configured to validate that the incoming JWT contains the required claim and that its value matches the required value.\n\nWhen set to 'CEL', the Kubernetes API server will be configured to validate the incoming JWT against the configured CEL expression.", + "requiredClaim": "requiredClaim allows configuring a required claim name and its expected value. This field is required when `type` is set to RequiredClaim, and must be omitted when `type` is set to any other value. The Kubernetes API server uses this field to validate if an incoming JWT is valid for this identity provider.", + "cel": "cel holds the CEL expression and message for validation. Must be set when Type is \"CEL\", and forbidden otherwise.", } func (TokenClaimValidationRule) SwaggerDoc() map[string]string { @@ -507,6 +614,7 @@ var map_TokenIssuer = map[string]string{ "issuerURL": "issuerURL is a required field that configures the URL used to issue tokens by the identity provider. The Kubernetes API server determines how authentication tokens should be handled by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers.\n\nMust be at least 1 character and must not exceed 512 characters in length. Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user.", "audiences": "audiences is a required field that configures the acceptable audiences the JWT token, issued by the identity provider, must be issued to. At least one of the entries must match the 'aud' claim in the JWT token.\n\naudiences must contain at least one entry and must not exceed ten entries.", "issuerCertificateAuthority": "issuerCertificateAuthority is an optional field that configures the certificate authority, used by the Kubernetes API server, to validate the connection to the identity provider when fetching discovery information.\n\nWhen not specified, the system trust is used.\n\nWhen specified, it must reference a ConfigMap in the openshift-config namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' key in the data field of the ConfigMap.", + "discoveryURL": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `issuerURL` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", } func (TokenIssuer) SwaggerDoc() map[string]string { @@ -522,9 +630,20 @@ func (TokenRequiredClaim) SwaggerDoc() map[string]string { return map_TokenRequiredClaim } +var map_TokenUserValidationRule = map[string]string{ + "": "TokenUserValidationRule provides a CEL-based rule used to validate a token subject. Each rule contains a CEL expression that is evaluated against the token’s claims.", + "expression": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc.\n\nThe expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", + "message": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", +} + +func (TokenUserValidationRule) SwaggerDoc() map[string]string { + return map_TokenUserValidationRule +} + var map_UsernameClaimMapping = map[string]string{ - "claim": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", - "prefixPolicy": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. As an example, consider the following scenario:\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + "claim": "claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", + "expression": "expression is an optional CEL expression used to derive the username from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length. expression must not be set when claim is set.", + "prefixPolicy": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'. Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", "prefix": "prefix configures the prefix that should be prepended to the value of the JWT claim.\n\nprefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise.", } @@ -724,6 +843,15 @@ func (OperandVersion) SwaggerDoc() map[string]string { return map_OperandVersion } +var map_AcceptRisk = map[string]string{ + "": "AcceptRisk represents a risk that is considered acceptable.", + "name": "name is the name of the acceptable risk. It must be a non-empty string and must not exceed 256 characters.", +} + +func (AcceptRisk) SwaggerDoc() map[string]string { + return map_AcceptRisk +} + var map_ClusterCondition = map[string]string{ "": "ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.", "type": "type represents the cluster-condition type. This defines the members and semantics of any additional properties.", @@ -790,15 +918,16 @@ func (ClusterVersionSpec) SwaggerDoc() map[string]string { } var map_ClusterVersionStatus = map[string]string{ - "": "ClusterVersionStatus reports the status of the cluster versioning, including any upgrades that are in progress. The current field will be set to whichever version the cluster is reconciling to, and the conditions array will report whether the update succeeded, is in progress, or is failing.", - "desired": "desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.", - "history": "history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.", - "observedGeneration": "observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.", - "versionHash": "versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.", - "capabilities": "capabilities describes the state of optional, core cluster components.", - "conditions": "conditions provides information about the cluster version. The condition \"Available\" is set to true if the desiredUpdate has been reached. The condition \"Progressing\" is set to true if an update is being applied. The condition \"Degraded\" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.", - "availableUpdates": "availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.", - "conditionalUpdates": "conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.", + "": "ClusterVersionStatus reports the status of the cluster versioning, including any upgrades that are in progress. The current field will be set to whichever version the cluster is reconciling to, and the conditions array will report whether the update succeeded, is in progress, or is failing.", + "desired": "desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.", + "history": "history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.", + "observedGeneration": "observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.", + "versionHash": "versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.", + "capabilities": "capabilities describes the state of optional, core cluster components.", + "conditions": "conditions provides information about the cluster version. The condition \"Available\" is set to true if the desiredUpdate has been reached. The condition \"Progressing\" is set to true if an update is being applied. The condition \"Degraded\" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.", + "availableUpdates": "availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.", + "conditionalUpdates": "conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.", + "conditionalUpdateRisks": "conditionalUpdateRisks contains the list of risks associated with conditionalUpdates. When performing a conditional update, all its associated risks will be compared with the set of accepted risks in the spec.desiredUpdate.acceptRisks field. If all risks for a conditional update are included in the spec.desiredUpdate.acceptRisks set, the conditional update can proceed, otherwise it is blocked. The risk names in the list must be unique. conditionalUpdateRisks must not contain more than 500 entries.", } func (ClusterVersionStatus) SwaggerDoc() map[string]string { @@ -821,6 +950,7 @@ func (ComponentOverride) SwaggerDoc() map[string]string { var map_ConditionalUpdate = map[string]string{ "": "ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.", "release": "release is the target of the update.", + "riskNames": "riskNames represents the set of the names of conditionalUpdateRisks that are relevant to this update for some clusters. The Applies condition of each conditionalUpdateRisks entry declares if that risk applies to this cluster. A conditional update is accepted only if each of its risks either does not apply to the cluster or is considered acceptable by the cluster administrator. The latter means that the risk names are included in value of the spec.desiredUpdate.acceptRisks field. Entries must be unique and must not exceed 256 characters. riskNames must not contain more than 500 entries.", "risks": "risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.", "conditions": "conditions represents the observations of the conditional update's current status. Known types are: * Recommended, for whether the update is recommended for the current cluster.", } @@ -831,6 +961,7 @@ func (ConditionalUpdate) SwaggerDoc() map[string]string { var map_ConditionalUpdateRisk = map[string]string{ "": "ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.", + "conditions": "conditions represents the observations of the conditional update risk's current status. Known types are: * Applies, for whether the risk applies to the current cluster. The condition's types in the list must be unique. conditions must not contain more than one entry.", "url": "url contains information about this risk.", "name": "name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.", "message": "message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", @@ -879,6 +1010,8 @@ var map_Update = map[string]string{ "version": "version is a semantic version identifying the update version. version is required if architecture is specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that come from unknown or potentially malicious sources.", + "acceptRisks": "acceptRisks is an optional set of names of conditional update risks that are considered acceptable. A conditional update is performed only if all of its risks are acceptable. This list may contain entries that apply to current, previous or future updates. The entries therefore may not map directly to a risk in .status.conditionalUpdateRisks. acceptRisks must not contain more than 1000 entries. Entries in this list must be unique.", + "mode": "mode determines how an update should be processed. The only valid value is \"Preflight\". When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. This is the standard update behavior. When set to \"Preflight\", the cluster runs compatibility checks against the target release without performing an actual update. Compatibility results, including any detected risks, are reported in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update recommendation service. This allows administrators to assess update readiness and address issues before committing to the update. Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be verified across multiple minor versions. When mode is set to \"Preflight\", the same rules for version, image, and architecture apply as for normal updates.", } func (Update) SwaggerDoc() map[string]string { @@ -893,7 +1026,7 @@ var map_UpdateHistory = map[string]string{ "version": "version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", "image": "image is a container image location that contains the update. This value is always populated.", "verified": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.", - "acceptedRisks": "acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overridden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.", + "acceptedRisks": "acceptedRisks records risks which were accepted to initiate the update. For example, it may mention an Upgradeable=False or missing signature that was overridden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.", } func (UpdateHistory) SwaggerDoc() map[string]string { @@ -948,7 +1081,7 @@ func (ConsoleStatus) SwaggerDoc() map[string]string { var map_AWSDNSSpec = map[string]string{ "": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", - "privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.", + "privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", } func (AWSDNSSpec) SwaggerDoc() map[string]string { @@ -1125,9 +1258,9 @@ func (RegistryLocation) SwaggerDoc() map[string]string { var map_RegistrySources = map[string]string{ "": "RegistrySources holds cluster-wide information about how to handle the registries config.", - "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", - "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", - "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.", + "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", "containerRuntimeSearchRegistries": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", } @@ -1214,17 +1347,6 @@ func (ImageDigestMirrors) SwaggerDoc() map[string]string { return map_ImageDigestMirrors } -var map_FulcioCAWithRekor = map[string]string{ - "": "FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.", - "fulcioCAData": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters. ", - "rekorKeyData": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ", - "fulcioSubject": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", -} - -func (FulcioCAWithRekor) SwaggerDoc() map[string]string { - return map_FulcioCAWithRekor -} - var map_ImagePolicy = map[string]string{ "": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -1236,6 +1358,17 @@ func (ImagePolicy) SwaggerDoc() map[string]string { return map_ImagePolicy } +var map_ImagePolicyFulcioCAWithRekorRootOfTrust = map[string]string{ + "": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", + "fulcioCAData": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters. ", + "rekorKeyData": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ", + "fulcioSubject": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", +} + +func (ImagePolicyFulcioCAWithRekorRootOfTrust) SwaggerDoc() map[string]string { + return map_ImagePolicyFulcioCAWithRekorRootOfTrust +} + var map_ImagePolicyList = map[string]string{ "": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -1246,6 +1379,27 @@ func (ImagePolicyList) SwaggerDoc() map[string]string { return map_ImagePolicyList } +var map_ImagePolicyPKIRootOfTrust = map[string]string{ + "": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", + "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", + "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", + "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +} + +func (ImagePolicyPKIRootOfTrust) SwaggerDoc() map[string]string { + return map_ImagePolicyPKIRootOfTrust +} + +var map_ImagePolicyPublicKeyRootOfTrust = map[string]string{ + "": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", + "keyData": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters. ", + "rekorKeyData": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ", +} + +func (ImagePolicyPublicKeyRootOfTrust) SwaggerDoc() map[string]string { + return map_ImagePolicyPublicKeyRootOfTrust +} + var map_ImagePolicySpec = map[string]string{ "": "ImagePolicySpec is the specification of the ImagePolicy CRD.", "scopes": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", @@ -1264,15 +1418,14 @@ func (ImagePolicyStatus) SwaggerDoc() map[string]string { return map_ImagePolicyStatus } -var map_PKI = map[string]string{ - "": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", - "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", - "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +var map_ImageSigstoreVerificationPolicy = map[string]string{ + "": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", + "rootOfTrust": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", + "signedIdentity": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", } -func (PKI) SwaggerDoc() map[string]string { - return map_PKI +func (ImageSigstoreVerificationPolicy) SwaggerDoc() map[string]string { + return map_ImageSigstoreVerificationPolicy } var map_PKICertificateSubject = map[string]string{ @@ -1285,16 +1438,6 @@ func (PKICertificateSubject) SwaggerDoc() map[string]string { return map_PKICertificateSubject } -var map_Policy = map[string]string{ - "": "Policy defines the verification policy for the items in the scopes list.", - "rootOfTrust": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", - "signedIdentity": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", -} - -func (Policy) SwaggerDoc() map[string]string { - return map_Policy -} - var map_PolicyFulcioSubject = map[string]string{ "": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", "oidcIssuer": "oidcIssuer is a required filed contains the expected OIDC issuer. The oidcIssuer must be a valid URL and at most 2048 characters in length. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", @@ -1335,7 +1478,7 @@ func (PolicyMatchRemapIdentity) SwaggerDoc() map[string]string { var map_PolicyRootOfTrust = map[string]string{ "": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", - "policyType": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", + "policyType": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).", "publicKey": "publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification. publicKey is required when policyType is PublicKey, and forbidden otherwise.", "fulcioCAWithRekor": "fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key. fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", "pki": "pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. pki is required when policyType is PKI, and forbidden otherwise.", @@ -1345,16 +1488,6 @@ func (PolicyRootOfTrust) SwaggerDoc() map[string]string { return map_PolicyRootOfTrust } -var map_PublicKey = map[string]string{ - "": "PublicKey defines the root of trust based on a sigstore public key.", - "keyData": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters. ", - "rekorKeyData": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ", -} - -func (PublicKey) SwaggerDoc() map[string]string { - return map_PublicKey -} - var map_ImageTagMirrorSet = map[string]string{ "": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -1714,7 +1847,7 @@ var map_InfrastructureStatus = map[string]string{ "etcdDiscoveryDomain": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", "apiServerURL": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", "apiServerInternalURI": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", - "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.", + "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.", "infrastructureTopology": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.", "cpuPartitioning": "cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are \"None\" and \"AllNodes\". When omitted, the default value is \"None\". The default value of \"None\" indicates that no nodes will be setup with CPU partitioning. The \"AllNodes\" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.", } @@ -1888,7 +2021,7 @@ func (OvirtPlatformStatus) SwaggerDoc() map[string]string { var map_PlatformSpec = map[string]string{ "": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", - "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"IBMCloud\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\", \"External\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", "aws": "aws contains settings specific to the Amazon Web Services infrastructure provider.", "azure": "azure contains settings specific to the Azure infrastructure provider.", "gcp": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", @@ -2042,7 +2175,7 @@ func (VSpherePlatformNodeNetworkingSpec) SwaggerDoc() map[string]string { var map_VSpherePlatformSpec = map[string]string{ "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", - "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except in the case where the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.", + "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Up to 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except when 1.) the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and remove vCenters but may not remove all vCenters. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.", "failureDomains": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", "nodeNetworking": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", @@ -2191,24 +2324,174 @@ func (LoadBalancer) SwaggerDoc() map[string]string { return map_LoadBalancer } -var map_AWSKMSConfig = map[string]string{ - "": "AWSKMSConfig defines the KMS config specific to AWS KMS provider", - "keyARN": "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn:aws:kms:::key/`, where: - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", - "region": "region specifies the AWS region where the KMS instance exists, and follows the format `--`, e.g.: `us-east-1`. Only lowercase letters and hyphens followed by numbers are allowed.", +var map_Custom = map[string]string{ + "": "Custom provides the custom configuration of gatherers", + "configs": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", +} + +func (Custom) SwaggerDoc() map[string]string { + return map_Custom +} + +var map_GatherConfig = map[string]string{ + "": "GatherConfig provides data gathering configuration options.", + "dataPolicy": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", + "gatherers": "gatherers is a required field that specifies the configuration of the gatherers.", + "storage": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", +} + +func (GatherConfig) SwaggerDoc() map[string]string { + return map_GatherConfig +} + +var map_GathererConfig = map[string]string{ + "": "GathererConfig allows to configure specific gatherers", + "name": "name is the required name of a specific gatherer. It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "state": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", +} + +func (GathererConfig) SwaggerDoc() map[string]string { + return map_GathererConfig +} + +var map_Gatherers = map[string]string{ + "": "Gatherers specifies the configuration of the gatherers", + "mode": "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers will run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", + "custom": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", +} + +func (Gatherers) SwaggerDoc() map[string]string { + return map_Gatherers +} + +var map_InsightsDataGather = map[string]string{ + "": "InsightsDataGather provides data gather configuration options for the Insights Operator.\n\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", +} + +func (InsightsDataGather) SwaggerDoc() map[string]string { + return map_InsightsDataGather +} + +var map_InsightsDataGatherList = map[string]string{ + "": "InsightsDataGatherList is a collection of items Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "items is the required list of InsightsDataGather objects it may not exceed 100 items", } -func (AWSKMSConfig) SwaggerDoc() map[string]string { - return map_AWSKMSConfig +func (InsightsDataGatherList) SwaggerDoc() map[string]string { + return map_InsightsDataGatherList } -var map_KMSConfig = map[string]string{ - "": "KMSConfig defines the configuration for the KMS instance that will be used with KMSEncryptionProvider encryption", - "type": "type defines the kind of platform for the KMS provider. Available provider types are AWS only.", - "aws": "aws defines the key config for using an AWS KMS instance for the encryption. The AWS KMS instance is managed by the user outside the purview of the control plane.", +var map_InsightsDataGatherSpec = map[string]string{ + "": "InsightsDataGatherSpec contains the configuration for the data gathering.", + "gatherConfig": "gatherConfig is a required spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", } -func (KMSConfig) SwaggerDoc() map[string]string { - return map_KMSConfig +func (InsightsDataGatherSpec) SwaggerDoc() map[string]string { + return map_InsightsDataGatherSpec +} + +var map_PersistentVolumeClaimReference = map[string]string{ + "": "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "name": "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", +} + +func (PersistentVolumeClaimReference) SwaggerDoc() map[string]string { + return map_PersistentVolumeClaimReference +} + +var map_PersistentVolumeConfig = map[string]string{ + "": "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", + "claim": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + "mountPath": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", +} + +func (PersistentVolumeConfig) SwaggerDoc() map[string]string { + return map_PersistentVolumeConfig +} + +var map_Storage = map[string]string{ + "": "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "type": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + "persistentVolume": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", +} + +func (Storage) SwaggerDoc() map[string]string { + return map_Storage +} + +var map_KMSPluginConfig = map[string]string{ + "": "KMSPluginConfig defines the configuration for the KMS instance that will be used with KMS encryption", + "type": "type defines the kind of platform for the KMS provider. Allowed values are Vault. When set to Vault, the plugin connects to a HashiCorp Vault server for key management.", + "vault": "vault defines the configuration for the Vault KMS plugin. The plugin connects to a Vault Enterprise server that is managed by the user outside the purview of the control plane. This field must be set when type is Vault, and must be unset otherwise.", +} + +func (KMSPluginConfig) SwaggerDoc() map[string]string { + return map_KMSPluginConfig +} + +var map_VaultAppRoleAuthentication = map[string]string{ + "": "VaultAppRoleAuthentication defines the configuration for AppRole authentication with Vault.", + "secret": "secret references a secret in the openshift-config namespace containing the AppRole credentials used to authenticate with Vault. The referenced Secret must contain two keys: \"role-id\" for the AppRole Role ID and \"secret-id\" for the AppRole Secret ID.", +} + +func (VaultAppRoleAuthentication) SwaggerDoc() map[string]string { + return map_VaultAppRoleAuthentication +} + +var map_VaultAuthentication = map[string]string{ + "": "VaultAuthentication defines the authentication method used to authenticate with Vault.", + "type": "type defines the authentication method used to authenticate with Vault. Allowed values are AppRole. When set to AppRole, the plugin uses AppRole credentials to authenticate with Vault.", + "appRole": "appRole defines the configuration for AppRole authentication. This field must be set when type is AppRole, and must be unset otherwise.", +} + +func (VaultAuthentication) SwaggerDoc() map[string]string { + return map_VaultAuthentication +} + +var map_VaultConfigMapReference = map[string]string{ + "": "VaultConfigMapReference references a ConfigMap in the openshift-config namespace.", + "name": "name is the metadata.name of the referenced ConfigMap in the openshift-config namespace. The name must be a valid DNS subdomain name: it must contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character.", +} + +func (VaultConfigMapReference) SwaggerDoc() map[string]string { + return map_VaultConfigMapReference +} + +var map_VaultKMSPluginConfig = map[string]string{ + "": "VaultKMSPluginConfig defines the KMS plugin configuration specific to Vault KMS", + "kmsPluginImage": "kmsPluginImage specifies the container image for the HashiCorp Vault KMS plugin.\n\nThe image must be a fully qualified OCI image pull spec with a SHA256 digest. The format is: host[:port][/namespace]/name@sha256: where the digest must be 64 characters long and consist only of lowercase hexadecimal characters, a-f and 0-9. The total length must be between 75 and 447 characters.\n\nShort names (e.g., \"vault-plugin\" or \"hashicorp/vault-plugin\") are not allowed. The registry hostname must be included and must contain at least one dot. Image tags (e.g., \":latest\", \":v1.0.0\") are not allowed.\n\nConsult the OpenShift documentation for compatible plugin versions with your cluster version, then obtain the image digest for that version from HashiCorp's container registry.\n\nFor disconnected environments, mirror the plugin image to an accessible registry and reference the mirrored location with its digest.", + "vaultAddress": "vaultAddress specifies the address of the HashiCorp Vault instance. The value must be a valid HTTPS URL containing only scheme, host, and optional port. Paths, user info, query parameters, and fragments are not allowed.\n\nFormat: https://hostname[:port] Example: https://vault.example.com:8200\n\nThe value must be between 1 and 512 characters.", + "vaultNamespace": "vaultNamespace specifies the Vault namespace where the Transit secrets engine is mounted. This is only applicable for Vault Enterprise installations. When this field is not set, no namespace is used.\n\nThe value must be between 1 and 4096 characters. The namespace cannot end with a forward slash, cannot contain spaces, and cannot be one of the reserved strings: root, sys, audit, auth, cubbyhole, or identity.", + "tls": "tls contains the TLS configuration for connecting to the Vault server. When this field is not set, system default TLS settings are used.", + "authentication": "authentication defines the authentication method used to authenticate with Vault.", + "transitMount": "transitMount specifies the mount path of the Vault Transit engine.\n\nThe transit mount must be between 1 and 1024 characters, cannot start or end with a forward slash, cannot contain consecutive forward slashes, and must only contain RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward slashes as path separators.", + "transitKey": "transitKey specifies the name of the encryption key in Vault's Transit engine. This key is used to encrypt and decrypt data.\n\nThe transit key must be between 1 and 512 characters, cannot contain forward slashes, and must only contain alphanumeric characters, hyphens, periods, and underscores.", +} + +func (VaultKMSPluginConfig) SwaggerDoc() map[string]string { + return map_VaultKMSPluginConfig +} + +var map_VaultSecretReference = map[string]string{ + "": "VaultSecretReference references a secret in the openshift-config namespace.", + "name": "name is the metadata.name of the referenced secret in the openshift-config namespace. The name must be a valid DNS subdomain name: it must contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character.", +} + +func (VaultSecretReference) SwaggerDoc() map[string]string { + return map_VaultSecretReference +} + +var map_VaultTLSConfig = map[string]string{ + "": "VaultTLSConfig contains TLS configuration for connecting to Vault.", + "caBundle": "caBundle references a ConfigMap in the openshift-config namespace containing the CA certificate bundle used to verify the TLS connection to the Vault server. The referenced ConfigMap must contain the CA bundle in the key \"ca-bundle.crt\". When this field is not set, the system's trusted CA certificates are used.\n\nThe namespace for the ConfigMap is openshift-config.\n\nExample ConfigMap:\n apiVersion: v1\n kind: ConfigMap\n metadata:\n name: vault-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |", + "serverName": "serverName specifies the Server Name Indication (SNI) to use when connecting to Vault via TLS. This is useful when the Vault server's hostname doesn't match its TLS certificate. When this field is not set, the hostname from vaultAddress is used for SNI.\n\nThe value must be a valid DNS hostname: it must contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character.", +} + +func (VaultTLSConfig) SwaggerDoc() map[string]string { + return map_VaultTLSConfig } var map_ClusterNetworkEntry = map[string]string{ @@ -2321,6 +2604,15 @@ func (NetworkMigration) SwaggerDoc() map[string]string { return map_NetworkMigration } +var map_NetworkObservabilitySpec = map[string]string{ + "": "NetworkObservabilitySpec defines the configuration for network observability installation", + "installationPolicy": "installationPolicy controls whether network observability is installed during cluster deployment. Valid values are \"InstallAndEnable\" and \"NoAction\". When set to \"InstallAndEnable\", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again. When set to \"NoAction\", nothing will be done regarding Network observability.", +} + +func (NetworkObservabilitySpec) SwaggerDoc() map[string]string { + return map_NetworkObservabilitySpec +} + var map_NetworkSpec = map[string]string{ "": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", "clusterNetwork": "IP address pool to use for pod IPs. This field is immutable after installation.", @@ -2329,6 +2621,7 @@ var map_NetworkSpec = map[string]string{ "externalIP": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", "serviceNodePortRange": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", "networkDiagnostics": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.", + "networkObservability": "networkObservability is an optional field that configures network observability installation during cluster deployment (day-0). When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken.", } func (NetworkSpec) SwaggerDoc() map[string]string { @@ -2845,7 +3138,7 @@ func (CustomTLSProfile) SwaggerDoc() map[string]string { } var map_IntermediateTLSProfile = map[string]string{ - "": "IntermediateTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29", + "": "IntermediateTLSProfile is a TLS security profile based on the \"intermediate\" configuration of the Mozilla Server Side TLS configuration guidelines.", } func (IntermediateTLSProfile) SwaggerDoc() map[string]string { @@ -2853,7 +3146,7 @@ func (IntermediateTLSProfile) SwaggerDoc() map[string]string { } var map_ModernTLSProfile = map[string]string{ - "": "ModernTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility", + "": "ModernTLSProfile is a TLS security profile based on the \"modern\" configuration of the Mozilla Server Side TLS configuration guidelines.", } func (ModernTLSProfile) SwaggerDoc() map[string]string { @@ -2861,7 +3154,7 @@ func (ModernTLSProfile) SwaggerDoc() map[string]string { } var map_OldTLSProfile = map[string]string{ - "": "OldTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility", + "": "OldTLSProfile is a TLS security profile based on the \"old\" configuration of the Mozilla Server Side TLS configuration guidelines.", } func (OldTLSProfile) SwaggerDoc() map[string]string { @@ -2870,8 +3163,9 @@ func (OldTLSProfile) SwaggerDoc() map[string]string { var map_TLSProfileSpec = map[string]string{ "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", - "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", + "groups": "groups is an optional, ordered field used to specify the supported groups (formerly known as elliptic curves) that are used during the TLS handshake. The order of the groups represents a suggested preference, with the most preferred group first. Note that not all platform components honor the ordering: Go-based components use Go's internal preference order and treat this list as a filter of allowed groups rather than an ordered preference. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one and at most 7 groups, and each group must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n groups:\n - X25519\n - secp256r1", + "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", } func (TLSProfileSpec) SwaggerDoc() map[string]string { @@ -2880,11 +3174,11 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string { var map_TLSSecurityProfile = map[string]string{ "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", - "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n\nNote that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.", - "old": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", - "intermediate": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", - "modern": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", - "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", + "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe cipher and groups lists in these profiles are based on version 5.8 of the Mozilla Server Side TLS configuration guidelines. See: https://ssl-config.mozilla.org/guidelines/5.8.json\n\nThe groups are listed in suggested preference order, with the most preferred group first. Note that not all platform components honor the ordering: Go-based components use Go's internal preference order and treat this list as a filter of allowed groups rather than an ordered preference. Note that X25519MLKEM768 is a post-quantum hybrid group that is not FIPS-approved and should be ignored by components running in FIPS mode.\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", + "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe supported groups list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", } func (TLSSecurityProfile) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/doc.go b/vendor/github.com/openshift/api/config/v1alpha1/doc.go index 20d448573..65333883b 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/doc.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/doc.go @@ -1,6 +1,7 @@ // +k8s:deepcopy-gen=package,register // +k8s:defaulter-gen=TypeMeta // +k8s:openapi-gen=true +// +k8s:openapi-model-package=com.github.openshift.api.config.v1alpha1 // +kubebuilder:validation:Optional // +groupName=config.openshift.io diff --git a/vendor/github.com/openshift/api/config/v1alpha1/register.go b/vendor/github.com/openshift/api/config/v1alpha1/register.go index 4b30ea380..1d84b7107 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/register.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/register.go @@ -36,10 +36,10 @@ func addKnownTypes(scheme *runtime.Scheme) error { &InsightsDataGatherList{}, &Backup{}, &BackupList{}, - &ImagePolicy{}, - &ImagePolicyList{}, - &ClusterImagePolicy{}, - &ClusterImagePolicyList{}, + &CRIOCredentialProviderConfig{}, + &CRIOCredentialProviderConfigList{}, + &PKI{}, + &PKIList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go b/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go index 77df372d4..0f3da5184 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go @@ -93,7 +93,7 @@ type EtcdBackupSpec struct { PVCName string `json:"pvcName"` } -// RetentionType is the enumeration of valid retention policy types +// RetentionType is the enumeration of valid retention policy types. // +enum // +kubebuilder:validation:Enum:="RetentionNumber";"RetentionSize" type RetentionType string @@ -115,7 +115,6 @@ type RetentionPolicy struct { // The current default is RetentionNumber with 15 backups kept. // +unionDiscriminator // +required - // +kubebuilder:validation:Enum:="";"RetentionNumber";"RetentionSize" RetentionType RetentionType `json:"retentionType"` // retentionNumber configures the retention policy based on the number of backups diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go deleted file mode 100644 index 107b9e29a..000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go +++ /dev/null @@ -1,80 +0,0 @@ -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterImagePolicy holds cluster-wide configuration for image signature verification -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +kubebuilder:object:root=true -// +kubebuilder:resource:path=clusterimagepolicies,scope=Cluster -// +kubebuilder:subresource:status -// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 -// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 -// +openshift:enable:FeatureGate=SigstoreImageVerification -// +openshift:compatibility-gen:level=4 -type ClusterImagePolicy struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec contains the configuration for the cluster image policy. - // +required - Spec ClusterImagePolicySpec `json:"spec"` - // status contains the observed state of the resource. - // +optional - Status ClusterImagePolicyStatus `json:"status,omitempty"` -} - -// CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource. -type ClusterImagePolicySpec struct { - // scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". - // Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). - // More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository - // namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). - // Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. - // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. - // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories - // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. - // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. - // For additional details about the format, please refer to the document explaining the docker transport field, - // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker - // +required - // +kubebuilder:validation:MaxItems=256 - // +listType=set - Scopes []ImageScope `json:"scopes"` - // policy contains configuration to allow scopes to be verified, and defines how - // images not matching the verification policy will be treated. - // +required - Policy Policy `json:"policy"` -} - -// +k8s:deepcopy-gen=true -type ClusterImagePolicyStatus struct { - // conditions provide details on the status of this API Resource. - // +listType=map - // +listMapKey=type - // +optional - Conditions []metav1.Condition `json:"conditions,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterImagePolicyList is a list of ClusterImagePolicy resources -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +openshift:compatibility-gen:level=4 -type ClusterImagePolicyList struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ListMeta `json:"metadata"` - - Items []ClusterImagePolicy `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go index 0653eeb5a..ca2f0216a 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go @@ -89,11 +89,672 @@ type ClusterMonitoringSpec struct { // The current default value is `DefaultConfig`. // +optional AlertmanagerConfig AlertmanagerConfig `json:"alertmanagerConfig,omitempty,omitzero"` + // prometheusConfig provides configuration options for the default platform Prometheus instance + // that runs in the `openshift-monitoring` namespace. This configuration applies only to the + // platform Prometheus instance; user-workload Prometheus instances are configured separately. + // + // This field allows you to customize how the platform Prometheus is deployed and operated, including: + // - Pod scheduling (node selectors, tolerations, topology spread constraints) + // - Resource allocation (CPU, memory requests/limits) + // - Retention policies (how long metrics are stored) + // - External integrations (remote write, additional alertmanagers) + // + // This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + // +optional + PrometheusConfig PrometheusConfig `json:"prometheusConfig,omitempty,omitzero"` // metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. // Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // +optional MetricsServerConfig MetricsServerConfig `json:"metricsServerConfig,omitempty,omitzero"` + // prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. + // Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + PrometheusOperatorConfig PrometheusOperatorConfig `json:"prometheusOperatorConfig,omitempty,omitzero"` + // prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the + // admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. + // The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are + // semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects + // between API versions. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + PrometheusOperatorAdmissionWebhookConfig PrometheusOperatorAdmissionWebhookConfig `json:"prometheusOperatorAdmissionWebhookConfig,omitempty,omitzero"` + // openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics + // agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics + // about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + OpenShiftStateMetricsConfig OpenShiftStateMetricsConfig `json:"openShiftStateMetricsConfig,omitempty,omitzero"` + // telemeterClientConfig is an optional field that can be used to configure the Telemeter Client + // component that runs in the openshift-monitoring namespace. The Telemeter Client collects + // selected monitoring metrics and forwards them to Red Hat for telemetry purposes. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // When set, at least one field must be specified within telemeterClientConfig. + // +optional + TelemeterClientConfig TelemeterClientConfig `json:"telemeterClientConfig,omitempty,omitzero"` + // thanosQuerierConfig is an optional field that can be used to configure the Thanos Querier + // component that runs in the openshift-monitoring namespace. The Thanos Querier provides + // a global query view by aggregating and deduplicating metrics from multiple Prometheus instances. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default deploys the Thanos Querier on linux nodes with 5m CPU and 12Mi memory + // requests, and no custom tolerations or topology spread constraints. + // When set, at least one field must be specified within thanosQuerierConfig. + // +optional + ThanosQuerierConfig ThanosQuerierConfig `json:"thanosQuerierConfig,omitempty,omitzero"` + // nodeExporterConfig is an optional field that can be used to configure the node-exporter agent + // that runs as a DaemonSet in the openshift-monitoring namespace. The node-exporter agent collects + // hardware and OS-level metrics from every node in the cluster. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + NodeExporterConfig NodeExporterConfig `json:"nodeExporterConfig,omitempty,omitzero"` + // monitoringPluginConfig is an optional field that can be used to configure the monitoring plugin + // that runs as a dynamic plugin of the OpenShift web console. The monitoring plugin provides + // the monitoring UI in the OpenShift web console for visualizing metrics, alerts, and dashboards. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default deploys the monitoring-plugin as a single-replica Deployment + // on linux nodes with 10m CPU and 50Mi memory requests, and no custom tolerations + // or topology spread constraints. + // When set, at least one field must be specified within monitoringPluginConfig. + // +optional + MonitoringPluginConfig MonitoringPluginConfig `json:"monitoringPluginConfig,omitempty,omitzero"` + // kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics + // agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about + // the state of Kubernetes objects such as Deployments, Nodes, and Pods. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + KubeStateMetricsConfig KubeStateMetricsConfig `json:"kubeStateMetricsConfig,omitempty,omitzero"` +} + +// OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent +// that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates +// metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. +// +kubebuilder:validation:MinProperties=1 +type OpenShiftStateMetricsConfig struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the openshift-state-metrics container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 1m + // limit: null + // - name: memory + // request: 32Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// NodeExporterConfig provides configuration options for the node-exporter agent +// that runs as a DaemonSet in the `openshift-monitoring` namespace. The node-exporter agent collects +// hardware and OS-level metrics from every node in the cluster, including CPU, memory, disk, and +// network statistics. +// At least one field must be specified. +// +kubebuilder:validation:MinProperties=1 +type NodeExporterConfig struct { + // resources defines the compute resource requests and limits for the node-exporter container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 8m + // limit: null + // - name: memory + // request: 32Mi + // limit: null + // --- + // maxItems is set to 5 to stay within the Kubernetes CRD CEL validation cost budget. + // See the MaxItems comment near the ContainerResource type definition for details. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + + // --- TOMBSTONE --- + // nodeSelector was a field that defined the nodes on which the Pods are scheduled. + // It was removed because node-exporter runs as a DaemonSet on all nodes, + // and the CMO does not support this field. + // The field name "nodeSelector" and json tag are reserved to prevent reuse + // with a different backing type. + // + // +optional + // NodeSelector map[string]string `json:"nodeSelector,omitempty"` + + // --- TOMBSTONE --- + // tolerations was a field that defined tolerations for the pods. + // It was removed because node-exporter runs as a DaemonSet on all nodes, + // and the CMO does not support this field. + // The field name "tolerations" and json tag are reserved to prevent reuse + // with a different backing type. + // + // +optional + // Tolerations []v1.Toleration `json:"tolerations,omitempty"` + + // collectors configures which node-exporter metric collectors are enabled. + // collectors is optional. + // Each collector can be individually enabled or disabled. Some collectors may have + // additional configuration options. + // + // When omitted, this means no opinion and the platform is left to choose a reasonable + // default, which is subject to change over time. + // +optional + Collectors NodeExporterCollectorConfig `json:"collectors,omitempty,omitzero"` + // maxProcs sets the target number of CPUs on which the node-exporter process will run. + // maxProcs is optional. + // Use this setting to override the default value, which is set either to 4 or to the number + // of CPUs on the host, whichever is smaller. + // The default value is computed at runtime and set via the GOMAXPROCS environment variable before + // node-exporter is launched. + // If a kernel deadlock occurs or if performance degrades when reading from sysfs concurrently, + // you can change this value to 1, which limits node-exporter to running on one CPU. + // For nodes with a high CPU count, setting the limit to a low number saves resources by preventing + // Go routines from being scheduled to run on all CPUs. However, I/O performance degrades if the + // maxProcs value is set too low and there are many metrics to collect. + // The minimum value is 1 and the maximum value is 1024. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is min(4, number of host CPUs). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1024 + MaxProcs int32 `json:"maxProcs,omitempty"` + // ignoredNetworkDevices is a list of regular expression patterns that match network devices + // to be excluded from the relevant collector configuration such as netdev, netclass, and ethtool. + // ignoredNetworkDevices is optional. + // + // When omitted, the Cluster Monitoring Operator uses a predefined list of devices to be excluded + // to minimize the impact on memory usage. + // When set as an empty list, no devices are excluded. + // If you modify this setting, monitor the prometheus-k8s deployment closely for excessive memory usage. + // Maximum length for this list is 50. + // Each entry must be at least 1 character and at most 1024 characters long. + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:MinItems=0 + // +listType=set + // +optional + IgnoredNetworkDevices *[]NodeExporterIgnoredNetworkDevice `json:"ignoredNetworkDevices,omitempty"` +} + +// NodeExporterIgnoredNetworkDevice is a string that is interpreted as a Go regular expression +// pattern by the controller to match network device names to exclude from node-exporter +// metric collection for collectors such as netdev, netclass, and ethtool. +// Invalid regular expressions will cause a controller-level error at runtime. +// Must be at least 1 character and at most 1024 characters. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=1024 +type NodeExporterIgnoredNetworkDevice string + +// NodeExporterCollectorCollectionPolicy declares whether a node-exporter collector should collect metrics. +// Valid values are "Collect" and "DoNotCollect". +// +kubebuilder:validation:Enum=Collect;DoNotCollect +// +enum +type NodeExporterCollectorCollectionPolicy string + +const ( + // NodeExporterCollectorCollectionPolicyCollect means the collector is active and will produce metrics. + NodeExporterCollectorCollectionPolicyCollect NodeExporterCollectorCollectionPolicy = "Collect" + // NodeExporterCollectorCollectionPolicyDoNotCollect means the collector is inactive and will not produce metrics. + NodeExporterCollectorCollectionPolicyDoNotCollect NodeExporterCollectorCollectionPolicy = "DoNotCollect" +) + +// NodeExporterNetclassStatsGatherer identifies how the netclass collector gathers device statistics +// (for example via sysfs or netlink, as implemented in node_exporter). +// Valid values are "Sysfs" and "Netlink". +// +kubebuilder:validation:Enum=Sysfs;Netlink +// +enum +type NodeExporterNetclassStatsGatherer string + +const ( + // NodeExporterNetclassStatsGathererSysfs uses the sysfs-based implementation. + NodeExporterNetclassStatsGathererSysfs NodeExporterNetclassStatsGatherer = "Sysfs" + // NodeExporterNetclassStatsGathererNetlink uses the netlink-based implementation. + NodeExporterNetclassStatsGathererNetlink NodeExporterNetclassStatsGatherer = "Netlink" +) + +// NodeExporterCollectorConfig defines settings for individual collectors +// of the node-exporter agent. Each collector can be individually set to collect or not collect metrics. +// At least one collector must be specified. +// +kubebuilder:validation:MinProperties=1 +type NodeExporterCollectorConfig struct { + // cpuFreq configures the cpufreq collector, which collects CPU frequency statistics. + // cpuFreq is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is disabled. + // Consider enabling when you need to observe CPU frequency scaling; expect higher CPU usage on + // many-core nodes when collectionPolicy is Collect. + // +optional + CpuFreq NodeExporterCollectorCpufreqConfig `json:"cpuFreq,omitempty,omitzero"` + // tcpStat configures the tcpstat collector, which collects TCP connection statistics. + // tcpStat is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is disabled. + // Enable when debugging TCP connection behavior or capacity at the node level. + // +optional + TcpStat NodeExporterCollectorTcpStatConfig `json:"tcpStat,omitempty,omitzero"` + // ethtool configures the ethtool collector, which collects ethernet device statistics. + // ethtool is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is disabled. + // Enable when you need NIC driver-level ethtool metrics beyond generic netdev counters. + // +optional + Ethtool NodeExporterCollectorEthtoolConfig `json:"ethtool,omitempty,omitzero"` + // netDev configures the netdev collector, which collects network device statistics. + // netDev is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is enabled. + // Turn off if you must reduce per-interface metric cardinality on hosts with many virtual interfaces. + // +optional + NetDev NodeExporterCollectorNetDevConfig `json:"netDev,omitempty,omitzero"` + // netClass configures the netclass collector, which collects information about network devices. + // netClass is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is enabled with netlink mode active. + // Use statsGatherer when sysfs vs netlink implementation matters or when matching node_exporter tuning. + // +optional + NetClass NodeExporterCollectorNetClassConfig `json:"netClass,omitempty,omitzero"` + // buddyInfo configures the buddyinfo collector, which collects statistics about memory + // fragmentation from the node_buddyinfo_blocks metric. This metric collects data from /proc/buddyinfo. + // buddyInfo is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is disabled. + // Enable when investigating kernel memory fragmentation; typically for advanced troubleshooting only. + // +optional + BuddyInfo NodeExporterCollectorBuddyInfoConfig `json:"buddyInfo,omitempty,omitzero"` + // mountStats configures the mountstats collector, which collects statistics about NFS volume + // I/O activities. + // mountStats is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is disabled. + // Enabling this collector may produce metrics with high cardinality. If you enable this + // collector, closely monitor the prometheus-k8s deployment for excessive memory usage. + // Enable when you care about per-mount NFS client statistics. + // +optional + MountStats NodeExporterCollectorMountStatsConfig `json:"mountStats,omitempty,omitzero"` + // ksmd configures the ksmd collector, which collects statistics from the kernel same-page + // merger daemon. + // ksmd is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is disabled. + // Enable on nodes where KSM is in use and you want visibility into merging activity. + // +optional + Ksmd NodeExporterCollectorKSMDConfig `json:"ksmd,omitempty,omitzero"` + // processes configures the processes collector, which collects statistics from processes and + // threads running in the system. + // processes is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is disabled. + // Enable for process/thread-level insight; can be expensive on busy nodes. + // +optional + Processes NodeExporterCollectorProcessesConfig `json:"processes,omitempty,omitzero"` + // systemd configures the systemd collector, which collects statistics on the systemd daemon + // and its managed services. + // systemd is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is disabled. + // Enabling this collector with a long list of selected units may produce metrics with high + // cardinality. If you enable this collector, closely monitor the prometheus-k8s deployment + // for excessive memory usage. + // Enable when you need metrics for specific units; scope units carefully. + // +optional + Systemd NodeExporterCollectorSystemdConfig `json:"systemd,omitempty,omitzero"` + // softirqs configures the softirqs collector, which exposes detailed softirq statistics + // from /proc/softirqs. + // softirqs is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is disabled. + // Enable when you need visibility into kernel softirq processing across CPUs. + // +optional + Softirqs NodeExporterCollectorSoftirqsConfig `json:"softirqs,omitempty,omitzero"` +} + +// NodeExporterCollectorCpufreqConfig provides configuration for the cpufreq collector +// of the node-exporter agent. The cpufreq collector collects CPU frequency statistics. +// It is disabled by default. +type NodeExporterCollectorCpufreqConfig struct { + // collectionPolicy declares whether the cpufreq collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the cpufreq collector is active and CPU frequency statistics are collected. + // When set to "DoNotCollect", the cpufreq collector is inactive. + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` +} + +// NodeExporterCollectorTcpStatConfig provides configuration for the tcpstat collector +// of the node-exporter agent. The tcpstat collector collects TCP connection statistics. +// It is disabled by default. +type NodeExporterCollectorTcpStatConfig struct { + // collectionPolicy declares whether the tcpstat collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the tcpstat collector is active and TCP connection statistics are collected. + // When set to "DoNotCollect", the tcpstat collector is inactive. + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` +} + +// NodeExporterCollectorEthtoolConfig provides configuration for the ethtool collector +// of the node-exporter agent. The ethtool collector collects ethernet device statistics. +// It is disabled by default. +type NodeExporterCollectorEthtoolConfig struct { + // collectionPolicy declares whether the ethtool collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the ethtool collector is active and ethernet device statistics are collected. + // When set to "DoNotCollect", the ethtool collector is inactive. + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` +} + +// NodeExporterCollectorNetDevConfig provides configuration for the netdev collector +// of the node-exporter agent. The netdev collector collects network device statistics +// such as bytes, packets, errors, and drops per device. +// It is enabled by default. +type NodeExporterCollectorNetDevConfig struct { + // collectionPolicy declares whether the netdev collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the netdev collector is active and network device statistics are collected. + // When set to "DoNotCollect", the netdev collector is inactive and the corresponding metrics become unavailable. + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` +} + +// NodeExporterCollectorNetClassConfig provides configuration for the netclass collector +// of the node-exporter agent. The netclass collector collects information about network devices +// such as network speed, MTU, and carrier status. +// It is enabled by default. +// When collectionPolicy is DoNotCollect, the collect field must not be set. +// +kubebuilder:validation:XValidation:rule="has(self.collectionPolicy) && self.collectionPolicy == 'Collect' ? true : !has(self.collect)",message="collect is forbidden when collectionPolicy is not Collect" +// +union +type NodeExporterCollectorNetClassConfig struct { + // collectionPolicy declares whether the netclass collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the netclass collector is active and network class information is collected. + // When set to "DoNotCollect", the netclass collector is inactive and the corresponding metrics become unavailable. + // When set to "DoNotCollect", the collect field must not be set. + // +unionDiscriminator + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` + // collect contains configuration options that apply only when the netclass collector is actively collecting metrics + // (i.e. when collectionPolicy is Collect). + // collect is optional and may be omitted even when collectionPolicy is Collect. + // collect may only be set when collectionPolicy is Collect. + // When set, at least one field must be specified within collect. + // +unionMember + // +optional + Collect NodeExporterCollectorNetClassCollectConfig `json:"collect,omitzero,omitempty"` +} + +// NodeExporterCollectorNetClassCollectConfig holds configuration options for the netclass collector +// when it is actively collecting metrics. At least one field must be specified. +// +kubebuilder:validation:MinProperties=1 +type NodeExporterCollectorNetClassCollectConfig struct { + // statsGatherer selects which implementation the netclass collector uses to gather statistics (sysfs or netlink). + // statsGatherer is optional. + // Valid values are "Sysfs" and "Netlink". + // When set to "Netlink", the netlink implementation is used; when set to "Sysfs", the sysfs implementation is used. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. The current default is Netlink. + // +optional + StatsGatherer NodeExporterNetclassStatsGatherer `json:"statsGatherer,omitempty"` +} + +// NodeExporterCollectorBuddyInfoConfig provides configuration for the buddyinfo collector +// of the node-exporter agent. The buddyinfo collector collects statistics about memory fragmentation +// from the node_buddyinfo_blocks metric using data from /proc/buddyinfo. +// It is disabled by default. +type NodeExporterCollectorBuddyInfoConfig struct { + // collectionPolicy declares whether the buddyinfo collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the buddyinfo collector is active and memory fragmentation statistics are collected. + // When set to "DoNotCollect", the buddyinfo collector is inactive. + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` +} + +// NodeExporterCollectorMountStatsConfig provides configuration for the mountstats collector +// of the node-exporter agent. The mountstats collector collects statistics about NFS volume I/O activities. +// It is disabled by default. +// Enabling this collector may produce metrics with high cardinality. If you enable this +// collector, closely monitor the prometheus-k8s deployment for excessive memory usage. +type NodeExporterCollectorMountStatsConfig struct { + // collectionPolicy declares whether the mountstats collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the mountstats collector is active and NFS volume I/O statistics are collected. + // When set to "DoNotCollect", the mountstats collector is inactive. + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` +} + +// NodeExporterCollectorKSMDConfig provides configuration for the ksmd collector +// of the node-exporter agent. The ksmd collector collects statistics from the kernel +// same-page merger daemon. +// It is disabled by default. +type NodeExporterCollectorKSMDConfig struct { + // collectionPolicy declares whether the ksmd collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the ksmd collector is active and kernel same-page merger statistics are collected. + // When set to "DoNotCollect", the ksmd collector is inactive. + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` +} + +// NodeExporterCollectorProcessesConfig provides configuration for the processes collector +// of the node-exporter agent. The processes collector collects statistics from processes and threads +// running in the system. +// It is disabled by default. +type NodeExporterCollectorProcessesConfig struct { + // collectionPolicy declares whether the processes collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the processes collector is active and process/thread statistics are collected. + // When set to "DoNotCollect", the processes collector is inactive. + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` +} + +// NodeExporterCollectorSystemdConfig provides configuration for the systemd collector +// of the node-exporter agent. The systemd collector collects statistics on the systemd daemon +// and its managed services. +// It is disabled by default. +// Enabling this collector with a long list of selected units may produce metrics with high +// cardinality. If you enable this collector, closely monitor the prometheus-k8s deployment +// for excessive memory usage. +// When collectionPolicy is DoNotCollect, the collect field must not be set. +// +kubebuilder:validation:XValidation:rule="has(self.collectionPolicy) && self.collectionPolicy == 'Collect' ? true : !has(self.collect)",message="collect is forbidden when collectionPolicy is not Collect" +// +union +type NodeExporterCollectorSystemdConfig struct { + // collectionPolicy declares whether the systemd collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the systemd collector is active and systemd unit statistics are collected. + // When set to "DoNotCollect", the systemd collector is inactive and the collect field must not be set. + // +unionDiscriminator + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` + // collect contains configuration options that apply only when the systemd collector is actively collecting metrics + // (i.e. when collectionPolicy is Collect). + // collect is optional and may be omitted even when collectionPolicy is Collect. + // collect may only be set when collectionPolicy is Collect. + // When set, at least one field must be specified within collect. + // +unionMember + // +optional + Collect NodeExporterCollectorSystemdCollectConfig `json:"collect,omitzero,omitempty"` +} + +// NodeExporterCollectorSystemdCollectConfig holds configuration options for the systemd collector +// when it is actively collecting metrics. At least one field must be specified. +// +kubebuilder:validation:MinProperties=1 +type NodeExporterCollectorSystemdCollectConfig struct { + // units is a list of regular expression patterns that match systemd units to be included + // by the systemd collector. + // units is optional. + // By default, the list is empty, so the collector exposes no metrics for systemd units. + // Each entry is a regular expression pattern and must be at least 1 character and at most 1024 characters. + // Maximum length for this list is 50. + // Minimum length for this list is 1. + // Entries in this list must be unique. + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:MinItems=1 + // +listType=set + // +optional + Units []NodeExporterSystemdUnit `json:"units,omitempty"` +} + +// NodeExporterSystemdUnit is a string that is interpreted as a Go regular expression +// pattern by the controller to match systemd unit names. +// Invalid regular expressions will cause a controller-level error at runtime. +// Must be at least 1 character and at most 1024 characters. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=1024 +type NodeExporterSystemdUnit string + +// NodeExporterCollectorSoftirqsConfig provides configuration for the softirqs collector +// of the node-exporter agent. The softirqs collector exposes detailed softirq statistics +// from /proc/softirqs. +// It is disabled by default. +type NodeExporterCollectorSoftirqsConfig struct { + // collectionPolicy declares whether the softirqs collector collects metrics. + // This field is required. + // Valid values are "Collect" and "DoNotCollect". + // When set to "Collect", the softirqs collector is active and softirq statistics are collected. + // When set to "DoNotCollect", the softirqs collector is inactive. + // +required + CollectionPolicy NodeExporterCollectorCollectionPolicy `json:"collectionPolicy,omitempty"` +} + +// MonitoringPluginConfig provides configuration options for the monitoring plugin +// that runs as a dynamic plugin of the OpenShift web console. +// The monitoring plugin provides the monitoring UI in the OpenShift web console +// for visualizing metrics, alerts, and dashboards. +// At least one field must be specified; an empty monitoringPluginConfig object is not allowed. +// +kubebuilder:validation:MinProperties=1 +type MonitoringPluginConfig struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the monitoring-plugin container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 10m + // - name: memory + // request: 50Mi + // + // When specified, resources must contain at least 1 entry and must not exceed 5 entries. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines the tolerations required for the monitoring-plugin Pods. + // This field is optional. + // + // When omitted, the monitoring-plugin Pods will not have any tolerations, which + // means they will only be scheduled on nodes with no taints. + // When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +listType=atomic + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how monitoring-plugin Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // When specified, this list must contain at least 1 entry and must not exceed 10 entries. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` } // UserDefinedMonitoring config for user-defined projects. @@ -141,12 +802,43 @@ type AlertmanagerConfig struct { CustomConfig AlertmanagerCustomConfig `json:"customConfig,omitempty,omitzero"` } +// UserAlertmanagerConfigSelection controls whether the platform Alertmanager selects +// AlertmanagerConfig resources from user-defined namespaces. +// +enum +type UserAlertmanagerConfigSelection string + +const ( + // UserAlertmanagerConfigSelectionSelectable enables user-defined namespaces to be selected + // for AlertmanagerConfig lookups on the platform Alertmanager. + UserAlertmanagerConfigSelectionSelectable UserAlertmanagerConfigSelection = "Selectable" + // UserAlertmanagerConfigSelectionNone disables user-defined namespaces from being selected + // for AlertmanagerConfig lookups on the platform Alertmanager. + UserAlertmanagerConfigSelectionNone UserAlertmanagerConfigSelection = "None" +) + // AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. // alertmanagerCustomConfig provides configuration options for the default Alertmanager instance // that runs in the `openshift-monitoring` namespace. Use this configuration to control -// whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled. +// whether user-defined namespaces are selected for AlertmanagerConfig lookups, how it logs, +// and how its pods are scheduled. // +kubebuilder:validation:MinProperties=1 type AlertmanagerCustomConfig struct { + // userAlertmanagerConfigSelection is an optional field that controls whether user-defined + // namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager + // instance in the `openshift-monitoring` namespace. + // Valid values are Selectable and None. + // When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources + // in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in + // the cluster-monitoring-config ConfigMap. + // When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups + // on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` + // in the cluster-monitoring-config ConfigMap. + // This setting only applies when the user-workload monitoring Alertmanager is not enabled. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `None`. + // +optional + // +kubebuilder:validation:Enum=Selectable;None + UserAlertmanagerConfigSelection UserAlertmanagerConfigSelection `json:"userAlertmanagerConfigSelection,omitempty"` // logLevel defines the verbosity of logs emitted by Alertmanager. // This field allows users to control the amount and severity of logs generated, which can be useful // for debugging issues or reducing noise in production environments. @@ -183,12 +875,13 @@ type AlertmanagerCustomConfig struct { // - name: memory // request: 40Mi // limit: null - // Maximum length for this list is 10. + // Maximum length for this list is 5. // Minimum length for this list is 1. + // Each resource name must be unique within this list. // +optional // +listType=map // +listMapKey=name - // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MaxItems=5 // +kubebuilder:validation:MinItems=1 Resources []ContainerResource `json:"resources,omitempty"` // secrets defines a list of secrets that need to be mounted into the Alertmanager. @@ -204,28 +897,1535 @@ type AlertmanagerCustomConfig struct { // - Store any other authentication credentials needed by your alert receivers // // This field is optional. - // Maximum length for this list is 10. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries in this list must be unique. + // +optional + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=set + Secrets []SecretName `json:"secrets,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + // configure the persistent volume claim, including storage class and volume size. + // If omitted, the Pod uses ephemeral storage and alert data will not persist + // across restarts. + // +optional + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty,omitzero"` +} + +// AlertManagerDeployMode defines the deployment state of the platform Alertmanager instance. +// +// Possible values: +// - "Disabled": The Alertmanager instance will not be deployed. +// - "DefaultConfig": The Alertmanager instance will be deployed with default settings. +// - "CustomConfig": The Alertmanager instance will be deployed with custom configuration. +// +kubebuilder:validation:Enum=Disabled;DefaultConfig;CustomConfig +type AlertManagerDeployMode string + +const ( + // AlertManagerModeDisabled means the Alertmanager instance will not be deployed. + AlertManagerDeployModeDisabled AlertManagerDeployMode = "Disabled" + // AlertManagerModeDefaultConfig means the Alertmanager instance will be deployed with default settings. + AlertManagerDeployModeDefaultConfig AlertManagerDeployMode = "DefaultConfig" + // AlertManagerModeCustomConfig means the Alertmanager instance will be deployed with custom configuration. + AlertManagerDeployModeCustomConfig AlertManagerDeployMode = "CustomConfig" +) + +// LogLevel defines the verbosity of logs emitted by Alertmanager. +// Valid values are Error, Warn, Info and Debug. +// +kubebuilder:validation:Enum=Error;Warn;Info;Debug +type LogLevel string + +const ( + // LogLevelError only errors will be logged. + LogLevelError LogLevel = "Error" + // LogLevelWarn, both warnings and errors will be logged. + LogLevelWarn LogLevel = "Warn" + // LogLevelInfo, general information, warnings, and errors will all be logged. + LogLevelInfo LogLevel = "Info" + // LogLevelDebug, detailed debugging information will be logged. + LogLevelDebug LogLevel = "Debug" +) + +// MaxItems on []ContainerResource fields is kept at 5 to stay within the +// Kubernetes CRD CEL validation cost budget (StaticEstimatedCRDCostLimit). +// The quantity() CEL function has a high fixed estimated cost per invocation, +// and the limit-vs-request comparison rule is costed per maxItems per location. +// With multiple structs in ClusterMonitoringSpec embedding []ContainerResource, +// maxItems > 5 causes the total estimated rule cost to exceed the budget. + +// ContainerResource defines a single resource requirement for a container. +// +kubebuilder:validation:XValidation:rule="has(self.request) || has(self.limit)",message="at least one of request or limit must be set" +// +kubebuilder:validation:XValidation:rule="!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) >= 0",message="limit must be greater than or equal to request" +type ContainerResource struct { + // name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + // This field is required. + // name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.qualifiedName().validate(self).hasValue()",message="name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character" + Name string `json:"name,omitempty"` + + // request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + // This field is optional. + // When limit is specified, request cannot be greater than limit. + // The value must be greater than 0 when specified. + // +optional + // +kubebuilder:validation:XIntOrString + // +kubebuilder:validation:MaxLength=20 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="quantity(self).isGreaterThan(quantity('0'))",message="request must be a positive, non-zero quantity" + Request resource.Quantity `json:"request,omitempty"` + + // limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + // This field is optional. + // When request is specified, limit cannot be less than request. + // The value must be greater than 0 when specified. + // +optional + // +kubebuilder:validation:XIntOrString + // +kubebuilder:validation:MaxLength=20 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="quantity(self).isGreaterThan(quantity('0'))",message="limit must be a positive, non-zero quantity" + Limit resource.Quantity `json:"limit,omitempty"` +} + +// SecretName is a type that represents the name of a Secret in the same namespace. +// It must be at most 253 characters in length. +// +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." +// +kubebuilder:validation:MaxLength=63 +type SecretName string + +// MetricsServerConfig provides configuration options for the Metrics Server instance +// that runs in the `openshift-monitoring` namespace. Use this configuration to control +// how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled. +// +kubebuilder:validation:MinProperties=1 +type MetricsServerConfig struct { + // audit defines the audit configuration used by the Metrics Server instance. + // audit is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + //The current default sets audit.profile to Metadata + // +optional + Audit Audit `json:"audit,omitempty,omitzero"` + // nodeSelector defines the nodes on which the Pods are scheduled + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // verbosity defines the verbosity of log messages for Metrics Server. + // Valid values are Errors, Info, Trace, TraceAll and omitted. + // When set to Errors, only critical messages and errors are logged. + // When set to Info, only basic information messages are logged. + // When set to Trace, information useful for general debugging is logged. + // When set to TraceAll, detailed information about metric scraping is logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Errors` + // +optional + Verbosity VerbosityLevel `json:"verbosity,omitempty,omitzero"` + // resources defines the compute resource requests and limits for the Metrics Server container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance +// Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled. +// +kubebuilder:validation:MinProperties=1 +type PrometheusOperatorConfig struct { + // logLevel defines the verbosity of logs emitted by Prometheus Operator. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + // +optional + LogLevel LogLevel `json:"logLevel,omitempty"` + // nodeSelector defines the nodes on which the Pods are scheduled + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the Prometheus Operator container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook +// component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission +// webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, +// and converts AlertmanagerConfig objects between API versions. +// +kubebuilder:validation:MinProperties=1 +type PrometheusOperatorAdmissionWebhookConfig struct { + // resources defines the compute resource requests and limits for the + // prometheus-operator-admission-webhook container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 5m + // limit: null + // - name: memory + // request: 30Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // topologySpreadConstraints defines rules for how admission webhook Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// PrometheusConfig provides configuration options for the Prometheus instance. +// Use this configuration to control +// Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations. +// +kubebuilder:validation:MinProperties=1 +type PrometheusConfig struct { + // additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + // the Prometheus component. This is useful for organizations that need to: + // - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + // - Route different types of alerts to different teams or systems + // - Integrate with existing enterprise alerting infrastructure + // - Maintain separate alert routing for compliance or organizational requirements + // When omitted, no additional Alertmanager instances are configured (default behavior). + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + AdditionalAlertmanagerConfigs []AdditionalAlertmanagerConfig `json:"additionalAlertmanagerConfigs,omitempty"` + // enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + // If a scraped target's body response is larger than the limit, the scrape will fail. + // This helps protect Prometheus from targets that return excessively large responses. + // The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + // When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + // limit based on cluster capacity. Set an explicit value to override the automatic calculation. + // Minimum value is 10240 (10kB). + // Maximum value is 1073741824 (1GB). + // +kubebuilder:validation:Minimum=10240 + // +kubebuilder:validation:Maximum=1073741824 + // +optional + EnforcedBodySizeLimitBytes int64 `json:"enforcedBodySizeLimitBytes,omitempty"` + // externalLabels defines labels to be attached to time series and alerts + // when communicating with external systems such as federation, remote storage, + // and Alertmanager. These labels are not stored with metrics on disk; they are + // only added when data leaves Prometheus (e.g., during federation queries, + // remote write, or alert notifications). + // At least 1 label must be specified when set, with a maximum of 50 labels allowed. + // Each label key must be unique within this list. + // When omitted, no external labels are applied. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=50 + // +listType=map + // +listMapKey=key + ExternalLabels []Label `json:"externalLabels,omitempty"` + // logLevel defines the verbosity of logs emitted by Prometheus. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + // +optional + LogLevel LogLevel `json:"logLevel,omitempty"` + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + // and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // queryLogFile specifies the file to which PromQL queries are logged. + // This setting can be either a filename, in which + // case the queries are saved to an `emptyDir` volume + // at `/var/log/prometheus`, or a full path to a location where + // an `emptyDir` volume will be mounted and the queries saved. + // Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + // writing to any other `/dev/` path is not supported. Relative paths are + // also not supported. + // By default, PromQL queries are not logged. + // Must be an absolute path starting with `/` or a simple filename without path separators. + // Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + // Must contain only alphanumeric characters, '.', '_', '-', or '/'. + // Must be between 1 and 255 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._/-]+$')",message="must contain only alphanumeric characters, '.', '_', '-', or '/'" + // +kubebuilder:validation:XValidation:rule="self.startsWith('/') || !self.contains('/')",message="must be an absolute path starting with '/' or a simple filename without '/'" + // +kubebuilder:validation:XValidation:rule="!self.startsWith('/dev/') || self in ['/dev/stdout', '/dev/stderr', '/dev/null']",message="only /dev/stdout, /dev/stderr, and /dev/null are allowed as /dev/ paths" + // +kubebuilder:validation:XValidation:rule="!self.contains('//') && !self.endsWith('/') && !self.contains('..')",message="must not contain '//', end with '/', or contain '..'" + QueryLogFile string `json:"queryLogFile,omitempty"` + // remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + // Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + // When omitted, no remote write endpoints are configured. + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + // +optional + RemoteWrite []RemoteWriteSpec `json:"remoteWrite,omitempty"` + // resources defines the compute resource requests and limits for the Prometheus container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // retention configures how long Prometheus retains metrics data and how much storage it can use. + // When omitted, the platform chooses reasonable defaults (currently 15d retention, no size limit). + // +optional + Retention Retention `json:"retention,omitempty,omitzero"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10 + // Minimum length for this list is 1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1 + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // collectionProfile defines the metrics collection profile that Prometheus uses to collect + // metrics from the platform components. Supported values are `Full` or + // `Minimal`. In the `Full` profile (default), Prometheus collects all + // metrics that are exposed by the platform components. In the `Minimal` + // profile, Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is `Full`. + // +optional + CollectionProfile CollectionProfile `json:"collectionProfile,omitempty"` + // volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + // configure the persistent volume claim, including storage class and volume size. + // If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + // across restarts. + // +optional + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty,omitzero"` +} + +// AlertmanagerScheme defines the URL scheme to use when communicating with Alertmanager instances. +// +kubebuilder:validation:Enum=HTTP;HTTPS +type AlertmanagerScheme string + +const ( + AlertmanagerSchemeHTTP AlertmanagerScheme = "HTTP" + AlertmanagerSchemeHTTPS AlertmanagerScheme = "HTTPS" +) + +// AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. +// The `AdditionalAlertmanagerConfig` resource defines settings for how a +// component communicates with additional Alertmanager instances. +type AdditionalAlertmanagerConfig struct { + // name is a unique identifier for this Alertmanager configuration entry. + // The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + // hyphens, or periods, and must start and end with an alphanumeric character. + // Minimum length is 1 character (empty string is invalid). + // Maximum length is 253 characters. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +required + Name string `json:"name,omitempty"` + // authorization configures the authentication method for Alertmanager connections. + // Supports bearer token authentication. When omitted, no authentication is used. + // +optional + Authorization AuthorizationConfig `json:"authorization,omitempty,omitzero"` + // pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + // For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + // set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + // This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + // When no prefix is needed, omit this field; do not set it to "/" as that would produce paths with double slashes (e.g. "//api/v1/alerts"). + // Must start with "/", must not end with "/", and must not be exactly "/". + // Must not contain query strings ("?") or fragments ("#"). + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:MinLength=2 + // +kubebuilder:validation:XValidation:rule="self.startsWith('/')",message="pathPrefix must start with '/'" + // +kubebuilder:validation:XValidation:rule="!self.endsWith('/')",message="pathPrefix must not end with '/'" + // +kubebuilder:validation:XValidation:rule="self != '/'",message="pathPrefix must not be '/' (would produce double slashes in request path); omit for no prefix" + // +kubebuilder:validation:XValidation:rule="!self.contains('?') && !self.contains('#')",message="pathPrefix must not contain '?' or '#'" + // +optional + PathPrefix string `json:"pathPrefix,omitempty"` + // scheme defines the URL scheme to use when communicating with Alertmanager + // instances. + // Possible values are `HTTP` or `HTTPS`. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `HTTP`. + // +optional + Scheme AlertmanagerScheme `json:"scheme,omitempty"` + // staticConfigs is a list of statically configured Alertmanager endpoints in the form + // of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + // (in brackets) followed by a colon and a valid port number (1-65535). + // Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + // At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + // Each entry must be unique and non-empty (empty string is invalid). + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=255 + // +kubebuilder:validation:items:XValidation:rule="isURL('http://' + self) && size(url('http://' + self).getHostname()) > 0 && size(url('http://' + self).getPort()) > 0 && int(url('http://' + self).getPort()) >= 1 && int(url('http://' + self).getPort()) <= 65535",message="must be a valid 'host:port' where host is a DNS name, IPv4, or IPv6 address (in brackets), and port is 1-65535" + // +listType=set + // +required + StaticConfigs []string `json:"staticConfigs,omitempty"` + // timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Currently the default is 10 seconds. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + // +optional + TimeoutSeconds int32 `json:"timeoutSeconds,omitempty"` + // tlsConfig defines the TLS settings to use for Alertmanager connections. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` +} + +// Label represents a key/value pair for external labels. +type Label struct { + // key is the name of the label. + // Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Key string `json:"key,omitempty"` + // value is the value of the label. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Value string `json:"value,omitempty"` +} + +// RemoteWriteSpec represents configuration for remote write endpoints. +type RemoteWriteSpec struct { + // url is the URL of the remote write endpoint. + // Must be a valid URL with http or https scheme and a non-empty hostname. + // Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. + // Empty string is invalid. Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getScheme() == 'http' || url(self).getScheme() == 'https'",message="must use http or https scheme" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || size(url(self).getHostname()) > 0",message="must have a non-empty hostname" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getQuery().size() == 0",message="query parameters are not allowed" + // +kubebuilder:validation:XValidation:rule="!self.matches('.*#.*')",message="fragments are not allowed" + // +kubebuilder:validation:XValidation:rule="!self.matches('.*@.*')",message="user information (e.g. user:password@host) is not allowed" + URL string `json:"url,omitempty"` + // name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). + // This name is used in metrics and logging to differentiate remote write queues. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + // authorization defines the authorization method for the remote write endpoint. + // When omitted, no authorization is performed. + // When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). + // +optional + AuthorizationConfig RemoteWriteAuthorization `json:"authorization,omitzero"` + // headers specifies the custom HTTP headers to be sent along with each remote write request. + // Sending custom headers makes the configuration of a proxy in between optional and helps the + // receiver recognize the given source better. + // Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure + // them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. + // When omitted, no custom headers are sent. + // Maximum of 50 headers can be specified. Each header name must be unique. + // Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:items:XValidation:rule="self.name.matches('^[a-zA-Z0-9_-]+$')",message="header name must contain only alphanumeric characters, hyphens, and underscores" + // +kubebuilder:validation:items:XValidation:rule="!self.name.matches('(?i)^(host|authorization|content-encoding|content-type|x-prometheus-remote-write-version|user-agent|connection|keep-alive|proxy-authenticate|proxy-authorization|www-authenticate)$')",message="header name must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate)" + // +listType=map + // +listMapKey=name + Headers []PrometheusRemoteWriteHeader `json:"headers,omitempty"` + // metadataConfig configures the sending of series metadata to remote storage. + // When omitted, no metadata is sent. + // When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + // When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds). + // +optional + MetadataConfig MetadataConfig `json:"metadataConfig,omitempty,omitzero"` + // proxyUrl defines an optional proxy URL. + // If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + // The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + // When omitted, no proxy is used. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +optional + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https')",message="must be a valid URL with http or https scheme" + ProxyURL string `json:"proxyUrl,omitempty"` + // queueConfig allows tuning configuration for remote write queue parameters. + // When omitted, default queue configuration is used. + // +optional + QueueConfig QueueConfig `json:"queueConfig,omitempty,omitzero"` + // remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + RemoteTimeoutSeconds int32 `json:"remoteTimeoutSeconds,omitempty"` + // exemplarsMode controls whether exemplars are sent via remote write. + // Valid values are "Send", "DoNotSend" and omitted. + // When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + // Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + // When omitted or set to "DoNotSend", exemplars are not sent. + // +optional + ExemplarsMode ExemplarsMode `json:"exemplarsMode,omitempty"` + // tlsConfig defines TLS authentication settings for the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` + // writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + // When omitted, no relabeling is performed and all metrics are sent as-is. + // Minimum of 1 and maximum of 10 relabeling rules can be specified. + // Each rule must have a unique name. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + WriteRelabelConfigs []RelabelConfig `json:"writeRelabelConfigs,omitempty"` +} + +// PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. +// The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). +// Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. +// Validation is enforced on the Headers field in RemoteWriteSpec. +type PrometheusRemoteWriteHeader struct { + // name is the HTTP header name. Must not be a reserved header (see type documentation). + // Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name,omitempty"` + // value is the HTTP header value. Must be at most 4096 characters. + // +required + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=4096 + Value *string `json:"value,omitempty"` +} + +// BasicAuth defines basic authentication settings for the remote write endpoint URL. +type BasicAuth struct { + // username defines the secret reference containing the username for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + // +required + Username SecretKeySelector `json:"username,omitzero,omitempty"` + // password defines the secret reference containing the password for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + // +required + Password SecretKeySelector `json:"password,omitzero,omitempty"` +} + +// RemoteWriteAuthorizationType defines the authorization method for remote write endpoints. +// +kubebuilder:validation:Enum=BearerToken;BasicAuth;OAuth2;SigV4;SafeAuthorization;ServiceAccount +type RemoteWriteAuthorizationType string + +const ( + // RemoteWriteAuthorizationTypeBearerToken indicates bearer token from a secret. + RemoteWriteAuthorizationTypeBearerToken RemoteWriteAuthorizationType = "BearerToken" + // RemoteWriteAuthorizationTypeBasicAuth indicates HTTP basic authentication. + RemoteWriteAuthorizationTypeBasicAuth RemoteWriteAuthorizationType = "BasicAuth" + // RemoteWriteAuthorizationTypeOAuth2 indicates OAuth2 client credentials. + RemoteWriteAuthorizationTypeOAuth2 RemoteWriteAuthorizationType = "OAuth2" + // RemoteWriteAuthorizationTypeSigV4 indicates AWS Signature Version 4. + RemoteWriteAuthorizationTypeSigV4 RemoteWriteAuthorizationType = "SigV4" + // RemoteWriteAuthorizationTypeSafeAuthorization indicates authorization from a secret (Prometheus SafeAuthorization pattern). + // The secret key contains the credentials (e.g. a Bearer token). Use the safeAuthorization field. + RemoteWriteAuthorizationTypeSafeAuthorization RemoteWriteAuthorizationType = "SafeAuthorization" + // RemoteWriteAuthorizationTypeServiceAccount indicates use of the pod's service account token for machine identity. + // No additional field is required; the operator configures the token path. + RemoteWriteAuthorizationTypeServiceAccount RemoteWriteAuthorizationType = "ServiceAccount" +) + +// RemoteWriteAuthorization defines the authorization method for a remote write endpoint. +// Exactly one of the nested configs must be set according to the type discriminator. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BasicAuth' ? has(self.basicAuth) : !has(self.basicAuth)",message="basicAuth is required when type is BasicAuth, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'OAuth2' ? has(self.oauth2) : !has(self.oauth2)",message="oauth2 is required when type is OAuth2, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'SigV4' ? has(self.sigv4) : !has(self.sigv4)",message="sigv4 is required when type is SigV4, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'SafeAuthorization' ? has(self.safeAuthorization) : !has(self.safeAuthorization)",message="safeAuthorization is required when type is SafeAuthorization, and forbidden otherwise" +// +union +type RemoteWriteAuthorization struct { + // type specifies the authorization method to use. + // Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount. + // + // When set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field. + // + // When set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set. + // + // When set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set. + // + // When set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set. + // + // When set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field. + // + // When set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path. + // +unionDiscriminator + // +required + Type RemoteWriteAuthorizationType `json:"type,omitempty"` + // safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). + // Required when type is "SafeAuthorization", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace. + // +unionMember + // +optional + SafeAuthorization *v1.SecretKeySelector `json:"safeAuthorization,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + // +unionMember + // +optional + BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` + // basicAuth defines HTTP basic authentication credentials. + // Required when type is "BasicAuth", and forbidden otherwise. + // +unionMember + // +optional + BasicAuth BasicAuth `json:"basicAuth,omitempty,omitzero"` + // oauth2 defines OAuth2 client credentials authentication. + // Required when type is "OAuth2", and forbidden otherwise. + // +unionMember + // +optional + OAuth2 OAuth2 `json:"oauth2,omitempty,omitzero"` + // sigv4 defines AWS Signature Version 4 authentication. + // Required when type is "SigV4", and forbidden otherwise. + // +unionMember + // +optional + Sigv4 Sigv4 `json:"sigv4,omitempty,omitzero"` +} + +// MetadataConfigSendPolicy defines whether to send metadata with platform defaults or with custom settings. +// +kubebuilder:validation:Enum=Default;Custom +type MetadataConfigSendPolicy string + +const ( + // MetadataConfigSendPolicyDefault indicates metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + MetadataConfigSendPolicyDefault MetadataConfigSendPolicy = "Default" + // MetadataConfigSendPolicyCustom indicates metadata is sent using the settings in the custom field. + MetadataConfigSendPolicyCustom MetadataConfigSendPolicy = "Custom" +) + +// MetadataConfig defines whether and how to send series metadata to remote write storage. +// +kubebuilder:validation:XValidation:rule="self.sendPolicy == 'Default' ? self.custom.sendIntervalSeconds == 0 : true",message="custom is forbidden when sendPolicy is Default" +type MetadataConfig struct { + // sendPolicy specifies whether to send metadata and how it is configured. + // Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). + // Custom: send metadata using the settings in the custom field. + // +required + SendPolicy MetadataConfigSendPolicy `json:"sendPolicy,omitempty"` + // custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default. + // +optional + Custom MetadataConfigCustom `json:"custom,omitempty,omitzero"` +} + +// MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. +// At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds). +// +kubebuilder:validation:MinProperties=1 +type MetadataConfigCustom struct { + // sendIntervalSeconds is the interval in seconds at which metadata is sent. + // When omitted, the platform chooses a reasonable default (e.g. 30 seconds). + // Minimum value is 1 second. Maximum value is 86400 seconds (24 hours). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=86400 + SendIntervalSeconds int32 `json:"sendIntervalSeconds,omitempty"` +} + +// OAuth2 defines OAuth2 authentication settings for the remote write endpoint. +type OAuth2 struct { + // clientId defines the secret reference containing the OAuth2 client ID. + // The secret must exist in the openshift-monitoring namespace. + // +required + ClientID SecretKeySelector `json:"clientId,omitzero,omitempty"` + // clientSecret defines the secret reference containing the OAuth2 client secret. + // The secret must exist in the openshift-monitoring namespace. + // +required + ClientSecret SecretKeySelector `json:"clientSecret,omitzero,omitempty"` + // tokenUrl is the URL to fetch the token from. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getScheme() == 'http' || url(self).getScheme() == 'https'",message="must use http or https scheme" + TokenURL string `json:"tokenUrl,omitempty"` + // scopes is a list of OAuth2 scopes to request. + // When omitted, no scopes are requested. + // Maximum of 20 scopes can be specified. + // Each scope must be between 1 and 256 characters. + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + // +listType=atomic + Scopes []string `json:"scopes,omitempty"` + // endpointParams defines additional parameters to append to the token URL. + // When omitted, no additional parameters are sent. + // Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key). + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=20 + // +listType=map + // +listMapKey=name + EndpointParams []OAuth2EndpointParam `json:"endpointParams,omitempty"` +} + +// OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL. +type OAuth2EndpointParam struct { + // name is the parameter name. Must be between 1 and 256 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name,omitempty"` + // value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). + // When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the + // external system expects a parameter with an empty value (e.g. ?parameter=""). + // Must be between 0 and 2048 characters when present (aligned with common URL length recommendations). + // +optional + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=2048 + Value *string `json:"value,omitempty"` +} + +// QueueConfig allows tuning configuration for remote write queue parameters. +// Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429. +// +kubebuilder:validation:MinProperties=1 +type QueueConfig struct { + // capacity is the number of samples to buffer per shard before we start dropping them. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 10000. + // Minimum value is 1. + // Maximum value is 1000000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1000000 + Capacity int32 `json:"capacity,omitempty"` + // maxShards is the maximum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 200. + // Minimum value is 1. + // Maximum value is 10000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=10000 + MaxShards int32 `json:"maxShards,omitempty"` + // minShards is the minimum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1. + // Minimum value is 1. + // Maximum value is 10000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=10000 + MinShards int32 `json:"minShards,omitempty"` + // maxSamplesPerSend is the maximum number of samples per send. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1000. + // Minimum value is 1. + // Maximum value is 100000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=100000 + MaxSamplesPerSend int32 `json:"maxSamplesPerSend,omitempty"` + // batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 3600 seconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600 + BatchSendDeadlineSeconds int32 `json:"batchSendDeadlineSeconds,omitempty"` + // minBackoffMilliseconds is the minimum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600000 + MinBackoffMilliseconds int32 `json:"minBackoffMilliseconds,omitempty"` + // maxBackoffMilliseconds is the maximum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600000 + MaxBackoffMilliseconds int32 `json:"maxBackoffMilliseconds,omitempty"` + // rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + // When omitted, no retries are performed on rate limit responses. + // When set to "Retry", Prometheus will retry such requests using the backoff settings above. + // Valid value when set is "Retry". + // +optional + RateLimitedAction RateLimitedAction `json:"rateLimitedAction,omitempty"` +} + +// Sigv4 defines AWS Signature Version 4 authentication settings. +// At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication. +// +kubebuilder:validation:MinProperties=1 +type Sigv4 struct { + // region is the AWS region. + // When omitted, the region is derived from the environment or instance metadata. + // Must be between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Region string `json:"region,omitempty"` + // accessKey defines the secret reference containing the AWS access key ID. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the access key is derived from the environment or instance metadata. + // +optional + AccessKey SecretKeySelector `json:"accessKey,omitempty,omitzero"` + // secretKey defines the secret reference containing the AWS secret access key. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the secret key is derived from the environment or instance metadata. + // +optional + SecretKey SecretKeySelector `json:"secretKey,omitempty,omitzero"` + // profile is the named AWS profile used to authenticate. + // When omitted, the default profile is used. + // Must be between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Profile string `json:"profile,omitempty"` + // roleArn is the AWS Role ARN, an alternative to using AWS API keys. + // When omitted, API keys are used for authentication. + // Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + // Must be between 1 and 512 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=512 + // +kubebuilder:validation:XValidation:rule=`self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$')`,message="must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole)" + RoleArn string `json:"roleArn,omitempty"` +} + +// RelabelConfig represents a relabeling rule. +type RelabelConfig struct { + // name is a unique identifier for this relabel configuration. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + + // sourceLabels specifies which label names to extract from each series for this relabeling rule. + // The values of these labels are joined together using the configured separator, + // and the resulting string is then matched against the regular expression. + // If a referenced label does not exist on a series, Prometheus substitutes an empty string. + // When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + // Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + // Each entry must be unique. + // Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + // Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. + // While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + // ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=128 + // +kubebuilder:validation:items:XValidation:rule="!self.startsWith('__')",message="label names beginning with '__' (two underscores) are reserved for internal Prometheus use and are not allowed" + // +listType=set + SourceLabels []string `json:"sourceLabels,omitempty"` + + // separator is the character sequence used to join source label values. + // Common examples: ";", ",", "::", "|||". + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is ";". + // Must be between 1 and 5 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=5 + Separator string `json:"separator,omitempty"` + + // regex is the regular expression to match against the concatenated source label values. + // Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "(.*)" to match everything. + // Must be between 1 and 1000 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1000 + Regex string `json:"regex,omitempty"` + + // action defines the action to perform on the matched labels and its configuration. + // Exactly one action-specific configuration must be specified based on the action type. + // +required + Action RelabelActionConfig `json:"action,omitzero"` +} + +// RelabelActionConfig represents the action to perform and its configuration. +// Exactly one action-specific configuration must be specified based on the action type. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Replace' ? has(self.replace) : !has(self.replace)",message="replace is required when type is Replace, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'HashMod' ? has(self.hashMod) : !has(self.hashMod)",message="hashMod is required when type is HashMod, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Lowercase' ? has(self.lowercase) : !has(self.lowercase)",message="lowercase is required when type is Lowercase, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uppercase' ? has(self.uppercase) : !has(self.uppercase)",message="uppercase is required when type is Uppercase, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KeepEqual' ? has(self.keepEqual) : !has(self.keepEqual)",message="keepEqual is required when type is KeepEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'DropEqual' ? has(self.dropEqual) : !has(self.dropEqual)",message="dropEqual is required when type is DropEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'LabelMap' ? has(self.labelMap) : !has(self.labelMap)",message="labelMap is required when type is LabelMap, and forbidden otherwise" +// +union +type RelabelActionConfig struct { + // type specifies the action to perform on the matched labels. + // Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep. + // + // When set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + // + // When set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0. + // + // When set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0. + // + // When set to Keep, targets for which regex does not match the concatenated source_labels are dropped. + // + // When set to Drop, targets for which regex matches the concatenated source_labels are dropped. + // + // When set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels. + // + // When set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted. + // + // When set to LabelDrop, regex is matched against all label names; any label that matches is removed. + // + // When set to LabelKeep, regex is matched against all label names; any label that does not match is removed. + // +required + // +unionDiscriminator + Type RelabelAction `json:"type,omitempty"` + + // replace configures the Replace action. + // Required when type is Replace, and forbidden otherwise. + // +unionMember + // +optional + Replace ReplaceActionConfig `json:"replace,omitempty,omitzero"` + + // hashMod configures the HashMod action. + // Required when type is HashMod, and forbidden otherwise. + // +unionMember + // +optional + HashMod HashModActionConfig `json:"hashMod,omitempty,omitzero"` + + // labelMap configures the LabelMap action. + // Required when type is LabelMap, and forbidden otherwise. + // +unionMember + // +optional + LabelMap LabelMapActionConfig `json:"labelMap,omitempty,omitzero"` + + // lowercase configures the Lowercase action. + // Required when type is Lowercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + // +unionMember + // +optional + Lowercase LowercaseActionConfig `json:"lowercase,omitempty,omitzero"` + + // uppercase configures the Uppercase action. + // Required when type is Uppercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + // +unionMember + // +optional + Uppercase UppercaseActionConfig `json:"uppercase,omitempty,omitzero"` + + // keepEqual configures the KeepEqual action. + // Required when type is KeepEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + // +unionMember + // +optional + KeepEqual KeepEqualActionConfig `json:"keepEqual,omitempty,omitzero"` + + // dropEqual configures the DropEqual action. + // Required when type is DropEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + // +unionMember + // +optional + DropEqual DropEqualActionConfig `json:"dropEqual,omitempty,omitzero"` +} + +// ReplaceActionConfig configures the Replace action. +// Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match. +type ReplaceActionConfig struct { + // targetLabel is the label name where the replacement result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` + + // replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. + // Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. Use an empty string ("") to explicitly clear the target label value. + // Must be between 0 and 255 characters in length. + // +required + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=255 + Replacement *string `json:"replacement,omitempty"` +} + +// HashModActionConfig configures the HashMod action. +// target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus). +type HashModActionConfig struct { + // targetLabel is the label name where the hash modulus result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` + + // modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). + // Required when using the HashMod action so the intended behavior is explicit. + // Must be between 1 and 1000000. + // +required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1000000 + Modulus int64 `json:"modulus,omitempty"` +} + +// LowercaseActionConfig configures the Lowercase action. +// Maps the concatenated source_labels to their lower case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type LowercaseActionConfig struct { + // targetLabel is the label name where the lower-cased value is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// UppercaseActionConfig configures the Uppercase action. +// Maps the concatenated source_labels to their upper case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type UppercaseActionConfig struct { + // targetLabel is the label name where the upper-cased value is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// KeepEqualActionConfig configures the KeepEqual action. +// Drops targets for which the concatenated source_labels do not match the value of target_label. +// Requires Prometheus >= v2.41.0. +type KeepEqualActionConfig struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// DropEqualActionConfig configures the DropEqual action. +// Drops targets for which the concatenated source_labels do match the value of target_label. +// Requires Prometheus >= v2.41.0. +type DropEqualActionConfig struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// LabelMapActionConfig configures the LabelMap action. +// Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted. +type LabelMapActionConfig struct { + // replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. + // Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. + // Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + Replacement string `json:"replacement,omitempty"` +} + +// TLSConfig represents TLS configuration for Alertmanager connections. +// At least one TLS configuration option must be specified. +// For mutual TLS (mTLS), both cert and key must be specified together, or both omitted. +// +kubebuilder:validation:MinProperties=1 +// +kubebuilder:validation:XValidation:rule="(has(self.cert) && has(self.key)) || (!has(self.cert) && !has(self.key))",message="cert and key must both be specified together for mutual TLS, or both be omitted" +type TLSConfig struct { + // ca is an optional CA certificate to use for TLS connections. + // When omitted, the system's default CA bundle is used. + // +optional + CA SecretKeySelector `json:"ca,omitempty,omitzero"` + // cert is an optional client certificate to use for mutual TLS connections. + // When omitted, no client certificate is presented. + // +optional + Cert SecretKeySelector `json:"cert,omitempty,omitzero"` + // key is an optional client key to use for mutual TLS connections. + // When omitted, no client key is used. + // +optional + Key SecretKeySelector `json:"key,omitempty,omitzero"` + // serverName is an optional server name to use for TLS connections. + // When specified, must be a valid DNS subdomain as per RFC 1123. + // When omitted, the server name is derived from the URL. + // Must be between 1 and 253 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid DNS subdomain (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + ServerName string `json:"serverName,omitempty"` + // certificateVerification determines the policy for TLS certificate verification. + // Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "Verify". + // +optional + CertificateVerification CertificateVerificationType `json:"certificateVerification,omitempty"` +} + +// CertificateVerificationType defines the TLS certificate verification policy. +// +kubebuilder:validation:Enum=Verify;SkipVerify +type CertificateVerificationType string + +const ( + // CertificateVerificationVerify performs certificate verification (secure, recommended). + CertificateVerificationVerify CertificateVerificationType = "Verify" + // CertificateVerificationSkipVerify skips certificate verification (insecure, use with caution). + CertificateVerificationSkipVerify CertificateVerificationType = "SkipVerify" +) + +// AuthorizationType defines the type of authentication to use. +// +kubebuilder:validation:Enum=BearerToken +type AuthorizationType string + +const ( + // AuthorizationTypeBearerToken indicates bearer token authentication. + AuthorizationTypeBearerToken AuthorizationType = "BearerToken" +) + +// AuthorizationConfig defines the authentication method for Alertmanager connections. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken" +// +union +type AuthorizationConfig struct { + // type specifies the authentication type to use. + // Valid value is "BearerToken" (bearer token authentication). + // When set to BearerToken, the bearerToken field must be specified. + // +unionDiscriminator + // +required + Type AuthorizationType `json:"type,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + // The secret must exist in the openshift-monitoring namespace. + // +optional + BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` +} + +// SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace. +// +structType=atomic +type SecretKeySelector struct { + // name is the name of the secret in the `openshift-monitoring` namespace to select from. + // Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid secret name (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + Name string `json:"name,omitempty"` + // key is the key of the secret to select from. + // Must consist of alphanumeric characters, '-', '_', or '.'. + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="must contain only alphanumeric characters, '-', '_', or '.'" + Key string `json:"key,omitempty"` +} + +// Retention configures how long Prometheus retains metrics data and how much storage it can use. +// +kubebuilder:validation:MinProperties=1 +type Retention struct { + // TOMBSTONE: This field has been tombstoned in favor of the `duration` field. This tombstone will be dropped when promoting this API to v1. + // --- + // durationInDays specifies how many days Prometheus will retain metrics data. + // Prometheus automatically deletes data older than this duration. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 15. + // Minimum value is 1 day. + // Maximum value is 365 days (1 year). + // Former marker: kubebuilder:validation:Minimum=1 + // Former marker: kubebuilder:validation:Maximum=365 + // Former marker: optional + // DurationInDays int32 `json:"durationInDays,omitempty"` + + // TOMBSTONE: This field has been tombstoned in favor of the `size` field. This tombstone will be dropped when promoting this API to v1. + // --- + // sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + // can use for data blocks and the write-ahead log (WAL). + // When the limit is reached, Prometheus will delete oldest data first. + // When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + // Minimum value is 1 GiB. + // Maximum value is 16384 GiB (16 TiB). + // Former marker: kubebuilder:validation:Minimum=1 + // Former marker: kubebuilder:validation:Maximum=16384 + // Former marker: optional + // SizeInGiB int32 `json:"sizeInGiB,omitempty"` + + // duration is an optional field that specifies how long Prometheus retains metrics data. + // Valid values are Prometheus-style duration strings with unit suffixes y, w, d, h, m, s, or ms + // (for example, "15d", "24h", or "5d1h30m"). Each unit value must be a positive integer. + // Composite durations must follow the fixed unit order y, w, d, h, m, s, ms. + // Must be at least 1 character and at most 64 characters. + // When set to "0", time-based retention is disabled. This is the only supported form for disabling + // time-based retention; other zero-duration representations such as "0d", "0h", or "0y" are rejected. + // Prometheus automatically deletes data older than this duration. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `15d`. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:XValidation:rule=`self == "0" || self.matches('^([1-9][0-9]*y)?([1-9][0-9]*w)?([1-9][0-9]*d)?([1-9][0-9]*h)?([1-9][0-9]*m)?([1-9][0-9]*s)?([1-9][0-9]*ms)?$')`,message=`must be "0" to disable time-based retention, or a duration string with only positive unit values` + // +optional + Duration string `json:"duration,omitempty"` + + // size is an optional field that specifies the maximum storage size that Prometheus + // can use for data blocks and the write-ahead log (WAL). + // Valid values are byte-size strings with an optional decimal prefix and a unit suffix B, KB, MB, GB, + // TB, EB, PB, or their binary equivalents KiB, MiB, GiB, TiB, EiB, PiB (for example, "500MiB", "10GiB"). + // The numeric value must be greater than zero. + // Must be at least 1 character and at most 32 characters. + // When set to "0", no size limit is enforced. This is the only supported form for disabling size-based + // retention; other zero-size representations such as "0B" or "0MiB" are rejected. + // When the limit is reached, Prometheus deletes oldest data first. + // When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=32 + // +kubebuilder:validation:XValidation:rule=`self == "0" || self.matches('^([1-9][0-9]*([.][0-9]+)?|[0-9]*[.][1-9][0-9]*)((K|M|G|T|E|P)i?)?B$')`,message=`must be "0" to disable size-based retention, or a positive byte-size string` + // +optional + Size string `json:"size,omitempty"` +} + +// RelabelAction defines the action to perform in a relabeling rule. +// +kubebuilder:validation:Enum=Replace;Keep;Drop;HashMod;LabelMap;LabelDrop;LabelKeep;Lowercase;Uppercase;KeepEqual;DropEqual +type RelabelAction string + +const ( + // RelabelActionReplace: match regex against concatenated source_labels; set target_label to replacement with ${1}, ${2}, ... substituted. No replacement if regex does not match. + RelabelActionReplace RelabelAction = "Replace" + // RelabelActionLowercase: map the concatenated source_labels to their lower case. + RelabelActionLowercase RelabelAction = "Lowercase" + // RelabelActionUppercase: map the concatenated source_labels to their upper case. + RelabelActionUppercase RelabelAction = "Uppercase" + // RelabelActionKeep: drop targets for which regex does not match the concatenated source_labels. + RelabelActionKeep RelabelAction = "Keep" + // RelabelActionDrop: drop targets for which regex matches the concatenated source_labels. + RelabelActionDrop RelabelAction = "Drop" + // RelabelActionKeepEqual: drop targets for which the concatenated source_labels do not match target_label. + RelabelActionKeepEqual RelabelAction = "KeepEqual" + // RelabelActionDropEqual: drop targets for which the concatenated source_labels do match target_label. + RelabelActionDropEqual RelabelAction = "DropEqual" + // RelabelActionHashMod: set target_label to the modulus of a hash of the concatenated source_labels. + RelabelActionHashMod RelabelAction = "HashMod" + // RelabelActionLabelMap: match regex against all source label names; copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + RelabelActionLabelMap RelabelAction = "LabelMap" + // RelabelActionLabelDrop: match regex against all label names; any label that matches is removed. + RelabelActionLabelDrop RelabelAction = "LabelDrop" + // RelabelActionLabelKeep: match regex against all label names; any label that does not match is removed. + RelabelActionLabelKeep RelabelAction = "LabelKeep" +) + +// CollectionProfile defines the metrics collection profile for Prometheus. +// +kubebuilder:validation:Enum=Full;Minimal +type CollectionProfile string + +const ( + // CollectionProfileFull means Prometheus collects all metrics that are exposed by the platform components. + CollectionProfileFull CollectionProfile = "Full" + // CollectionProfileMinimal means Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + CollectionProfileMinimal CollectionProfile = "Minimal" +) + +// TelemeterClientConfig provides configuration options for the Telemeter Client component +// that runs in the `openshift-monitoring` namespace. The Telemeter Client collects selected +// monitoring metrics and forwards them to Red Hat for telemetry purposes. +// At least one field must be specified. +// +kubebuilder:validation:MinProperties=1 +type TelemeterClientConfig struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the Telemeter Client container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 1m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 5. // Minimum length for this list is 1. - // Entries in this list must be unique. + // Each resource name must be unique within this list. // +optional - // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 // +kubebuilder:validation:MinItems=1 - // +listType=set - Secrets []SecretName `json:"secrets,omitempty"` + Resources []ContainerResource `json:"resources,omitempty"` // tolerations defines tolerations for the pods. // tolerations is optional. // // When omitted, this means the user has no opinion and the platform is left // to choose reasonable defaults. These defaults are subject to change over time. // Defaults are empty/unset. - // Maximum length for this list is 10 - // Minimum length for this list is 1 + // Maximum length for this list is 10. + // Minimum length for this list is 1. // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:MinItems=1 // +listType=atomic // +optional Tolerations []v1.Toleration `json:"tolerations,omitempty"` - // topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed + // topologySpreadConstraints defines rules for how Telemeter Client Pods should be distributed // across topology domains such as zones, nodes, or other user-defined labels. // topologySpreadConstraints is optional. // This helps improve high availability and resource efficiency by avoiding placing @@ -235,7 +2435,7 @@ type AlertmanagerCustomConfig struct { // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. // Default is empty list. // Maximum length for this list is 10. - // Minimum length for this list is 1 + // Minimum length for this list is 1. // Entries must have unique topologyKey and whenUnsatisfiable pairs. // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:MinItems=1 @@ -244,158 +2444,89 @@ type AlertmanagerCustomConfig struct { // +listMapKey=whenUnsatisfiable // +optional TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` - // volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - // configure the persistent volume claim, including storage class, volume - // size, and name. - // If omitted, the Pod uses ephemeral storage and alert data will not persist - // across restarts. - // This field is optional. - // +optional - VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` } -// AlertManagerDeployMode defines the deployment state of the platform Alertmanager instance. -// -// Possible values: -// - "Disabled": The Alertmanager instance will not be deployed. -// - "DefaultConfig": The Alertmanager instance will be deployed with default settings. -// - "CustomConfig": The Alertmanager instance will be deployed with custom configuration. -// +kubebuilder:validation:Enum=Disabled;DefaultConfig;CustomConfig -type AlertManagerDeployMode string - -const ( - // AlertManagerModeDisabled means the Alertmanager instance will not be deployed. - AlertManagerDeployModeDisabled AlertManagerDeployMode = "Disabled" - // AlertManagerModeDefaultConfig means the Alertmanager instance will be deployed with default settings. - AlertManagerDeployModeDefaultConfig AlertManagerDeployMode = "DefaultConfig" - // AlertManagerModeCustomConfig means the Alertmanager instance will be deployed with custom configuration. - AlertManagerDeployModeCustomConfig AlertManagerDeployMode = "CustomConfig" -) - -// logLevel defines the verbosity of logs emitted by Alertmanager. -// Valid values are Error, Warn, Info and Debug. -// +kubebuilder:validation:Enum=Error;Warn;Info;Debug -type LogLevel string - -const ( - // Error only errors will be logged. - LogLevelError LogLevel = "Error" - // Warn, both warnings and errors will be logged. - LogLevelWarn LogLevel = "Warn" - // Info, general information, warnings, and errors will all be logged. - LogLevelInfo LogLevel = "Info" - // Debug, detailed debugging information will be logged. - LogLevelDebug LogLevel = "Debug" -) - -// ContainerResource defines a single resource requirement for a container. -// +kubebuilder:validation:XValidation:rule="has(self.request) || has(self.limit)",message="at least one of request or limit must be set" -// +kubebuilder:validation:XValidation:rule="!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) >= 0",message="limit must be greater than or equal to request" -type ContainerResource struct { - // name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). - // This field is required. - // name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. - // +required - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:MaxLength=253 - // +kubebuilder:validation:XValidation:rule="!format.qualifiedName().validate(self).hasValue()",message="name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character" - Name string `json:"name,omitempty"` - - // request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). - // This field is optional. - // When limit is specified, request cannot be greater than limit. +// ThanosQuerierConfig provides configuration options for the Thanos Querier component +// that runs in the `openshift-monitoring` namespace. +// At least one field must be specified; an empty thanosQuerierConfig object is not allowed. +// +kubebuilder:validation:MinProperties=1 +type ThanosQuerierConfig struct { + // logLevel defines the verbosity of logs emitted by Thanos Querier. + // logLevel is optional. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. // +optional - // +kubebuilder:validation:XIntOrString - // +kubebuilder:validation:MaxLength=20 - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="request must be a positive, non-zero quantity" - Request resource.Quantity `json:"request,omitempty"` - - // limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). - // This field is optional. - // When request is specified, limit cannot be less than request. - // The value must be greater than 0 when specified. + LogLevel LogLevel `json:"logLevel,omitempty"` + // requestLogging configures request logging for Thanos Querier. + // requestLogging is optional. + // When provided, the policy field within is required. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default behavior is to not log any requests. // +optional - // +kubebuilder:validation:XIntOrString - // +kubebuilder:validation:MaxLength=20 - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="limit must be a positive, non-zero quantity" - Limit resource.Quantity `json:"limit,omitempty"` -} - -// SecretName is a type that represents the name of a Secret in the same namespace. -// It must be at most 253 characters in length. -// +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." -// +kubebuilder:validation:MaxLength=63 -type SecretName string - -// MetricsServerConfig provides configuration options for the Metrics Server instance -// that runs in the `openshift-monitoring` namespace. Use this configuration to control -// how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled. -// +kubebuilder:validation:MinProperties=1 -type MetricsServerConfig struct { - // audit defines the audit configuration used by the Metrics Server instance. - // audit is optional. + RequestLogging ThanosQuerierRequestLoggingConfig `json:"requestLogging,omitempty,omitzero"` + // crossOriginRequestPolicy configures the CORS (Cross-Origin Resource Sharing) policy + // for Thanos Querier's HTTP endpoints. + // crossOriginRequestPolicy is optional. + // Valid values are "AllowAll" and "DenyAll". + // When set to "AllowAll", CORS headers are added to responses, allowing cross-origin requests from any domain. + // When set to "DenyAll", no CORS headers are added and cross-origin requests are rejected by the browser. // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. - //The current default sets audit.profile to Metadata + // The current default value is "DenyAll". // +optional - Audit Audit `json:"audit,omitempty,omitzero"` - // nodeSelector defines the nodes on which the Pods are scheduled + CrossOriginRequestPolicy CrossOriginRequestPolicy `json:"crossOriginRequestPolicy,omitempty"` + // nodeSelector defines the nodes on which the Pods are scheduled. // nodeSelector is optional. // // When omitted, this means the user has no opinion and the platform is left // to choose reasonable defaults. These defaults are subject to change over time. // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. // +optional // +kubebuilder:validation:MinProperties=1 // +kubebuilder:validation:MaxProperties=10 NodeSelector map[string]string `json:"nodeSelector,omitempty"` - // tolerations defines tolerations for the pods. - // tolerations is optional. + // resources defines the compute resource requests and limits for the Thanos Querier container. + // resources is optional. // // When omitted, this means the user has no opinion and the platform is left // to choose reasonable defaults. These defaults are subject to change over time. - // Defaults are empty/unset. - // Maximum length for this list is 10 - // Minimum length for this list is 1 - // +kubebuilder:validation:MaxItems=10 - // +kubebuilder:validation:MinItems=1 - // +listType=atomic - // +optional - Tolerations []v1.Toleration `json:"tolerations,omitempty"` - // verbosity defines the verbosity of log messages for Metrics Server. - // Valid values are Errors, Info, Trace, TraceAll and omitted. - // When set to Errors, only critical messages and errors are logged. - // When set to Info, only basic information messages are logged. - // When set to Trace, information useful for general debugging is logged. - // When set to TraceAll, detailed information about metric scraping is logged. - // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. - // The current default value is `Errors` - // +optional - Verbosity VerbosityLevel `json:"verbosity,omitempty,omitzero"` - // resources defines the compute resource requests and limits for the Metrics Server container. - // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. - // When not specified, defaults are used by the platform. Requests cannot exceed limits. - // This field is optional. + // Requests cannot exceed limits. // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ // This is a simplified API that maps to Kubernetes ResourceRequirements. // The current default values are: // resources: // - name: cpu - // request: 4m - // limit: null + // request: 5m // - name: memory - // request: 40Mi - // limit: null - // Maximum length for this list is 10. + // request: 12Mi + // Maximum length for this list is 5. // Minimum length for this list is 1. + // Each resource name must be unique within this list. // +optional // +listType=map // +listMapKey=name - // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MaxItems=5 // +kubebuilder:validation:MinItems=1 Resources []ContainerResource `json:"resources,omitempty"` - // topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Thanos Querier Pods should be distributed // across topology domains such as zones, nodes, or other user-defined labels. // topologySpreadConstraints is optional. // This helps improve high availability and resource efficiency by avoiding placing @@ -403,9 +2534,9 @@ type MetricsServerConfig struct { // // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. - // Default is empty list. + // Defaults are empty/unset. // Maximum length for this list is 10. - // Minimum length for this list is 1 + // Minimum length for this list is 1. // Entries must have unique topologyKey and whenUnsatisfiable pairs. // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:MinItems=1 @@ -416,6 +2547,42 @@ type MetricsServerConfig struct { TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` } +// ThanosQuerierRequestLoggingConfig configures request logging for Thanos Querier. +type ThanosQuerierRequestLoggingConfig struct { + // policy determines which HTTP and gRPC requests are logged by Thanos Querier. + // Valid values are "AllRequests" and "NoRequests". + // When set to "AllRequests", every request received by Thanos Querier is logged with method, path, and response status. + // The log level for request logs is derived from the logLevel field. + // When set to "NoRequests", request logging is turned off. + // +required + Policy RequestLoggingPolicy `json:"policy,omitempty"` +} + +// RequestLoggingPolicy controls which HTTP and gRPC requests are logged. +// Valid values are "AllRequests" and "NoRequests". +// +kubebuilder:validation:Enum=AllRequests;NoRequests +type RequestLoggingPolicy string + +const ( + // RequestLoggingPolicyAllRequests enables logging of all incoming requests. + RequestLoggingPolicyAllRequests RequestLoggingPolicy = "AllRequests" + // RequestLoggingPolicyNoRequests disables request logging. + RequestLoggingPolicyNoRequests RequestLoggingPolicy = "NoRequests" +) + +// CrossOriginRequestPolicy controls the CORS (Cross-Origin Resource Sharing) policy +// for Thanos Querier's HTTP endpoints. +// Valid values are "AllowAll" and "DenyAll". +// +kubebuilder:validation:Enum=AllowAll;DenyAll +type CrossOriginRequestPolicy string + +const ( + // CrossOriginRequestPolicyAllowAll sets CORS headers allowing requests from any origin. + CrossOriginRequestPolicyAllowAll CrossOriginRequestPolicy = "AllowAll" + // CrossOriginRequestPolicyDenyAll does not set CORS headers, rejecting cross-origin requests. + CrossOriginRequestPolicyDenyAll CrossOriginRequestPolicy = "DenyAll" +) + // AuditProfile defines the audit log level for the Metrics Server. // +kubebuilder:validation:Enum=None;Metadata;Request;RequestResponse type AuditProfile string @@ -446,6 +2613,27 @@ const ( VerbosityLevelTraceAll VerbosityLevel = "TraceAll" ) +// ExemplarsMode defines whether exemplars are sent via remote write. +// +kubebuilder:validation:Enum=Send;DoNotSend +type ExemplarsMode string + +const ( + // ExemplarsModeSend means exemplars are sent via remote write. + ExemplarsModeSend ExemplarsMode = "Send" + // ExemplarsModeDoNotSend means exemplars are not sent via remote write. + ExemplarsModeDoNotSend ExemplarsMode = "DoNotSend" +) + +// RateLimitedAction defines what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). +// Omission of this field means do not retry. When set, the only valid value is Retry. +// +kubebuilder:validation:Enum=Retry +type RateLimitedAction string + +const ( + // RateLimitedActionRetry means requests will be retried on HTTP 429 responses. + RateLimitedActionRetry RateLimitedAction = "Retry" +) + // Audit profile configurations type Audit struct { // profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. @@ -460,3 +2648,154 @@ type Audit struct { // +required Profile AuditProfile `json:"profile,omitempty"` } + +// KubeStateMetricsConfig provides configuration options for the kube-state-metrics agent +// that runs in the `openshift-monitoring` namespace. kube-state-metrics generates metrics +// about the state of Kubernetes objects such as Deployments, Nodes, and Pods. +// +kubebuilder:validation:MinProperties=1 +type KubeStateMetricsConfig struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the kube-state-metrics container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, no tolerations are applied. This default is subject to change over time. + // When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries. + // Each toleration's operator, when specified, must be either "Exists" or "Equal". + // Each toleration's effect, when specified, must be one of "NoSchedule", "PreferNoSchedule", or "NoExecute". + // An empty or unset effect means match all effects. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +kubebuilder:validation:XValidation:rule="self.all(t, !has(t.operator) || t.operator == 'Exists' || t.operator == 'Equal')",message="operator must be either Exists or Equal" + // +kubebuilder:validation:XValidation:rule="self.all(t, !has(t.effect) || t.effect == 'NoSchedule' || t.effect == 'PreferNoSchedule' || t.effect == 'NoExecute' || t.effect == '')",message="effect must be NoSchedule, PreferNoSchedule, NoExecute, or empty" + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // When omitted, no topology spread constraints are applied. This default is subject to change over time. + // When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // Each entry's whenUnsatisfiable must be either "DoNotSchedule" or "ScheduleAnyway". + // Each entry's maxSkew must be at least 1. + // When minDomains is specified, it must be at least 1 and whenUnsatisfiable must be "DoNotSchedule". + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +kubebuilder:validation:XValidation:rule="self.all(c, c.whenUnsatisfiable == 'DoNotSchedule' || c.whenUnsatisfiable == 'ScheduleAnyway')",message="whenUnsatisfiable must be either DoNotSchedule or ScheduleAnyway" + // +kubebuilder:validation:XValidation:rule="self.all(c, c.maxSkew >= 1)",message="maxSkew must be at least 1" + // +kubebuilder:validation:XValidation:rule="self.all(c, !has(c.minDomains) || c.minDomains >= 1)",message="minDomains must be at least 1" + // +kubebuilder:validation:XValidation:rule="self.all(c, !has(c.minDomains) || c.whenUnsatisfiable == 'DoNotSchedule')",message="minDomains can only be used when whenUnsatisfiable is DoNotSchedule" + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics + // in kube-state-metrics. + // Currently, only "Job" and "CronJob" resources are supported due to cardinality concerns. + // Each entry specifies a resource name and a list of Kubernetes label names to expose. + // Use "*" in the labels list to expose all labels for a given resource. + // additionalResourceLabels is optional. + // When omitted, no additional Kubernetes object labels are exposed as metrics + // by kube-state-metrics beyond its built-in metric labels (e.g. namespace, job_name). + // Use this field to opt in to exposing specific Kubernetes labels as metric labels + // for the supported resource types. + // Minimum length for this list is 1. + // Maximum length for this list is 2. + // Each resource name must be unique within this list. + // +optional + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=resource + AdditionalResourceLabels []KubeStateMetricsResourceLabels `json:"additionalResourceLabels,omitempty"` +} + +// KubeStateMetricsResourceName is the name of a Kubernetes resource whose labels can be exposed +// as metrics by kube-state-metrics. Currently, only "Job" and "CronJob" are supported +// due to cardinality concerns. +// Valid values are "Job" and "CronJob". +// +kubebuilder:validation:Enum=Job;CronJob +type KubeStateMetricsResourceName string + +const ( + // KubeStateMetricsResourceJob indicates the Kubernetes Job resource. + KubeStateMetricsResourceJob KubeStateMetricsResourceName = "Job" + // KubeStateMetricsResourceCronJob indicates the Kubernetes CronJob resource. + KubeStateMetricsResourceCronJob KubeStateMetricsResourceName = "CronJob" +) + +// KubeStateMetricsLabelName is the name of a Kubernetes label to expose as a metric +// via kube-state-metrics. Use "*" to expose all labels for a resource. +// Must be either the wildcard "*" or a valid Kubernetes label key. +// A valid label key has an optional DNS subdomain prefix followed by a "/" and a name segment, +// or just a name segment without a prefix. The name segment must be 63 characters or fewer, +// beginning and ending with an alphanumeric character, with dashes, underscores, dots, and +// alphanumerics in between. +// Must be at least 1 character and at most 253 characters in length. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:XValidation:rule="self == '*' || !format.qualifiedName().validate(self).hasValue()",message="must be a valid Kubernetes label key or the wildcard '*'" +type KubeStateMetricsLabelName string + +// KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics +// for a given resource type in kube-state-metrics. +type KubeStateMetricsResourceLabels struct { + // resource is the Kubernetes resource name whose labels should be exposed as metrics. + // Currently, only "Job" and "CronJob" are supported due to cardinality concerns. + // Valid values are "Job" and "CronJob". + // This field is required. + // +required + Resource KubeStateMetricsResourceName `json:"resource,omitempty"` + // labels is the list of Kubernetes label names to expose as metrics for this resource. + // Use "*" to expose all labels for the specified resource. + // When "*" is specified, it must be the only entry in the list; mixing "*" with + // specific label names is not allowed. + // This field is required. + // Each label name must be unique within this list. + // Minimum length for this list is 1. + // Maximum length for this list is 50. + // +required + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=50 + // +listType=set + // +kubebuilder:validation:XValidation:rule="!self.exists(l, l == '*') || self.size() == 1",message="when '*' is specified, no other labels may be listed" + Labels []KubeStateMetricsLabelName `json:"labels,omitempty"` +} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go b/vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go new file mode 100644 index 000000000..9e2e0d39d --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go @@ -0,0 +1,186 @@ +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is "cluster". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. +// For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. +// CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. +// Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout. +// +// The resource is a singleton named "cluster". +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=criocredentialproviderconfigs,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2557 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=CRIOCredentialProviderConfig +// +openshift:compatibility-gen:level=4 +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="criocredentialproviderconfig is a singleton, .metadata.name must be 'cluster'" +type CRIOCredentialProviderConfig struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitzero"` + + // spec defines the desired configuration of the CRI-O Credential Provider. + // This field is required and must be provided when creating the resource. + // +required + Spec *CRIOCredentialProviderConfigSpec `json:"spec,omitempty,omitzero"` + + // status represents the current state of the CRIOCredentialProviderConfig. + // When omitted or nil, it indicates that the status has not yet been set by the controller. + // The controller will populate this field with validation conditions and operational state. + // +optional + Status CRIOCredentialProviderConfigStatus `json:"status,omitzero,omitempty"` +} + +// CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider. +// +kubebuilder:validation:MinProperties=0 +type CRIOCredentialProviderConfigSpec struct { + // matchImages is a list of string patterns used to determine whether + // the CRI-O credential provider should be invoked for a given image. This list is + // passed to the kubelet CredentialProviderConfig, and if any pattern matches + // the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling + // that image or its mirrors. + // Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. + // Conflicts between the existing platform specific provider image match configuration and this list will be handled by + // the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those + // from the CRIOCredentialProviderConfig when both match the same image. + // To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with + // existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). + // You can check the resource's Status conditions + // to see if any entries were ignored due to exact matches with known built-in provider patterns. + // + // This field is optional, the items of the list must contain between 1 and 50 entries. + // The list is treated as a set, so duplicate entries are not allowed. + // + // For more details, see: + // https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ + // https://github.com/cri-o/crio-credential-provider#architecture + // + // Each entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. + // Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', + // and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). + // A global wildcard '*' (matching any domain) is not allowed. + // Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. + // For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. + // Each wildcard matches only a single domain label, + // so '*.io' does **not** match '*.k8s.io'. + // + // A match exists between an image and a matchImage when all of the below are true: + // Both contain the same number of domain parts and each part matches. + // The URL path of an matchImages must be a prefix of the target image URL path. + // If the matchImages contains a port, then the port must match in the image as well. + // + // Example values of matchImages: + // - 123456789.dkr.ecr.us-east-1.amazonaws.com + // - *.azurecr.io + // - gcr.io + // - *.*.registry.io + // - registry.io:8080/path + // + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:MinItems=1 + // +listType=set + // +optional + MatchImages []MatchImage `json:"matchImages,omitempty"` +} + +// MatchImage is a string pattern used to match container image registry addresses. +// It must be a valid fully qualified domain name with optional wildcard, port, and path. +// The maximum length is 512 characters. +// +// Wildcards ('*') are supported for full subdomain labels and top-level domains. +// Each entry can optionally contain a port (e.g., :8080) and a path (e.g., /path). +// Wildcards are not allowed in the port or path portions. +// +// Examples: +// - "registry.io" - matches exactly registry.io +// - "*.azurecr.io" - matches any single subdomain of azurecr.io +// - "registry.io:8080/path" - matches with specific port and path prefix +// +// +kubebuilder:validation:MaxLength=512 +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:XValidation:rule="self != '*'",message="global wildcard '*' is not allowed" +// +kubebuilder:validation:XValidation:rule=`self.matches('^((\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?)(\\.(\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?))*)(:[0-9]+)?(/[-a-z0-9._/]*)?$')`,message="invalid matchImages value, must be a valid fully qualified domain name in lowercase with optional wildcard, port, and path" +type MatchImage string + +// +k8s:deepcopy-gen=true +// CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig +// +kubebuilder:validation:MinProperties=1 +type CRIOCredentialProviderConfigStatus struct { + // conditions represent the latest available observations of the configuration state. + // When omitted, it indicates that no conditions have been reported yet. + // The maximum number of conditions is 16. + // Conditions are stored as a map keyed by condition type, ensuring uniqueness. + // + // Expected condition types include: + // "Validated": indicates whether the matchImages configuration is valid + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type CRIOCredentialProviderConfigList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []CRIOCredentialProviderConfig `json:"items"` +} + +const ( + // ConditionTypeValidated is a condition type that indicates whether the CRIOCredentialProviderConfig + // matchImages configuration has been validated successfully. + // When True, all matchImage patterns are valid and have been applied. + // When False, the configuration contains errors (see Reason for details). + // Possible reasons for False status: + // - ValidationFailed: matchImages contains invalid patterns + // - ConfigurationPartiallyApplied: some matchImage entries were ignored due to conflicts + ConditionTypeValidated = "Validated" + + // ReasonValidationFailed is a condition reason used with ConditionTypeValidated=False + // to indicate that the matchImages configuration contains one or more invalid registry patterns + // that do not conform to the required format (valid FQDN with optional wildcard, port, and path). + ReasonValidationFailed = "ValidationFailed" + + // ReasonConfigurationPartiallyApplied is a condition reason used with ConditionTypeValidated=False + // to indicate that some matchImage entries were ignored due to conflicts or overlapping patterns. + // The condition message will contain details about which entries were ignored and why. + ReasonConfigurationPartiallyApplied = "ConfigurationPartiallyApplied" + + // ConditionTypeMachineConfigRendered is a condition type that indicates whether + // the CRIOCredentialProviderConfig has been successfully rendered into a + // MachineConfig object. + // When True, the corresponding MachineConfig is present in the cluster. + // When False, rendering failed. + ConditionTypeMachineConfigRendered = "MachineConfigRendered" + + // ReasonMachineConfigRenderingSucceeded is a condition reason used with ConditionTypeMachineConfigRendered=True + // to indicate that the MachineConfig was successfully created/updated in the API server. + ReasonMachineConfigRenderingSucceeded = "MachineConfigRenderingSucceeded" + + // ReasonMachineConfigRenderingFailed is a condition reason used with ConditionTypeMachineConfigRendered=False + // to indicate that the MachineConfig creation/update failed. + // The condition message will contain details about the failure. + ReasonMachineConfigRenderingFailed = "MachineConfigRenderingFailed" +) diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go deleted file mode 100644 index 64a89e4a6..000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go +++ /dev/null @@ -1,289 +0,0 @@ -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ImagePolicy holds namespace-wide configuration for image signature verification -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +kubebuilder:object:root=true -// +kubebuilder:resource:path=imagepolicies,scope=Namespaced -// +kubebuilder:subresource:status -// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 -// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 -// +openshift:enable:FeatureGate=SigstoreImageVerification -// +openshift:compatibility-gen:level=4 -type ImagePolicy struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +required - Spec ImagePolicySpec `json:"spec"` - // status contains the observed state of the resource. - // +optional - Status ImagePolicyStatus `json:"status,omitempty"` -} - -// ImagePolicySpec is the specification of the ImagePolicy CRD. -type ImagePolicySpec struct { - // scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". - // Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). - // More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository - // namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). - // Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. - // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. - // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories - // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. - // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. - // For additional details about the format, please refer to the document explaining the docker transport field, - // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker - // +required - // +kubebuilder:validation:MaxItems=256 - // +listType=set - Scopes []ImageScope `json:"scopes"` - // policy contains configuration to allow scopes to be verified, and defines how - // images not matching the verification policy will be treated. - // +required - Policy Policy `json:"policy"` -} - -// +kubebuilder:validation:XValidation:rule="size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true",message="invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" -// +kubebuilder:validation:XValidation:rule=`self.contains('*') ? self.matches('^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$') : true`,message="invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" -// +kubebuilder:validation:XValidation:rule=`!self.contains('*') ? self.matches('^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$') : true`,message="invalid repository namespace or image specification in the image scope" -// +kubebuilder:validation:MaxLength=512 -type ImageScope string - -// Policy defines the verification policy for the items in the scopes list. -type Policy struct { - // rootOfTrust specifies the root of trust for the policy. - // +required - RootOfTrust PolicyRootOfTrust `json:"rootOfTrust"` - // signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is "MatchRepoDigestOrExact". - // +optional - SignedIdentity PolicyIdentity `json:"signedIdentity,omitempty"` -} - -// PolicyRootOfTrust defines the root of trust based on the selected policyType. -// +union -// +kubebuilder:validation:XValidation:rule="has(self.policyType) && self.policyType == 'PublicKey' ? has(self.publicKey) : !has(self.publicKey)",message="publicKey is required when policyType is PublicKey, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.policyType) && self.policyType == 'FulcioCAWithRekor' ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)",message="fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=SigstoreImageVerificationPKI,rule="has(self.policyType) && self.policyType == 'PKI' ? has(self.pki) : !has(self.pki)",message="pki is required when policyType is PKI, and forbidden otherwise" -type PolicyRootOfTrust struct { - // policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. - // "PublicKey" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. - // "FulcioCAWithRekor" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. - // "PKI" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate. - // +unionDiscriminator - // +required - PolicyType PolicyType `json:"policyType"` - // publicKey defines the root of trust based on a sigstore public key. - // +optional - PublicKey *PublicKey `json:"publicKey,omitempty"` - // fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. - // For more information about Fulcio and Rekor, please refer to the document at: - // https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor - // +optional - FulcioCAWithRekor *FulcioCAWithRekor `json:"fulcioCAWithRekor,omitempty"` - // pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. - // +optional - // +openshift:enable:FeatureGate=SigstoreImageVerificationPKI - PKI *PKI `json:"pki,omitempty"` -} - -// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=PublicKey;FulcioCAWithRekor -// +openshift:validation:FeatureGateAwareEnum:featureGate=SigstoreImageVerificationPKI,enum=PublicKey;FulcioCAWithRekor;PKI -type PolicyType string - -const ( - PublicKeyRootOfTrust PolicyType = "PublicKey" - FulcioCAWithRekorRootOfTrust PolicyType = "FulcioCAWithRekor" - PKIRootOfTrust PolicyType = "PKI" -) - -// PublicKey defines the root of trust based on a sigstore public key. -type PublicKey struct { - // keyData contains inline base64-encoded data for the PEM format public key. - // KeyData must be at most 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - KeyData []byte `json:"keyData"` - // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. - // rekorKeyData must be at most 8192 characters. - // +optional - // +kubebuilder:validation:MaxLength=8192 - RekorKeyData []byte `json:"rekorKeyData,omitempty"` -} - -// FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. -type FulcioCAWithRekor struct { - // fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. - // fulcioCAData must be at most 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - FulcioCAData []byte `json:"fulcioCAData"` - // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. - // rekorKeyData must be at most 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - RekorKeyData []byte `json:"rekorKeyData"` - // fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration. - // +required - FulcioSubject PolicyFulcioSubject `json:"fulcioSubject"` -} - -// PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration. -type PolicyFulcioSubject struct { - // oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. - // Example: "https://expected.OIDC.issuer/" - // +required - // +kubebuilder:validation:XValidation:rule="isURL(self)",message="oidcIssuer must be a valid URL" - OIDCIssuer string `json:"oidcIssuer"` - // signedEmail holds the email address the the Fulcio certificate is issued for. - // Example: "expected-signing-user@example.com" - // +required - // +kubebuilder:validation:XValidation:rule=`self.matches('^\\S+@\\S+$')`,message="invalid email address" - SignedEmail string `json:"signedEmail"` -} - -// PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates. -type PKI struct { - // caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - // +kubebuilder:validation:XValidation:rule="string(self).startsWith('-----BEGIN CERTIFICATE-----')",message="the caRootsData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')",message="the caRootsData must end with base64 encoding of '-----END CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).findAll('-----BEGIN CERTIFICATE-----').size() == string(self).findAll('-----END CERTIFICATE-----').size()",message="caRootsData must be base64 encoding of valid PEM format data contain the same number of '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' markers." - CertificateAuthorityRootsData []byte `json:"caRootsData"` - // caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. - // caIntermediatesData requires caRootsData to be set. - // +optional - // +kubebuilder:validation:XValidation:rule="string(self).startsWith('-----BEGIN CERTIFICATE-----')",message="the caIntermediatesData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')",message="the caIntermediatesData must end with base64 encoding of '-----END CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).findAll('-----BEGIN CERTIFICATE-----').size() == string(self).findAll('-----END CERTIFICATE-----').size()",message="caIntermediatesData must be base64 encoding of valid PEM format data contain the same number of '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' markers." - // +kubebuilder:validation:MaxLength=8192 - CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"` - - // pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued. - // +required - PKICertificateSubject PKICertificateSubject `json:"pkiCertificateSubject"` -} - -// PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued. -// +kubebuilder:validation:XValidation:rule="has(self.email) || has(self.hostname)", message="at least one of email or hostname must be set in pkiCertificateSubject" -// +openshift:enable:FeatureGate=SigstoreImageVerificationPKI -type PKICertificateSubject struct { - // email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. - // The email should be a valid email address and at most 320 characters in length. - // +optional - // +kubebuilder:validation:MaxLength:=320 - // +kubebuilder:validation:XValidation:rule=`self.matches('^\\S+@\\S+$')`,message="invalid email address in pkiCertificateSubject" - Email string `json:"email,omitempty"` - // hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. - // The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. - // It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk. - // +optional - // +kubebuilder:validation:MaxLength:=253 - // +kubebuilder:validation:XValidation:rule="self.startsWith('*.') ? !format.dns1123Subdomain().validate(self.replace('*.', '', 1)).hasValue() : !format.dns1123Subdomain().validate(self).hasValue()",message="hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.'. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk." - Hostname string `json:"hostname,omitempty"` -} - -// PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is "MatchRepoDigestOrExact". -// +kubebuilder:validation:XValidation:rule="(has(self.matchPolicy) && self.matchPolicy == 'ExactRepository') ? has(self.exactRepository) : !has(self.exactRepository)",message="exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="(has(self.matchPolicy) && self.matchPolicy == 'RemapIdentity') ? has(self.remapIdentity) : !has(self.remapIdentity)",message="remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" -// +union -type PolicyIdentity struct { - // matchPolicy sets the type of matching to be used. - // Valid values are "MatchRepoDigestOrExact", "MatchRepository", "ExactRepository", "RemapIdentity". When omitted, the default value is "MatchRepoDigestOrExact". - // If set matchPolicy to ExactRepository, then the exactRepository must be specified. - // If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. - // "MatchRepoDigestOrExact" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. - // "MatchRepository" means that the identity in the signature must be in the same repository as the image identity. - // "ExactRepository" means that the identity in the signature must be in the same repository as a specific identity specified by "repository". - // "RemapIdentity" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the "prefix" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix. - // +unionDiscriminator - // +required - MatchPolicy IdentityMatchPolicy `json:"matchPolicy"` - // exactRepository is required if matchPolicy is set to "ExactRepository". - // +optional - PolicyMatchExactRepository *PolicyMatchExactRepository `json:"exactRepository,omitempty"` - // remapIdentity is required if matchPolicy is set to "RemapIdentity". - // +optional - PolicyMatchRemapIdentity *PolicyMatchRemapIdentity `json:"remapIdentity,omitempty"` -} - -// +kubebuilder:validation:MaxLength=512 -// +kubebuilder:validation:XValidation:rule=`self.matches('.*:([\\w][\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true`,message="invalid repository or prefix in the signedIdentity, should not include the tag or digest" -// +kubebuilder:validation:XValidation:rule=`self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')`,message="invalid repository or prefix in the signedIdentity" -type IdentityRepositoryPrefix string - -type PolicyMatchExactRepository struct { - // repository is the reference of the image identity to be matched. - // The value should be a repository name (by omitting the tag or digest) in a registry implementing the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - // +required - Repository IdentityRepositoryPrefix `json:"repository"` -} - -type PolicyMatchRemapIdentity struct { - // prefix is the prefix of the image identity to be matched. - // If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). - // This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. - // The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, - // or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. - // For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. - // +required - Prefix IdentityRepositoryPrefix `json:"prefix"` - // signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as "prefix". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, - // or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. - // For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. - // +required - SignedPrefix IdentityRepositoryPrefix `json:"signedPrefix"` -} - -// IdentityMatchPolicy defines the type of matching for "matchPolicy". -// +kubebuilder:validation:Enum=MatchRepoDigestOrExact;MatchRepository;ExactRepository;RemapIdentity -type IdentityMatchPolicy string - -const ( - IdentityMatchPolicyMatchRepoDigestOrExact IdentityMatchPolicy = "MatchRepoDigestOrExact" - IdentityMatchPolicyMatchRepository IdentityMatchPolicy = "MatchRepository" - IdentityMatchPolicyExactRepository IdentityMatchPolicy = "ExactRepository" - IdentityMatchPolicyRemapIdentity IdentityMatchPolicy = "RemapIdentity" -) - -// +k8s:deepcopy-gen=true -type ImagePolicyStatus struct { - // conditions provide details on the status of this API Resource. - // +listType=map - // +listMapKey=type - // +optional - Conditions []metav1.Condition `json:"conditions,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ImagePolicyList is a list of ImagePolicy resources -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +openshift:compatibility-gen:level=4 -type ImagePolicyList struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ListMeta `json:"metadata"` - - Items []ImagePolicy `json:"items"` -} - -const ( - // ImagePolicyPending indicates that the customer resource contains a policy that cannot take effect. It is either overwritten by a global policy or the image scope is not valid. - ImagePolicyPending = "Pending" - // ImagePolicyApplied indicates that the policy has been applied - ImagePolicyApplied = "Applied" -) diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go index 46666ae3b..43546d03b 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go @@ -16,6 +16,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:enable:FeatureGate=InsightsConfig // +openshift:compatibility-gen:level=4 +// +openshift:capability=Insights type InsightsDataGather struct { metav1.TypeMeta `json:",inline"` @@ -58,6 +59,7 @@ type GatherConfig struct { // "oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'" // An example of disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", "workloads/workload_info"]` // +kubebuilder:validation:MaxItems=100 + // +listType=atomic // +optional DisabledGatherers []DisabledGatherer `json:"disabledGatherers"` // storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_pki.go b/vendor/github.com/openshift/api/config/v1alpha1/types_pki.go new file mode 100644 index 000000000..c5be8b5bc --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_pki.go @@ -0,0 +1,274 @@ +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// PKI configures cryptographic parameters for certificates generated +// internally by OpenShift components. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=pkis,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2645 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=ConfigurablePKI +// +openshift:compatibility-gen:level=4 +type PKI struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +required + Spec PKISpec `json:"spec,omitzero"` +} + +// PKISpec holds the specification for PKI configuration. +type PKISpec struct { + // certificateManagement specifies how PKI configuration is managed for internally-generated certificates. + // This controls the certificate generation approach for all OpenShift components that create + // certificates internally, including certificate authorities, serving certificates, and client certificates. + // + // +required + CertificateManagement PKICertificateManagement `json:"certificateManagement,omitzero"` +} + +// PKICertificateManagement determines whether components use hardcoded defaults (Unmanaged), follow +// OpenShift best practices (Default), or use administrator-specified cryptographic parameters (Custom). +// This provides flexibility for organizations with specific compliance requirements or security policies +// while maintaining backwards compatibility for existing clusters. +// +// +kubebuilder:validation:XValidation:rule="self.mode == 'Custom' ? has(self.custom) : !has(self.custom)",message="custom is required when mode is Custom, and forbidden otherwise" +// +union +type PKICertificateManagement struct { + // mode determines how PKI configuration is managed. + // Valid values are "Unmanaged", "Default", and "Custom". + // + // When set to Unmanaged, components use their existing hardcoded certificate + // generation behavior, exactly as if this feature did not exist. Each component + // generates certificates using whatever parameters it was using before this + // feature. While most components use RSA 2048, some may use different + // parameters. Use of this mode might prevent upgrading to the next major + // OpenShift release. + // + // When set to Default, OpenShift-recommended best practices for certificate + // generation are applied. The specific parameters may evolve across OpenShift + // releases to adopt improved cryptographic standards. In the initial release, + // this matches Unmanaged behavior for each component. In future releases, this + // may adopt ECDSA or larger RSA keys based on industry best practices. + // Recommended for most customers who want to benefit from security improvements + // automatically. + // + // When set to Custom, the certificate management parameters can be set + // explicitly. Use the custom field to specify certificate generation parameters. + // + // +required + // +unionDiscriminator + Mode PKICertificateManagementMode `json:"mode,omitempty"` + + // custom contains administrator-specified cryptographic configuration. + // Use the defaults and category override fields + // to specify certificate generation parameters. + // Required when mode is Custom, and forbidden otherwise. + // + // +optional + // +unionMember + Custom CustomPKIPolicy `json:"custom,omitzero"` +} + +// CustomPKIPolicy contains administrator-specified cryptographic configuration. +// Administrators must specify defaults for all certificates and may optionally +// override specific categories of certificates. +// +// +kubebuilder:validation:MinProperties=1 +type CustomPKIPolicy struct { + PKIProfile `json:",inline"` +} + +// PKICertificateManagementMode specifies the mode for PKI certificate management. +// +// +kubebuilder:validation:Enum=Unmanaged;Default;Custom +type PKICertificateManagementMode string + +const ( + // PKICertificateManagementModeUnmanaged uses each component's existing hardcoded defaults. + // Most components currently use RSA 2048, but parameters may differ by component. + PKICertificateManagementModeUnmanaged PKICertificateManagementMode = "Unmanaged" + + // PKICertificateManagementModeDefault uses OpenShift-recommended best practices. + // Specific parameters may evolve across OpenShift releases. + PKICertificateManagementModeDefault PKICertificateManagementMode = "Default" + + // PKICertificateManagementModeCustom uses administrator-specified configuration. + PKICertificateManagementModeCustom PKICertificateManagementMode = "Custom" +) + +// PKIProfile defines the certificate generation parameters that OpenShift +// components use to create certificates. Category overrides take precedence +// over defaults. +type PKIProfile struct { + // defaults specifies the default certificate configuration that applies + // to all certificates unless overridden by a category override. + // + // +required + Defaults DefaultCertificateConfig `json:"defaults,omitzero"` + + // signerCertificates optionally overrides certificate parameters for + // certificate authority (CA) certificates that sign other certificates. + // When set, these parameters take precedence over defaults for all signer certificates. + // When omitted, the defaults are used for signer certificates. + // + // +optional + SignerCertificates CertificateConfig `json:"signerCertificates,omitempty,omitzero"` + + // servingCertificates optionally overrides certificate parameters for + // TLS server certificates used to serve HTTPS endpoints. + // When set, these parameters take precedence over defaults for all serving certificates. + // When omitted, the defaults are used for serving certificates. + // + // +optional + ServingCertificates CertificateConfig `json:"servingCertificates,omitempty,omitzero"` + + // clientCertificates optionally overrides certificate parameters for + // client authentication certificates used to authenticate to servers. + // When set, these parameters take precedence over defaults for all client certificates. + // When omitted, the defaults are used for client certificates. + // + // +optional + ClientCertificates CertificateConfig `json:"clientCertificates,omitempty,omitzero"` +} + +// DefaultCertificateConfig specifies the default certificate configuration +// parameters. All fields are required to ensure that defaults are fully +// specified for all certificates. +type DefaultCertificateConfig struct { + // key specifies the cryptographic parameters for the certificate's key pair. + // This field is required in defaults to ensure all certificates have a + // well-defined key configuration. + // +required + Key KeyConfig `json:"key,omitzero"` +} + +// CertificateConfig specifies configuration parameters for certificates. +// At least one property must be specified. +// +kubebuilder:validation:MinProperties=1 +type CertificateConfig struct { + // key specifies the cryptographic parameters for the certificate's key pair. + // Currently this is the only configurable parameter. When omitted in an + // overrides entry, the key configuration from defaults is used. + // +optional + Key KeyConfig `json:"key,omitzero"` +} + +// KeyConfig specifies cryptographic parameters for key generation. +// +// +kubebuilder:validation:XValidation:rule="has(self.algorithm) && self.algorithm == 'RSA' ? has(self.rsa) : !has(self.rsa)",message="rsa is required when algorithm is RSA, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.algorithm) && self.algorithm == 'ECDSA' ? has(self.ecdsa) : !has(self.ecdsa)",message="ecdsa is required when algorithm is ECDSA, and forbidden otherwise" +// +union +type KeyConfig struct { + // algorithm specifies the key generation algorithm. + // Valid values are "RSA" and "ECDSA". + // + // When set to RSA, the rsa field must be specified and the generated key + // will be an RSA key with the configured key size. + // + // When set to ECDSA, the ecdsa field must be specified and the generated key + // will be an ECDSA key using the configured elliptic curve. + // + // +required + // +unionDiscriminator + Algorithm KeyAlgorithm `json:"algorithm,omitempty"` + + // rsa specifies RSA key parameters. + // Required when algorithm is RSA, and forbidden otherwise. + // +optional + // +unionMember + RSA RSAKeyConfig `json:"rsa,omitzero"` + + // ecdsa specifies ECDSA key parameters. + // Required when algorithm is ECDSA, and forbidden otherwise. + // +optional + // +unionMember + ECDSA ECDSAKeyConfig `json:"ecdsa,omitzero"` +} + +// RSAKeyConfig specifies parameters for RSA key generation. +type RSAKeyConfig struct { + // keySize specifies the size of RSA keys in bits. + // Valid values are multiples of 1024 from 2048 to 8192. + // +required + // +kubebuilder:validation:Minimum=2048 + // +kubebuilder:validation:Maximum=8192 + // +kubebuilder:validation:MultipleOf=1024 + KeySize int32 `json:"keySize,omitempty"` +} + +// ECDSAKeyConfig specifies parameters for ECDSA key generation. +type ECDSAKeyConfig struct { + // curve specifies the NIST elliptic curve for ECDSA keys. + // Valid values are "P256", "P384", and "P521". + // + // When set to P256, the NIST P-256 curve (also known as secp256r1) is used, + // providing 128-bit security. + // + // When set to P384, the NIST P-384 curve (also known as secp384r1) is used, + // providing 192-bit security. + // + // When set to P521, the NIST P-521 curve (also known as secp521r1) is used, + // providing 256-bit security. + // + // +required + Curve ECDSACurve `json:"curve,omitempty"` +} + +// KeyAlgorithm specifies the cryptographic algorithm used for key generation. +// +// +kubebuilder:validation:Enum=RSA;ECDSA +type KeyAlgorithm string + +const ( + // KeyAlgorithmRSA specifies the RSA (Rivest-Shamir-Adleman) algorithm for key generation. + KeyAlgorithmRSA KeyAlgorithm = "RSA" + + // KeyAlgorithmECDSA specifies the ECDSA (Elliptic Curve Digital Signature Algorithm) for key generation. + KeyAlgorithmECDSA KeyAlgorithm = "ECDSA" +) + +// ECDSACurve specifies the elliptic curve used for ECDSA key generation. +// +// +kubebuilder:validation:Enum=P256;P384;P521 +type ECDSACurve string + +const ( + // ECDSACurveP256 specifies the NIST P-256 curve (also known as secp256r1), providing 128-bit security. + ECDSACurveP256 ECDSACurve = "P256" + + // ECDSACurveP384 specifies the NIST P-384 curve (also known as secp384r1), providing 192-bit security. + ECDSACurveP384 ECDSACurve = "P384" + + // ECDSACurveP521 specifies the NIST P-521 curve (also known as secp521r1), providing 256-bit security. + ECDSACurveP521 ECDSACurve = "P521" +) + +// PKIList is a collection of PKI resources. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=4 +type PKIList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + // items is a list of PKI resources + Items []PKI `json:"items"` +} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index 6549f6cbe..7313338a3 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -11,6 +11,29 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalAlertmanagerConfig) DeepCopyInto(out *AdditionalAlertmanagerConfig) { + *out = *in + out.Authorization = in.Authorization + if in.StaticConfigs != nil { + in, out := &in.StaticConfigs, &out.StaticConfigs + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.TLSConfig = in.TLSConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalAlertmanagerConfig. +func (in *AdditionalAlertmanagerConfig) DeepCopy() *AdditionalAlertmanagerConfig { + if in == nil { + return nil + } + out := new(AdditionalAlertmanagerConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AlertmanagerConfig) DeepCopyInto(out *AlertmanagerConfig) { *out = *in @@ -98,6 +121,23 @@ func (in *Audit) DeepCopy() *Audit { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizationConfig) DeepCopyInto(out *AuthorizationConfig) { + *out = *in + out.BearerToken = in.BearerToken + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationConfig. +func (in *AuthorizationConfig) DeepCopy() *AuthorizationConfig { + if in == nil { + return nil + } + out := new(AuthorizationConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backup) DeepCopyInto(out *Backup) { *out = *in @@ -193,27 +233,49 @@ func (in *BackupStatus) DeepCopy() *BackupStatus { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicy) DeepCopyInto(out *ClusterImagePolicy) { +func (in *BasicAuth) DeepCopyInto(out *BasicAuth) { + *out = *in + out.Username = in.Username + out.Password = in.Password + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth. +func (in *BasicAuth) DeepCopy() *BasicAuth { + if in == nil { + return nil + } + out := new(BasicAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfig) DeepCopyInto(out *CRIOCredentialProviderConfig) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) + if in.Spec != nil { + in, out := &in.Spec, &out.Spec + *out = new(CRIOCredentialProviderConfigSpec) + (*in).DeepCopyInto(*out) + } in.Status.DeepCopyInto(&out.Status) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicy. -func (in *ClusterImagePolicy) DeepCopy() *ClusterImagePolicy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfig. +func (in *CRIOCredentialProviderConfig) DeepCopy() *CRIOCredentialProviderConfig { if in == nil { return nil } - out := new(ClusterImagePolicy) + out := new(CRIOCredentialProviderConfig) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterImagePolicy) DeepCopyObject() runtime.Object { +func (in *CRIOCredentialProviderConfig) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -221,13 +283,13 @@ func (in *ClusterImagePolicy) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicyList) DeepCopyInto(out *ClusterImagePolicyList) { +func (in *CRIOCredentialProviderConfigList) DeepCopyInto(out *CRIOCredentialProviderConfigList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]ClusterImagePolicy, len(*in)) + *out = make([]CRIOCredentialProviderConfig, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -235,18 +297,18 @@ func (in *ClusterImagePolicyList) DeepCopyInto(out *ClusterImagePolicyList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicyList. -func (in *ClusterImagePolicyList) DeepCopy() *ClusterImagePolicyList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigList. +func (in *CRIOCredentialProviderConfigList) DeepCopy() *CRIOCredentialProviderConfigList { if in == nil { return nil } - out := new(ClusterImagePolicyList) + out := new(CRIOCredentialProviderConfigList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterImagePolicyList) DeepCopyObject() runtime.Object { +func (in *CRIOCredentialProviderConfigList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -254,29 +316,28 @@ func (in *ClusterImagePolicyList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicySpec) DeepCopyInto(out *ClusterImagePolicySpec) { +func (in *CRIOCredentialProviderConfigSpec) DeepCopyInto(out *CRIOCredentialProviderConfigSpec) { *out = *in - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]ImageScope, len(*in)) + if in.MatchImages != nil { + in, out := &in.MatchImages, &out.MatchImages + *out = make([]MatchImage, len(*in)) copy(*out, *in) } - in.Policy.DeepCopyInto(&out.Policy) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicySpec. -func (in *ClusterImagePolicySpec) DeepCopy() *ClusterImagePolicySpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigSpec. +func (in *CRIOCredentialProviderConfigSpec) DeepCopy() *CRIOCredentialProviderConfigSpec { if in == nil { return nil } - out := new(ClusterImagePolicySpec) + out := new(CRIOCredentialProviderConfigSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicyStatus) DeepCopyInto(out *ClusterImagePolicyStatus) { +func (in *CRIOCredentialProviderConfigStatus) DeepCopyInto(out *CRIOCredentialProviderConfigStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions @@ -288,12 +349,29 @@ func (in *ClusterImagePolicyStatus) DeepCopyInto(out *ClusterImagePolicyStatus) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicyStatus. -func (in *ClusterImagePolicyStatus) DeepCopy() *ClusterImagePolicyStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigStatus. +func (in *CRIOCredentialProviderConfigStatus) DeepCopy() *CRIOCredentialProviderConfigStatus { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfigStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateConfig) DeepCopyInto(out *CertificateConfig) { + *out = *in + out.Key = in.Key + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateConfig. +func (in *CertificateConfig) DeepCopy() *CertificateConfig { if in == nil { return nil } - out := new(ClusterImagePolicyStatus) + out := new(CertificateConfig) in.DeepCopyInto(out) return out } @@ -364,7 +442,16 @@ func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { *out = *in out.UserDefined = in.UserDefined in.AlertmanagerConfig.DeepCopyInto(&out.AlertmanagerConfig) + in.PrometheusConfig.DeepCopyInto(&out.PrometheusConfig) in.MetricsServerConfig.DeepCopyInto(&out.MetricsServerConfig) + in.PrometheusOperatorConfig.DeepCopyInto(&out.PrometheusOperatorConfig) + in.PrometheusOperatorAdmissionWebhookConfig.DeepCopyInto(&out.PrometheusOperatorAdmissionWebhookConfig) + in.OpenShiftStateMetricsConfig.DeepCopyInto(&out.OpenShiftStateMetricsConfig) + in.TelemeterClientConfig.DeepCopyInto(&out.TelemeterClientConfig) + in.ThanosQuerierConfig.DeepCopyInto(&out.ThanosQuerierConfig) + in.NodeExporterConfig.DeepCopyInto(&out.NodeExporterConfig) + in.MonitoringPluginConfig.DeepCopyInto(&out.MonitoringPluginConfig) + in.KubeStateMetricsConfig.DeepCopyInto(&out.KubeStateMetricsConfig) return } @@ -413,177 +500,126 @@ func (in *ContainerResource) DeepCopy() *ContainerResource { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EtcdBackupSpec) DeepCopyInto(out *EtcdBackupSpec) { +func (in *CustomPKIPolicy) DeepCopyInto(out *CustomPKIPolicy) { *out = *in - in.RetentionPolicy.DeepCopyInto(&out.RetentionPolicy) + out.PKIProfile = in.PKIProfile return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdBackupSpec. -func (in *EtcdBackupSpec) DeepCopy() *EtcdBackupSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomPKIPolicy. +func (in *CustomPKIPolicy) DeepCopy() *CustomPKIPolicy { if in == nil { return nil } - out := new(EtcdBackupSpec) + out := new(CustomPKIPolicy) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FulcioCAWithRekor) DeepCopyInto(out *FulcioCAWithRekor) { +func (in *DefaultCertificateConfig) DeepCopyInto(out *DefaultCertificateConfig) { *out = *in - if in.FulcioCAData != nil { - in, out := &in.FulcioCAData, &out.FulcioCAData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.FulcioSubject = in.FulcioSubject + out.Key = in.Key return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FulcioCAWithRekor. -func (in *FulcioCAWithRekor) DeepCopy() *FulcioCAWithRekor { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultCertificateConfig. +func (in *DefaultCertificateConfig) DeepCopy() *DefaultCertificateConfig { if in == nil { return nil } - out := new(FulcioCAWithRekor) + out := new(DefaultCertificateConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GatherConfig) DeepCopyInto(out *GatherConfig) { +func (in *DropEqualActionConfig) DeepCopyInto(out *DropEqualActionConfig) { *out = *in - if in.DisabledGatherers != nil { - in, out := &in.DisabledGatherers, &out.DisabledGatherers - *out = make([]DisabledGatherer, len(*in)) - copy(*out, *in) - } - if in.StorageSpec != nil { - in, out := &in.StorageSpec, &out.StorageSpec - *out = new(Storage) - (*in).DeepCopyInto(*out) - } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatherConfig. -func (in *GatherConfig) DeepCopy() *GatherConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DropEqualActionConfig. +func (in *DropEqualActionConfig) DeepCopy() *DropEqualActionConfig { if in == nil { return nil } - out := new(GatherConfig) + out := new(DropEqualActionConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicy) DeepCopyInto(out *ImagePolicy) { +func (in *ECDSAKeyConfig) DeepCopyInto(out *ECDSAKeyConfig) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicy. -func (in *ImagePolicy) DeepCopy() *ImagePolicy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ECDSAKeyConfig. +func (in *ECDSAKeyConfig) DeepCopy() *ECDSAKeyConfig { if in == nil { return nil } - out := new(ImagePolicy) + out := new(ECDSAKeyConfig) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ImagePolicy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyList) DeepCopyInto(out *ImagePolicyList) { +func (in *EtcdBackupSpec) DeepCopyInto(out *EtcdBackupSpec) { *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ImagePolicy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } + in.RetentionPolicy.DeepCopyInto(&out.RetentionPolicy) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyList. -func (in *ImagePolicyList) DeepCopy() *ImagePolicyList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdBackupSpec. +func (in *EtcdBackupSpec) DeepCopy() *EtcdBackupSpec { if in == nil { return nil } - out := new(ImagePolicyList) + out := new(EtcdBackupSpec) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ImagePolicyList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicySpec) DeepCopyInto(out *ImagePolicySpec) { +func (in *GatherConfig) DeepCopyInto(out *GatherConfig) { *out = *in - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]ImageScope, len(*in)) + if in.DisabledGatherers != nil { + in, out := &in.DisabledGatherers, &out.DisabledGatherers + *out = make([]DisabledGatherer, len(*in)) copy(*out, *in) } - in.Policy.DeepCopyInto(&out.Policy) + if in.StorageSpec != nil { + in, out := &in.StorageSpec, &out.StorageSpec + *out = new(Storage) + (*in).DeepCopyInto(*out) + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicySpec. -func (in *ImagePolicySpec) DeepCopy() *ImagePolicySpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatherConfig. +func (in *GatherConfig) DeepCopy() *GatherConfig { if in == nil { return nil } - out := new(ImagePolicySpec) + out := new(GatherConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyStatus) DeepCopyInto(out *ImagePolicyStatus) { +func (in *HashModActionConfig) DeepCopyInto(out *HashModActionConfig) { *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]metav1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyStatus. -func (in *ImagePolicyStatus) DeepCopy() *ImagePolicyStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HashModActionConfig. +func (in *HashModActionConfig) DeepCopy() *HashModActionConfig { if in == nil { return nil } - out := new(ImagePolicyStatus) + out := new(HashModActionConfig) in.DeepCopyInto(out) return out } @@ -683,9 +719,42 @@ func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { +func (in *KeepEqualActionConfig) DeepCopyInto(out *KeepEqualActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeepEqualActionConfig. +func (in *KeepEqualActionConfig) DeepCopy() *KeepEqualActionConfig { + if in == nil { + return nil + } + out := new(KeepEqualActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KeyConfig) DeepCopyInto(out *KeyConfig) { + *out = *in + out.RSA = in.RSA + out.ECDSA = in.ECDSA + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyConfig. +func (in *KeyConfig) DeepCopy() *KeyConfig { + if in == nil { + return nil + } + out := new(KeyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeStateMetricsConfig) DeepCopyInto(out *KubeStateMetricsConfig) { *out = *in - out.Audit = in.Audit if in.NodeSelector != nil { in, out := &in.NodeSelector, &out.NodeSelector *out = make(map[string]string, len(*in)) @@ -693,16 +762,16 @@ func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { (*out)[key] = val } } - if in.Tolerations != nil { - in, out := &in.Tolerations, &out.Tolerations - *out = make([]v1.Toleration, len(*in)) + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ContainerResource, len(*in)) + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -714,240 +783,1067 @@ func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AdditionalResourceLabels != nil { + in, out := &in.AdditionalResourceLabels, &out.AdditionalResourceLabels + *out = make([]KubeStateMetricsResourceLabels, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsServerConfig. -func (in *MetricsServerConfig) DeepCopy() *MetricsServerConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeStateMetricsConfig. +func (in *KubeStateMetricsConfig) DeepCopy() *KubeStateMetricsConfig { if in == nil { return nil } - out := new(MetricsServerConfig) + out := new(KubeStateMetricsConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PKI) DeepCopyInto(out *PKI) { +func (in *KubeStateMetricsResourceLabels) DeepCopyInto(out *KubeStateMetricsResourceLabels) { *out = *in - if in.CertificateAuthorityRootsData != nil { - in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData - *out = make([]byte, len(*in)) + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make([]KubeStateMetricsLabelName, len(*in)) copy(*out, *in) } - if in.CertificateAuthorityIntermediatesData != nil { - in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.PKICertificateSubject = in.PKICertificateSubject return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKI. -func (in *PKI) DeepCopy() *PKI { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeStateMetricsResourceLabels. +func (in *KubeStateMetricsResourceLabels) DeepCopy() *KubeStateMetricsResourceLabels { if in == nil { return nil } - out := new(PKI) + out := new(KubeStateMetricsResourceLabels) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) { +func (in *Label) DeepCopyInto(out *Label) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICertificateSubject. -func (in *PKICertificateSubject) DeepCopy() *PKICertificateSubject { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Label. +func (in *Label) DeepCopy() *Label { if in == nil { return nil } - out := new(PKICertificateSubject) + out := new(Label) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeClaimReference) DeepCopyInto(out *PersistentVolumeClaimReference) { +func (in *LabelMapActionConfig) DeepCopyInto(out *LabelMapActionConfig) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimReference. -func (in *PersistentVolumeClaimReference) DeepCopy() *PersistentVolumeClaimReference { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LabelMapActionConfig. +func (in *LabelMapActionConfig) DeepCopy() *LabelMapActionConfig { if in == nil { return nil } - out := new(PersistentVolumeClaimReference) + out := new(LabelMapActionConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeConfig) DeepCopyInto(out *PersistentVolumeConfig) { +func (in *LowercaseActionConfig) DeepCopyInto(out *LowercaseActionConfig) { *out = *in - out.Claim = in.Claim return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeConfig. -func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LowercaseActionConfig. +func (in *LowercaseActionConfig) DeepCopy() *LowercaseActionConfig { if in == nil { return nil } - out := new(PersistentVolumeConfig) + out := new(LowercaseActionConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Policy) DeepCopyInto(out *Policy) { +func (in *MetadataConfig) DeepCopyInto(out *MetadataConfig) { *out = *in - in.RootOfTrust.DeepCopyInto(&out.RootOfTrust) - in.SignedIdentity.DeepCopyInto(&out.SignedIdentity) + out.Custom = in.Custom return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. -func (in *Policy) DeepCopy() *Policy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataConfig. +func (in *MetadataConfig) DeepCopy() *MetadataConfig { if in == nil { return nil } - out := new(Policy) + out := new(MetadataConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyFulcioSubject) DeepCopyInto(out *PolicyFulcioSubject) { +func (in *MetadataConfigCustom) DeepCopyInto(out *MetadataConfigCustom) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyFulcioSubject. -func (in *PolicyFulcioSubject) DeepCopy() *PolicyFulcioSubject { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataConfigCustom. +func (in *MetadataConfigCustom) DeepCopy() *MetadataConfigCustom { if in == nil { return nil } - out := new(PolicyFulcioSubject) + out := new(MetadataConfigCustom) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyIdentity) DeepCopyInto(out *PolicyIdentity) { +func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { *out = *in - if in.PolicyMatchExactRepository != nil { - in, out := &in.PolicyMatchExactRepository, &out.PolicyMatchExactRepository - *out = new(PolicyMatchExactRepository) - **out = **in + out.Audit = in.Audit + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } } - if in.PolicyMatchRemapIdentity != nil { - in, out := &in.PolicyMatchRemapIdentity, &out.PolicyMatchRemapIdentity - *out = new(PolicyMatchRemapIdentity) - **out = **in + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyIdentity. -func (in *PolicyIdentity) DeepCopy() *PolicyIdentity { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsServerConfig. +func (in *MetricsServerConfig) DeepCopy() *MetricsServerConfig { if in == nil { return nil } - out := new(PolicyIdentity) + out := new(MetricsServerConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyMatchExactRepository) DeepCopyInto(out *PolicyMatchExactRepository) { +func (in *MonitoringPluginConfig) DeepCopyInto(out *MonitoringPluginConfig) { *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyMatchExactRepository. -func (in *PolicyMatchExactRepository) DeepCopy() *PolicyMatchExactRepository { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MonitoringPluginConfig. +func (in *MonitoringPluginConfig) DeepCopy() *MonitoringPluginConfig { if in == nil { return nil } - out := new(PolicyMatchExactRepository) + out := new(MonitoringPluginConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyMatchRemapIdentity) DeepCopyInto(out *PolicyMatchRemapIdentity) { +func (in *NodeExporterCollectorBuddyInfoConfig) DeepCopyInto(out *NodeExporterCollectorBuddyInfoConfig) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyMatchRemapIdentity. -func (in *PolicyMatchRemapIdentity) DeepCopy() *PolicyMatchRemapIdentity { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorBuddyInfoConfig. +func (in *NodeExporterCollectorBuddyInfoConfig) DeepCopy() *NodeExporterCollectorBuddyInfoConfig { if in == nil { return nil } - out := new(PolicyMatchRemapIdentity) + out := new(NodeExporterCollectorBuddyInfoConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) { +func (in *NodeExporterCollectorConfig) DeepCopyInto(out *NodeExporterCollectorConfig) { *out = *in - if in.PublicKey != nil { - in, out := &in.PublicKey, &out.PublicKey - *out = new(PublicKey) - (*in).DeepCopyInto(*out) - } - if in.FulcioCAWithRekor != nil { - in, out := &in.FulcioCAWithRekor, &out.FulcioCAWithRekor - *out = new(FulcioCAWithRekor) - (*in).DeepCopyInto(*out) - } - if in.PKI != nil { - in, out := &in.PKI, &out.PKI - *out = new(PKI) - (*in).DeepCopyInto(*out) + out.CpuFreq = in.CpuFreq + out.TcpStat = in.TcpStat + out.Ethtool = in.Ethtool + out.NetDev = in.NetDev + out.NetClass = in.NetClass + out.BuddyInfo = in.BuddyInfo + out.MountStats = in.MountStats + out.Ksmd = in.Ksmd + out.Processes = in.Processes + in.Systemd.DeepCopyInto(&out.Systemd) + out.Softirqs = in.Softirqs + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorConfig. +func (in *NodeExporterCollectorConfig) DeepCopy() *NodeExporterCollectorConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorCpufreqConfig) DeepCopyInto(out *NodeExporterCollectorCpufreqConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorCpufreqConfig. +func (in *NodeExporterCollectorCpufreqConfig) DeepCopy() *NodeExporterCollectorCpufreqConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorCpufreqConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorEthtoolConfig) DeepCopyInto(out *NodeExporterCollectorEthtoolConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorEthtoolConfig. +func (in *NodeExporterCollectorEthtoolConfig) DeepCopy() *NodeExporterCollectorEthtoolConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorEthtoolConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorKSMDConfig) DeepCopyInto(out *NodeExporterCollectorKSMDConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorKSMDConfig. +func (in *NodeExporterCollectorKSMDConfig) DeepCopy() *NodeExporterCollectorKSMDConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorKSMDConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorMountStatsConfig) DeepCopyInto(out *NodeExporterCollectorMountStatsConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorMountStatsConfig. +func (in *NodeExporterCollectorMountStatsConfig) DeepCopy() *NodeExporterCollectorMountStatsConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorMountStatsConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorNetClassCollectConfig) DeepCopyInto(out *NodeExporterCollectorNetClassCollectConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorNetClassCollectConfig. +func (in *NodeExporterCollectorNetClassCollectConfig) DeepCopy() *NodeExporterCollectorNetClassCollectConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorNetClassCollectConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorNetClassConfig) DeepCopyInto(out *NodeExporterCollectorNetClassConfig) { + *out = *in + out.Collect = in.Collect + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorNetClassConfig. +func (in *NodeExporterCollectorNetClassConfig) DeepCopy() *NodeExporterCollectorNetClassConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorNetClassConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorNetDevConfig) DeepCopyInto(out *NodeExporterCollectorNetDevConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorNetDevConfig. +func (in *NodeExporterCollectorNetDevConfig) DeepCopy() *NodeExporterCollectorNetDevConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorNetDevConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorProcessesConfig) DeepCopyInto(out *NodeExporterCollectorProcessesConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorProcessesConfig. +func (in *NodeExporterCollectorProcessesConfig) DeepCopy() *NodeExporterCollectorProcessesConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorProcessesConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorSoftirqsConfig) DeepCopyInto(out *NodeExporterCollectorSoftirqsConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorSoftirqsConfig. +func (in *NodeExporterCollectorSoftirqsConfig) DeepCopy() *NodeExporterCollectorSoftirqsConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorSoftirqsConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorSystemdCollectConfig) DeepCopyInto(out *NodeExporterCollectorSystemdCollectConfig) { + *out = *in + if in.Units != nil { + in, out := &in.Units, &out.Units + *out = make([]NodeExporterSystemdUnit, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorSystemdCollectConfig. +func (in *NodeExporterCollectorSystemdCollectConfig) DeepCopy() *NodeExporterCollectorSystemdCollectConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorSystemdCollectConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorSystemdConfig) DeepCopyInto(out *NodeExporterCollectorSystemdConfig) { + *out = *in + in.Collect.DeepCopyInto(&out.Collect) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorSystemdConfig. +func (in *NodeExporterCollectorSystemdConfig) DeepCopy() *NodeExporterCollectorSystemdConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorSystemdConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterCollectorTcpStatConfig) DeepCopyInto(out *NodeExporterCollectorTcpStatConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterCollectorTcpStatConfig. +func (in *NodeExporterCollectorTcpStatConfig) DeepCopy() *NodeExporterCollectorTcpStatConfig { + if in == nil { + return nil + } + out := new(NodeExporterCollectorTcpStatConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeExporterConfig) DeepCopyInto(out *NodeExporterConfig) { + *out = *in + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.Collectors.DeepCopyInto(&out.Collectors) + if in.IgnoredNetworkDevices != nil { + in, out := &in.IgnoredNetworkDevices, &out.IgnoredNetworkDevices + *out = new([]NodeExporterIgnoredNetworkDevice) + if **in != nil { + in, out := *in, *out + *out = make([]NodeExporterIgnoredNetworkDevice, len(*in)) + copy(*out, *in) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeExporterConfig. +func (in *NodeExporterConfig) DeepCopy() *NodeExporterConfig { + if in == nil { + return nil + } + out := new(NodeExporterConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuth2) DeepCopyInto(out *OAuth2) { + *out = *in + out.ClientID = in.ClientID + out.ClientSecret = in.ClientSecret + if in.Scopes != nil { + in, out := &in.Scopes, &out.Scopes + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.EndpointParams != nil { + in, out := &in.EndpointParams, &out.EndpointParams + *out = make([]OAuth2EndpointParam, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2. +func (in *OAuth2) DeepCopy() *OAuth2 { + if in == nil { + return nil + } + out := new(OAuth2) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuth2EndpointParam) DeepCopyInto(out *OAuth2EndpointParam) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2EndpointParam. +func (in *OAuth2EndpointParam) DeepCopy() *OAuth2EndpointParam { + if in == nil { + return nil + } + out := new(OAuth2EndpointParam) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftStateMetricsConfig) DeepCopyInto(out *OpenShiftStateMetricsConfig) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftStateMetricsConfig. +func (in *OpenShiftStateMetricsConfig) DeepCopy() *OpenShiftStateMetricsConfig { + if in == nil { + return nil + } + out := new(OpenShiftStateMetricsConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKI) DeepCopyInto(out *PKI) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKI. +func (in *PKI) DeepCopy() *PKI { + if in == nil { + return nil + } + out := new(PKI) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PKI) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKICertificateManagement) DeepCopyInto(out *PKICertificateManagement) { + *out = *in + out.Custom = in.Custom + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICertificateManagement. +func (in *PKICertificateManagement) DeepCopy() *PKICertificateManagement { + if in == nil { + return nil + } + out := new(PKICertificateManagement) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKIList) DeepCopyInto(out *PKIList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PKI, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIList. +func (in *PKIList) DeepCopy() *PKIList { + if in == nil { + return nil + } + out := new(PKIList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PKIList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKIProfile) DeepCopyInto(out *PKIProfile) { + *out = *in + out.Defaults = in.Defaults + out.SignerCertificates = in.SignerCertificates + out.ServingCertificates = in.ServingCertificates + out.ClientCertificates = in.ClientCertificates + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIProfile. +func (in *PKIProfile) DeepCopy() *PKIProfile { + if in == nil { + return nil + } + out := new(PKIProfile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKISpec) DeepCopyInto(out *PKISpec) { + *out = *in + out.CertificateManagement = in.CertificateManagement + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISpec. +func (in *PKISpec) DeepCopy() *PKISpec { + if in == nil { + return nil + } + out := new(PKISpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PersistentVolumeClaimReference) DeepCopyInto(out *PersistentVolumeClaimReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimReference. +func (in *PersistentVolumeClaimReference) DeepCopy() *PersistentVolumeClaimReference { + if in == nil { + return nil + } + out := new(PersistentVolumeClaimReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PersistentVolumeConfig) DeepCopyInto(out *PersistentVolumeConfig) { + *out = *in + out.Claim = in.Claim + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeConfig. +func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig { + if in == nil { + return nil + } + out := new(PersistentVolumeConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig) { + *out = *in + if in.AdditionalAlertmanagerConfigs != nil { + in, out := &in.AdditionalAlertmanagerConfigs, &out.AdditionalAlertmanagerConfigs + *out = make([]AdditionalAlertmanagerConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExternalLabels != nil { + in, out := &in.ExternalLabels, &out.ExternalLabels + *out = make([]Label, len(*in)) + copy(*out, *in) + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.RemoteWrite != nil { + in, out := &in.RemoteWrite, &out.RemoteWrite + *out = make([]RemoteWriteSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.Retention = in.Retention + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.VolumeClaimTemplate != nil { + in, out := &in.VolumeClaimTemplate, &out.VolumeClaimTemplate + *out = new(v1.PersistentVolumeClaim) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusConfig. +func (in *PrometheusConfig) DeepCopy() *PrometheusConfig { + if in == nil { + return nil + } + out := new(PrometheusConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusOperatorAdmissionWebhookConfig) DeepCopyInto(out *PrometheusOperatorAdmissionWebhookConfig) { + *out = *in + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusOperatorAdmissionWebhookConfig. +func (in *PrometheusOperatorAdmissionWebhookConfig) DeepCopy() *PrometheusOperatorAdmissionWebhookConfig { + if in == nil { + return nil + } + out := new(PrometheusOperatorAdmissionWebhookConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusOperatorConfig) DeepCopyInto(out *PrometheusOperatorConfig) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRootOfTrust. -func (in *PolicyRootOfTrust) DeepCopy() *PolicyRootOfTrust { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusOperatorConfig. +func (in *PrometheusOperatorConfig) DeepCopy() *PrometheusOperatorConfig { if in == nil { return nil } - out := new(PolicyRootOfTrust) + out := new(PrometheusOperatorConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PublicKey) DeepCopyInto(out *PublicKey) { +func (in *PrometheusRemoteWriteHeader) DeepCopyInto(out *PrometheusRemoteWriteHeader) { *out = *in - if in.KeyData != nil { - in, out := &in.KeyData, &out.KeyData - *out = make([]byte, len(*in)) - copy(*out, *in) + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusRemoteWriteHeader. +func (in *PrometheusRemoteWriteHeader) DeepCopy() *PrometheusRemoteWriteHeader { + if in == nil { + return nil + } + out := new(PrometheusRemoteWriteHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueueConfig) DeepCopyInto(out *QueueConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueueConfig. +func (in *QueueConfig) DeepCopy() *QueueConfig { + if in == nil { + return nil + } + out := new(QueueConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RSAKeyConfig) DeepCopyInto(out *RSAKeyConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RSAKeyConfig. +func (in *RSAKeyConfig) DeepCopy() *RSAKeyConfig { + if in == nil { + return nil + } + out := new(RSAKeyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RelabelActionConfig) DeepCopyInto(out *RelabelActionConfig) { + *out = *in + in.Replace.DeepCopyInto(&out.Replace) + out.HashMod = in.HashMod + out.LabelMap = in.LabelMap + out.Lowercase = in.Lowercase + out.Uppercase = in.Uppercase + out.KeepEqual = in.KeepEqual + out.DropEqual = in.DropEqual + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelActionConfig. +func (in *RelabelActionConfig) DeepCopy() *RelabelActionConfig { + if in == nil { + return nil } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) + out := new(RelabelActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { + *out = *in + if in.SourceLabels != nil { + in, out := &in.SourceLabels, &out.SourceLabels + *out = make([]string, len(*in)) copy(*out, *in) } + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelConfig. +func (in *RelabelConfig) DeepCopy() *RelabelConfig { + if in == nil { + return nil + } + out := new(RelabelConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteWriteAuthorization) DeepCopyInto(out *RemoteWriteAuthorization) { + *out = *in + if in.SafeAuthorization != nil { + in, out := &in.SafeAuthorization, &out.SafeAuthorization + *out = new(v1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } + out.BearerToken = in.BearerToken + out.BasicAuth = in.BasicAuth + in.OAuth2.DeepCopyInto(&out.OAuth2) + out.Sigv4 = in.Sigv4 + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteWriteAuthorization. +func (in *RemoteWriteAuthorization) DeepCopy() *RemoteWriteAuthorization { + if in == nil { + return nil + } + out := new(RemoteWriteAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { + *out = *in + in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig) + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make([]PrometheusRemoteWriteHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.MetadataConfig = in.MetadataConfig + out.QueueConfig = in.QueueConfig + out.TLSConfig = in.TLSConfig + if in.WriteRelabelConfigs != nil { + in, out := &in.WriteRelabelConfigs, &out.WriteRelabelConfigs + *out = make([]RelabelConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteWriteSpec. +func (in *RemoteWriteSpec) DeepCopy() *RemoteWriteSpec { + if in == nil { + return nil + } + out := new(RemoteWriteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplaceActionConfig) DeepCopyInto(out *ReplaceActionConfig) { + *out = *in + if in.Replacement != nil { + in, out := &in.Replacement, &out.Replacement + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplaceActionConfig. +func (in *ReplaceActionConfig) DeepCopy() *ReplaceActionConfig { + if in == nil { + return nil + } + out := new(ReplaceActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Retention) DeepCopyInto(out *Retention) { + *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKey. -func (in *PublicKey) DeepCopy() *PublicKey { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Retention. +func (in *Retention) DeepCopy() *Retention { if in == nil { return nil } - out := new(PublicKey) + out := new(Retention) in.DeepCopyInto(out) return out } @@ -1010,6 +1906,40 @@ func (in *RetentionSizeConfig) DeepCopy() *RetentionSizeConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. +func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { + if in == nil { + return nil + } + out := new(SecretKeySelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Sigv4) DeepCopyInto(out *Sigv4) { + *out = *in + out.AccessKey = in.AccessKey + out.SecretKey = in.SecretKey + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sigv4. +func (in *Sigv4) DeepCopy() *Sigv4 { + if in == nil { + return nil + } + out := new(Sigv4) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Storage) DeepCopyInto(out *Storage) { *out = *in @@ -1031,6 +1961,146 @@ func (in *Storage) DeepCopy() *Storage { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { + *out = *in + out.CA = in.CA + out.Cert = in.Cert + out.Key = in.Key + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. +func (in *TLSConfig) DeepCopy() *TLSConfig { + if in == nil { + return nil + } + out := new(TLSConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TelemeterClientConfig) DeepCopyInto(out *TelemeterClientConfig) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TelemeterClientConfig. +func (in *TelemeterClientConfig) DeepCopy() *TelemeterClientConfig { + if in == nil { + return nil + } + out := new(TelemeterClientConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ThanosQuerierConfig) DeepCopyInto(out *ThanosQuerierConfig) { + *out = *in + out.RequestLogging = in.RequestLogging + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ThanosQuerierConfig. +func (in *ThanosQuerierConfig) DeepCopy() *ThanosQuerierConfig { + if in == nil { + return nil + } + out := new(ThanosQuerierConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ThanosQuerierRequestLoggingConfig) DeepCopyInto(out *ThanosQuerierRequestLoggingConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ThanosQuerierRequestLoggingConfig. +func (in *ThanosQuerierRequestLoggingConfig) DeepCopy() *ThanosQuerierRequestLoggingConfig { + if in == nil { + return nil + } + out := new(ThanosQuerierRequestLoggingConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UppercaseActionConfig) DeepCopyInto(out *UppercaseActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UppercaseActionConfig. +func (in *UppercaseActionConfig) DeepCopy() *UppercaseActionConfig { + if in == nil { + return nil + } + out := new(UppercaseActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserDefinedMonitoring) DeepCopyInto(out *UserDefinedMonitoring) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 2f79f801d..b2a124193 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -21,28 +21,27 @@ backups.config.openshift.io: - AutomatedEtcdBackup Version: v1alpha1 -clusterimagepolicies.config.openshift.io: +criocredentialproviderconfigs.config.openshift.io: Annotations: {} - ApprovedPRNumber: https://github.com/openshift/api/pull/1457 - CRDName: clusterimagepolicies.config.openshift.io + ApprovedPRNumber: https://github.com/openshift/api/pull/2557 + CRDName: criocredentialproviderconfigs.config.openshift.io Capability: "" Category: "" FeatureGates: - - SigstoreImageVerification - - SigstoreImageVerificationPKI + - CRIOCredentialProviderConfig FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true - KindName: ClusterImagePolicy + KindName: CRIOCredentialProviderConfig Labels: {} - PluralName: clusterimagepolicies + PluralName: criocredentialproviderconfigs PrinterColumns: [] Scope: Cluster ShortNames: null TopLevelFeatureGates: - - SigstoreImageVerification + - CRIOCredentialProviderConfig Version: v1alpha1 clustermonitorings.config.openshift.io: @@ -69,50 +68,49 @@ clustermonitorings.config.openshift.io: - ClusterMonitoringConfig Version: v1alpha1 -imagepolicies.config.openshift.io: +insightsdatagathers.config.openshift.io: Annotations: {} - ApprovedPRNumber: https://github.com/openshift/api/pull/1457 - CRDName: imagepolicies.config.openshift.io - Capability: "" + ApprovedPRNumber: https://github.com/openshift/api/pull/1245 + CRDName: insightsdatagathers.config.openshift.io + Capability: Insights Category: "" FeatureGates: - - SigstoreImageVerification - - SigstoreImageVerificationPKI + - InsightsConfig FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true - KindName: ImagePolicy + KindName: InsightsDataGather Labels: {} - PluralName: imagepolicies + PluralName: insightsdatagathers PrinterColumns: [] - Scope: Namespaced + Scope: Cluster ShortNames: null TopLevelFeatureGates: - - SigstoreImageVerification + - InsightsConfig Version: v1alpha1 -insightsdatagathers.config.openshift.io: +pkis.config.openshift.io: Annotations: {} - ApprovedPRNumber: https://github.com/openshift/api/pull/1245 - CRDName: insightsdatagathers.config.openshift.io + ApprovedPRNumber: https://github.com/openshift/api/pull/2645 + CRDName: pkis.config.openshift.io Capability: "" Category: "" FeatureGates: - - InsightsConfig + - ConfigurablePKI FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" GroupName: config.openshift.io - HasStatus: true - KindName: InsightsDataGather + HasStatus: false + KindName: PKI Labels: {} - PluralName: insightsdatagathers + PluralName: pkis PrinterColumns: [] Scope: Cluster ShortNames: null TopLevelFeatureGates: - - InsightsConfig + - ConfigurablePKI Version: v1alpha1 diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.model_name.go new file mode 100644 index 000000000..36a7803bf --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.model_name.go @@ -0,0 +1,461 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1alpha1 + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AdditionalAlertmanagerConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AlertmanagerConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.AlertmanagerConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AlertmanagerCustomConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Audit) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.Audit" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuthorizationConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.AuthorizationConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Backup) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.Backup" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BackupList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.BackupList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BackupSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.BackupSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BackupStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.BackupStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BasicAuth) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.BasicAuth" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfigList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfigStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CertificateConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.CertificateConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterMonitoring) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.ClusterMonitoring" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterMonitoringList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.ClusterMonitoringList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterMonitoringSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterMonitoringStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ContainerResource) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.ContainerResource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CustomPKIPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.CustomPKIPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DefaultCertificateConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DropEqualActionConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.DropEqualActionConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ECDSAKeyConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdBackupSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.EtcdBackupSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GatherConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.GatherConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HashModActionConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.HashModActionConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGather) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.InsightsDataGather" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGatherList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.InsightsDataGatherList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGatherSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGatherStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KeepEqualActionConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KeyConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.KeyConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeStateMetricsConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.KubeStateMetricsConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeStateMetricsResourceLabels) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.KubeStateMetricsResourceLabels" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Label) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.Label" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LabelMapActionConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.LabelMapActionConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LowercaseActionConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.LowercaseActionConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MetadataConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.MetadataConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MetadataConfigCustom) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.MetadataConfigCustom" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MetricsServerConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.MetricsServerConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MonitoringPluginConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.MonitoringPluginConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorBuddyInfoConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorBuddyInfoConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorCpufreqConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorCpufreqConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorEthtoolConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorEthtoolConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorKSMDConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorKSMDConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorMountStatsConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorMountStatsConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorNetClassCollectConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorNetClassCollectConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorNetClassConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorNetClassConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorNetDevConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorNetDevConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorProcessesConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorProcessesConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorSoftirqsConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSoftirqsConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorSystemdCollectConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSystemdCollectConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorSystemdConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSystemdConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterCollectorTcpStatConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorTcpStatConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeExporterConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.NodeExporterConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuth2) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.OAuth2" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuth2EndpointParam) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenShiftStateMetricsConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PKI) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PKI" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PKICertificateManagement) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PKICertificateManagement" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PKIList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PKIList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PKIProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PKIProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PKISpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PKISpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PersistentVolumeClaimReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PersistentVolumeConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PrometheusConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PrometheusConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PrometheusOperatorAdmissionWebhookConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PrometheusOperatorConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PrometheusRemoteWriteHeader) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in QueueConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.QueueConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RSAKeyConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.RSAKeyConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RelabelActionConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.RelabelActionConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RelabelConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.RelabelConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RemoteWriteAuthorization) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RemoteWriteSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.RemoteWriteSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ReplaceActionConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.ReplaceActionConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Retention) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.Retention" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RetentionNumberConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.RetentionNumberConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RetentionPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.RetentionPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RetentionSizeConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.RetentionSizeConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretKeySelector) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.SecretKeySelector" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Sigv4) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.Sigv4" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Storage) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.Storage" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TLSConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.TLSConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TelemeterClientConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.TelemeterClientConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ThanosQuerierConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.ThanosQuerierConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ThanosQuerierRequestLoggingConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.ThanosQuerierRequestLoggingConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in UppercaseActionConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.UppercaseActionConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in UserDefinedMonitoring) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring" +} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index 6ba6ad11f..2194d79de 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -80,42 +80,19 @@ func (RetentionSizeConfig) SwaggerDoc() map[string]string { return map_RetentionSizeConfig } -var map_ClusterImagePolicy = map[string]string{ - "": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "spec": "spec contains the configuration for the cluster image policy.", - "status": "status contains the observed state of the resource.", -} - -func (ClusterImagePolicy) SwaggerDoc() map[string]string { - return map_ClusterImagePolicy -} - -var map_ClusterImagePolicyList = map[string]string{ - "": "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", -} - -func (ClusterImagePolicyList) SwaggerDoc() map[string]string { - return map_ClusterImagePolicyList +var map_AdditionalAlertmanagerConfig = map[string]string{ + "": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + "name": "name is a unique identifier for this Alertmanager configuration entry. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", + "authorization": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + "pathPrefix": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. When no prefix is needed, omit this field; do not set it to \"/\" as that would produce paths with double slashes (e.g. \"//api/v1/alerts\"). Must start with \"/\", must not end with \"/\", and must not be exactly \"/\". Must not contain query strings (\"?\") or fragments (\"#\").", + "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", + "staticConfigs": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", + "timeoutSeconds": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "tlsConfig": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } -var map_ClusterImagePolicySpec = map[string]string{ - "": "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", - "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "policy": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", -} - -func (ClusterImagePolicySpec) SwaggerDoc() map[string]string { - return map_ClusterImagePolicySpec -} - -var map_ClusterImagePolicyStatus = map[string]string{ - "conditions": "conditions provide details on the status of this API Resource.", -} - -func (ClusterImagePolicyStatus) SwaggerDoc() map[string]string { - return map_ClusterImagePolicyStatus +func (AdditionalAlertmanagerConfig) SwaggerDoc() map[string]string { + return map_AdditionalAlertmanagerConfig } var map_AlertmanagerConfig = map[string]string{ @@ -129,14 +106,15 @@ func (AlertmanagerConfig) SwaggerDoc() map[string]string { } var map_AlertmanagerCustomConfig = map[string]string{ - "": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", - "logLevel": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", - "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", - "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", - "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", - "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "volumeClaimTemplate": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + "": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether user-defined namespaces are selected for AlertmanagerConfig lookups, how it logs, and how its pods are scheduled.", + "userAlertmanagerConfigSelection": "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `None`.", + "logLevel": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", } func (AlertmanagerCustomConfig) SwaggerDoc() map[string]string { @@ -152,6 +130,26 @@ func (Audit) SwaggerDoc() map[string]string { return map_Audit } +var map_AuthorizationConfig = map[string]string{ + "": "AuthorizationConfig defines the authentication method for Alertmanager connections.", + "type": "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", +} + +func (AuthorizationConfig) SwaggerDoc() map[string]string { + return map_AuthorizationConfig +} + +var map_BasicAuth = map[string]string{ + "": "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + "username": "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "password": "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", +} + +func (BasicAuth) SwaggerDoc() map[string]string { + return map_BasicAuth +} + var map_ClusterMonitoring = map[string]string{ "": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "metadata": "metadata is the standard object metadata.", @@ -174,10 +172,19 @@ func (ClusterMonitoringList) SwaggerDoc() map[string]string { } var map_ClusterMonitoringSpec = map[string]string{ - "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", - "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", - "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", - "metricsServerConfig": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", + "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", + "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "prometheusConfig": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", + "metricsServerConfig": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "prometheusOperatorConfig": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "prometheusOperatorAdmissionWebhookConfig": "prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "openShiftStateMetricsConfig": "openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "telemeterClientConfig": "telemeterClientConfig is an optional field that can be used to configure the Telemeter Client component that runs in the openshift-monitoring namespace. The Telemeter Client collects selected monitoring metrics and forwards them to Red Hat for telemetry purposes. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. When set, at least one field must be specified within telemeterClientConfig.", + "thanosQuerierConfig": "thanosQuerierConfig is an optional field that can be used to configure the Thanos Querier component that runs in the openshift-monitoring namespace. The Thanos Querier provides a global query view by aggregating and deduplicating metrics from multiple Prometheus instances. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default deploys the Thanos Querier on linux nodes with 5m CPU and 12Mi memory requests, and no custom tolerations or topology spread constraints. When set, at least one field must be specified within thanosQuerierConfig.", + "nodeExporterConfig": "nodeExporterConfig is an optional field that can be used to configure the node-exporter agent that runs as a DaemonSet in the openshift-monitoring namespace. The node-exporter agent collects hardware and OS-level metrics from every node in the cluster. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "monitoringPluginConfig": "monitoringPluginConfig is an optional field that can be used to configure the monitoring plugin that runs as a dynamic plugin of the OpenShift web console. The monitoring plugin provides the monitoring UI in the OpenShift web console for visualizing metrics, alerts, and dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default deploys the monitoring-plugin as a single-replica Deployment on linux nodes with 10m CPU and 50Mi memory requests, and no custom tolerations or topology spread constraints. When set, at least one field must be specified within monitoringPluginConfig.", + "kubeStateMetricsConfig": "kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about the state of Kubernetes objects such as Deployments, Nodes, and Pods. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } func (ClusterMonitoringSpec) SwaggerDoc() map[string]string { @@ -195,7 +202,7 @@ func (ClusterMonitoringStatus) SwaggerDoc() map[string]string { var map_ContainerResource = map[string]string{ "": "ContainerResource defines a single resource requirement for a container.", "name": "name of the resource (e.g. \"cpu\", \"memory\", \"hugepages-2Mi\"). This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character.", - "request": "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit.", + "request": "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit. The value must be greater than 0 when specified.", "limit": "limit is the maximum amount of the resource allowed (e.g. \"2Mi\", \"1Gi\"). This field is optional. When request is specified, limit cannot be less than request. The value must be greater than 0 when specified.", } @@ -203,167 +210,593 @@ func (ContainerResource) SwaggerDoc() map[string]string { return map_ContainerResource } +var map_DropEqualActionConfig = map[string]string{ + "": "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", +} + +func (DropEqualActionConfig) SwaggerDoc() map[string]string { + return map_DropEqualActionConfig +} + +var map_HashModActionConfig = map[string]string{ + "": "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", + "targetLabel": "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", + "modulus": "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). Required when using the HashMod action so the intended behavior is explicit. Must be between 1 and 1000000.", +} + +func (HashModActionConfig) SwaggerDoc() map[string]string { + return map_HashModActionConfig +} + +var map_KeepEqualActionConfig = map[string]string{ + "": "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", +} + +func (KeepEqualActionConfig) SwaggerDoc() map[string]string { + return map_KeepEqualActionConfig +} + +var map_KubeStateMetricsConfig = map[string]string{ + "": "KubeStateMetricsConfig provides configuration options for the kube-state-metrics agent that runs in the `openshift-monitoring` namespace. kube-state-metrics generates metrics about the state of Kubernetes objects such as Deployments, Nodes, and Pods.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the kube-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, no tolerations are applied. This default is subject to change over time. When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries. Each toleration's operator, when specified, must be either \"Exists\" or \"Equal\". Each toleration's effect, when specified, must be one of \"NoSchedule\", \"PreferNoSchedule\", or \"NoExecute\". An empty or unset effect means match all effects.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nThis field maps directly to the `topologySpreadConstraints` field in the Pod spec. When omitted, no topology spread constraints are applied. This default is subject to change over time. When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. Entries must have unique topologyKey and whenUnsatisfiable pairs. Each entry's whenUnsatisfiable must be either \"DoNotSchedule\" or \"ScheduleAnyway\". Each entry's maxSkew must be at least 1. When minDomains is specified, it must be at least 1 and whenUnsatisfiable must be \"DoNotSchedule\".", + "additionalResourceLabels": "additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics in kube-state-metrics. Currently, only \"Job\" and \"CronJob\" resources are supported due to cardinality concerns. Each entry specifies a resource name and a list of Kubernetes label names to expose. Use \"*\" in the labels list to expose all labels for a given resource. additionalResourceLabels is optional. When omitted, no additional Kubernetes object labels are exposed as metrics by kube-state-metrics beyond its built-in metric labels (e.g. namespace, job_name). Use this field to opt in to exposing specific Kubernetes labels as metric labels for the supported resource types. Minimum length for this list is 1. Maximum length for this list is 2. Each resource name must be unique within this list.", +} + +func (KubeStateMetricsConfig) SwaggerDoc() map[string]string { + return map_KubeStateMetricsConfig +} + +var map_KubeStateMetricsResourceLabels = map[string]string{ + "": "KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics for a given resource type in kube-state-metrics.", + "resource": "resource is the Kubernetes resource name whose labels should be exposed as metrics. Currently, only \"Job\" and \"CronJob\" are supported due to cardinality concerns. Valid values are \"Job\" and \"CronJob\". This field is required.", + "labels": "labels is the list of Kubernetes label names to expose as metrics for this resource. Use \"*\" to expose all labels for the specified resource. When \"*\" is specified, it must be the only entry in the list; mixing \"*\" with specific label names is not allowed. This field is required. Each label name must be unique within this list. Minimum length for this list is 1. Maximum length for this list is 50.", +} + +func (KubeStateMetricsResourceLabels) SwaggerDoc() map[string]string { + return map_KubeStateMetricsResourceLabels +} + +var map_Label = map[string]string{ + "": "Label represents a key/value pair for external labels.", + "key": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "value": "value is the value of the label. Must be between 1 and 128 characters in length.", +} + +func (Label) SwaggerDoc() map[string]string { + return map_Label +} + +var map_LabelMapActionConfig = map[string]string{ + "": "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", + "replacement": "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names.", +} + +func (LabelMapActionConfig) SwaggerDoc() map[string]string { + return map_LabelMapActionConfig +} + +var map_LowercaseActionConfig = map[string]string{ + "": "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", +} + +func (LowercaseActionConfig) SwaggerDoc() map[string]string { + return map_LowercaseActionConfig +} + +var map_MetadataConfig = map[string]string{ + "": "MetadataConfig defines whether and how to send series metadata to remote write storage.", + "sendPolicy": "sendPolicy specifies whether to send metadata and how it is configured. Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). Custom: send metadata using the settings in the custom field.", + "custom": "custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default.", +} + +func (MetadataConfig) SwaggerDoc() map[string]string { + return map_MetadataConfig +} + +var map_MetadataConfigCustom = map[string]string{ + "": "MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds).", + "sendIntervalSeconds": "sendIntervalSeconds is the interval in seconds at which metadata is sent. When omitted, the platform chooses a reasonable default (e.g. 30 seconds). Minimum value is 1 second. Maximum value is 86400 seconds (24 hours).", +} + +func (MetadataConfigCustom) SwaggerDoc() map[string]string { + return map_MetadataConfigCustom +} + var map_MetricsServerConfig = map[string]string{ "": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "audit": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "verbosity": "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", - "resources": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", - "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "resources": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", } func (MetricsServerConfig) SwaggerDoc() map[string]string { return map_MetricsServerConfig } -var map_UserDefinedMonitoring = map[string]string{ - "": "UserDefinedMonitoring config for user-defined projects.", - "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", +var map_MonitoringPluginConfig = map[string]string{ + "": "MonitoringPluginConfig provides configuration options for the monitoring plugin that runs as a dynamic plugin of the OpenShift web console. The monitoring plugin provides the monitoring UI in the OpenShift web console for visualizing metrics, alerts, and dashboards. At least one field must be specified; an empty monitoringPluginConfig object is not allowed.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the monitoring-plugin container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 10m\n - name: memory\n request: 50Mi\n\nWhen specified, resources must contain at least 1 entry and must not exceed 5 entries.", + "tolerations": "tolerations defines the tolerations required for the monitoring-plugin Pods. This field is optional.\n\nWhen omitted, the monitoring-plugin Pods will not have any tolerations, which means they will only be scheduled on nodes with no taints. When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how monitoring-plugin Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. When specified, this list must contain at least 1 entry and must not exceed 10 entries.", } -func (UserDefinedMonitoring) SwaggerDoc() map[string]string { - return map_UserDefinedMonitoring +func (MonitoringPluginConfig) SwaggerDoc() map[string]string { + return map_MonitoringPluginConfig } -var map_FulcioCAWithRekor = map[string]string{ - "": "FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.", - "fulcioCAData": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", - "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "fulcioSubject": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", +var map_NodeExporterCollectorBuddyInfoConfig = map[string]string{ + "": "NodeExporterCollectorBuddyInfoConfig provides configuration for the buddyinfo collector of the node-exporter agent. The buddyinfo collector collects statistics about memory fragmentation from the node_buddyinfo_blocks metric using data from /proc/buddyinfo. It is disabled by default.", + "collectionPolicy": "collectionPolicy declares whether the buddyinfo collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the buddyinfo collector is active and memory fragmentation statistics are collected. When set to \"DoNotCollect\", the buddyinfo collector is inactive.", } -func (FulcioCAWithRekor) SwaggerDoc() map[string]string { - return map_FulcioCAWithRekor +func (NodeExporterCollectorBuddyInfoConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorBuddyInfoConfig } -var map_ImagePolicy = map[string]string{ - "": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "spec": "spec holds user settable values for configuration", - "status": "status contains the observed state of the resource.", +var map_NodeExporterCollectorConfig = map[string]string{ + "": "NodeExporterCollectorConfig defines settings for individual collectors of the node-exporter agent. Each collector can be individually set to collect or not collect metrics. At least one collector must be specified.", + "cpuFreq": "cpuFreq configures the cpufreq collector, which collects CPU frequency statistics. cpuFreq is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Consider enabling when you need to observe CPU frequency scaling; expect higher CPU usage on many-core nodes when collectionPolicy is Collect.", + "tcpStat": "tcpStat configures the tcpstat collector, which collects TCP connection statistics. tcpStat is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enable when debugging TCP connection behavior or capacity at the node level.", + "ethtool": "ethtool configures the ethtool collector, which collects ethernet device statistics. ethtool is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enable when you need NIC driver-level ethtool metrics beyond generic netdev counters.", + "netDev": "netDev configures the netdev collector, which collects network device statistics. netDev is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is enabled. Turn off if you must reduce per-interface metric cardinality on hosts with many virtual interfaces.", + "netClass": "netClass configures the netclass collector, which collects information about network devices. netClass is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is enabled with netlink mode active. Use statsGatherer when sysfs vs netlink implementation matters or when matching node_exporter tuning.", + "buddyInfo": "buddyInfo configures the buddyinfo collector, which collects statistics about memory fragmentation from the node_buddyinfo_blocks metric. This metric collects data from /proc/buddyinfo. buddyInfo is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enable when investigating kernel memory fragmentation; typically for advanced troubleshooting only.", + "mountStats": "mountStats configures the mountstats collector, which collects statistics about NFS volume I/O activities. mountStats is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enabling this collector may produce metrics with high cardinality. If you enable this collector, closely monitor the prometheus-k8s deployment for excessive memory usage. Enable when you care about per-mount NFS client statistics.", + "ksmd": "ksmd configures the ksmd collector, which collects statistics from the kernel same-page merger daemon. ksmd is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enable on nodes where KSM is in use and you want visibility into merging activity.", + "processes": "processes configures the processes collector, which collects statistics from processes and threads running in the system. processes is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enable for process/thread-level insight; can be expensive on busy nodes.", + "systemd": "systemd configures the systemd collector, which collects statistics on the systemd daemon and its managed services. systemd is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enabling this collector with a long list of selected units may produce metrics with high cardinality. If you enable this collector, closely monitor the prometheus-k8s deployment for excessive memory usage. Enable when you need metrics for specific units; scope units carefully.", + "softirqs": "softirqs configures the softirqs collector, which exposes detailed softirq statistics from /proc/softirqs. softirqs is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enable when you need visibility into kernel softirq processing across CPUs.", } -func (ImagePolicy) SwaggerDoc() map[string]string { - return map_ImagePolicy +func (NodeExporterCollectorConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorConfig } -var map_ImagePolicyList = map[string]string{ - "": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +var map_NodeExporterCollectorCpufreqConfig = map[string]string{ + "": "NodeExporterCollectorCpufreqConfig provides configuration for the cpufreq collector of the node-exporter agent. The cpufreq collector collects CPU frequency statistics. It is disabled by default.", + "collectionPolicy": "collectionPolicy declares whether the cpufreq collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the cpufreq collector is active and CPU frequency statistics are collected. When set to \"DoNotCollect\", the cpufreq collector is inactive.", } -func (ImagePolicyList) SwaggerDoc() map[string]string { - return map_ImagePolicyList +func (NodeExporterCollectorCpufreqConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorCpufreqConfig } -var map_ImagePolicySpec = map[string]string{ - "": "ImagePolicySpec is the specification of the ImagePolicy CRD.", - "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "policy": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", +var map_NodeExporterCollectorEthtoolConfig = map[string]string{ + "": "NodeExporterCollectorEthtoolConfig provides configuration for the ethtool collector of the node-exporter agent. The ethtool collector collects ethernet device statistics. It is disabled by default.", + "collectionPolicy": "collectionPolicy declares whether the ethtool collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the ethtool collector is active and ethernet device statistics are collected. When set to \"DoNotCollect\", the ethtool collector is inactive.", } -func (ImagePolicySpec) SwaggerDoc() map[string]string { - return map_ImagePolicySpec +func (NodeExporterCollectorEthtoolConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorEthtoolConfig } -var map_ImagePolicyStatus = map[string]string{ - "conditions": "conditions provide details on the status of this API Resource.", +var map_NodeExporterCollectorKSMDConfig = map[string]string{ + "": "NodeExporterCollectorKSMDConfig provides configuration for the ksmd collector of the node-exporter agent. The ksmd collector collects statistics from the kernel same-page merger daemon. It is disabled by default.", + "collectionPolicy": "collectionPolicy declares whether the ksmd collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the ksmd collector is active and kernel same-page merger statistics are collected. When set to \"DoNotCollect\", the ksmd collector is inactive.", } -func (ImagePolicyStatus) SwaggerDoc() map[string]string { - return map_ImagePolicyStatus +func (NodeExporterCollectorKSMDConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorKSMDConfig } -var map_PKI = map[string]string{ - "": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", - "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", - "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +var map_NodeExporterCollectorMountStatsConfig = map[string]string{ + "": "NodeExporterCollectorMountStatsConfig provides configuration for the mountstats collector of the node-exporter agent. The mountstats collector collects statistics about NFS volume I/O activities. It is disabled by default. Enabling this collector may produce metrics with high cardinality. If you enable this collector, closely monitor the prometheus-k8s deployment for excessive memory usage.", + "collectionPolicy": "collectionPolicy declares whether the mountstats collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the mountstats collector is active and NFS volume I/O statistics are collected. When set to \"DoNotCollect\", the mountstats collector is inactive.", } -func (PKI) SwaggerDoc() map[string]string { - return map_PKI +func (NodeExporterCollectorMountStatsConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorMountStatsConfig +} + +var map_NodeExporterCollectorNetClassCollectConfig = map[string]string{ + "": "NodeExporterCollectorNetClassCollectConfig holds configuration options for the netclass collector when it is actively collecting metrics. At least one field must be specified.", + "statsGatherer": "statsGatherer selects which implementation the netclass collector uses to gather statistics (sysfs or netlink). statsGatherer is optional. Valid values are \"Sysfs\" and \"Netlink\". When set to \"Netlink\", the netlink implementation is used; when set to \"Sysfs\", the sysfs implementation is used. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Netlink.", +} + +func (NodeExporterCollectorNetClassCollectConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorNetClassCollectConfig +} + +var map_NodeExporterCollectorNetClassConfig = map[string]string{ + "": "NodeExporterCollectorNetClassConfig provides configuration for the netclass collector of the node-exporter agent. The netclass collector collects information about network devices such as network speed, MTU, and carrier status. It is enabled by default. When collectionPolicy is DoNotCollect, the collect field must not be set.", + "collectionPolicy": "collectionPolicy declares whether the netclass collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the netclass collector is active and network class information is collected. When set to \"DoNotCollect\", the netclass collector is inactive and the corresponding metrics become unavailable. When set to \"DoNotCollect\", the collect field must not be set.", + "collect": "collect contains configuration options that apply only when the netclass collector is actively collecting metrics (i.e. when collectionPolicy is Collect). collect is optional and may be omitted even when collectionPolicy is Collect. collect may only be set when collectionPolicy is Collect. When set, at least one field must be specified within collect.", +} + +func (NodeExporterCollectorNetClassConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorNetClassConfig +} + +var map_NodeExporterCollectorNetDevConfig = map[string]string{ + "": "NodeExporterCollectorNetDevConfig provides configuration for the netdev collector of the node-exporter agent. The netdev collector collects network device statistics such as bytes, packets, errors, and drops per device. It is enabled by default.", + "collectionPolicy": "collectionPolicy declares whether the netdev collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the netdev collector is active and network device statistics are collected. When set to \"DoNotCollect\", the netdev collector is inactive and the corresponding metrics become unavailable.", +} + +func (NodeExporterCollectorNetDevConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorNetDevConfig +} + +var map_NodeExporterCollectorProcessesConfig = map[string]string{ + "": "NodeExporterCollectorProcessesConfig provides configuration for the processes collector of the node-exporter agent. The processes collector collects statistics from processes and threads running in the system. It is disabled by default.", + "collectionPolicy": "collectionPolicy declares whether the processes collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the processes collector is active and process/thread statistics are collected. When set to \"DoNotCollect\", the processes collector is inactive.", +} + +func (NodeExporterCollectorProcessesConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorProcessesConfig +} + +var map_NodeExporterCollectorSoftirqsConfig = map[string]string{ + "": "NodeExporterCollectorSoftirqsConfig provides configuration for the softirqs collector of the node-exporter agent. The softirqs collector exposes detailed softirq statistics from /proc/softirqs. It is disabled by default.", + "collectionPolicy": "collectionPolicy declares whether the softirqs collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the softirqs collector is active and softirq statistics are collected. When set to \"DoNotCollect\", the softirqs collector is inactive.", +} + +func (NodeExporterCollectorSoftirqsConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorSoftirqsConfig +} + +var map_NodeExporterCollectorSystemdCollectConfig = map[string]string{ + "": "NodeExporterCollectorSystemdCollectConfig holds configuration options for the systemd collector when it is actively collecting metrics. At least one field must be specified.", + "units": "units is a list of regular expression patterns that match systemd units to be included by the systemd collector. units is optional. By default, the list is empty, so the collector exposes no metrics for systemd units. Each entry is a regular expression pattern and must be at least 1 character and at most 1024 characters. Maximum length for this list is 50. Minimum length for this list is 1. Entries in this list must be unique.", +} + +func (NodeExporterCollectorSystemdCollectConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorSystemdCollectConfig +} + +var map_NodeExporterCollectorSystemdConfig = map[string]string{ + "": "NodeExporterCollectorSystemdConfig provides configuration for the systemd collector of the node-exporter agent. The systemd collector collects statistics on the systemd daemon and its managed services. It is disabled by default. Enabling this collector with a long list of selected units may produce metrics with high cardinality. If you enable this collector, closely monitor the prometheus-k8s deployment for excessive memory usage. When collectionPolicy is DoNotCollect, the collect field must not be set.", + "collectionPolicy": "collectionPolicy declares whether the systemd collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the systemd collector is active and systemd unit statistics are collected. When set to \"DoNotCollect\", the systemd collector is inactive and the collect field must not be set.", + "collect": "collect contains configuration options that apply only when the systemd collector is actively collecting metrics (i.e. when collectionPolicy is Collect). collect is optional and may be omitted even when collectionPolicy is Collect. collect may only be set when collectionPolicy is Collect. When set, at least one field must be specified within collect.", +} + +func (NodeExporterCollectorSystemdConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorSystemdConfig +} + +var map_NodeExporterCollectorTcpStatConfig = map[string]string{ + "": "NodeExporterCollectorTcpStatConfig provides configuration for the tcpstat collector of the node-exporter agent. The tcpstat collector collects TCP connection statistics. It is disabled by default.", + "collectionPolicy": "collectionPolicy declares whether the tcpstat collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the tcpstat collector is active and TCP connection statistics are collected. When set to \"DoNotCollect\", the tcpstat collector is inactive.", +} + +func (NodeExporterCollectorTcpStatConfig) SwaggerDoc() map[string]string { + return map_NodeExporterCollectorTcpStatConfig +} + +var map_NodeExporterConfig = map[string]string{ + "": "NodeExporterConfig provides configuration options for the node-exporter agent that runs as a DaemonSet in the `openshift-monitoring` namespace. The node-exporter agent collects hardware and OS-level metrics from every node in the cluster, including CPU, memory, disk, and network statistics. At least one field must be specified.", + "resources": "resources defines the compute resource requests and limits for the node-exporter container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 8m\n limit: null\n - name: memory\n request: 32Mi\n limit: null", + "collectors": "collectors configures which node-exporter metric collectors are enabled. collectors is optional. Each collector can be individually enabled or disabled. Some collectors may have additional configuration options.\n\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "maxProcs": "maxProcs sets the target number of CPUs on which the node-exporter process will run. maxProcs is optional. Use this setting to override the default value, which is set either to 4 or to the number of CPUs on the host, whichever is smaller. The default value is computed at runtime and set via the GOMAXPROCS environment variable before node-exporter is launched. If a kernel deadlock occurs or if performance degrades when reading from sysfs concurrently, you can change this value to 1, which limits node-exporter to running on one CPU. For nodes with a high CPU count, setting the limit to a low number saves resources by preventing Go routines from being scheduled to run on all CPUs. However, I/O performance degrades if the maxProcs value is set too low and there are many metrics to collect. The minimum value is 1 and the maximum value is 1024. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is min(4, number of host CPUs).", + "ignoredNetworkDevices": "ignoredNetworkDevices is a list of regular expression patterns that match network devices to be excluded from the relevant collector configuration such as netdev, netclass, and ethtool. ignoredNetworkDevices is optional.\n\nWhen omitted, the Cluster Monitoring Operator uses a predefined list of devices to be excluded to minimize the impact on memory usage. When set as an empty list, no devices are excluded. If you modify this setting, monitor the prometheus-k8s deployment closely for excessive memory usage. Maximum length for this list is 50. Each entry must be at least 1 character and at most 1024 characters long.", +} + +func (NodeExporterConfig) SwaggerDoc() map[string]string { + return map_NodeExporterConfig +} + +var map_OAuth2 = map[string]string{ + "": "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + "clientId": "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + "clientSecret": "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + "tokenUrl": "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "scopes": "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + "endpointParams": "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key).", +} + +func (OAuth2) SwaggerDoc() map[string]string { + return map_OAuth2 +} + +var map_OAuth2EndpointParam = map[string]string{ + "": "OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL.", + "name": "name is the parameter name. Must be between 1 and 256 characters.", + "value": "value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the external system expects a parameter with an empty value (e.g. ?parameter=\"\"). Must be between 0 and 2048 characters when present (aligned with common URL length recommendations).", +} + +func (OAuth2EndpointParam) SwaggerDoc() map[string]string { + return map_OAuth2EndpointParam +} + +var map_OpenShiftStateMetricsConfig = map[string]string{ + "": "OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the openshift-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 32Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", } -var map_PKICertificateSubject = map[string]string{ - "": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", - "email": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email should be a valid email address and at most 320 characters in length.", - "hostname": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", +func (OpenShiftStateMetricsConfig) SwaggerDoc() map[string]string { + return map_OpenShiftStateMetricsConfig } -func (PKICertificateSubject) SwaggerDoc() map[string]string { - return map_PKICertificateSubject +var map_PrometheusConfig = map[string]string{ + "": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", + "additionalAlertmanagerConfigs": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "enforcedBodySizeLimitBytes": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + "externalLabels": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", + "queryLogFile": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + "remoteWrite": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "resources": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "retention": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15d retention, no size limit).", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "collectionProfile": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", } -var map_Policy = map[string]string{ - "": "Policy defines the verification policy for the items in the scopes list.", - "rootOfTrust": "rootOfTrust specifies the root of trust for the policy.", - "signedIdentity": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", +func (PrometheusConfig) SwaggerDoc() map[string]string { + return map_PrometheusConfig } -func (Policy) SwaggerDoc() map[string]string { - return map_Policy +var map_PrometheusOperatorAdmissionWebhookConfig = map[string]string{ + "": "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", + "resources": "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", } -var map_PolicyFulcioSubject = map[string]string{ - "": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", - "oidcIssuer": "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", - "signedEmail": "signedEmail holds the email address the the Fulcio certificate is issued for. Example: \"expected-signing-user@example.com\"", +func (PrometheusOperatorAdmissionWebhookConfig) SwaggerDoc() map[string]string { + return map_PrometheusOperatorAdmissionWebhookConfig } -func (PolicyFulcioSubject) SwaggerDoc() map[string]string { - return map_PolicyFulcioSubject +var map_PrometheusOperatorConfig = map[string]string{ + "": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", + "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", } -var map_PolicyIdentity = map[string]string{ - "": "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "matchPolicy": "matchPolicy sets the type of matching to be used. Valid values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". If set matchPolicy to ExactRepository, then the exactRepository must be specified. If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. \"MatchRepoDigestOrExact\" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. \"MatchRepository\" means that the identity in the signature must be in the same repository as the image identity. \"ExactRepository\" means that the identity in the signature must be in the same repository as a specific identity specified by \"repository\". \"RemapIdentity\" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", - "exactRepository": "exactRepository is required if matchPolicy is set to \"ExactRepository\".", - "remapIdentity": "remapIdentity is required if matchPolicy is set to \"RemapIdentity\".", +func (PrometheusOperatorConfig) SwaggerDoc() map[string]string { + return map_PrometheusOperatorConfig } -func (PolicyIdentity) SwaggerDoc() map[string]string { - return map_PolicyIdentity +var map_PrometheusRemoteWriteHeader = map[string]string{ + "": "PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. Validation is enforced on the Headers field in RemoteWriteSpec.", + "name": "name is the HTTP header name. Must not be a reserved header (see type documentation). Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters.", + "value": "value is the HTTP header value. Must be at most 4096 characters.", } -var map_PolicyMatchExactRepository = map[string]string{ - "repository": "repository is the reference of the image identity to be matched. The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", +func (PrometheusRemoteWriteHeader) SwaggerDoc() map[string]string { + return map_PrometheusRemoteWriteHeader } -func (PolicyMatchExactRepository) SwaggerDoc() map[string]string { - return map_PolicyMatchExactRepository +var map_QueueConfig = map[string]string{ + "": "QueueConfig allows tuning configuration for remote write queue parameters. Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429.", + "capacity": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + "maxShards": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + "minShards": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + "maxSamplesPerSend": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + "batchSendDeadlineSeconds": "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + "minBackoffMilliseconds": "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "maxBackoffMilliseconds": "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "rateLimitedAction": "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When omitted, no retries are performed on rate limit responses. When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. Valid value when set is \"Retry\".", } -var map_PolicyMatchRemapIdentity = map[string]string{ - "prefix": "prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - "signedPrefix": "signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", +func (QueueConfig) SwaggerDoc() map[string]string { + return map_QueueConfig } -func (PolicyMatchRemapIdentity) SwaggerDoc() map[string]string { - return map_PolicyMatchRemapIdentity +var map_RelabelActionConfig = map[string]string{ + "": "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + "type": "type specifies the action to perform on the matched labels. Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep.\n\nWhen set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n\nWhen set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0.\n\nWhen set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0.\n\nWhen set to Keep, targets for which regex does not match the concatenated source_labels are dropped.\n\nWhen set to Drop, targets for which regex matches the concatenated source_labels are dropped.\n\nWhen set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels.\n\nWhen set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted.\n\nWhen set to LabelDrop, regex is matched against all label names; any label that matches is removed.\n\nWhen set to LabelKeep, regex is matched against all label names; any label that does not match is removed.", + "replace": "replace configures the Replace action. Required when type is Replace, and forbidden otherwise.", + "hashMod": "hashMod configures the HashMod action. Required when type is HashMod, and forbidden otherwise.", + "labelMap": "labelMap configures the LabelMap action. Required when type is LabelMap, and forbidden otherwise.", + "lowercase": "lowercase configures the Lowercase action. Required when type is Lowercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "uppercase": "uppercase configures the Uppercase action. Required when type is Uppercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "keepEqual": "keepEqual configures the KeepEqual action. Required when type is KeepEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + "dropEqual": "dropEqual configures the DropEqual action. Required when type is DropEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", } -var map_PolicyRootOfTrust = map[string]string{ - "": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", - "policyType": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. \"PKI\" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", - "publicKey": "publicKey defines the root of trust based on a sigstore public key.", - "fulcioCAWithRekor": "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - "pki": "pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.", +func (RelabelActionConfig) SwaggerDoc() map[string]string { + return map_RelabelActionConfig } -func (PolicyRootOfTrust) SwaggerDoc() map[string]string { - return map_PolicyRootOfTrust +var map_RelabelConfig = map[string]string{ + "": "RelabelConfig represents a relabeling rule.", + "name": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + "separator": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + "regex": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + "action": "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", } -var map_PublicKey = map[string]string{ - "": "PublicKey defines the root of trust based on a sigstore public key.", - "keyData": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", - "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", +func (RelabelConfig) SwaggerDoc() map[string]string { + return map_RelabelConfig } -func (PublicKey) SwaggerDoc() map[string]string { - return map_PublicKey +var map_RemoteWriteAuthorization = map[string]string{ + "": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", + "type": "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + "safeAuthorization": "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", + "basicAuth": "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", + "oauth2": "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", + "sigv4": "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", +} + +func (RemoteWriteAuthorization) SwaggerDoc() map[string]string { + return map_RemoteWriteAuthorization +} + +var map_RemoteWriteSpec = map[string]string{ + "": "RemoteWriteSpec represents configuration for remote write endpoints.", + "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", + "name": "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "authorization": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + "headers": "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", + "metadataConfig": "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", + "proxyUrl": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "queueConfig": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + "remoteTimeoutSeconds": "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "exemplarsMode": "exemplarsMode controls whether exemplars are sent via remote write. Valid values are \"Send\", \"DoNotSend\" and omitted. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent.", + "tlsConfig": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", +} + +func (RemoteWriteSpec) SwaggerDoc() map[string]string { + return map_RemoteWriteSpec +} + +var map_ReplaceActionConfig = map[string]string{ + "": "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", + "targetLabel": "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", + "replacement": "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Use an empty string (\"\") to explicitly clear the target label value. Must be between 0 and 255 characters in length.", +} + +func (ReplaceActionConfig) SwaggerDoc() map[string]string { + return map_ReplaceActionConfig +} + +var map_Retention = map[string]string{ + "": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "duration": "duration is an optional field that specifies how long Prometheus retains metrics data. Valid values are Prometheus-style duration strings with unit suffixes y, w, d, h, m, s, or ms (for example, \"15d\", \"24h\", or \"5d1h30m\"). Each unit value must be a positive integer. Composite durations must follow the fixed unit order y, w, d, h, m, s, ms. Must be at least 1 character and at most 64 characters. When set to \"0\", time-based retention is disabled. This is the only supported form for disabling time-based retention; other zero-duration representations such as \"0d\", \"0h\", or \"0y\" are rejected. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `15d`.", + "size": "size is an optional field that specifies the maximum storage size that Prometheus can use for data blocks and the write-ahead log (WAL). Valid values are byte-size strings with an optional decimal prefix and a unit suffix B, KB, MB, GB, TB, EB, PB, or their binary equivalents KiB, MiB, GiB, TiB, EiB, PiB (for example, \"500MiB\", \"10GiB\"). The numeric value must be greater than zero. Must be at least 1 character and at most 32 characters. When set to \"0\", no size limit is enforced. This is the only supported form for disabling size-based retention; other zero-size representations such as \"0B\" or \"0MiB\" are rejected. When the limit is reached, Prometheus deletes oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity.", +} + +func (Retention) SwaggerDoc() map[string]string { + return map_Retention +} + +var map_SecretKeySelector = map[string]string{ + "": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "name": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + "key": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", +} + +func (SecretKeySelector) SwaggerDoc() map[string]string { + return map_SecretKeySelector +} + +var map_Sigv4 = map[string]string{ + "": "Sigv4 defines AWS Signature Version 4 authentication settings. At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication.", + "region": "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + "accessKey": "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + "secretKey": "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + "profile": "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + "roleArn": "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", +} + +func (Sigv4) SwaggerDoc() map[string]string { + return map_Sigv4 +} + +var map_TLSConfig = map[string]string{ + "": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "ca": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + "cert": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + "key": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + "serverName": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "certificateVerification": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", +} + +func (TLSConfig) SwaggerDoc() map[string]string { + return map_TLSConfig +} + +var map_TelemeterClientConfig = map[string]string{ + "": "TelemeterClientConfig provides configuration options for the Telemeter Client component that runs in the `openshift-monitoring` namespace. The Telemeter Client collects selected monitoring metrics and forwards them to Red Hat for telemetry purposes. At least one field must be specified.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the Telemeter Client container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Telemeter Client Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", +} + +func (TelemeterClientConfig) SwaggerDoc() map[string]string { + return map_TelemeterClientConfig +} + +var map_ThanosQuerierConfig = map[string]string{ + "": "ThanosQuerierConfig provides configuration options for the Thanos Querier component that runs in the `openshift-monitoring` namespace. At least one field must be specified; an empty thanosQuerierConfig object is not allowed.", + "logLevel": "logLevel defines the verbosity of logs emitted by Thanos Querier. logLevel is optional. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "requestLogging": "requestLogging configures request logging for Thanos Querier. requestLogging is optional. When provided, the policy field within is required. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default behavior is to not log any requests.", + "crossOriginRequestPolicy": "crossOriginRequestPolicy configures the CORS (Cross-Origin Resource Sharing) policy for Thanos Querier's HTTP endpoints. crossOriginRequestPolicy is optional. Valid values are \"AllowAll\" and \"DenyAll\". When set to \"AllowAll\", CORS headers are added to responses, allowing cross-origin requests from any domain. When set to \"DenyAll\", no CORS headers are added and cross-origin requests are rejected by the browser. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is \"DenyAll\".", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the Thanos Querier container. resources is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Requests cannot exceed limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n - name: memory\n request: 12Mi\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Thanos Querier Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", +} + +func (ThanosQuerierConfig) SwaggerDoc() map[string]string { + return map_ThanosQuerierConfig +} + +var map_ThanosQuerierRequestLoggingConfig = map[string]string{ + "": "ThanosQuerierRequestLoggingConfig configures request logging for Thanos Querier.", + "policy": "policy determines which HTTP and gRPC requests are logged by Thanos Querier. Valid values are \"AllRequests\" and \"NoRequests\". When set to \"AllRequests\", every request received by Thanos Querier is logged with method, path, and response status. The log level for request logs is derived from the logLevel field. When set to \"NoRequests\", request logging is turned off.", +} + +func (ThanosQuerierRequestLoggingConfig) SwaggerDoc() map[string]string { + return map_ThanosQuerierRequestLoggingConfig +} + +var map_UppercaseActionConfig = map[string]string{ + "": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", +} + +func (UppercaseActionConfig) SwaggerDoc() map[string]string { + return map_UppercaseActionConfig +} + +var map_UserDefinedMonitoring = map[string]string{ + "": "UserDefinedMonitoring config for user-defined projects.", + "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", +} + +func (UserDefinedMonitoring) SwaggerDoc() map[string]string { + return map_UserDefinedMonitoring +} + +var map_CRIOCredentialProviderConfig = map[string]string{ + "": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + "status": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", +} + +func (CRIOCredentialProviderConfig) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfig +} + +var map_CRIOCredentialProviderConfigList = map[string]string{ + "": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (CRIOCredentialProviderConfigList) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigList +} + +var map_CRIOCredentialProviderConfigSpec = map[string]string{ + "": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + "matchImages": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", +} + +func (CRIOCredentialProviderConfigSpec) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigSpec +} + +var map_CRIOCredentialProviderConfigStatus = map[string]string{ + "": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", + "conditions": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", +} + +func (CRIOCredentialProviderConfigStatus) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigStatus } var map_GatherConfig = map[string]string{ @@ -434,4 +867,110 @@ func (Storage) SwaggerDoc() map[string]string { return map_Storage } +var map_CertificateConfig = map[string]string{ + "": "CertificateConfig specifies configuration parameters for certificates. At least one property must be specified.", + "key": "key specifies the cryptographic parameters for the certificate's key pair. Currently this is the only configurable parameter. When omitted in an overrides entry, the key configuration from defaults is used.", +} + +func (CertificateConfig) SwaggerDoc() map[string]string { + return map_CertificateConfig +} + +var map_CustomPKIPolicy = map[string]string{ + "": "CustomPKIPolicy contains administrator-specified cryptographic configuration. Administrators must specify defaults for all certificates and may optionally override specific categories of certificates.", +} + +func (CustomPKIPolicy) SwaggerDoc() map[string]string { + return map_CustomPKIPolicy +} + +var map_DefaultCertificateConfig = map[string]string{ + "": "DefaultCertificateConfig specifies the default certificate configuration parameters. All fields are required to ensure that defaults are fully specified for all certificates.", + "key": "key specifies the cryptographic parameters for the certificate's key pair. This field is required in defaults to ensure all certificates have a well-defined key configuration.", +} + +func (DefaultCertificateConfig) SwaggerDoc() map[string]string { + return map_DefaultCertificateConfig +} + +var map_ECDSAKeyConfig = map[string]string{ + "": "ECDSAKeyConfig specifies parameters for ECDSA key generation.", + "curve": "curve specifies the NIST elliptic curve for ECDSA keys. Valid values are \"P256\", \"P384\", and \"P521\".\n\nWhen set to P256, the NIST P-256 curve (also known as secp256r1) is used, providing 128-bit security.\n\nWhen set to P384, the NIST P-384 curve (also known as secp384r1) is used, providing 192-bit security.\n\nWhen set to P521, the NIST P-521 curve (also known as secp521r1) is used, providing 256-bit security.", +} + +func (ECDSAKeyConfig) SwaggerDoc() map[string]string { + return map_ECDSAKeyConfig +} + +var map_KeyConfig = map[string]string{ + "": "KeyConfig specifies cryptographic parameters for key generation.", + "algorithm": "algorithm specifies the key generation algorithm. Valid values are \"RSA\" and \"ECDSA\".\n\nWhen set to RSA, the rsa field must be specified and the generated key will be an RSA key with the configured key size.\n\nWhen set to ECDSA, the ecdsa field must be specified and the generated key will be an ECDSA key using the configured elliptic curve.", + "rsa": "rsa specifies RSA key parameters. Required when algorithm is RSA, and forbidden otherwise.", + "ecdsa": "ecdsa specifies ECDSA key parameters. Required when algorithm is ECDSA, and forbidden otherwise.", +} + +func (KeyConfig) SwaggerDoc() map[string]string { + return map_KeyConfig +} + +var map_PKI = map[string]string{ + "": "PKI configures cryptographic parameters for certificates generated internally by OpenShift components.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", +} + +func (PKI) SwaggerDoc() map[string]string { + return map_PKI +} + +var map_PKICertificateManagement = map[string]string{ + "": "PKICertificateManagement determines whether components use hardcoded defaults (Unmanaged), follow OpenShift best practices (Default), or use administrator-specified cryptographic parameters (Custom). This provides flexibility for organizations with specific compliance requirements or security policies while maintaining backwards compatibility for existing clusters.", + "mode": "mode determines how PKI configuration is managed. Valid values are \"Unmanaged\", \"Default\", and \"Custom\".\n\nWhen set to Unmanaged, components use their existing hardcoded certificate generation behavior, exactly as if this feature did not exist. Each component generates certificates using whatever parameters it was using before this feature. While most components use RSA 2048, some may use different parameters. Use of this mode might prevent upgrading to the next major OpenShift release.\n\nWhen set to Default, OpenShift-recommended best practices for certificate generation are applied. The specific parameters may evolve across OpenShift releases to adopt improved cryptographic standards. In the initial release, this matches Unmanaged behavior for each component. In future releases, this may adopt ECDSA or larger RSA keys based on industry best practices. Recommended for most customers who want to benefit from security improvements automatically.\n\nWhen set to Custom, the certificate management parameters can be set explicitly. Use the custom field to specify certificate generation parameters.", + "custom": "custom contains administrator-specified cryptographic configuration. Use the defaults and category override fields to specify certificate generation parameters. Required when mode is Custom, and forbidden otherwise.", +} + +func (PKICertificateManagement) SwaggerDoc() map[string]string { + return map_PKICertificateManagement +} + +var map_PKIList = map[string]string{ + "": "PKIList is a collection of PKI resources.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "items is a list of PKI resources", +} + +func (PKIList) SwaggerDoc() map[string]string { + return map_PKIList +} + +var map_PKIProfile = map[string]string{ + "": "PKIProfile defines the certificate generation parameters that OpenShift components use to create certificates. Category overrides take precedence over defaults.", + "defaults": "defaults specifies the default certificate configuration that applies to all certificates unless overridden by a category override.", + "signerCertificates": "signerCertificates optionally overrides certificate parameters for certificate authority (CA) certificates that sign other certificates. When set, these parameters take precedence over defaults for all signer certificates. When omitted, the defaults are used for signer certificates.", + "servingCertificates": "servingCertificates optionally overrides certificate parameters for TLS server certificates used to serve HTTPS endpoints. When set, these parameters take precedence over defaults for all serving certificates. When omitted, the defaults are used for serving certificates.", + "clientCertificates": "clientCertificates optionally overrides certificate parameters for client authentication certificates used to authenticate to servers. When set, these parameters take precedence over defaults for all client certificates. When omitted, the defaults are used for client certificates.", +} + +func (PKIProfile) SwaggerDoc() map[string]string { + return map_PKIProfile +} + +var map_PKISpec = map[string]string{ + "": "PKISpec holds the specification for PKI configuration.", + "certificateManagement": "certificateManagement specifies how PKI configuration is managed for internally-generated certificates. This controls the certificate generation approach for all OpenShift components that create certificates internally, including certificate authorities, serving certificates, and client certificates.", +} + +func (PKISpec) SwaggerDoc() map[string]string { + return map_PKISpec +} + +var map_RSAKeyConfig = map[string]string{ + "": "RSAKeyConfig specifies parameters for RSA key generation.", + "keySize": "keySize specifies the size of RSA keys in bits. Valid values are multiples of 1024 from 2048 to 8192.", +} + +func (RSAKeyConfig) SwaggerDoc() map[string]string { + return map_RSAKeyConfig +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/config/v1alpha2/doc.go b/vendor/github.com/openshift/api/config/v1alpha2/doc.go index 15ac6b497..5777844e2 100644 --- a/vendor/github.com/openshift/api/config/v1alpha2/doc.go +++ b/vendor/github.com/openshift/api/config/v1alpha2/doc.go @@ -1,6 +1,7 @@ // +k8s:deepcopy-gen=package,register // +k8s:defaulter-gen=TypeMeta // +k8s:openapi-gen=true +// +k8s:openapi-model-package=com.github.openshift.api.config.v1alpha2 // +groupName=config.openshift.io // Package v1alpha2 is the v1alpha2 version of the API. diff --git a/vendor/github.com/openshift/api/config/v1alpha2/types_insights.go b/vendor/github.com/openshift/api/config/v1alpha2/types_insights.go index d59f5920b..fbe666249 100644 --- a/vendor/github.com/openshift/api/config/v1alpha2/types_insights.go +++ b/vendor/github.com/openshift/api/config/v1alpha2/types_insights.go @@ -16,6 +16,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:enable:FeatureGate=InsightsConfig // +openshift:compatibility-gen:level=4 +// +openshift:capability=Insights type InsightsDataGather struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. diff --git a/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml index 99fe308ef..1f73e723e 100644 --- a/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml @@ -2,7 +2,7 @@ insightsdatagathers.config.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/2195 CRDName: insightsdatagathers.config.openshift.io - Capability: "" + Capability: Insights Category: "" FeatureGates: - InsightsConfig diff --git a/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.model_name.go b/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.model_name.go new file mode 100644 index 000000000..d05e8558c --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.model_name.go @@ -0,0 +1,61 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1alpha2 + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Custom) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.Custom" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GatherConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.GatherConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GathererConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.GathererConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Gatherers) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.Gatherers" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGather) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.InsightsDataGather" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGatherList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.InsightsDataGatherList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGatherSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGatherStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PersistentVolumeClaimReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PersistentVolumeConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Storage) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1alpha2.Storage" +} diff --git a/vendor/github.com/openshift/api/console/v1/doc.go b/vendor/github.com/openshift/api/console/v1/doc.go index c08b5b519..f6c62bd19 100644 --- a/vendor/github.com/openshift/api/console/v1/doc.go +++ b/vendor/github.com/openshift/api/console/v1/doc.go @@ -1,6 +1,7 @@ // +k8s:deepcopy-gen=package,register // +k8s:defaulter-gen=TypeMeta // +k8s:openapi-gen=true +// +k8s:openapi-model-package=com.github.openshift.api.console.v1 // +groupName=console.openshift.io // Package v1 is the v1 version of the API. diff --git a/vendor/github.com/openshift/api/console/v1/types_console_plugin.go b/vendor/github.com/openshift/api/console/v1/types_console_plugin.go index 0160a4a24..c63db50d5 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_plugin.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_plugin.go @@ -90,7 +90,6 @@ type ConsolePluginSpec struct { // OpenShift web console server CSP response header: // Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none' // - // +openshift:enable:FeatureGate=ConsolePluginContentSecurityPolicy // +kubebuilder:validation:MaxItems=5 // +kubebuilder:validation:XValidation:rule="self.map(x, x.values.map(y, y.size()).sum()).sum() < 8192",message="the total combined size of values of all directives must not exceed 8192 (8kb)" // +listType=map diff --git a/vendor/github.com/openshift/api/console/v1/types_console_sample.go b/vendor/github.com/openshift/api/console/v1/types_console_sample.go index bd0f65696..c296059b7 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_sample.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_sample.go @@ -125,7 +125,8 @@ type ConsoleSampleSpec struct { // ConsoleSampleSourceType is an enumeration of the supported sample types. // Unsupported samples types will be ignored in the web console. -// +kubebuilder:validation:Enum:=GitImport;ContainerImport +// +kubebuilder:validation:Enum:="GitImport";"ContainerImport" +// +enum type ConsoleSampleSourceType string const ( @@ -144,7 +145,6 @@ type ConsoleSampleSource struct { // type of the sample, currently supported: "GitImport";"ContainerImport" // +unionDiscriminator // +required - // +kubebuilder:validation:Enum:="GitImport";"ContainerImport" Type ConsoleSampleSourceType `json:"type"` // gitImport allows the user to import code from a git repository. diff --git a/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml index caa676e69..26524d0a1 100644 --- a/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml @@ -137,8 +137,7 @@ consoleplugins.console.openshift.io: CRDName: consoleplugins.console.openshift.io Capability: Console Category: "" - FeatureGates: - - ConsolePluginContentSecurityPolicy + FeatureGates: [] FilenameOperatorName: "" FilenameOperatorOrdering: "90" FilenameRunLevel: "" diff --git a/vendor/github.com/openshift/api/console/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/console/v1/zz_generated.model_name.go new file mode 100644 index 000000000..d5c9c2bc5 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/zz_generated.model_name.go @@ -0,0 +1,226 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1 + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ApplicationMenuSpec) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ApplicationMenuSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CLIDownloadLink) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.CLIDownloadLink" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleCLIDownload) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleCLIDownload" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleCLIDownloadList) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleCLIDownloadList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleCLIDownloadSpec) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleCLIDownloadSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleExternalLogLink) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleExternalLogLink" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleExternalLogLinkList) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleExternalLogLinkList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleExternalLogLinkSpec) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleExternalLogLinkSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleLink) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleLink" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleLinkList) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleLinkList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleLinkSpec) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleLinkSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleNotification) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleNotification" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleNotificationList) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleNotificationList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleNotificationSpec) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleNotificationSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsolePlugin) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsolePlugin" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsolePluginBackend) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsolePluginBackend" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsolePluginCSP) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsolePluginCSP" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsolePluginI18n) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsolePluginI18n" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsolePluginList) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsolePluginList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsolePluginProxy) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsolePluginProxy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsolePluginProxyEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsolePluginProxyEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsolePluginProxyServiceConfig) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsolePluginProxyServiceConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsolePluginService) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsolePluginService" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsolePluginSpec) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsolePluginSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleQuickStart) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleQuickStart" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleQuickStartList) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleQuickStartList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleQuickStartSpec) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleQuickStartSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleQuickStartTask) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleQuickStartTask" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleQuickStartTaskReview) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleQuickStartTaskReview" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleQuickStartTaskSummary) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleQuickStartTaskSummary" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSample) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleSample" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSampleContainerImportSource) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSampleContainerImportSourceService) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSourceService" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSampleGitImportSource) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleSampleGitImportSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSampleGitImportSourceRepository) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceRepository" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSampleGitImportSourceService) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceService" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSampleList) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleSampleList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSampleSource) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleSampleSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSampleSpec) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleSampleSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleYAMLSample) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleYAMLSample" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleYAMLSampleList) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleYAMLSampleList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleYAMLSampleSpec) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.ConsoleYAMLSampleSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Link) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.Link" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NamespaceDashboardSpec) OpenAPIModelName() string { + return "com.github.openshift.api.console.v1.NamespaceDashboardSpec" +} diff --git a/vendor/github.com/openshift/api/operator/v1/doc.go b/vendor/github.com/openshift/api/operator/v1/doc.go index 3de961a7f..1aa50336a 100644 --- a/vendor/github.com/openshift/api/operator/v1/doc.go +++ b/vendor/github.com/openshift/api/operator/v1/doc.go @@ -1,6 +1,7 @@ // +k8s:deepcopy-gen=package,register // +k8s:defaulter-gen=TypeMeta // +k8s:openapi-gen=true +// +k8s:openapi-model-package=com.github.openshift.api.operator.v1 // +kubebuilder:validation:Optional // +groupName=operator.openshift.io diff --git a/vendor/github.com/openshift/api/operator/v1/types_authentication.go b/vendor/github.com/openshift/api/operator/v1/types_authentication.go index 7cc22d1e4..4d0e9f6d6 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/operator/v1/types_authentication.go @@ -49,6 +49,11 @@ type OAuthAPIServerStatus struct { // +optional // +kubebuilder:validation:Minimum=0 LatestAvailableRevision int32 `json:"latestAvailableRevision,omitempty"` + + // encryptionStatus contains status reports for the KMS plugin health and its key rotation. + // +optional + // +openshift:enable:FeatureGate=KMSEncryption + EncryptionStatus KMSEncryptionStatus `json:"encryptionStatus,omitempty,omitzero"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index e030a65c8..35795b2b7 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -107,6 +107,9 @@ const ( // gettingStartedBanner is the name of the 'Getting started resources' banner in the console UI Overview page. GettingStartedBanner ConsoleCapabilityName = "GettingStartedBanner" + + // guidedTour is the name of the 'Guided Tour' feature in console UI. + GuidedTour ConsoleCapabilityName = "GuidedTour" ) // CapabilityState defines the state of the capability in the console UI. @@ -134,8 +137,8 @@ type CapabilityVisibility struct { // Capabilities contains set of UI capabilities and their state in the console UI. type Capability struct { // name is the unique name of a capability. - // Available capabilities are LightspeedButton and GettingStartedBanner. - // +kubebuilder:validation:Enum:="LightspeedButton";"GettingStartedBanner" + // Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour. + // +kubebuilder:validation:Enum:="LightspeedButton";"GettingStartedBanner";"GuidedTour" // +required Name ConsoleCapabilityName `json:"name"` // visibility defines the visibility state of the capability. @@ -281,10 +284,10 @@ type ConsoleCustomization struct { // capabilities defines an array of capabilities that can be interacted with in the console UI. // Each capability defines a visual state that can be interacted with the console to render in the UI. - // Available capabilities are LightspeedButton and GettingStartedBanner. + // Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour. // Each of the available capabilities may appear only once in the list. // +kubebuilder:validation:MinItems=1 - // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:MaxItems=3 // +listType=map // +listMapKey=name // +optional diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 53c71aabb..52f5db78d 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -163,7 +163,15 @@ type AWSCSIDriverConfigSpec struct { // kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, // rather than the default KMS key used by AWS. // The value may be either the ARN or Alias ARN of a KMS key. - // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$` + // + // The ARN must follow the format: arn::kms:::(key|alias)/, where: + // is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), + // is the AWS region, + // is a 12-digit numeric identifier for the AWS account, + // is the KMS key ID or alias name. + // + // +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$')`,message=`kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/` + // +openshift:validation:FeatureGateAwareXValidation:featureGate=AWSEuropeanSovereignCloudInstall,rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$')`,message=`kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/` // +optional KMSKeyARN string `json:"kmsKeyARN,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_etcd.go b/vendor/github.com/openshift/api/operator/v1/types_etcd.go index 252f3b399..f2f113103 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_etcd.go +++ b/vendor/github.com/openshift/api/operator/v1/types_etcd.go @@ -42,11 +42,11 @@ type EtcdSpec struct { HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` // backendQuotaGiB sets the etcd backend storage size limit in gibibytes. - // The value should be an integer not less than 8 and not more than 32. + // The value should be an integer not less than 8 and not more than 16. // When not specified, the default value is 8. // +kubebuilder:default:=8 // +kubebuilder:validation:Minimum=8 - // +kubebuilder:validation:Maximum=32 + // +kubebuilder:validation:Maximum=16 // +kubebuilder:validation:XValidation:rule="self>=oldSelf",message="etcd backendQuotaGiB may not be decreased" // +openshift:enable:FeatureGate=EtcdBackendQuota // +default=8 diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go similarity index 98% rename from vendor/github.com/openshift/api/operator/v1/types_ingress.go rename to vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go index d54352f2c..376bfacde 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go @@ -2034,6 +2034,7 @@ type IngressControllerTuningOptions struct { // processes in router containers with the following metric: // 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. // + // +kubebuilder:validation:XValidation:rule="self == 0 || self == -1 || (self >= 2000 && self <= 2000000)",message="maxConnections must be 0, -1, or between 2000 and 2000000" // +optional MaxConnections int32 `json:"maxConnections,omitempty"` @@ -2068,8 +2069,51 @@ type IngressControllerTuningOptions struct { // +kubebuilder:validation:Type:=string // +optional ReloadInterval metav1.Duration `json:"reloadInterval,omitempty"` + + // configurationManagement specifies how OpenShift router should update + // the HAProxy configuration. The following values are valid for this + // field: + // + // * "ForkAndReload". + // * "Dynamic". + // + // Omitting this field means that the user has no opinion and the + // platform may choose a reasonable default. This default is subject to + // change over time. The current default is "ForkAndReload". + // + // "ForkAndReload" means that OpenShift router should rewrite the + // HAProxy configuration file and instruct HAProxy to fork and reload. + // This is OpenShift router's traditional approach. + // + // "Dynamic" means that OpenShift router may use HAProxy's control + // socket for some configuration updates and fall back to fork and + // reload for other configuration updates. This is a newer approach, + // which may be less mature than ForkAndReload. This setting can + // improve load-balancing fairness and metrics accuracy and reduce CPU + // and memory usage if HAProxy has frequent configuration updates for + // route and endpoints updates. + // + // Note: The "Dynamic" option is currently experimental and should not + // be enabled on production clusters. + // + // +openshift:enable:FeatureGate=IngressControllerDynamicConfigurationManager + // +optional + ConfigurationManagement IngressControllerConfigurationManagement `json:"configurationManagement,omitempty"` } +// IngressControllerConfigurationManagement specifies whether always to use +// fork-and-reload to update the HAProxy configuration or whether to use +// HAProxy's control socket for some configuration updates. +// +// +enum +// +kubebuilder:validation:Enum=Dynamic;ForkAndReload +type IngressControllerConfigurationManagement string + +const ( + IngressControllerConfigurationManagementDynamic IngressControllerConfigurationManagement = "Dynamic" + IngressControllerConfigurationManagementForkAndReload IngressControllerConfigurationManagement = "ForkAndReload" +) + // HTTPEmptyRequestsPolicy indicates how HTTP connections for which no request // is received should be handled. // +kubebuilder:validation:Enum=Respond;Ignore diff --git a/vendor/github.com/openshift/api/operator/v1/types_kmsencryption.go b/vendor/github.com/openshift/api/operator/v1/types_kmsencryption.go new file mode 100644 index 000000000..a5dcf7d33 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/types_kmsencryption.go @@ -0,0 +1,80 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +kubebuilder:validation:Enum=Healthy;Unhealthy;Error +type KMSPluginHealthStatus string + +const ( + KMSPluginHealthStatusHealthy KMSPluginHealthStatus = "Healthy" + + KMSPluginHealthStatusUnhealthy KMSPluginHealthStatus = "Unhealthy" + + KMSPluginHealthStatusError KMSPluginHealthStatus = "Error" +) + +// +openshift:compatibility-gen:level=1 +type KMSPluginHealthReport struct { + + // nodeName is the name of the node this instance of the plugin runs on. + // The combination of nodeName and keyId makes this health report unique. + // The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain + // consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with + // an alphanumeric character, and be at most 253 characters in length. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="nodeName must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character" + // +required + NodeName string `json:"nodeName,omitempty"` + + // keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + // This is not a cryptographic key used to encrypt/decrypt any resources. + // The value must be between 1 and 512 characters. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=512 + // +required + KeyId string `json:"keyId,omitempty"` + + // status contains a health indicator for the respective KMS plugin + // The field can have three states: healthy, unhealthy, error. + // With error and unhealthy containing additional information in Detail. + // +required + Status KMSPluginHealthStatus `json:"status,omitempty"` + + // lastCheckedTime is a timestamp of when the probe was last checked. + // +required + LastCheckedTime metav1.Time `json:"lastCheckedTime,omitempty"` + + // kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. + // This is not a cryptographic key, but a unique representation of the KEK. + // The value must be between 1 and 1024 characters. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + // +required + KEKId string `json:"kekId,omitempty"` + + // detail contains additional error/health information for the respective KMS plugin. + // When omitted, no additional error or health information is provided. + // When set, the value must be between 1 and 1024 characters. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + // +optional + Detail string `json:"detail,omitempty"` +} + +// +openshift:compatibility-gen:level=1 +// +kubebuilder:validation:MinProperties=1 +type KMSEncryptionStatus struct { + // healthReports contains all KMS plugin health reports. + // When omitted, no health reports are available. + // Each entry must have a unique combination of nodeName and keyId. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=200 + // +listType=map + // +listMapKey=nodeName + // +listMapKey=keyId + HealthReports []KMSPluginHealthReport `json:"healthReports,omitempty"` +} diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go index 1461f11a1..31b0c201b 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go @@ -63,6 +63,11 @@ type KubeAPIServerStatus struct { // +optional // +listType=atomic ServiceAccountIssuers []ServiceAccountIssuerStatus `json:"serviceAccountIssuers,omitempty"` + + // encryptionStatus contains status reports for the KMS plugin health and its key rotation. + // +optional + // +openshift:enable:FeatureGate=KMSEncryption + EncryptionStatus KMSEncryptionStatus `json:"encryptionStatus,omitempty,omitzero"` } type ServiceAccountIssuerStatus struct { diff --git a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go index c6bcd22bc..f0c1e01c7 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go +++ b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go @@ -18,7 +18,8 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() : true",message="when skew enforcement is in Automatic mode, a boot image configuration is required" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, m.selection.mode == 'All' && m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io') : true",message="when skew enforcement is in Automatic mode, managedBootImages must contain a MachineManager opting in all MachineAPI MachineSets" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) > 0 : true",message="when skew enforcement is in Automatic mode, managedBootImages.machineManagers must not be an empty list" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io') || self.spec.managedBootImages.machineManagers.exists(m, m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io' && m.selection.mode == 'All') : true",message="when skew enforcement is in Automatic mode, any MachineAPI MachineSet MachineManager must use selection mode 'All'" // +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode == 'All' && m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io'): true",message="when skew enforcement is in Automatic mode, managedBootImagesStatus must contain a MachineManager opting in all MachineAPI MachineSets" type MachineConfiguration struct { metav1.TypeMeta `json:",inline"` @@ -46,7 +47,6 @@ type MachineConfigurationSpec struct { // and the platform is left to choose a reasonable default, which is subject to change over time. // The default for each machine manager mode is All for GCP and AWS platforms, and None for all // other platforms. - // +openshift:enable:FeatureGate=ManagedBootImages // +optional ManagedBootImages ManagedBootImages `json:"managedBootImages"` @@ -287,7 +287,6 @@ type MachineConfigurationStatus struct { // managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is // and will be used by Machine Config Controller while performing boot image updates. - // +openshift:enable:FeatureGate=ManagedBootImages // +optional ManagedBootImagesStatus ManagedBootImages `json:"managedBootImagesStatus"` @@ -366,7 +365,7 @@ type ManagedBootImages struct { // MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information // such as the resource type and the API Group of the resource. It also provides granular control via the selection field. -// +openshift:validation:FeatureGateAwareXValidation:requiredFeatureGate=ManagedBootImages;ManagedBootImagesCPMS,rule="self.resource != 'controlplanemachinesets' || self.selection.mode == 'All' || self.selection.mode == 'None'", message="Only All or None selection mode is permitted for ControlPlaneMachineSets" +// +openshift:validation:FeatureGateAwareXValidation:requiredFeatureGate=ManagedBootImagesCPMS,rule="self.resource != 'controlplanemachinesets' || self.selection.mode == 'All' || self.selection.mode == 'None'", message="Only All or None selection mode is permitted for ControlPlaneMachineSets" type MachineManager struct { // resource is the machine management resource's type. // Valid values are machinesets and controlplanemachinesets. @@ -430,8 +429,8 @@ const ( // MachineManagerManagedResourceType is a string enum used in the MachineManager type to describe the resource // type to be registered. -// +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=ManagedBootImages,enum=machinesets -// +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=ManagedBootImages;ManagedBootImagesCPMS,enum=machinesets;controlplanemachinesets +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=machinesets +// +openshift:validation:FeatureGateAwareEnum:featureGate=ManagedBootImagesCPMS,enum=machinesets;controlplanemachinesets type MachineManagerMachineSetsResourceType string const ( diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 111240eec..cd2e2f9e3 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -54,7 +54,7 @@ type NetworkList struct { // NetworkSpec is the top-level network configuration object. // +kubebuilder:validation:XValidation:rule="!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Restricted' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Global'",message="invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=RouteAdvertisements,rule="(has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != 'Enabled'",message="Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available" +// +kubebuilder:validation:XValidation:rule="(has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != 'Enabled'",message="Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available" type NetworkSpec struct { OperatorSpec `json:",inline"` @@ -136,7 +136,6 @@ type NetworkSpec struct { // capabilities acquired through the enablement of these components but may // require specific configuration on their side to do so; refer to their // respective documentation and configuration options. - // +openshift:enable:FeatureGate=AdditionalRoutingCapabilities // +optional AdditionalRoutingCapabilities *AdditionalRoutingCapabilities `json:"additionalRoutingCapabilities,omitempty"` } @@ -157,7 +156,7 @@ const ( ) // NetworkMigration represents the cluster network migration configuration. -// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkLiveMigration,rule="!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" +// +kubebuilder:validation:XValidation:rule="!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" type NetworkMigration struct { // mtu contains the MTU migration configuration. Set this to allow changing // the MTU values for the default network. If unset, the operation of @@ -399,6 +398,12 @@ type OpenShiftSDNConfig struct { // ovnKubernetesConfig contains the configuration parameters for networks // using the ovn-kubernetes network project +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?transport.orValue('') == 'NoOverlay' ? self.?routeAdvertisements.orValue('') == 'Enabled' : true",message="routeAdvertisements must be Enabled when transport is NoOverlay" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?transport.orValue('') == 'NoOverlay' ? has(self.noOverlayConfig) : !has(self.noOverlayConfig)",message="noOverlayConfig must be set if transport is NoOverlay, and is forbidden otherwise" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?noOverlayConfig.routing.orValue('') == 'Managed' ? has(self.bgpManagedConfig) : true",message="bgpManagedConfig is required when noOverlayConfig.routing is Managed" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(self.transport) || self.transport == 'Geneve' || has(oldSelf.transport)",message="transport can only be set to Geneve after installation" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(oldSelf.transport) || has(self.transport)",message="transport may not be removed once set" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(oldSelf.noOverlayConfig) || has(self.noOverlayConfig)",message="noOverlayConfig may not be removed once set" type OVNKubernetesConfig struct { // mtu is the MTU to use for the tunnel interface. This must be 100 // bytes smaller than the uplink mtu. @@ -465,9 +470,40 @@ type OVNKubernetesConfig struct { // means the user has no opinion and the platform is left to choose // reasonable defaults. These defaults are subject to change over time. The // current default is "Disabled". - // +openshift:enable:FeatureGate=RouteAdvertisements // +optional RouteAdvertisements RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` + + // transport sets the transport mode for pods on the default network. + // Allowed values are "NoOverlay" and "Geneve". + // "NoOverlay" avoids tunnel encapsulation, routing pod traffic directly between nodes. + // "Geneve" encapsulates pod traffic using Geneve tunnels between nodes. + // When omitted, this means the user has no opinion and the platform chooses + // a reasonable default which is subject to change over time. + // The current default is "Geneve". + // "NoOverlay" can only be set at installation time and cannot be changed afterwards. + // "Geneve" may be set explicitly at any time to lock in the current default. + // +openshift:enable:FeatureGate=NoOverlayMode + // +kubebuilder:validation:Enum=NoOverlay;Geneve + // +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self == oldSelf",message="transport is immutable once set" + // +optional + Transport TransportOption `json:"transport,omitempty"` + + // noOverlayConfig contains configuration for no-overlay mode. + // This configuration applies to the default network only. + // It is required when transport is "NoOverlay". + // When omitted, this means the user does not configure no-overlay mode options. + // +openshift:enable:FeatureGate=NoOverlayMode + // +optional + NoOverlayConfig NoOverlayConfig `json:"noOverlayConfig,omitzero,omitempty"` + + // bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + // in no-overlay mode that specify routing="Managed" in their noOverlayConfig. + // It is required when noOverlayConfig.routing is set to "Managed". + // When omitted, this means the user does not configure BGP for managed routing. + // This field can be set at installation time or on day 2, and can be modified at any time. + // +openshift:enable:FeatureGate=NoOverlayMode + // +optional + BGPManagedConfig BGPManagedConfig `json:"bgpManagedConfig,omitzero,omitempty"` } type IPv4OVNKubernetesConfig struct { @@ -898,3 +934,80 @@ type AdditionalRoutingCapabilities struct { // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" Providers []RoutingCapabilitiesProvider `json:"providers"` } + +// TransportOption is the type for network transport options +type TransportOption string + +// SNATOption is the type for SNAT configuration options +type SNATOption string + +// RoutingOption is the type for routing configuration options +type RoutingOption string + +// BGPTopology is the type for BGP topology configuration +type BGPTopology string + +const ( + // TransportOptionNoOverlay indicates the network operates in no-overlay mode + TransportOptionNoOverlay TransportOption = "NoOverlay" + // TransportOptionGeneve indicates the network uses Geneve overlay + TransportOptionGeneve TransportOption = "Geneve" + + // SNATEnabled indicates outbound SNAT is enabled + SNATEnabled SNATOption = "Enabled" + // SNATDisabled indicates outbound SNAT is disabled + SNATDisabled SNATOption = "Disabled" + + // RoutingManaged indicates routing is managed by OVN-Kubernetes + RoutingManaged RoutingOption = "Managed" + // RoutingUnmanaged indicates routing is managed by users + RoutingUnmanaged RoutingOption = "Unmanaged" + + // BGPTopologyFullMesh indicates a full mesh BGP topology where every node peers directly with every other node + BGPTopologyFullMesh BGPTopology = "FullMesh" +) + +// NoOverlayConfig contains configuration options for networks operating in no-overlay mode. +type NoOverlayConfig struct { + // outboundSNAT defines the SNAT behavior for outbound traffic from pods. + // Allowed values are "Enabled" and "Disabled". + // When set to "Enabled", SNAT is performed on outbound traffic from pods. + // When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + // This field is required when the network operates in no-overlay mode. + // This field can be set to any value at installation time and can be changed afterwards. + // +kubebuilder:validation:Enum=Enabled;Disabled + // +required + OutboundSNAT SNATOption `json:"outboundSNAT,omitempty"` + + // routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + // Allowed values are "Managed" and "Unmanaged". + // When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + // When set to "Unmanaged", users are responsible for configuring the pod network routing. + // This field is required when the network operates in no-overlay mode. + // This field is immutable once set. + // +kubebuilder:validation:Enum=Managed;Unmanaged + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="routing is immutable once set" + // +required + Routing RoutingOption `json:"routing,omitempty"` +} + +// BGPManagedConfig contains configuration options for BGP when routing is "Managed". +type BGPManagedConfig struct { + // asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + // to be used in the generated FRR configuration. + // Valid values are 1 to 4294967295. + // When omitted, this defaults to 64512. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=4294967295 + // +default=64512 + // +optional + ASNumber int64 `json:"asNumber,omitempty"` + + // bgpTopology defines the BGP topology to be used. + // Allowed values are "FullMesh". + // When set to "FullMesh", every node peers directly with every other node via BGP. + // This field is required when BGPManagedConfig is specified. + // +kubebuilder:validation:Enum=FullMesh + // +required + BGPTopology BGPTopology `json:"bgpTopology,omitempty"` +} diff --git a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go index a96e033cb..c9d104ad2 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go @@ -39,6 +39,11 @@ type OpenShiftAPIServerSpec struct { type OpenShiftAPIServerStatus struct { OperatorStatus `json:",inline"` + + // encryptionStatus contains status reports for the KMS plugin health and its key rotation. + // +optional + // +openshift:enable:FeatureGate=KMSEncryption + EncryptionStatus KMSEncryptionStatus `json:"encryptionStatus,omitempty,omitzero"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 3bc6b81de..b39071949 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -338,7 +338,7 @@ func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthenticationStatus) DeepCopyInto(out *AuthenticationStatus) { *out = *in - out.OAuthAPIServer = in.OAuthAPIServer + in.OAuthAPIServer.DeepCopyInto(&out.OAuthAPIServer) in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) return } @@ -390,6 +390,22 @@ func (in *AzureDiskEncryptionSet) DeepCopy() *AzureDiskEncryptionSet { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BGPManagedConfig) DeepCopyInto(out *BGPManagedConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPManagedConfig. +func (in *BGPManagedConfig) DeepCopy() *BGPManagedConfig { + if in == nil { + return nil + } + out := new(BGPManagedConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootImageSkewEnforcementConfig) DeepCopyInto(out *BootImageSkewEnforcementConfig) { *out = *in @@ -2733,6 +2749,46 @@ func (in *IrreconcilableValidationOverrides) DeepCopy() *IrreconcilableValidatio return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSEncryptionStatus) DeepCopyInto(out *KMSEncryptionStatus) { + *out = *in + if in.HealthReports != nil { + in, out := &in.HealthReports, &out.HealthReports + *out = make([]KMSPluginHealthReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSEncryptionStatus. +func (in *KMSEncryptionStatus) DeepCopy() *KMSEncryptionStatus { + if in == nil { + return nil + } + out := new(KMSEncryptionStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSPluginHealthReport) DeepCopyInto(out *KMSPluginHealthReport) { + *out = *in + in.LastCheckedTime.DeepCopyInto(&out.LastCheckedTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSPluginHealthReport. +func (in *KMSPluginHealthReport) DeepCopy() *KMSPluginHealthReport { + if in == nil { + return nil + } + out := new(KMSPluginHealthReport) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubeAPIServer) DeepCopyInto(out *KubeAPIServer) { *out = *in @@ -2822,6 +2878,7 @@ func (in *KubeAPIServerStatus) DeepCopyInto(out *KubeAPIServerStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + in.EncryptionStatus.DeepCopyInto(&out.EncryptionStatus) return } @@ -3665,6 +3722,22 @@ func (in *NetworkStatus) DeepCopy() *NetworkStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NoOverlayConfig) DeepCopyInto(out *NoOverlayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NoOverlayConfig. +func (in *NoOverlayConfig) DeepCopy() *NoOverlayConfig { + if in == nil { + return nil + } + out := new(NoOverlayConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeDisruptionPolicyClusterStatus) DeepCopyInto(out *NodeDisruptionPolicyClusterStatus) { *out = *in @@ -4006,6 +4079,7 @@ func (in *NodeStatus) DeepCopy() *NodeStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OAuthAPIServerStatus) DeepCopyInto(out *OAuthAPIServerStatus) { *out = *in + in.EncryptionStatus.DeepCopyInto(&out.EncryptionStatus) return } @@ -4158,6 +4232,8 @@ func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) { *out = new(IPv6OVNKubernetesConfig) **out = **in } + out.NoOverlayConfig = in.NoOverlayConfig + out.BGPManagedConfig = in.BGPManagedConfig return } @@ -4253,6 +4329,7 @@ func (in *OpenShiftAPIServerSpec) DeepCopy() *OpenShiftAPIServerSpec { func (in *OpenShiftAPIServerStatus) DeepCopyInto(out *OpenShiftAPIServerStatus) { *out = *in in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + in.EncryptionStatus.DeepCopyInto(&out.EncryptionStatus) return } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index e7c94e286..9edb02ec6 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -5,7 +5,8 @@ authentications.operator.openshift.io: CRDName: authentications.operator.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - KMSEncryption FilenameOperatorName: authentication FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_50" @@ -69,6 +70,7 @@ clustercsidrivers.operator.openshift.io: Capability: "" Category: "" FeatureGates: + - AWSEuropeanSovereignCloudInstall - VSphereConfigurableMaxAllowedBlockVolumesPerNode FilenameOperatorName: csi-driver FilenameOperatorOrdering: "01" @@ -175,7 +177,9 @@ ingresscontrollers.operator.openshift.io: CRDName: ingresscontrollers.operator.openshift.io Capability: Ingress Category: "" - FeatureGates: [] + FeatureGates: + - IngressControllerDynamicConfigurationManager + - TLSGroupPreferences FilenameOperatorName: ingress FilenameOperatorOrdering: "00" FilenameRunLevel: "0000_50" @@ -219,6 +223,7 @@ kubeapiservers.operator.openshift.io: Category: coreoperators FeatureGates: - EventTTL + - KMSEncryption FilenameOperatorName: kube-apiserver FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_20" @@ -305,8 +310,7 @@ machineconfigurations.operator.openshift.io: FeatureGates: - BootImageSkewEnforcement - IrreconcilableMachineConfig - - ManagedBootImages - - ManagedBootImages+ManagedBootImagesCPMS + - ManagedBootImagesCPMS FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_80" @@ -328,9 +332,7 @@ networks.operator.openshift.io: Capability: "" Category: "" FeatureGates: - - AdditionalRoutingCapabilities - - NetworkLiveMigration - - RouteAdvertisements + - NoOverlayMode FilenameOperatorName: network FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_70" @@ -376,7 +378,8 @@ openshiftapiservers.operator.openshift.io: CRDName: openshiftapiservers.operator.openshift.io Capability: "" Category: coreoperators - FeatureGates: [] + FeatureGates: + - KMSEncryption FilenameOperatorName: openshift-apiserver FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_30" diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go new file mode 100644 index 000000000..8c48ad4bc --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go @@ -0,0 +1,1196 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1 + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSCSIDriverConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSClassicLoadBalancerParameters) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSEFSVolumeMetrics) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSEFSVolumeMetricsRecursiveWalkConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSLoadBalancerParameters) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AWSLoadBalancerParameters" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSNetworkLoadBalancerParameters) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSSubnets) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AWSSubnets" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AccessLogging) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AccessLogging" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AddPage) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AddPage" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AdditionalNetworkDefinition) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AdditionalNetworkDefinition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AdditionalRoutingCapabilities) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Authentication) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Authentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuthenticationList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AuthenticationList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuthenticationSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AuthenticationSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuthenticationStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AuthenticationStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AzureCSIDriverConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AzureDiskEncryptionSet) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.AzureDiskEncryptionSet" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BGPManagedConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.BGPManagedConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BootImageSkewEnforcementConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BootImageSkewEnforcementStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CSIDriverConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CSIDriverConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CSISnapshotController) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CSISnapshotController" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CSISnapshotControllerList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CSISnapshotControllerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CSISnapshotControllerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CSISnapshotControllerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CSISnapshotControllerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CSISnapshotControllerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Capability) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Capability" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CapabilityVisibility) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CapabilityVisibility" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClientTLS) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ClientTLS" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CloudCredential) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CloudCredential" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CloudCredentialList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CloudCredentialList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CloudCredentialSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CloudCredentialSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CloudCredentialStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CloudCredentialStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterBootImageAutomatic) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ClusterBootImageAutomatic" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterBootImageManual) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ClusterBootImageManual" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterCSIDriver) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ClusterCSIDriver" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterCSIDriverList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ClusterCSIDriverList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterCSIDriverSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ClusterCSIDriverSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterCSIDriverStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ClusterCSIDriverStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterNetworkEntry) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ClusterNetworkEntry" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Config) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Config" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConfigList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ConfigList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConfigMapFileReference) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ConfigMapFileReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConfigStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ConfigStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Console) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Console" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleConfigRoute) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ConsoleConfigRoute" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleCustomization) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ConsoleCustomization" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ConsoleList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleProviders) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ConsoleProviders" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ConsoleSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ConsoleStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ContainerLoggingDestinationParameters) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNS) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DNS" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSCache) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DNSCache" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DNSList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSNodePlacement) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DNSNodePlacement" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSOverTLSConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DNSOverTLSConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DNSSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DNSStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSTransportConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DNSTransportConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DefaultNetworkDefinition) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DefaultNetworkDefinition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DeveloperConsoleCatalogCategory) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DeveloperConsoleCatalogCategoryMeta) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DeveloperConsoleCatalogCustomization) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DeveloperConsoleCatalogTypes) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EgressIPConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.EgressIPConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EndpointPublishingStrategy) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.EndpointPublishingStrategy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Etcd) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Etcd" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.EtcdList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.EtcdSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.EtcdStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExportNetworkFlows) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ExportNetworkFlows" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeaturesMigration) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.FeaturesMigration" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FileReferenceSource) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.FileReferenceSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ForwardPlugin) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ForwardPlugin" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPCSIDriverConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPKMSKeyReference) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.GCPKMSKeyReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPLoadBalancerParameters) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.GCPLoadBalancerParameters" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GatewayConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.GatewayConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GatherStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.GatherStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GathererStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.GathererStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GenerationStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.GenerationStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HTTPCompressionPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.HTTPCompressionPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HealthCheck) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.HealthCheck" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HostNetworkStrategy) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.HostNetworkStrategy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HybridOverlayConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.HybridOverlayConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IBMCloudCSIDriverConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IBMLoadBalancerParameters) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IBMLoadBalancerParameters" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IPAMConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IPAMConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IPFIXConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IPFIXConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IPsecConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IPsecConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IPsecFullModeConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IPsecFullModeConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IPv4GatewayConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IPv4GatewayConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IPv4OVNKubernetesConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IPv6GatewayConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IPv6GatewayConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IPv6OVNKubernetesConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Ingress) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Ingress" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressController) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressController" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerCaptureHTTPCookie) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerCaptureHTTPCookieUnion) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookieUnion" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerCaptureHTTPHeader) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerCaptureHTTPHeaders) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerHTTPHeader) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerHTTPHeader" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerHTTPHeaderActionUnion) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerHTTPHeaderActions) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerHTTPHeaders) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerHTTPUniqueIdHeaderPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerLogging) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerLogging" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerSetHTTPHeader) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressControllerTuningOptions) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IngressControllerTuningOptions" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsOperator) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.InsightsOperator" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsOperatorList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.InsightsOperatorList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsOperatorSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.InsightsOperatorSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsOperatorStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.InsightsOperatorStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsReport) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.InsightsReport" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IrreconcilableValidationOverrides) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KMSEncryptionStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KMSEncryptionStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KMSPluginHealthReport) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KMSPluginHealthReport" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeAPIServer) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeAPIServer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeAPIServerList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeAPIServerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeAPIServerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeAPIServerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeAPIServerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeAPIServerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeControllerManager) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeControllerManager" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeControllerManagerList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeControllerManagerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeControllerManagerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeControllerManagerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeControllerManagerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeControllerManagerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeScheduler) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeScheduler" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeSchedulerList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeSchedulerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeSchedulerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeSchedulerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeSchedulerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeSchedulerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeStorageVersionMigrator) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeStorageVersionMigrator" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeStorageVersionMigratorList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeStorageVersionMigratorSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeStorageVersionMigratorStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LoadBalancerStrategy) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.LoadBalancerStrategy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LoggingDestination) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.LoggingDestination" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Logo) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Logo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MTUMigration) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MTUMigration" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MTUMigrationValues) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MTUMigrationValues" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MachineConfiguration) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MachineConfiguration" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MachineConfigurationList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MachineConfigurationList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MachineConfigurationSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MachineConfigurationSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MachineConfigurationStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MachineConfigurationStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MachineManager) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MachineManager" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MachineManagerSelector) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MachineManagerSelector" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ManagedBootImages) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ManagedBootImages" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MyOperatorResource) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MyOperatorResource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MyOperatorResourceSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MyOperatorResourceSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MyOperatorResourceStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.MyOperatorResourceStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetFlowConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NetFlowConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Network) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Network" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NetworkList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkMigration) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NetworkMigration" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NetworkSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NetworkStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NoOverlayConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NoOverlayConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicyClusterStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicyConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicySpecAction) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicySpecFile) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicySpecSSHKey) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicySpecUnit) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicyStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicyStatusAction) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicyStatusFile) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicyStatusSSHKey) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeDisruptionPolicyStatusUnit) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodePlacement) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodePlacement" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodePortStrategy) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodePortStrategy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.NodeStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthAPIServerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OAuthAPIServerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OLM) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OLM" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OLMList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OLMList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OLMSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OLMSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OLMStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OLMStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OVNKubernetesConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OVNKubernetesConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenShiftAPIServer) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OpenShiftAPIServer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenShiftAPIServerList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OpenShiftAPIServerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenShiftAPIServerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenShiftAPIServerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenShiftControllerManager) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OpenShiftControllerManager" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenShiftControllerManagerList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OpenShiftControllerManagerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenShiftControllerManagerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenShiftControllerManagerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenShiftSDNConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OpenShiftSDNConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenStackLoadBalancerParameters) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorCondition) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OperatorCondition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OperatorSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.OperatorStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PartialSelector) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.PartialSelector" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Perspective) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Perspective" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PerspectiveVisibility) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.PerspectiveVisibility" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PinnedResourceReference) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.PinnedResourceReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyAuditConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.PolicyAuditConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PrivateStrategy) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.PrivateStrategy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProjectAccess) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ProjectAccess" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProviderLoadBalancerParameters) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProxyConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ProxyConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in QuickStarts) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.QuickStarts" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ReloadService) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ReloadService" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ResourceAttributesAccessReview) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ResourceAttributesAccessReview" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RestartService) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.RestartService" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteAdmissionPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.RouteAdmissionPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SFlowConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SFlowConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Server) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Server" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceAccountIssuerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCA) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCA" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCAList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCAList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCASpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCASpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCAStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCAStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCatalogAPIServer) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCatalogAPIServer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCatalogAPIServerList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCatalogAPIServerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCatalogAPIServerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCatalogControllerManager) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCatalogControllerManager" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCatalogControllerManagerList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCatalogControllerManagerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServiceCatalogControllerManagerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SimpleMacvlanConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SimpleMacvlanConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StaticIPAMAddresses) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.StaticIPAMAddresses" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StaticIPAMConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.StaticIPAMConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StaticIPAMDNS) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.StaticIPAMDNS" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StaticIPAMRoutes) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.StaticIPAMRoutes" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StaticPodOperatorSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.StaticPodOperatorSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StaticPodOperatorStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.StaticPodOperatorStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StatuspageProvider) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.StatuspageProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Storage) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Storage" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StorageList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.StorageList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StorageSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.StorageSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StorageStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.StorageStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SyslogLoggingDestinationParameters) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Theme) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Theme" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Upstream) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.Upstream" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in UpstreamResolvers) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.UpstreamResolvers" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSphereCSIDriverConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec" +} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 06096a6c8..038638551 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -137,6 +137,7 @@ func (AuthenticationStatus) SwaggerDoc() map[string]string { var map_OAuthAPIServerStatus = map[string]string{ "latestAvailableRevision": "latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.", + "encryptionStatus": "encryptionStatus contains status reports for the KMS plugin health and its key rotation.", } func (OAuthAPIServerStatus) SwaggerDoc() map[string]string { @@ -210,7 +211,7 @@ func (AddPage) SwaggerDoc() map[string]string { var map_Capability = map[string]string{ "": "Capabilities contains set of UI capabilities and their state in the console UI.", - "name": "name is the unique name of a capability. Available capabilities are LightspeedButton and GettingStartedBanner.", + "name": "name is the unique name of a capability. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour.", "visibility": "visibility defines the visibility state of the capability.", } @@ -259,7 +260,7 @@ func (ConsoleConfigRoute) SwaggerDoc() map[string]string { var map_ConsoleCustomization = map[string]string{ "": "ConsoleCustomization defines a list of optional configuration for the console UI. Ensure that Logos and CustomLogoFile cannot be set at the same time.", "logos": "logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos. logos is an optional field that allows a list of logos. Only one of logos or customLogoFile can be set at a time. If logos is set, customLogoFile must be unset. When specified, there must be at least one entry and no more than 2 entries. Each type must appear only once in the list.", - "capabilities": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton and GettingStartedBanner. Each of the available capabilities may appear only once in the list.", + "capabilities": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour. Each of the available capabilities may appear only once in the list.", "brand": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", "documentationBaseURL": "documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.", "customProductName": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.", @@ -466,7 +467,7 @@ func (Theme) SwaggerDoc() map[string]string { var map_AWSCSIDriverConfigSpec = map[string]string{ "": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", - "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.", + "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.\n\nThe ARN must follow the format: arn::kms:::(key|alias)/, where: is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), is the AWS region, is a 12-digit numeric identifier for the AWS account, is the KMS key ID or alias name.", "efsVolumeMetrics": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", } @@ -798,7 +799,7 @@ func (EtcdList) SwaggerDoc() map[string]string { var map_EtcdSpec = map[string]string{ "controlPlaneHardwareSpeed": "HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.", - "backendQuotaGiB": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 32. When not specified, the default value is 8.", + "backendQuotaGiB": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 16. When not specified, the default value is 8.", } func (EtcdSpec) SwaggerDoc() map[string]string { @@ -1121,6 +1122,7 @@ var map_IngressControllerTuningOptions = map[string]string{ "healthCheckInterval": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", "maxConnections": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", "reloadInterval": "reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see . Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default).\n\nA zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.", + "configurationManagement": "configurationManagement specifies how OpenShift router should update the HAProxy configuration. The following values are valid for this field:\n\n* \"ForkAndReload\". * \"Dynamic\".\n\nOmitting this field means that the user has no opinion and the platform may choose a reasonable default. This default is subject to change over time. The current default is \"ForkAndReload\".\n\n\"ForkAndReload\" means that OpenShift router should rewrite the HAProxy configuration file and instruct HAProxy to fork and reload. This is OpenShift router's traditional approach.\n\n\"Dynamic\" means that OpenShift router may use HAProxy's control socket for some configuration updates and fall back to fork and reload for other configuration updates. This is a newer approach, which may be less mature than ForkAndReload. This setting can improve load-balancing fairness and metrics accuracy and reduce CPU and memory usage if HAProxy has frequent configuration updates for route and endpoints updates.\n\nNote: The \"Dynamic\" option is currently experimental and should not be enabled on production clusters.", } func (IngressControllerTuningOptions) SwaggerDoc() map[string]string { @@ -1295,6 +1297,27 @@ func (InsightsReport) SwaggerDoc() map[string]string { return map_InsightsReport } +var map_KMSEncryptionStatus = map[string]string{ + "healthReports": "healthReports contains all KMS plugin health reports. When omitted, no health reports are available. Each entry must have a unique combination of nodeName and keyId.", +} + +func (KMSEncryptionStatus) SwaggerDoc() map[string]string { + return map_KMSEncryptionStatus +} + +var map_KMSPluginHealthReport = map[string]string{ + "nodeName": "nodeName is the name of the node this instance of the plugin runs on. The combination of nodeName and keyId makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + "keyId": "keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters.", + "status": "status contains a health indicator for the respective KMS plugin The field can have three states: healthy, unhealthy, error. With error and unhealthy containing additional information in Detail.", + "lastCheckedTime": "lastCheckedTime is a timestamp of when the probe was last checked.", + "kekId": "kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. This is not a cryptographic key, but a unique representation of the KEK. The value must be between 1 and 1024 characters.", + "detail": "detail contains additional error/health information for the respective KMS plugin. When omitted, no additional error or health information is provided. When set, the value must be between 1 and 1024 characters.", +} + +func (KMSPluginHealthReport) SwaggerDoc() map[string]string { + return map_KMSPluginHealthReport +} + var map_KubeAPIServer = map[string]string{ "": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -1326,6 +1349,7 @@ func (KubeAPIServerSpec) SwaggerDoc() map[string]string { var map_KubeAPIServerStatus = map[string]string{ "serviceAccountIssuers": "serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection", + "encryptionStatus": "encryptionStatus contains status reports for the KMS plugin health and its key rotation.", } func (KubeAPIServerStatus) SwaggerDoc() map[string]string { @@ -1669,6 +1693,16 @@ func (AdditionalRoutingCapabilities) SwaggerDoc() map[string]string { return map_AdditionalRoutingCapabilities } +var map_BGPManagedConfig = map[string]string{ + "": "BGPManagedConfig contains configuration options for BGP when routing is \"Managed\".", + "asNumber": "asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) to be used in the generated FRR configuration. Valid values are 1 to 4294967295. When omitted, this defaults to 64512.", + "bgpTopology": "bgpTopology defines the BGP topology to be used. Allowed values are \"FullMesh\". When set to \"FullMesh\", every node peers directly with every other node via BGP. This field is required when BGPManagedConfig is specified.", +} + +func (BGPManagedConfig) SwaggerDoc() map[string]string { + return map_BGPManagedConfig +} + var map_ClusterNetworkEntry = map[string]string{ "": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", } @@ -1896,6 +1930,16 @@ func (NetworkStatus) SwaggerDoc() map[string]string { return map_NetworkStatus } +var map_NoOverlayConfig = map[string]string{ + "": "NoOverlayConfig contains configuration options for networks operating in no-overlay mode.", + "outboundSNAT": "outboundSNAT defines the SNAT behavior for outbound traffic from pods. Allowed values are \"Enabled\" and \"Disabled\". When set to \"Enabled\", SNAT is performed on outbound traffic from pods. When set to \"Disabled\", SNAT is not performed and pod IPs are preserved in outbound traffic. This field is required when the network operates in no-overlay mode. This field can be set to any value at installation time and can be changed afterwards.", + "routing": "routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. Allowed values are \"Managed\" and \"Unmanaged\". When set to \"Managed\", OVN-Kubernetes manages the pod network routing configuration through BGP. When set to \"Unmanaged\", users are responsible for configuring the pod network routing. This field is required when the network operates in no-overlay mode. This field is immutable once set.", +} + +func (NoOverlayConfig) SwaggerDoc() map[string]string { + return map_NoOverlayConfig +} + var map_OVNKubernetesConfig = map[string]string{ "": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project", "mtu": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", @@ -1910,6 +1954,9 @@ var map_OVNKubernetesConfig = map[string]string{ "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", "routeAdvertisements": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", + "transport": "transport sets the transport mode for pods on the default network. Allowed values are \"NoOverlay\" and \"Geneve\". \"NoOverlay\" avoids tunnel encapsulation, routing pod traffic directly between nodes. \"Geneve\" encapsulates pod traffic using Geneve tunnels between nodes. When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. The current default is \"Geneve\". \"NoOverlay\" can only be set at installation time and cannot be changed afterwards. \"Geneve\" may be set explicitly at any time to lock in the current default.", + "noOverlayConfig": "noOverlayConfig contains configuration for no-overlay mode. This configuration applies to the default network only. It is required when transport is \"NoOverlay\". When omitted, this means the user does not configure no-overlay mode options.", + "bgpManagedConfig": "bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) in no-overlay mode that specify routing=\"Managed\" in their noOverlayConfig. It is required when noOverlayConfig.routing is set to \"Managed\". When omitted, this means the user does not configure BGP for managed routing. This field can be set at installation time or on day 2, and can be modified at any time.", } func (OVNKubernetesConfig) SwaggerDoc() map[string]string { @@ -2056,6 +2103,14 @@ func (OpenShiftAPIServerList) SwaggerDoc() map[string]string { return map_OpenShiftAPIServerList } +var map_OpenShiftAPIServerStatus = map[string]string{ + "encryptionStatus": "encryptionStatus contains status reports for the KMS plugin health and its key rotation.", +} + +func (OpenShiftAPIServerStatus) SwaggerDoc() map[string]string { + return map_OpenShiftAPIServerStatus +} + var map_OpenShiftControllerManager = map[string]string{ "": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/doc.go b/vendor/github.com/openshift/api/operator/v1alpha1/doc.go index 9d1871953..6a48bca3d 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/doc.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/doc.go @@ -1,6 +1,7 @@ // +k8s:deepcopy-gen=package,register // +k8s:defaulter-gen=TypeMeta // +k8s:openapi-gen=true +// +k8s:openapi-model-package=com.github.openshift.api.operator.v1alpha1 // +groupName=operator.openshift.io package v1alpha1 diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/register.go b/vendor/github.com/openshift/api/operator/v1alpha1/register.go index 3e9b09cce..ec19cba3a 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/register.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/register.go @@ -41,6 +41,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &EtcdBackupList{}, &ClusterVersionOperator{}, &ClusterVersionOperatorList{}, + &ClusterAPI{}, + &ClusterAPIList{}, ) return nil diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go new file mode 100644 index 000000000..719893f8a --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go @@ -0,0 +1,290 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusterapis,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2564 +// +openshift:file-pattern=cvoRunLevel=0000_30,operatorName=cluster-api,operatorOrdering=01 +// +openshift:enable:FeatureGate=ClusterAPIMachineManagement +// +kubebuilder:metadata:annotations="release.openshift.io/feature-gate=ClusterAPIMachineManagement" + +// ClusterAPI provides configuration for the capi-operator. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="clusterapi is a singleton, .metadata.name must be 'cluster'" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.status) || has(self.status)",message="status may not be removed once set" +type ClusterAPI struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +required + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec is the specification of the desired behavior of the capi-operator. + // +required + Spec *ClusterAPISpec `json:"spec,omitempty"` + + // status defines the observed status of the capi-operator. + // +optional + Status ClusterAPIStatus `json:"status,omitzero"` +} + +// ClusterAPISpec defines the desired configuration of the capi-operator. +// The spec is required but we deliberately allow it to be empty. +// +kubebuilder:validation:MinProperties=0 +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.unmanagedCustomResourceDefinitions) || has(self.unmanagedCustomResourceDefinitions)",message="unmanagedCustomResourceDefinitions cannot be unset once set" +type ClusterAPISpec struct { + // unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) + // names that should not be managed by the capi-operator installer + // controller. This allows external actors to own specific CRDs while + // capi-operator manages others. + // + // Each CRD name must be a valid DNS-1123 subdomain consisting of lowercase + // alphanumeric characters, '-' or '.', and must start and end with an + // alphanumeric character, with a maximum length of 253 characters. + // CRD names must contain at least two '.' characters. + // Example: "clusters.cluster.x-k8s.io" + // + // Items cannot be removed from this list once added. + // + // The maximum number of unmanagedCustomResourceDefinitions is 128. + // + // +optional + // +listType=set + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=128 + // +kubebuilder:validation:XValidation:rule="oldSelf.all(item, item in self)",message="items cannot be removed from unmanagedCustomResourceDefinitions list" + // +kubebuilder:validation:items:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +kubebuilder:validation:items:XValidation:rule="self.split('.').size() > 2",message="CRD names must contain at least two '.' characters." + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=253 + UnmanagedCustomResourceDefinitions []string `json:"unmanagedCustomResourceDefinitions,omitempty"` +} + +// RevisionName represents the name of a revision. The name must be between 1 +// and 255 characters long. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=255 +type RevisionName string + +// ClusterAPIStatus describes the current state of the capi-operator. +// +kubebuilder:validation:XValidation:rule="self.revisions.exists(r, r.name == self.desiredRevision && self.revisions.all(s, s.revision <= r.revision))",message="desiredRevision must be the name of the revision with the highest revision number" +// +kubebuilder:validation:XValidation:rule="!has(self.currentRevision) || self.revisions.exists(r, r.name == self.currentRevision)",message="currentRevision must correspond to an entry in the revisions list" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.observedRevisionGeneration) || has(self.observedRevisionGeneration)",message="observedRevisionGeneration may not be unset once set" +type ClusterAPIStatus struct { + // currentRevision is the name of the most recently fully applied revision. + // It is written by the installer controller. If it is absent, it indicates + // that no revision has been fully applied yet. + // If set, currentRevision must correspond to an entry in the revisions list. + // +optional + CurrentRevision RevisionName `json:"currentRevision,omitempty"` + + // desiredRevision is the name of the desired revision. It is written by the + // revision controller. It must be set to the name of the entry in the + // revisions list with the highest revision number. + // +required + DesiredRevision RevisionName `json:"desiredRevision,omitempty"` + + // revisions is a list of all currently active revisions. A revision is + // active until the installer controller updates currentRevision to a later + // revision. It is written by the revision controller. + // + // The maximum number of revisions is 16. + // All revisions must have a unique name. + // All revisions must have a unique revision number. + // When adding a revision, the revision number must be greater than the highest revision number in the list. + // Revisions are immutable, although they can be deleted. + // + // +required + // +listType=atomic + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="each revision must have a unique name" + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.revision == y.revision))",message="each revision must have a unique revision number" + // +kubebuilder:validation:XValidation:rule="self.all(new, oldSelf.exists(old, old.name == new.name) || oldSelf.all(old, new.revision > old.revision))",message="new revisions must have a revision number greater than all existing revisions" + // +kubebuilder:validation:XValidation:rule="oldSelf.all(old, !self.exists(new, new.name == old.name) || self.exists(new, new == old))",message="existing revisions are immutable, but may be removed" + Revisions []ClusterAPIInstallerRevision `json:"revisions,omitempty"` + + // observedRevisionGeneration is the generation of the ClusterAPI object that was last observed by the revision controller. + // If specified it must be greater than or equal to 1, and less than 2^53. It may not decrease or be unset once set. + // + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=9007199254740991 + // +kubebuilder:validation:XValidation:rule="self >= oldSelf",message="observedRevisionGeneration may not decrease" + ObservedRevisionGeneration int64 `json:"observedRevisionGeneration,omitempty"` +} + +// +structType=atomic +type ClusterAPIInstallerRevision struct { + // name is the name of a revision. + // +required + Name RevisionName `json:"name,omitempty"` + + // revision is a monotonically increasing number that is assigned to a revision. + // +required + // +kubebuilder:validation:Minimum=1 + Revision int64 `json:"revision,omitempty"` + + // contentID uniquely identifies the content of this revision. + // The contentID must be between 1 and 255 characters long. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + ContentID string `json:"contentID,omitempty"` + + // unmanagedCustomResourceDefinitions is a list of the names of + // ClusterResourceDefinition (CRD) objects which are included in this + // revision, but which should not be installed or updated. If not set, all + // CRDs in the revision will be managed by the CAPI operator. + // +listType=atomic + // +kubebuilder:validation:items:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=253 + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=128 + // +optional + UnmanagedCustomResourceDefinitions []string `json:"unmanagedCustomResourceDefinitions,omitempty"` + + // manifestSubstitutions is a list of envsubst style substitutions which + // will be applied to manifests in the revision during rendering. If + // defined it must not be empty, and may not contain more than 32 items. + // Each manifest substitution must have a unique key. + // +optional + // +listType=map + // +listMapKey=key + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + ManifestSubstitutions []ClusterAPIInstallerRevisionManifestSubstitution `json:"manifestSubstitutions,omitempty"` + + // components is a list of components which will be installed by this + // revision. Components will be installed in the order they are listed. If + // omitted no components will be installed. + // + // The maximum number of components is 32. + // + // +optional + // +listType=atomic + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + Components []ClusterAPIInstallerComponent `json:"components,omitempty"` +} + +// ClusterAPIInstallerRevisionManifestSubstitution defines an envsubst style +// substitution which will be applied to manifests in a revision during +// rendering. +type ClusterAPIInstallerRevisionManifestSubstitution struct { + // key is the name of the envsubst variable to substitute. It must be a + // valid envsubst variable name, consisting of letters, digits, and + // underscores, and must start with a letter or underscore. The key must + // not be empty, and must not exceed 255 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[A-Za-z_][A-Za-z0-9_]*$')",message="key must start with a letter or underscore, followed by letters, digits, or underscores" + Key string `json:"key,omitempty"` + + // value is the value to substitute for the envsubst variable. It may be + // empty, in which case the variable will be substituted with an empty + // string. The value must not exceed 4096 characters. + // +required + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=4096 + Value *string `json:"value,omitempty"` +} + +// InstallerComponentType is the type of component to install. +// +kubebuilder:validation:Enum=Image +// +enum +type InstallerComponentType string + +const ( + // InstallerComponentTypeImage is an image source for a component. + InstallerComponentTypeImage InstallerComponentType = "Image" +) + +// ClusterAPIInstallerComponent defines a component which will be installed by this revision. +type ClusterAPIInstallerComponent struct { + // name is the human-readable name of the component. The value has no + // effect, and will not be set if the component does not define a name in + // its manifests. If set it must consist of alphanumeric characters, or + // '-', and may not exceed 255 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[A-Za-z0-9-]+$')",message="name must consist of alphanumeric characters or '-'" + Name string `json:"name,omitempty"` + + ClusterAPIInstallerComponentSource `json:",inline"` +} + +// ClusterAPIInstallerComponentSource defines the source of a component which will be installed by this revision. +// +union +// +kubebuilder:validation:XValidation:rule="self.type == 'Image' ? has(self.image) : !has(self.image)",message="image is required when type is Image, and forbidden otherwise" +type ClusterAPIInstallerComponentSource struct { + // type is the source type of the component. + // The only valid value is Image. + // When set to Image, the image field must be set and will define an image source for the component. + // +required + // +unionDiscriminator + Type InstallerComponentType `json:"type,omitempty"` + + // image defines an image source for a component. The image must contain a + // /capi-operator-installer directory containing the component manifests. + // +optional + Image ClusterAPIInstallerComponentImage `json:"image,omitzero"` +} + +// ImageDigestFormat is a type that conforms to the format host[:port][/namespace]/name@sha256:. +// The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. +// The length of the field must be between 1 to 447 characters. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=447 +// +kubebuilder:validation:XValidation:rule=`(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))`,message="the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long" +// +kubebuilder:validation:XValidation:rule=`(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme" +type ImageDigestFormat string + +// ClusterAPIInstallerComponentImage defines an image source for a component. +type ClusterAPIInstallerComponentImage struct { + // ref is an image reference to the image containing the component manifests. The reference + // must be a valid image digest reference in the format host[:port][/namespace]/name@sha256:. + // The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The length of the field must be between 1 to 447 characters. + // +required + Ref ImageDigestFormat `json:"ref,omitempty"` + + // profile is the name of a profile to use from the image. + // + // A profile name may be up to 255 characters long. It must consist of alphanumeric characters, '-', or '_'. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9-_]+$')",message="profile must consist of alphanumeric characters, '-', or '_'" + Profile string `json:"profile,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterAPIList contains a list of ClusterAPI configurations +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type ClusterAPIList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // items contains the items + Items []ClusterAPI `json:"items"` +} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go index de4c07128..3c3dc8e7a 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go @@ -26,6 +26,219 @@ func (in *BackupJobReference) DeepCopy() *BackupJobReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPI) DeepCopyInto(out *ClusterAPI) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Spec != nil { + in, out := &in.Spec, &out.Spec + *out = new(ClusterAPISpec) + (*in).DeepCopyInto(*out) + } + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPI. +func (in *ClusterAPI) DeepCopy() *ClusterAPI { + if in == nil { + return nil + } + out := new(ClusterAPI) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterAPI) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIInstallerComponent) DeepCopyInto(out *ClusterAPIInstallerComponent) { + *out = *in + out.ClusterAPIInstallerComponentSource = in.ClusterAPIInstallerComponentSource + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIInstallerComponent. +func (in *ClusterAPIInstallerComponent) DeepCopy() *ClusterAPIInstallerComponent { + if in == nil { + return nil + } + out := new(ClusterAPIInstallerComponent) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIInstallerComponentImage) DeepCopyInto(out *ClusterAPIInstallerComponentImage) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIInstallerComponentImage. +func (in *ClusterAPIInstallerComponentImage) DeepCopy() *ClusterAPIInstallerComponentImage { + if in == nil { + return nil + } + out := new(ClusterAPIInstallerComponentImage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIInstallerComponentSource) DeepCopyInto(out *ClusterAPIInstallerComponentSource) { + *out = *in + out.Image = in.Image + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIInstallerComponentSource. +func (in *ClusterAPIInstallerComponentSource) DeepCopy() *ClusterAPIInstallerComponentSource { + if in == nil { + return nil + } + out := new(ClusterAPIInstallerComponentSource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIInstallerRevision) DeepCopyInto(out *ClusterAPIInstallerRevision) { + *out = *in + if in.UnmanagedCustomResourceDefinitions != nil { + in, out := &in.UnmanagedCustomResourceDefinitions, &out.UnmanagedCustomResourceDefinitions + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ManifestSubstitutions != nil { + in, out := &in.ManifestSubstitutions, &out.ManifestSubstitutions + *out = make([]ClusterAPIInstallerRevisionManifestSubstitution, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Components != nil { + in, out := &in.Components, &out.Components + *out = make([]ClusterAPIInstallerComponent, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIInstallerRevision. +func (in *ClusterAPIInstallerRevision) DeepCopy() *ClusterAPIInstallerRevision { + if in == nil { + return nil + } + out := new(ClusterAPIInstallerRevision) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIInstallerRevisionManifestSubstitution) DeepCopyInto(out *ClusterAPIInstallerRevisionManifestSubstitution) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIInstallerRevisionManifestSubstitution. +func (in *ClusterAPIInstallerRevisionManifestSubstitution) DeepCopy() *ClusterAPIInstallerRevisionManifestSubstitution { + if in == nil { + return nil + } + out := new(ClusterAPIInstallerRevisionManifestSubstitution) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIList) DeepCopyInto(out *ClusterAPIList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterAPI, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIList. +func (in *ClusterAPIList) DeepCopy() *ClusterAPIList { + if in == nil { + return nil + } + out := new(ClusterAPIList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterAPIList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPISpec) DeepCopyInto(out *ClusterAPISpec) { + *out = *in + if in.UnmanagedCustomResourceDefinitions != nil { + in, out := &in.UnmanagedCustomResourceDefinitions, &out.UnmanagedCustomResourceDefinitions + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPISpec. +func (in *ClusterAPISpec) DeepCopy() *ClusterAPISpec { + if in == nil { + return nil + } + out := new(ClusterAPISpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIStatus) DeepCopyInto(out *ClusterAPIStatus) { + *out = *in + if in.Revisions != nil { + in, out := &in.Revisions, &out.Revisions + *out = make([]ClusterAPIInstallerRevision, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIStatus. +func (in *ClusterAPIStatus) DeepCopy() *ClusterAPIStatus { + if in == nil { + return nil + } + out := new(ClusterAPIStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterVersionOperator) DeepCopyInto(out *ClusterVersionOperator) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 0d595be80..3ad442d9d 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -1,3 +1,27 @@ +clusterapis.operator.openshift.io: + Annotations: + release.openshift.io/feature-gate: ClusterAPIMachineManagement + ApprovedPRNumber: https://github.com/openshift/api/pull/2564 + CRDName: clusterapis.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - ClusterAPIMachineManagement + FilenameOperatorName: cluster-api + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_30" + GroupName: operator.openshift.io + HasStatus: true + KindName: ClusterAPI + Labels: {} + PluralName: clusterapis + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - ClusterAPIMachineManagement + Version: v1alpha1 + clusterversionoperators.operator.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/2044 diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.model_name.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.model_name.go new file mode 100644 index 000000000..e3fe9897d --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.model_name.go @@ -0,0 +1,191 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1alpha1 + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BackupJobReference) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.BackupJobReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterAPI) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterAPI" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterAPIInstallerComponent) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterAPIInstallerComponentImage) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterAPIInstallerComponentSource) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterAPIInstallerRevision) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterAPIInstallerRevisionManifestSubstitution) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevisionManifestSubstitution" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterAPIList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterAPIList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterAPISpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterAPISpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterAPIStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionOperator) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionOperatorList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionOperatorSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionOperatorStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DelegatedAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.DelegatedAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DelegatedAuthorization) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.DelegatedAuthorization" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdBackup) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.EtcdBackup" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdBackupList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.EtcdBackupList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdBackupSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdBackupStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GenerationHistory) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.GenerationHistory" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GenericOperatorConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.GenericOperatorConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageContentSourcePolicy) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageContentSourcePolicyList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicyList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageContentSourcePolicySpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LoggingConfig) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.LoggingConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.NodeStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OLM) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.OLM" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OLMList) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.OLMList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OLMSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.OLMSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OLMStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.OLMStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorCondition) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.OperatorCondition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.OperatorSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.OperatorStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RepositoryDigestMirrors) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StaticPodOperatorStatus) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.StaticPodOperatorStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VersionAvailability) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1alpha1.VersionAvailability" +} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go index 9060bf998..bf4117768 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go @@ -135,6 +135,100 @@ func (VersionAvailability) SwaggerDoc() map[string]string { return map_VersionAvailability } +var map_ClusterAPI = map[string]string{ + "": "ClusterAPI provides configuration for the capi-operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the capi-operator.", + "status": "status defines the observed status of the capi-operator.", +} + +func (ClusterAPI) SwaggerDoc() map[string]string { + return map_ClusterAPI +} + +var map_ClusterAPIInstallerComponent = map[string]string{ + "": "ClusterAPIInstallerComponent defines a component which will be installed by this revision.", + "name": "name is the human-readable name of the component. The value has no effect, and will not be set if the component does not define a name in its manifests. If set it must consist of alphanumeric characters, or '-', and may not exceed 255 characters.", +} + +func (ClusterAPIInstallerComponent) SwaggerDoc() map[string]string { + return map_ClusterAPIInstallerComponent +} + +var map_ClusterAPIInstallerComponentImage = map[string]string{ + "": "ClusterAPIInstallerComponentImage defines an image source for a component.", + "ref": "ref is an image reference to the image containing the component manifests. The reference must be a valid image digest reference in the format host[:port][/namespace]/name@sha256:. The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the field must be between 1 to 447 characters.", + "profile": "profile is the name of a profile to use from the image.\n\nA profile name may be up to 255 characters long. It must consist of alphanumeric characters, '-', or '_'.", +} + +func (ClusterAPIInstallerComponentImage) SwaggerDoc() map[string]string { + return map_ClusterAPIInstallerComponentImage +} + +var map_ClusterAPIInstallerComponentSource = map[string]string{ + "": "ClusterAPIInstallerComponentSource defines the source of a component which will be installed by this revision.", + "type": "type is the source type of the component. The only valid value is Image. When set to Image, the image field must be set and will define an image source for the component.", + "image": "image defines an image source for a component. The image must contain a /capi-operator-installer directory containing the component manifests.", +} + +func (ClusterAPIInstallerComponentSource) SwaggerDoc() map[string]string { + return map_ClusterAPIInstallerComponentSource +} + +var map_ClusterAPIInstallerRevision = map[string]string{ + "name": "name is the name of a revision.", + "revision": "revision is a monotonically increasing number that is assigned to a revision.", + "contentID": "contentID uniquely identifies the content of this revision. The contentID must be between 1 and 255 characters long.", + "unmanagedCustomResourceDefinitions": "unmanagedCustomResourceDefinitions is a list of the names of ClusterResourceDefinition (CRD) objects which are included in this revision, but which should not be installed or updated. If not set, all CRDs in the revision will be managed by the CAPI operator.", + "manifestSubstitutions": "manifestSubstitutions is a list of envsubst style substitutions which will be applied to manifests in the revision during rendering. If defined it must not be empty, and may not contain more than 32 items. Each manifest substitution must have a unique key.", + "components": "components is a list of components which will be installed by this revision. Components will be installed in the order they are listed. If omitted no components will be installed.\n\nThe maximum number of components is 32.", +} + +func (ClusterAPIInstallerRevision) SwaggerDoc() map[string]string { + return map_ClusterAPIInstallerRevision +} + +var map_ClusterAPIInstallerRevisionManifestSubstitution = map[string]string{ + "": "ClusterAPIInstallerRevisionManifestSubstitution defines an envsubst style substitution which will be applied to manifests in a revision during rendering.", + "key": "key is the name of the envsubst variable to substitute. It must be a valid envsubst variable name, consisting of letters, digits, and underscores, and must start with a letter or underscore. The key must not be empty, and must not exceed 255 characters.", + "value": "value is the value to substitute for the envsubst variable. It may be empty, in which case the variable will be substituted with an empty string. The value must not exceed 4096 characters.", +} + +func (ClusterAPIInstallerRevisionManifestSubstitution) SwaggerDoc() map[string]string { + return map_ClusterAPIInstallerRevisionManifestSubstitution +} + +var map_ClusterAPIList = map[string]string{ + "": "ClusterAPIList contains a list of ClusterAPI configurations\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "items contains the items", +} + +func (ClusterAPIList) SwaggerDoc() map[string]string { + return map_ClusterAPIList +} + +var map_ClusterAPISpec = map[string]string{ + "": "ClusterAPISpec defines the desired configuration of the capi-operator. The spec is required but we deliberately allow it to be empty.", + "unmanagedCustomResourceDefinitions": "unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) names that should not be managed by the capi-operator installer controller. This allows external actors to own specific CRDs while capi-operator manages others.\n\nEach CRD name must be a valid DNS-1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character, with a maximum length of 253 characters. CRD names must contain at least two '.' characters. Example: \"clusters.cluster.x-k8s.io\"\n\nItems cannot be removed from this list once added.\n\nThe maximum number of unmanagedCustomResourceDefinitions is 128.", +} + +func (ClusterAPISpec) SwaggerDoc() map[string]string { + return map_ClusterAPISpec +} + +var map_ClusterAPIStatus = map[string]string{ + "": "ClusterAPIStatus describes the current state of the capi-operator.", + "currentRevision": "currentRevision is the name of the most recently fully applied revision. It is written by the installer controller. If it is absent, it indicates that no revision has been fully applied yet. If set, currentRevision must correspond to an entry in the revisions list.", + "desiredRevision": "desiredRevision is the name of the desired revision. It is written by the revision controller. It must be set to the name of the entry in the revisions list with the highest revision number.", + "revisions": "revisions is a list of all currently active revisions. A revision is active until the installer controller updates currentRevision to a later revision. It is written by the revision controller.\n\nThe maximum number of revisions is 16. All revisions must have a unique name. All revisions must have a unique revision number. When adding a revision, the revision number must be greater than the highest revision number in the list. Revisions are immutable, although they can be deleted.", + "observedRevisionGeneration": "observedRevisionGeneration is the generation of the ClusterAPI object that was last observed by the revision controller. If specified it must be greater than or equal to 1, and less than 2^53. It may not decrease or be unset once set.", +} + +func (ClusterAPIStatus) SwaggerDoc() map[string]string { + return map_ClusterAPIStatus +} + var map_ClusterVersionOperator = map[string]string{ "": "ClusterVersionOperator holds cluster-wide information about the Cluster Version Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", diff --git a/vendor/github.com/openshift/api/route/v1/doc.go b/vendor/github.com/openshift/api/route/v1/doc.go index e56fbbd8d..1fb4d95d4 100644 --- a/vendor/github.com/openshift/api/route/v1/doc.go +++ b/vendor/github.com/openshift/api/route/v1/doc.go @@ -2,6 +2,7 @@ // +k8s:conversion-gen=github.com/openshift/origin/pkg/route/apis/route // +k8s:defaulter-gen=TypeMeta // +k8s:openapi-gen=true +// +k8s:openapi-model-package=com.github.openshift.api.route.v1 // +groupName=route.openshift.io // Package v1 is the v1 version of the API. diff --git a/vendor/github.com/openshift/api/route/v1/generated.pb.go b/vendor/github.com/openshift/api/route/v1/generated.pb.go index 2adcd1cc8..31367ac7e 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/route/v1/generated.pb.go @@ -8,591 +8,45 @@ import ( io "io" - proto "github.com/gogo/protobuf/proto" - k8s_io_api_core_v1 "k8s.io/api/core/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - math "math" math_bits "math/bits" reflect "reflect" strings "strings" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +func (m *LocalObjectReference) Reset() { *m = LocalObjectReference{} } -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package +func (m *Route) Reset() { *m = Route{} } -func (m *LocalObjectReference) Reset() { *m = LocalObjectReference{} } -func (*LocalObjectReference) ProtoMessage() {} -func (*LocalObjectReference) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{0} -} -func (m *LocalObjectReference) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *LocalObjectReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *LocalObjectReference) XXX_Merge(src proto.Message) { - xxx_messageInfo_LocalObjectReference.Merge(m, src) -} -func (m *LocalObjectReference) XXX_Size() int { - return m.Size() -} -func (m *LocalObjectReference) XXX_DiscardUnknown() { - xxx_messageInfo_LocalObjectReference.DiscardUnknown(m) -} +func (m *RouteHTTPHeader) Reset() { *m = RouteHTTPHeader{} } -var xxx_messageInfo_LocalObjectReference proto.InternalMessageInfo +func (m *RouteHTTPHeaderActionUnion) Reset() { *m = RouteHTTPHeaderActionUnion{} } -func (m *Route) Reset() { *m = Route{} } -func (*Route) ProtoMessage() {} -func (*Route) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{1} -} -func (m *Route) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *Route) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *Route) XXX_Merge(src proto.Message) { - xxx_messageInfo_Route.Merge(m, src) -} -func (m *Route) XXX_Size() int { - return m.Size() -} -func (m *Route) XXX_DiscardUnknown() { - xxx_messageInfo_Route.DiscardUnknown(m) -} +func (m *RouteHTTPHeaderActions) Reset() { *m = RouteHTTPHeaderActions{} } -var xxx_messageInfo_Route proto.InternalMessageInfo +func (m *RouteHTTPHeaders) Reset() { *m = RouteHTTPHeaders{} } -func (m *RouteHTTPHeader) Reset() { *m = RouteHTTPHeader{} } -func (*RouteHTTPHeader) ProtoMessage() {} -func (*RouteHTTPHeader) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{2} -} -func (m *RouteHTTPHeader) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteHTTPHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteHTTPHeader) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteHTTPHeader.Merge(m, src) -} -func (m *RouteHTTPHeader) XXX_Size() int { - return m.Size() -} -func (m *RouteHTTPHeader) XXX_DiscardUnknown() { - xxx_messageInfo_RouteHTTPHeader.DiscardUnknown(m) -} +func (m *RouteIngress) Reset() { *m = RouteIngress{} } -var xxx_messageInfo_RouteHTTPHeader proto.InternalMessageInfo +func (m *RouteIngressCondition) Reset() { *m = RouteIngressCondition{} } -func (m *RouteHTTPHeaderActionUnion) Reset() { *m = RouteHTTPHeaderActionUnion{} } -func (*RouteHTTPHeaderActionUnion) ProtoMessage() {} -func (*RouteHTTPHeaderActionUnion) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{3} -} -func (m *RouteHTTPHeaderActionUnion) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteHTTPHeaderActionUnion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteHTTPHeaderActionUnion) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteHTTPHeaderActionUnion.Merge(m, src) -} -func (m *RouteHTTPHeaderActionUnion) XXX_Size() int { - return m.Size() -} -func (m *RouteHTTPHeaderActionUnion) XXX_DiscardUnknown() { - xxx_messageInfo_RouteHTTPHeaderActionUnion.DiscardUnknown(m) -} +func (m *RouteList) Reset() { *m = RouteList{} } -var xxx_messageInfo_RouteHTTPHeaderActionUnion proto.InternalMessageInfo +func (m *RoutePort) Reset() { *m = RoutePort{} } -func (m *RouteHTTPHeaderActions) Reset() { *m = RouteHTTPHeaderActions{} } -func (*RouteHTTPHeaderActions) ProtoMessage() {} -func (*RouteHTTPHeaderActions) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{4} -} -func (m *RouteHTTPHeaderActions) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteHTTPHeaderActions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteHTTPHeaderActions) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteHTTPHeaderActions.Merge(m, src) -} -func (m *RouteHTTPHeaderActions) XXX_Size() int { - return m.Size() -} -func (m *RouteHTTPHeaderActions) XXX_DiscardUnknown() { - xxx_messageInfo_RouteHTTPHeaderActions.DiscardUnknown(m) -} +func (m *RouteSetHTTPHeader) Reset() { *m = RouteSetHTTPHeader{} } -var xxx_messageInfo_RouteHTTPHeaderActions proto.InternalMessageInfo - -func (m *RouteHTTPHeaders) Reset() { *m = RouteHTTPHeaders{} } -func (*RouteHTTPHeaders) ProtoMessage() {} -func (*RouteHTTPHeaders) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{5} -} -func (m *RouteHTTPHeaders) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteHTTPHeaders) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteHTTPHeaders) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteHTTPHeaders.Merge(m, src) -} -func (m *RouteHTTPHeaders) XXX_Size() int { - return m.Size() -} -func (m *RouteHTTPHeaders) XXX_DiscardUnknown() { - xxx_messageInfo_RouteHTTPHeaders.DiscardUnknown(m) -} - -var xxx_messageInfo_RouteHTTPHeaders proto.InternalMessageInfo - -func (m *RouteIngress) Reset() { *m = RouteIngress{} } -func (*RouteIngress) ProtoMessage() {} -func (*RouteIngress) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{6} -} -func (m *RouteIngress) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteIngress) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteIngress) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteIngress.Merge(m, src) -} -func (m *RouteIngress) XXX_Size() int { - return m.Size() -} -func (m *RouteIngress) XXX_DiscardUnknown() { - xxx_messageInfo_RouteIngress.DiscardUnknown(m) -} +func (m *RouteSpec) Reset() { *m = RouteSpec{} } -var xxx_messageInfo_RouteIngress proto.InternalMessageInfo +func (m *RouteStatus) Reset() { *m = RouteStatus{} } -func (m *RouteIngressCondition) Reset() { *m = RouteIngressCondition{} } -func (*RouteIngressCondition) ProtoMessage() {} -func (*RouteIngressCondition) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{7} -} -func (m *RouteIngressCondition) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteIngressCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteIngressCondition) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteIngressCondition.Merge(m, src) -} -func (m *RouteIngressCondition) XXX_Size() int { - return m.Size() -} -func (m *RouteIngressCondition) XXX_DiscardUnknown() { - xxx_messageInfo_RouteIngressCondition.DiscardUnknown(m) -} +func (m *RouteTargetReference) Reset() { *m = RouteTargetReference{} } -var xxx_messageInfo_RouteIngressCondition proto.InternalMessageInfo +func (m *RouterShard) Reset() { *m = RouterShard{} } -func (m *RouteList) Reset() { *m = RouteList{} } -func (*RouteList) ProtoMessage() {} -func (*RouteList) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{8} -} -func (m *RouteList) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteList) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteList.Merge(m, src) -} -func (m *RouteList) XXX_Size() int { - return m.Size() -} -func (m *RouteList) XXX_DiscardUnknown() { - xxx_messageInfo_RouteList.DiscardUnknown(m) -} - -var xxx_messageInfo_RouteList proto.InternalMessageInfo - -func (m *RoutePort) Reset() { *m = RoutePort{} } -func (*RoutePort) ProtoMessage() {} -func (*RoutePort) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{9} -} -func (m *RoutePort) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RoutePort) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RoutePort) XXX_Merge(src proto.Message) { - xxx_messageInfo_RoutePort.Merge(m, src) -} -func (m *RoutePort) XXX_Size() int { - return m.Size() -} -func (m *RoutePort) XXX_DiscardUnknown() { - xxx_messageInfo_RoutePort.DiscardUnknown(m) -} - -var xxx_messageInfo_RoutePort proto.InternalMessageInfo - -func (m *RouteSetHTTPHeader) Reset() { *m = RouteSetHTTPHeader{} } -func (*RouteSetHTTPHeader) ProtoMessage() {} -func (*RouteSetHTTPHeader) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{10} -} -func (m *RouteSetHTTPHeader) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteSetHTTPHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteSetHTTPHeader) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteSetHTTPHeader.Merge(m, src) -} -func (m *RouteSetHTTPHeader) XXX_Size() int { - return m.Size() -} -func (m *RouteSetHTTPHeader) XXX_DiscardUnknown() { - xxx_messageInfo_RouteSetHTTPHeader.DiscardUnknown(m) -} - -var xxx_messageInfo_RouteSetHTTPHeader proto.InternalMessageInfo - -func (m *RouteSpec) Reset() { *m = RouteSpec{} } -func (*RouteSpec) ProtoMessage() {} -func (*RouteSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{11} -} -func (m *RouteSpec) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteSpec) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteSpec.Merge(m, src) -} -func (m *RouteSpec) XXX_Size() int { - return m.Size() -} -func (m *RouteSpec) XXX_DiscardUnknown() { - xxx_messageInfo_RouteSpec.DiscardUnknown(m) -} - -var xxx_messageInfo_RouteSpec proto.InternalMessageInfo - -func (m *RouteStatus) Reset() { *m = RouteStatus{} } -func (*RouteStatus) ProtoMessage() {} -func (*RouteStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{12} -} -func (m *RouteStatus) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteStatus) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteStatus.Merge(m, src) -} -func (m *RouteStatus) XXX_Size() int { - return m.Size() -} -func (m *RouteStatus) XXX_DiscardUnknown() { - xxx_messageInfo_RouteStatus.DiscardUnknown(m) -} - -var xxx_messageInfo_RouteStatus proto.InternalMessageInfo - -func (m *RouteTargetReference) Reset() { *m = RouteTargetReference{} } -func (*RouteTargetReference) ProtoMessage() {} -func (*RouteTargetReference) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{13} -} -func (m *RouteTargetReference) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouteTargetReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouteTargetReference) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteTargetReference.Merge(m, src) -} -func (m *RouteTargetReference) XXX_Size() int { - return m.Size() -} -func (m *RouteTargetReference) XXX_DiscardUnknown() { - xxx_messageInfo_RouteTargetReference.DiscardUnknown(m) -} - -var xxx_messageInfo_RouteTargetReference proto.InternalMessageInfo - -func (m *RouterShard) Reset() { *m = RouterShard{} } -func (*RouterShard) ProtoMessage() {} -func (*RouterShard) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{14} -} -func (m *RouterShard) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *RouterShard) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *RouterShard) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouterShard.Merge(m, src) -} -func (m *RouterShard) XXX_Size() int { - return m.Size() -} -func (m *RouterShard) XXX_DiscardUnknown() { - xxx_messageInfo_RouterShard.DiscardUnknown(m) -} - -var xxx_messageInfo_RouterShard proto.InternalMessageInfo - -func (m *TLSConfig) Reset() { *m = TLSConfig{} } -func (*TLSConfig) ProtoMessage() {} -func (*TLSConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{15} -} -func (m *TLSConfig) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *TLSConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *TLSConfig) XXX_Merge(src proto.Message) { - xxx_messageInfo_TLSConfig.Merge(m, src) -} -func (m *TLSConfig) XXX_Size() int { - return m.Size() -} -func (m *TLSConfig) XXX_DiscardUnknown() { - xxx_messageInfo_TLSConfig.DiscardUnknown(m) -} - -var xxx_messageInfo_TLSConfig proto.InternalMessageInfo - -func init() { - proto.RegisterType((*LocalObjectReference)(nil), "github.com.openshift.api.route.v1.LocalObjectReference") - proto.RegisterType((*Route)(nil), "github.com.openshift.api.route.v1.Route") - proto.RegisterType((*RouteHTTPHeader)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeader") - proto.RegisterType((*RouteHTTPHeaderActionUnion)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaderActionUnion") - proto.RegisterType((*RouteHTTPHeaderActions)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaderActions") - proto.RegisterType((*RouteHTTPHeaders)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaders") - proto.RegisterType((*RouteIngress)(nil), "github.com.openshift.api.route.v1.RouteIngress") - proto.RegisterType((*RouteIngressCondition)(nil), "github.com.openshift.api.route.v1.RouteIngressCondition") - proto.RegisterType((*RouteList)(nil), "github.com.openshift.api.route.v1.RouteList") - proto.RegisterType((*RoutePort)(nil), "github.com.openshift.api.route.v1.RoutePort") - proto.RegisterType((*RouteSetHTTPHeader)(nil), "github.com.openshift.api.route.v1.RouteSetHTTPHeader") - proto.RegisterType((*RouteSpec)(nil), "github.com.openshift.api.route.v1.RouteSpec") - proto.RegisterType((*RouteStatus)(nil), "github.com.openshift.api.route.v1.RouteStatus") - proto.RegisterType((*RouteTargetReference)(nil), "github.com.openshift.api.route.v1.RouteTargetReference") - proto.RegisterType((*RouterShard)(nil), "github.com.openshift.api.route.v1.RouterShard") - proto.RegisterType((*TLSConfig)(nil), "github.com.openshift.api.route.v1.TLSConfig") -} - -func init() { - proto.RegisterFile("github.com/openshift/api/route/v1/generated.proto", fileDescriptor_373b8fa7ff738721) -} - -var fileDescriptor_373b8fa7ff738721 = []byte{ - // 1420 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x58, 0xdd, 0x6e, 0x13, 0xc7, - 0x17, 0xcf, 0xc6, 0x76, 0x1c, 0x8f, 0xf9, 0x1c, 0xbe, 0x4c, 0x24, 0x6c, 0xd8, 0xbf, 0xf4, 0x17, - 0x54, 0x74, 0xdd, 0x04, 0x68, 0x41, 0x15, 0x17, 0x6c, 0x40, 0x10, 0x30, 0x21, 0x1a, 0xbb, 0xa0, - 0x22, 0x2a, 0x75, 0xb2, 0x3b, 0xb6, 0xa7, 0xb1, 0x67, 0x97, 0x99, 0x71, 0x20, 0x37, 0x15, 0x6a, - 0x5f, 0x80, 0xde, 0xf6, 0x15, 0xaa, 0xde, 0xf7, 0x11, 0xb8, 0xe4, 0x92, 0xde, 0x58, 0x8d, 0x7b, - 0xd9, 0x37, 0xc8, 0x55, 0x35, 0xb3, 0xe3, 0xdd, 0xb5, 0x63, 0x13, 0x07, 0xf5, 0xce, 0x7b, 0xce, - 0xf9, 0xfd, 0xce, 0xc7, 0x9c, 0x39, 0x67, 0x12, 0xb0, 0xdc, 0xa2, 0xb2, 0xdd, 0xdb, 0x74, 0xbc, - 0xa0, 0x5b, 0x0d, 0x42, 0xc2, 0x44, 0x9b, 0x36, 0x65, 0x15, 0x87, 0xb4, 0xca, 0x83, 0x9e, 0x24, - 0xd5, 0xed, 0xe5, 0x6a, 0x8b, 0x30, 0xc2, 0xb1, 0x24, 0xbe, 0x13, 0xf2, 0x40, 0x06, 0xf0, 0x52, - 0x02, 0x71, 0x62, 0x88, 0x83, 0x43, 0xea, 0x68, 0x88, 0xb3, 0xbd, 0xbc, 0xf4, 0x79, 0x8a, 0xb5, - 0x15, 0xb4, 0x82, 0xaa, 0x46, 0x6e, 0xf6, 0x9a, 0xfa, 0x4b, 0x7f, 0xe8, 0x5f, 0x11, 0xe3, 0x92, - 0xbd, 0x75, 0x53, 0x38, 0x34, 0xd0, 0x6e, 0xbd, 0x80, 0x4f, 0xf2, 0xba, 0x74, 0x3d, 0xb1, 0xe9, - 0x62, 0xaf, 0x4d, 0x19, 0xe1, 0x3b, 0xd5, 0x70, 0xab, 0xa5, 0x04, 0xa2, 0xda, 0x25, 0x12, 0x4f, - 0x42, 0x7d, 0x39, 0x0d, 0xc5, 0x7b, 0x4c, 0xd2, 0x2e, 0xa9, 0x0a, 0xaf, 0x4d, 0xba, 0x78, 0x1f, - 0xee, 0xda, 0x34, 0x5c, 0x4f, 0xd2, 0x4e, 0x95, 0x32, 0x29, 0x24, 0x1f, 0x07, 0xd9, 0x37, 0xc1, - 0xe9, 0x5a, 0xe0, 0xe1, 0xce, 0x93, 0xcd, 0x1f, 0x88, 0x27, 0x11, 0x69, 0x12, 0x4e, 0x98, 0x47, - 0xe0, 0x45, 0x90, 0x65, 0xb8, 0x4b, 0x4a, 0xd6, 0x45, 0xeb, 0x72, 0xc1, 0x3d, 0xf2, 0xae, 0x5f, - 0x99, 0x1b, 0xf4, 0x2b, 0xd9, 0x75, 0xdc, 0x25, 0x48, 0x6b, 0xec, 0x5f, 0xe6, 0x41, 0x0e, 0xa9, - 0xe2, 0xc1, 0xef, 0xc1, 0xa2, 0xca, 0xc5, 0xc7, 0x12, 0x6b, 0xfb, 0xe2, 0xca, 0x17, 0x4e, 0x14, - 0x8b, 0x93, 0x8e, 0xc5, 0x09, 0xb7, 0x5a, 0x4a, 0x20, 0x1c, 0x65, 0xed, 0x6c, 0x2f, 0x3b, 0x91, - 0xd3, 0xc7, 0x44, 0x62, 0x17, 0x1a, 0x0f, 0x20, 0x91, 0xa1, 0x98, 0x15, 0xae, 0x83, 0xac, 0x08, - 0x89, 0x57, 0x9a, 0xd7, 0xec, 0x57, 0x9d, 0x03, 0x4f, 0xd3, 0xd1, 0x91, 0xd5, 0x43, 0xe2, 0x25, - 0xb1, 0xab, 0x2f, 0xa4, 0x79, 0xe0, 0x53, 0xb0, 0x20, 0x24, 0x96, 0x3d, 0x51, 0xca, 0x68, 0x46, - 0x67, 0x66, 0x46, 0x8d, 0x72, 0x8f, 0x19, 0xce, 0x85, 0xe8, 0x1b, 0x19, 0x36, 0xfb, 0x57, 0x0b, - 0x1c, 0xd7, 0x76, 0x0f, 0x1a, 0x8d, 0x8d, 0x07, 0x04, 0xfb, 0x84, 0x1f, 0x5c, 0x49, 0x48, 0xc0, - 0x02, 0xf6, 0x24, 0x0d, 0x98, 0xc9, 0xef, 0xf6, 0xac, 0xd1, 0x24, 0x5e, 0xee, 0x68, 0xfc, 0x37, - 0x8c, 0x06, 0x2c, 0x09, 0x2e, 0x12, 0x22, 0x43, 0x6e, 0xff, 0x6e, 0x81, 0xa5, 0xe9, 0x30, 0x78, - 0x1b, 0x64, 0xe5, 0x4e, 0x38, 0x8c, 0xf3, 0xca, 0x30, 0xce, 0xc6, 0x4e, 0x48, 0xf6, 0xfa, 0x95, - 0xf3, 0x13, 0x91, 0x4a, 0x89, 0x34, 0x0c, 0x6e, 0x80, 0x8c, 0x20, 0xd2, 0x64, 0x70, 0x63, 0xe6, - 0x7a, 0x12, 0x99, 0x70, 0xba, 0xf9, 0x41, 0xbf, 0x92, 0xa9, 0x13, 0x89, 0x14, 0x95, 0xfd, 0xa7, - 0x05, 0xce, 0x4e, 0xf4, 0x2a, 0x54, 0xc7, 0x71, 0x22, 0xc2, 0x80, 0x09, 0x15, 0x6f, 0xe6, 0x72, - 0x71, 0x65, 0xe5, 0xf0, 0x35, 0x73, 0x4f, 0x98, 0x1c, 0x17, 0x91, 0xe1, 0x42, 0x31, 0x2b, 0xfc, - 0x0e, 0xe4, 0x39, 0x79, 0xd9, 0x23, 0x42, 0xa5, 0xf4, 0xa9, 0x0e, 0x8e, 0x1b, 0x07, 0x79, 0x14, - 0x51, 0xa1, 0x21, 0xa7, 0xfd, 0x1a, 0x9c, 0x18, 0x33, 0x16, 0xd0, 0x07, 0xf9, 0xe8, 0xa4, 0x84, - 0xb9, 0x45, 0xb7, 0x3e, 0xb5, 0x0f, 0x44, 0xe2, 0xd9, 0x08, 0xd0, 0x90, 0xda, 0xfe, 0x39, 0x03, - 0x8e, 0x68, 0xd0, 0x1a, 0x6b, 0x71, 0x22, 0x84, 0xea, 0xcf, 0x76, 0x20, 0xe4, 0x78, 0x7f, 0x3e, - 0x08, 0x84, 0x44, 0x5a, 0x03, 0x57, 0x00, 0xd0, 0xfe, 0xb8, 0xea, 0x59, 0x7d, 0xc2, 0x85, 0xe4, - 0xbe, 0xa2, 0x58, 0x83, 0x52, 0x56, 0xb0, 0x03, 0x80, 0x17, 0x30, 0x9f, 0x46, 0xf9, 0x64, 0x74, - 0x09, 0x6f, 0xce, 0x9a, 0x8f, 0x09, 0x6d, 0x75, 0x48, 0x90, 0x78, 0x8b, 0x45, 0x02, 0xa5, 0xf8, - 0x61, 0x03, 0x1c, 0x7b, 0x45, 0x3b, 0xbe, 0x87, 0xb9, 0xbf, 0x11, 0x74, 0xa8, 0xb7, 0x53, 0xca, - 0xea, 0x28, 0xaf, 0x1a, 0xdc, 0xb1, 0x67, 0x23, 0xda, 0xbd, 0x7e, 0x05, 0x8e, 0x4a, 0x74, 0x23, - 0x8f, 0x71, 0xc0, 0x6f, 0xc1, 0xb9, 0x28, 0xa3, 0x55, 0xcc, 0x02, 0x46, 0x3d, 0xdc, 0x51, 0x45, - 0xd1, 0x97, 0x39, 0xa7, 0xe9, 0x2b, 0x86, 0xfe, 0x1c, 0x9a, 0x6c, 0x86, 0xa6, 0xe1, 0xed, 0x7f, - 0xe6, 0xc1, 0x99, 0x89, 0xa9, 0xce, 0x74, 0x0d, 0xc7, 0x41, 0xa9, 0x6b, 0x58, 0x8b, 0x27, 0x5b, - 0x74, 0x4e, 0xd7, 0x47, 0x27, 0xd5, 0x5e, 0xbf, 0x32, 0x61, 0x71, 0x39, 0x31, 0xd3, 0xe8, 0x3c, - 0x83, 0xff, 0x07, 0x0b, 0x9c, 0x60, 0x11, 0x30, 0x3d, 0x27, 0x0b, 0xc9, 0x68, 0x41, 0x5a, 0x8a, - 0x8c, 0x16, 0x5e, 0x01, 0xf9, 0x2e, 0x11, 0x02, 0xb7, 0x88, 0x29, 0x7c, 0xdc, 0x7f, 0x8f, 0x23, - 0x31, 0x1a, 0xea, 0x21, 0x07, 0xb0, 0x83, 0x85, 0x6c, 0x70, 0xcc, 0x44, 0x14, 0x3c, 0x35, 0xf5, - 0x2c, 0xae, 0x7c, 0x36, 0xdb, 0xda, 0x50, 0x08, 0xf7, 0xec, 0xa0, 0x5f, 0x81, 0xb5, 0x7d, 0x4c, - 0x68, 0x02, 0xbb, 0xfd, 0x87, 0x05, 0x0a, 0xba, 0x70, 0x35, 0x2a, 0x24, 0x7c, 0xb1, 0x6f, 0x5d, - 0x39, 0xb3, 0xf9, 0x55, 0x68, 0xbd, 0xac, 0xe2, 0xc1, 0x31, 0x94, 0xa4, 0x56, 0xd5, 0x63, 0x90, - 0xa3, 0x92, 0x74, 0x85, 0x19, 0x1b, 0x97, 0x67, 0xed, 0x79, 0xf7, 0xa8, 0x21, 0xcd, 0xad, 0x29, - 0x38, 0x8a, 0x58, 0xec, 0x97, 0x26, 0xf2, 0x8d, 0x80, 0x4b, 0xe8, 0x03, 0x20, 0x31, 0x6f, 0x11, - 0xa9, 0xbe, 0x0e, 0x5c, 0xb5, 0x6a, 0xed, 0x3b, 0xd1, 0xda, 0x77, 0xd6, 0x98, 0x7c, 0xc2, 0xeb, - 0x92, 0x53, 0xd6, 0x4a, 0x2e, 0x53, 0x23, 0xe6, 0x42, 0x29, 0x5e, 0xfb, 0x16, 0x80, 0xfb, 0x67, - 0x33, 0xfc, 0x1f, 0xc8, 0x6d, 0xe3, 0x4e, 0x6f, 0xd8, 0x98, 0x71, 0xb4, 0x4f, 0x95, 0x10, 0x45, - 0x3a, 0xfb, 0xb7, 0x9c, 0x09, 0x57, 0xed, 0xda, 0x19, 0x26, 0x4b, 0x15, 0x14, 0x44, 0x6f, 0xd3, - 0x0f, 0xba, 0x98, 0xb2, 0xd2, 0xa2, 0x36, 0x3b, 0x69, 0xcc, 0x0a, 0xf5, 0xa1, 0x02, 0x25, 0x36, - 0x8a, 0x32, 0xc4, 0xb2, 0x6d, 0x9a, 0x3b, 0xa6, 0xdc, 0xc0, 0xb2, 0x8d, 0xb4, 0x06, 0xd6, 0xc1, - 0xbc, 0x0c, 0xcc, 0x5a, 0xff, 0x6a, 0xd6, 0xe2, 0x47, 0x95, 0x88, 0x5f, 0x3f, 0x2e, 0x30, 0xc4, - 0xf3, 0x8d, 0x00, 0xcd, 0xcb, 0x00, 0xbe, 0xb1, 0xc0, 0x49, 0xdc, 0x91, 0x84, 0x33, 0x2c, 0x89, - 0x8b, 0xbd, 0x2d, 0xc2, 0x7c, 0x51, 0xca, 0xea, 0x13, 0xfe, 0x64, 0x27, 0xe7, 0x8d, 0x93, 0x93, - 0x77, 0xc6, 0x99, 0xd1, 0x7e, 0x67, 0xf0, 0x21, 0xc8, 0x86, 0xea, 0xd4, 0x73, 0x87, 0x7b, 0x02, - 0xa9, 0x13, 0x75, 0x17, 0x75, 0x8d, 0xd4, 0x39, 0x6b, 0x0e, 0x78, 0x1f, 0x64, 0x64, 0x47, 0x94, - 0x16, 0x66, 0xa6, 0x6a, 0xd4, 0xea, 0xab, 0x01, 0x6b, 0xd2, 0x56, 0xb4, 0xa2, 0x1b, 0xb5, 0x3a, - 0x52, 0x0c, 0x13, 0xe6, 0x6e, 0xfe, 0x3f, 0x98, 0xbb, 0x4d, 0x50, 0x6c, 0x4b, 0x19, 0x9a, 0xbd, - 0x58, 0x2a, 0xe8, 0x30, 0xaf, 0x1d, 0x7e, 0x19, 0x0a, 0xf7, 0xf8, 0xa0, 0x5f, 0x29, 0xa6, 0x04, - 0x28, 0x4d, 0x6c, 0x53, 0x50, 0x4c, 0x3d, 0xea, 0xe0, 0x73, 0x90, 0xa7, 0xd1, 0x60, 0x35, 0x6f, - 0x8a, 0xea, 0x21, 0xf7, 0x55, 0x32, 0xf5, 0x8c, 0x00, 0x0d, 0x09, 0xed, 0x1f, 0xc1, 0xe9, 0x49, - 0x3d, 0xa0, 0xfa, 0x79, 0x8b, 0x32, 0x7f, 0xfc, 0x8a, 0x3c, 0xa2, 0xcc, 0x47, 0x5a, 0x13, 0x3f, - 0x1f, 0xe7, 0xa7, 0x3e, 0x1f, 0x6d, 0xb0, 0xf0, 0x8a, 0xd0, 0x56, 0x5b, 0xea, 0xae, 0xcf, 0xb9, - 0x40, 0x0d, 0xe8, 0x67, 0x5a, 0x82, 0x8c, 0xc6, 0x0e, 0x4c, 0xaa, 0xbc, 0xde, 0xc6, 0xdc, 0xd7, - 0xf7, 0x4e, 0xfd, 0x58, 0x4f, 0x1e, 0xa6, 0xc9, 0xbd, 0x1b, 0x2a, 0x50, 0x62, 0xa3, 0x00, 0x3e, - 0x13, 0xf5, 0x5e, 0xb3, 0x49, 0x5f, 0x9b, 0x50, 0x62, 0xc0, 0xdd, 0xf5, 0x7a, 0xa4, 0x40, 0x89, - 0x8d, 0xbd, 0x9b, 0x05, 0x85, 0xb8, 0x6b, 0xe0, 0x23, 0x50, 0x94, 0x84, 0x77, 0x29, 0xc3, 0xfa, - 0x99, 0x3b, 0xba, 0xdb, 0x8a, 0x8d, 0x44, 0xa5, 0x3a, 0xa4, 0x51, 0xab, 0xa7, 0x24, 0xba, 0x43, - 0xd2, 0x68, 0x78, 0x03, 0x14, 0x3d, 0xc2, 0x25, 0x6d, 0x52, 0x0f, 0xcb, 0x61, 0x61, 0x4e, 0x0d, - 0xc9, 0x56, 0x13, 0x15, 0x4a, 0xdb, 0xc1, 0x0b, 0x20, 0xb3, 0x45, 0x76, 0xcc, 0x22, 0x2b, 0x1a, - 0xf3, 0xcc, 0x23, 0xb2, 0x83, 0x94, 0x1c, 0x7e, 0x0d, 0x8e, 0x7a, 0x38, 0x05, 0x36, 0x8b, 0xec, - 0x8c, 0x31, 0x3c, 0xba, 0x7a, 0x27, 0xcd, 0x3c, 0x6a, 0x0b, 0x5f, 0x80, 0x92, 0x4f, 0x84, 0x34, - 0x11, 0x8e, 0x98, 0x9a, 0xa7, 0xc2, 0x45, 0xc3, 0x53, 0xba, 0x3b, 0xc5, 0x0e, 0x4d, 0x65, 0x80, - 0x6f, 0x2d, 0x70, 0x81, 0x32, 0x41, 0xbc, 0x1e, 0x27, 0xf7, 0xfc, 0x16, 0x49, 0x55, 0xc7, 0xdc, - 0xba, 0x05, 0xed, 0xe3, 0xa1, 0xf1, 0x71, 0x61, 0xed, 0x63, 0xc6, 0x7b, 0xfd, 0xca, 0xa5, 0x8f, - 0x1a, 0xe8, 0x8a, 0x7f, 0xdc, 0x21, 0xfc, 0xc9, 0x02, 0xa7, 0xc8, 0x6b, 0x3d, 0xa3, 0x3a, 0xe9, - 0x64, 0xf3, 0x33, 0xcf, 0xdd, 0x49, 0x7f, 0x75, 0xba, 0xe7, 0x06, 0xfd, 0xca, 0xa9, 0x7b, 0xfb, - 0x79, 0xd1, 0x24, 0x67, 0xee, 0xfd, 0x77, 0xbb, 0xe5, 0xb9, 0xf7, 0xbb, 0xe5, 0xb9, 0x0f, 0xbb, - 0xe5, 0xb9, 0x37, 0x83, 0xb2, 0xf5, 0x6e, 0x50, 0xb6, 0xde, 0x0f, 0xca, 0xd6, 0x87, 0x41, 0xd9, - 0xfa, 0x6b, 0x50, 0xb6, 0xde, 0xfe, 0x5d, 0x9e, 0x7b, 0x7e, 0xe9, 0xc0, 0xff, 0x16, 0xfc, 0x1b, - 0x00, 0x00, 0xff, 0xff, 0x62, 0x5d, 0xac, 0x2e, 0x51, 0x10, 0x00, 0x00, -} +func (m *TLSConfig) Reset() { *m = TLSConfig{} } func (m *LocalObjectReference) Marshal() (dAtA []byte, err error) { size := m.Size() diff --git a/vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go b/vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go new file mode 100644 index 000000000..97af0f183 --- /dev/null +++ b/vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go @@ -0,0 +1,38 @@ +//go:build kubernetes_protomessage_one_more_release +// +build kubernetes_protomessage_one_more_release + +// Code generated by go-to-protobuf. DO NOT EDIT. + +package v1 + +func (*LocalObjectReference) ProtoMessage() {} + +func (*Route) ProtoMessage() {} + +func (*RouteHTTPHeader) ProtoMessage() {} + +func (*RouteHTTPHeaderActionUnion) ProtoMessage() {} + +func (*RouteHTTPHeaderActions) ProtoMessage() {} + +func (*RouteHTTPHeaders) ProtoMessage() {} + +func (*RouteIngress) ProtoMessage() {} + +func (*RouteIngressCondition) ProtoMessage() {} + +func (*RouteList) ProtoMessage() {} + +func (*RoutePort) ProtoMessage() {} + +func (*RouteSetHTTPHeader) ProtoMessage() {} + +func (*RouteSpec) ProtoMessage() {} + +func (*RouteStatus) ProtoMessage() {} + +func (*RouteTargetReference) ProtoMessage() {} + +func (*RouterShard) ProtoMessage() {} + +func (*TLSConfig) ProtoMessage() {} diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/route/v1/zz_generated.model_name.go new file mode 100644 index 000000000..cbdd33762 --- /dev/null +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.model_name.go @@ -0,0 +1,86 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1 + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LocalObjectReference) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.LocalObjectReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Route) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.Route" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteHTTPHeader) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteHTTPHeader" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteHTTPHeaderActionUnion) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteHTTPHeaderActions) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteHTTPHeaderActions" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteHTTPHeaders) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteHTTPHeaders" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteIngress) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteIngress" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteIngressCondition) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteIngressCondition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteList) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RoutePort) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RoutePort" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteSetHTTPHeader) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteSetHTTPHeader" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteSpec) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteStatus) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouteTargetReference) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouteTargetReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RouterShard) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.RouterShard" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TLSConfig) OpenAPIModelName() string { + return "com.github.openshift.api.route.v1.TLSConfig" +} diff --git a/vendor/k8s.io/klog/v2/README.md b/vendor/k8s.io/klog/v2/README.md index d45cbe172..a680beb40 100644 --- a/vendor/k8s.io/klog/v2/README.md +++ b/vendor/k8s.io/klog/v2/README.md @@ -48,8 +48,6 @@ How to use klog - For more logging conventions (See [Logging Conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md)) - See our documentation on [pkg.go.dev/k8s.io](https://pkg.go.dev/k8s.io/klog). -**NOTE**: please use the newer go versions that support semantic import versioning in modules, ideally go 1.11.4 or greater. - ### Coexisting with klog/v2 See [this example](examples/coexist_klog_v1_and_v2/) to see how to coexist with both klog/v1 and klog/v2. diff --git a/vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go b/vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go index d1a4751c9..73f91ea50 100644 --- a/vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go +++ b/vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go @@ -20,7 +20,9 @@ import ( "bytes" "encoding/json" "fmt" + "slices" "strconv" + "strings" "github.com/go-logr/logr" ) @@ -51,139 +53,157 @@ func WithValues(oldKV, newKV []interface{}) []interface{} { return kv } -// MergeKVs deduplicates elements provided in two key/value slices. -// -// Keys in each slice are expected to be unique, so duplicates can only occur -// when the first and second slice contain the same key. When that happens, the -// key/value pair from the second slice is used. The first slice must be well-formed -// (= even key/value pairs). The second one may have a missing value, in which -// case the special "missing value" is added to the result. -func MergeKVs(first, second []interface{}) []interface{} { - maxLength := len(first) + (len(second)+1)/2*2 - if maxLength == 0 { - // Nothing to do at all. - return nil - } - - if len(first) == 0 && len(second)%2 == 0 { - // Nothing to be overridden, second slice is well-formed - // and can be used directly. - return second - } - - // Determine which keys are in the second slice so that we can skip - // them when iterating over the first one. The code intentionally - // favors performance over completeness: we assume that keys are string - // constants and thus compare equal when the string values are equal. A - // string constant being overridden by, for example, a fmt.Stringer is - // not handled. - overrides := map[interface{}]bool{} - for i := 0; i < len(second); i += 2 { - overrides[second[i]] = true - } - merged := make([]interface{}, 0, maxLength) - for i := 0; i+1 < len(first); i += 2 { - key := first[i] - if overrides[key] { - continue - } - merged = append(merged, key, first[i+1]) - } - merged = append(merged, second...) - if len(merged)%2 != 0 { - merged = append(merged, missingValue) - } - return merged -} - type Formatter struct { AnyToStringHook AnyToStringFunc } type AnyToStringFunc func(v interface{}) string -// MergeKVsInto is a variant of MergeKVs which directly formats the key/value -// pairs into a buffer. -func (f Formatter) MergeAndFormatKVs(b *bytes.Buffer, first, second []interface{}) { - if len(first) == 0 && len(second) == 0 { - // Nothing to do at all. - return - } +const missingValue = "(MISSING)" - if len(first) == 0 && len(second)%2 == 0 { - // Nothing to be overridden, second slice is well-formed - // and can be used directly. - for i := 0; i < len(second); i += 2 { - f.KVFormat(b, second[i], second[i+1]) - } - return - } +func FormatKVs(b *bytes.Buffer, kvs ...[]interface{}) { + Formatter{}.FormatKVs(b, kvs...) +} - // Determine which keys are in the second slice so that we can skip - // them when iterating over the first one. The code intentionally - // favors performance over completeness: we assume that keys are string - // constants and thus compare equal when the string values are equal. A - // string constant being overridden by, for example, a fmt.Stringer is - // not handled. - overrides := map[interface{}]bool{} - for i := 0; i < len(second); i += 2 { - overrides[second[i]] = true - } - for i := 0; i < len(first); i += 2 { - key := first[i] - if overrides[key] { - continue +// FormatKVs formats all key/value pairs such that the output contains no +// duplicates ("last one wins"). +func (f Formatter) FormatKVs(b *bytes.Buffer, kvs ...[]interface{}) { + // De-duplication is done by optimistically formatting all key value + // pairs and then cutting out the output of those key/value pairs which + // got overwritten later. + // + // In the common case of no duplicates, the only overhead is tracking + // previous keys. This uses a slice with a simple linear search because + // the number of entries is typically so low that allocating a map or + // keeping a sorted slice with binary search aren't justified. + // + // Using a fixed size here makes the Go compiler use the stack as + // initial backing store for the slice, which is crucial for + // performance. + existing := make([]obsoleteKV, 0, 32) + obsolete := make([]interval, 0, 32) // Sorted by start index. + for _, keysAndValues := range kvs { + for i := 0; i < len(keysAndValues); i += 2 { + var v interface{} + k := keysAndValues[i] + if i+1 < len(keysAndValues) { + v = keysAndValues[i+1] + } else { + v = missingValue + } + var e obsoleteKV + e.start = b.Len() + e.key = f.KVFormat(b, k, v) + e.end = b.Len() + i := findObsoleteEntry(existing, e.key) + if i >= 0 { + data := b.Bytes() + if bytes.Compare(data[existing[i].start:existing[i].end], data[e.start:e.end]) == 0 { + // The new entry gets obsoleted because it's identical. + // This has the advantage that key/value pairs from + // a WithValues call always come first, even if the same + // pair gets added again later. This makes different log + // entries more consistent. + // + // The new entry has a higher start index and thus can be appended. + obsolete = append(obsolete, e.interval) + } else { + // The old entry gets obsoleted because it's value is different. + // + // Sort order is not guaranteed, we have to insert at the right place. + index, _ := slices.BinarySearchFunc(obsolete, existing[i].interval, func(a, b interval) int { return a.start - b.start }) + obsolete = slices.Insert(obsolete, index, existing[i].interval) + existing[i].interval = e.interval + } + } else { + // Instead of appending at the end and doing a + // linear search in findEntry, we could keep + // the slice sorted by key and do a binary search. + // + // Above: + // i, ok := slices.BinarySearchFunc(existing, e, func(a, b entry) int { return strings.Compare(a.key, b.key) }) + // Here: + // existing = slices.Insert(existing, i, e) + // + // But that adds a dependency on the slices package + // and made performance slightly worse, presumably + // because the cost of shifting entries around + // did not pay of with faster lookups. + existing = append(existing, e) + } } - f.KVFormat(b, key, first[i+1]) } - // Round down. - l := len(second) - l = l / 2 * 2 - for i := 1; i < l; i += 2 { - f.KVFormat(b, second[i-1], second[i]) - } - if len(second)%2 == 1 { - f.KVFormat(b, second[len(second)-1], missingValue) - } -} -func MergeAndFormatKVs(b *bytes.Buffer, first, second []interface{}) { - Formatter{}.MergeAndFormatKVs(b, first, second) -} + // If we need to remove some obsolete key/value pairs then move the memory. + if len(obsolete) > 0 { + // Potentially the next remaining output (might itself be obsolete). + from := obsolete[0].end + // Next obsolete entry. + nextObsolete := 1 + // This is the source buffer, before truncation. + all := b.Bytes() + b.Truncate(obsolete[0].start) -const missingValue = "(MISSING)" + for nextObsolete < len(obsolete) { + if from == obsolete[nextObsolete].start { + // Skip also the next obsolete key/value. + from = obsolete[nextObsolete].end + nextObsolete++ + continue + } -// KVListFormat serializes all key/value pairs into the provided buffer. -// A space gets inserted before the first pair and between each pair. -func (f Formatter) KVListFormat(b *bytes.Buffer, keysAndValues ...interface{}) { - for i := 0; i < len(keysAndValues); i += 2 { - var v interface{} - k := keysAndValues[i] - if i+1 < len(keysAndValues) { - v = keysAndValues[i+1] - } else { - v = missingValue + // Preserve some output. Write uses copy, which + // explicitly allows source and destination to overlap. + // That could happen here. + valid := all[from:obsolete[nextObsolete].start] + b.Write(valid) + from = obsolete[nextObsolete].end + nextObsolete++ } - f.KVFormat(b, k, v) + // Copy end of buffer. + valid := all[from:] + b.Write(valid) } } -func KVListFormat(b *bytes.Buffer, keysAndValues ...interface{}) { - Formatter{}.KVListFormat(b, keysAndValues...) +type obsoleteKV struct { + key string + interval +} + +// interval includes the start and excludes the end. +type interval struct { + start int + end int } -func KVFormat(b *bytes.Buffer, k, v interface{}) { - Formatter{}.KVFormat(b, k, v) +func findObsoleteEntry(entries []obsoleteKV, key string) int { + for i, entry := range entries { + if entry.key == key { + return i + } + } + return -1 } // formatAny is the fallback formatter for a value. It supports a hook (for // example, for YAML encoding) and itself uses JSON encoding. func (f Formatter) formatAny(b *bytes.Buffer, v interface{}) { - b.WriteRune('=') if f.AnyToStringHook != nil { - b.WriteString(f.AnyToStringHook(v)) + str := f.AnyToStringHook(v) + if strings.Contains(str, "\n") { + // If it's multi-line, then pass it through writeStringValue to get start/end delimiters, + // which separates it better from any following key/value pair. + writeStringValue(b, str) + return + } + // Otherwise put it directly after the separator, on the same lime, + // The assumption is that the hook returns something where start/end are obvious. + b.WriteRune('=') + b.WriteString(str) return } + b.WriteRune('=') formatAsJSON(b, v) } diff --git a/vendor/k8s.io/klog/v2/internal/serialize/keyvalues_no_slog.go b/vendor/k8s.io/klog/v2/internal/serialize/keyvalues_no_slog.go index d9c7d1546..b8c7e443d 100644 --- a/vendor/k8s.io/klog/v2/internal/serialize/keyvalues_no_slog.go +++ b/vendor/k8s.io/klog/v2/internal/serialize/keyvalues_no_slog.go @@ -28,7 +28,7 @@ import ( // KVFormat serializes one key/value pair into the provided buffer. // A space gets inserted before the pair. -func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) { +func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) string { // This is the version without slog support. Must be kept in sync with // the version in keyvalues_slog.go. @@ -37,13 +37,15 @@ func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) { // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/migration-to-structured-logging.md#name-arguments // for the sake of performance. Keys with spaces, // special characters, etc. will break parsing. + var key string if sK, ok := k.(string); ok { // Avoid one allocation when the key is a string, which // normally it should be. - b.WriteString(sK) + key = sK } else { - b.WriteString(fmt.Sprintf("%s", k)) + key = fmt.Sprintf("%s", k) } + b.WriteString(key) // The type checks are sorted so that more frequently used ones // come first because that is then faster in the common @@ -94,4 +96,6 @@ func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) { default: f.formatAny(b, v) } + + return key } diff --git a/vendor/k8s.io/klog/v2/internal/serialize/keyvalues_slog.go b/vendor/k8s.io/klog/v2/internal/serialize/keyvalues_slog.go index 89acf9772..8e0084364 100644 --- a/vendor/k8s.io/klog/v2/internal/serialize/keyvalues_slog.go +++ b/vendor/k8s.io/klog/v2/internal/serialize/keyvalues_slog.go @@ -29,8 +29,8 @@ import ( ) // KVFormat serializes one key/value pair into the provided buffer. -// A space gets inserted before the pair. -func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) { +// A space gets inserted before the pair. It returns the key. +func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) string { // This is the version without slog support. Must be kept in sync with // the version in keyvalues_slog.go. @@ -39,13 +39,15 @@ func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) { // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/migration-to-structured-logging.md#name-arguments // for the sake of performance. Keys with spaces, // special characters, etc. will break parsing. + var key string if sK, ok := k.(string); ok { // Avoid one allocation when the key is a string, which // normally it should be. - b.WriteString(sK) + key = sK } else { - b.WriteString(fmt.Sprintf("%s", k)) + key = fmt.Sprintf("%s", k) } + b.WriteString(key) // The type checks are sorted so that more frequently used ones // come first because that is then faster in the common @@ -112,6 +114,8 @@ func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) { default: f.formatAny(b, v) } + + return key } // generateJSON has the same preference for plain strings as KVFormat. diff --git a/vendor/k8s.io/klog/v2/klog.go b/vendor/k8s.io/klog/v2/klog.go index 47ec9466a..319ffbe24 100644 --- a/vendor/k8s.io/klog/v2/klog.go +++ b/vendor/k8s.io/klog/v2/klog.go @@ -58,15 +58,30 @@ // // -logtostderr=true // Logs are written to standard error instead of to files. -// This shortcuts most of the usual output routing: -// -alsologtostderr, -stderrthreshold and -log_dir have no -// effect and output redirection at runtime with SetOutput is -// ignored. +// By default, all logs are written regardless of severity +// (legacy behavior). To filter logs by severity when +// -logtostderr=true, set -legacy_stderr_threshold_behavior=false +// and use -stderrthreshold. +// With -legacy_stderr_threshold_behavior=true, +// -stderrthreshold has no effect. +// +// The following flags always have no effect: +// -alsologtostderr, -alsologtostderrthreshold, and -log_dir. +// Output redirection at runtime with SetOutput is also ignored. // -alsologtostderr=false // Logs are written to standard error as well as to files. +// -alsologtostderrthreshold=INFO +// Log events at or above this severity are logged to standard +// error when -alsologtostderr=true (no effect when -logtostderr=true). +// Default is INFO to maintain backward compatibility. // -stderrthreshold=ERROR // Log events at or above this severity are logged to standard -// error as well as to files. +// error as well as to files. When -logtostderr=true, this flag +// has no effect unless -legacy_stderr_threshold_behavior=false. +// -legacy_stderr_threshold_behavior=true +// If true, -stderrthreshold is ignored when -logtostderr=true +// (legacy behavior). If false, -stderrthreshold is honored even +// when -logtostderr=true, allowing severity-based filtering. // -log_dir="" // Log files will be written to this directory instead of the // default temporary directory. @@ -156,7 +171,7 @@ func (s *severityValue) Set(value string) error { } threshold = severity.Severity(v) } - logging.stderrThreshold.set(threshold) + s.set(threshold) return nil } @@ -409,6 +424,15 @@ var commandLine flag.FlagSet // init sets up the defaults and creates command line flags. func init() { + // Initialize severity thresholds + logging.stderrThreshold = severityValue{ + Severity: severity.ErrorLog, // Default stderrThreshold is ERROR. + } + logging.alsologtostderrthreshold = severityValue{ + Severity: severity.InfoLog, // Default alsologtostderrthreshold is INFO (to maintain backward compatibility). + } + logging.setVState(0, nil, false) + commandLine.StringVar(&logging.logDir, "log_dir", "", "If non-empty, write log files in this directory (no effect when -logtostderr=true)") commandLine.StringVar(&logging.logFile, "log_file", "", "If non-empty, use this log file (no effect when -logtostderr=true)") commandLine.Uint64Var(&logging.logFileMaxSizeMB, "log_file_max_size", 1800, @@ -416,16 +440,14 @@ func init() { "If the value is 0, the maximum file size is unlimited.") commandLine.BoolVar(&logging.toStderr, "logtostderr", true, "log to standard error instead of files") commandLine.BoolVar(&logging.alsoToStderr, "alsologtostderr", false, "log to standard error as well as files (no effect when -logtostderr=true)") - logging.setVState(0, nil, false) + commandLine.BoolVar(&logging.legacyStderrThresholdBehavior, "legacy_stderr_threshold_behavior", true, "If true, stderrthreshold is ignored when logtostderr=true (legacy behavior). If false, stderrthreshold is honored even when logtostderr=true") commandLine.Var(&logging.verbosity, "v", "number for the log level verbosity") commandLine.BoolVar(&logging.addDirHeader, "add_dir_header", false, "If true, adds the file directory to the header of the log messages") commandLine.BoolVar(&logging.skipHeaders, "skip_headers", false, "If true, avoid header prefixes in the log messages") commandLine.BoolVar(&logging.oneOutput, "one_output", false, "If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)") commandLine.BoolVar(&logging.skipLogHeaders, "skip_log_headers", false, "If true, avoid headers when opening log files (no effect when -logtostderr=true)") - logging.stderrThreshold = severityValue{ - Severity: severity.ErrorLog, // Default stderrThreshold is ERROR. - } - commandLine.Var(&logging.stderrThreshold, "stderrthreshold", "logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true)") + commandLine.Var(&logging.stderrThreshold, "stderrthreshold", "logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true unless -legacy_stderr_threshold_behavior=false)") + commandLine.Var(&logging.alsologtostderrthreshold, "alsologtostderrthreshold", "logs at or above this threshold go to stderr when -alsologtostderr=true (no effect when -logtostderr=true)") commandLine.Var(&logging.vmodule, "vmodule", "comma-separated list of pattern=N settings for file-filtered logging") commandLine.Var(&logging.traceLocation, "log_backtrace_at", "when logging hits line file:N, emit a stack trace") @@ -470,11 +492,13 @@ type settings struct { // Boolean flags. Not handled atomically because the flag.Value interface // does not let us avoid the =true, and that shorthand is necessary for // compatibility. TODO: does this matter enough to fix? Seems unlikely. - toStderr bool // The -logtostderr flag. - alsoToStderr bool // The -alsologtostderr flag. + toStderr bool // The -logtostderr flag. + alsoToStderr bool // The -alsologtostderr flag. + legacyStderrThresholdBehavior bool // The -legacy_stderr_threshold_behavior flag. // Level flag. Handled atomically. - stderrThreshold severityValue // The -stderrthreshold flag. + stderrThreshold severityValue // The -stderrthreshold flag. + alsologtostderrthreshold severityValue // The -alsologtostderrthreshold flag. // Access to all of the following fields must be protected via a mutex. @@ -809,16 +833,21 @@ func (l *loggingT) infoS(logger *logWriter, filter LogFilter, depth int, msg str // printS is called from infoS and errorS if logger is not specified. // set log severity by s func (l *loggingT) printS(err error, s severity.Severity, depth int, msg string, keysAndValues ...interface{}) { - // Only create a new buffer if we don't have one cached. - b := buffer.GetBuffer() // The message is always quoted, even if it contains line breaks. // If developers want multi-line output, they should use a small, fixed // message and put the multi-line output into a value. - b.WriteString(strconv.Quote(msg)) + qMsg := make([]byte, 0, 1024) + qMsg = strconv.AppendQuote(qMsg, msg) + + // Only create a new buffer if we don't have one cached. + b := buffer.GetBuffer() + b.Write(qMsg) + + var errKV []interface{} if err != nil { - serialize.KVListFormat(&b.Buffer, "err", err) + errKV = []interface{}{"err", err} } - serialize.KVListFormat(&b.Buffer, keysAndValues...) + serialize.FormatKVs(&b.Buffer, errKV, keysAndValues) l.printDepth(s, nil, nil, depth+1, &b.Buffer) // Make the buffer available for reuse. buffer.PutBuffer(b) @@ -885,9 +914,25 @@ func (l *loggingT) output(s severity.Severity, logger *logWriter, buf *buffer.Bu } } } else if l.toStderr { - os.Stderr.Write(data) + // When logging to stderr only, check if we should filter by severity. + // This is controlled by the legacy_stderr_threshold_behavior flag. + if l.legacyStderrThresholdBehavior { + // Legacy behavior: always write to stderr, ignore stderrthreshold + os.Stderr.Write(data) + } else { + // New behavior: honor stderrthreshold even when logtostderr=true + if s >= l.stderrThreshold.get() { + os.Stderr.Write(data) + } + } } else { - if alsoToStderr || l.alsoToStderr || s >= l.stderrThreshold.get() { + // Write to stderr if any of these conditions are met: + // - alsoToStderr is set (legacy behavior) + // - alsologtostderr is set and severity meets alsologtostderrthreshold + // - alsologtostderr is not set and severity meets stderrThreshold + if alsoToStderr || + (l.alsoToStderr && s >= l.alsologtostderrthreshold.get()) || + (!l.alsoToStderr && s >= l.stderrThreshold.get()) { os.Stderr.Write(data) } diff --git a/vendor/k8s.io/klog/v2/klogr.go b/vendor/k8s.io/klog/v2/klogr.go index efec96fd4..6204c7bb4 100644 --- a/vendor/k8s.io/klog/v2/klogr.go +++ b/vendor/k8s.io/klog/v2/klogr.go @@ -53,7 +53,7 @@ func (l *klogger) Init(info logr.RuntimeInfo) { } func (l *klogger) Info(level int, msg string, kvList ...interface{}) { - merged := serialize.MergeKVs(l.values, kvList) + merged := serialize.WithValues(l.values, kvList) // Skip this function. VDepth(l.callDepth+1, Level(level)).InfoSDepth(l.callDepth+1, msg, merged...) } @@ -63,7 +63,7 @@ func (l *klogger) Enabled(level int) bool { } func (l *klogger) Error(err error, msg string, kvList ...interface{}) { - merged := serialize.MergeKVs(l.values, kvList) + merged := serialize.WithValues(l.values, kvList) ErrorSDepth(l.callDepth+1, err, msg, merged...) } diff --git a/vendor/k8s.io/klog/v2/klogr_slog.go b/vendor/k8s.io/klog/v2/klogr_slog.go index c77d7baaf..901e28dd3 100644 --- a/vendor/k8s.io/klog/v2/klogr_slog.go +++ b/vendor/k8s.io/klog/v2/klogr_slog.go @@ -63,12 +63,17 @@ func slogOutput(file string, line int, now time.Time, err error, s severity.Seve } // See printS. + qMsg := make([]byte, 0, 1024) + qMsg = strconv.AppendQuote(qMsg, msg) + b := buffer.GetBuffer() - b.WriteString(strconv.Quote(msg)) + b.Write(qMsg) + + var errKV []interface{} if err != nil { - serialize.KVListFormat(&b.Buffer, "err", err) + errKV = []interface{}{"err", err} } - serialize.KVListFormat(&b.Buffer, kvList...) + serialize.FormatKVs(&b.Buffer, errKV, kvList) // See print + header. buf := logging.formatHeader(s, file, line, now) diff --git a/vendor/k8s.io/klog/v2/textlogger/options.go b/vendor/k8s.io/klog/v2/textlogger/options.go index b1c4eefb3..ed834ca68 100644 --- a/vendor/k8s.io/klog/v2/textlogger/options.go +++ b/vendor/k8s.io/klog/v2/textlogger/options.go @@ -59,6 +59,7 @@ type configOptions struct { verbosityDefault int fixedTime *time.Time unwind func(int) (string, int) + withHeader bool output io.Writer } @@ -106,6 +107,22 @@ func FixedTime(ts time.Time) ConfigOption { } } +// WithHeader controls whether the header (time, source code location, etc.) +// is included in the output. The default is to include it. +// +// This can be useful in combination with redirection to a buffer to +// turn structured log parameters into a string (see example). +// +// # Experimental +// +// Notice: This function is EXPERIMENTAL and may be changed or removed in a +// later release. +func WithHeader(enabled bool) ConfigOption { + return func(co *configOptions) { + co.withHeader = enabled + } +} + // Backtrace overrides the default mechanism for determining the call site. // The callback is invoked with the number of function calls between itself // and the call site. It must return the file name and line number. An empty @@ -131,6 +148,7 @@ func NewConfig(opts ...ConfigOption) *Config { vmoduleFlagName: "vmodule", verbosityDefault: 0, unwind: runtimeBacktrace, + withHeader: true, output: os.Stderr, }, } diff --git a/vendor/k8s.io/klog/v2/textlogger/textlogger.go b/vendor/k8s.io/klog/v2/textlogger/textlogger.go index 0b55a2994..813cba1d4 100644 --- a/vendor/k8s.io/klog/v2/textlogger/textlogger.go +++ b/vendor/k8s.io/klog/v2/textlogger/textlogger.go @@ -92,17 +92,23 @@ func (l *tlogger) Error(err error, msg string, kvList ...interface{}) { } func (l *tlogger) print(err error, s severity.Severity, msg string, kvList []interface{}) { - // Determine caller. - // +1 for this frame, +1 for Info/Error. - skip := l.callDepth + 2 - file, line := l.config.co.unwind(skip) - if file == "" { - file = "???" - line = 1 - } else if slash := strings.LastIndex(file, "/"); slash >= 0 { - file = file[slash+1:] + var file string + var line int + var now time.Time + if l.config.co.withHeader { + // Determine caller. + // +1 for this frame, +1 for Info/Error. + skip := l.callDepth + 2 + file, line = l.config.co.unwind(skip) + if file == "" { + file = "???" + line = 1 + } else if slash := strings.LastIndex(file, "/"); slash >= 0 { + file = file[slash+1:] + } + now = time.Now() } - l.printWithInfos(file, line, time.Now(), err, s, msg, kvList) + l.printWithInfos(file, line, now, err, s, msg, kvList) } func runtimeBacktrace(skip int) (string, int) { @@ -114,24 +120,31 @@ func runtimeBacktrace(skip int) (string, int) { } func (l *tlogger) printWithInfos(file string, line int, now time.Time, err error, s severity.Severity, msg string, kvList []interface{}) { + // The message is always quoted, even if it contains line breaks. + // If developers want multi-line output, they should use a small, fixed + // message and put the multi-line output into a value. + qMsg := make([]byte, 0, 1024) + qMsg = strconv.AppendQuote(qMsg, msg) + // Only create a new buffer if we don't have one cached. b := buffer.GetBuffer() defer buffer.PutBuffer(b) - // Format header. - if l.config.co.fixedTime != nil { - now = *l.config.co.fixedTime + if l.config.co.withHeader { + // Format header. + if l.config.co.fixedTime != nil { + now = *l.config.co.fixedTime + } + b.FormatHeader(s, file, line, now) } - b.FormatHeader(s, file, line, now) - // The message is always quoted, even if it contains line breaks. - // If developers want multi-line output, they should use a small, fixed - // message and put the multi-line output into a value. - b.WriteString(strconv.Quote(msg)) + b.Write(qMsg) + + var errKV []interface{} if err != nil { - serialize.KVFormat(&b.Buffer, "err", err) + errKV = []interface{}{"err", err} } - serialize.MergeAndFormatKVs(&b.Buffer, l.values, kvList) + serialize.FormatKVs(&b.Buffer, errKV, l.values, kvList) if b.Len() == 0 || b.Bytes()[b.Len()-1] != '\n' { b.WriteByte('\n') } diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/serialization.go b/vendor/k8s.io/kube-openapi/pkg/internal/serialization.go index 7393bacf7..5d8ee9aa4 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/serialization.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/serialization.go @@ -24,7 +24,7 @@ import ( // DeterministicMarshal calls the jsonv2 library with the deterministic // flag in order to have stable marshaling. func DeterministicMarshal(in any) ([]byte, error) { - return jsonv2.MarshalOptions{Deterministic: true}.Marshal(jsonv2.EncodeOptions{}, in) + return jsonv2.Marshal(in, jsonv2.Deterministic(true)) } // JSONRefFromMap populates a json reference object if the map v contains a $ref key. diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/README.md b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/README.md index 0349adf69..937c39800 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/README.md +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/README.md @@ -7,17 +7,24 @@ This module hosts an experimental implementation of v2 `encoding/json`. The API is unstable and breaking changes will regularly be made. Do not depend on this in publicly available modules. +Any commits that make breaking API or behavior changes will be marked +with the string "WARNING: " near the top of the commit message. +It is your responsibility to inspect the list of commit changes +when upgrading the module. Not all breaking changes will lead to build failures. + +A [proposal to include this module in Go as `encoding/json/v2` and `encoding/json/jsontext`](https://github.com/golang/go/issues/71497) has been started on the Go Github project on 2025-01-30. Please provide your feedback there. + ## Goals and objectives * **Mostly backwards compatible:** If possible, v2 should aim to be _mostly_ compatible with v1 in terms of both API and default behavior to ease migration. For example, the `Marshal` and `Unmarshal` functions are the most widely used declarations in the v1 package. It seems sensible for equivalent functionality -in v2 to be named the same and have the same signature. +in v2 to be named the same and have a mostly compatible signature. Behaviorally, we should aim for 95% to 99% backwards compatibility. We do not aim for 100% compatibility since we want the freedom to break certain behaviors that are now considered to have been a mistake. -We may provide options that can bring the v2 implementation to 100% compatibility, +Options exist that can bring the v2 implementation to 100% compatibility, but it will not be the default. * **More flexible:** There is a @@ -96,26 +103,32 @@ Syntax deals with the structural representation of JSON (as specified in Semantics deals with the meaning of syntactic data as usable application data. The `Encoder` and `Decoder` types are streaming tokenizers concerned with the -packing or parsing of JSON data. They operate on `Token` and `RawValue` types +packing or parsing of JSON data. They operate on `Token` and `Value` types which represent the common data structures that are representable in JSON. `Encoder` and `Decoder` do not aim to provide any interpretation of the data. -Functions like `Marshal`, `MarshalFull`, `MarshalNext`, `Unmarshal`, -`UnmarshalFull`, and `UnmarshalNext` provide semantic meaning by correlating +Functions like `Marshal`, `MarshalWrite`, `MarshalEncode`, `Unmarshal`, +`UnmarshalRead`, and `UnmarshalDecode` provide semantic meaning by correlating any arbitrary Go type with some JSON representation of that type (as stored in data types like `[]byte`, `io.Writer`, `io.Reader`, `Encoder`, or `Decoder`). ![API overview](api.png) -This diagram provides a high-level overview of the v2 `json` package. +This diagram provides a high-level overview of the v2 `json` and `jsontext` packages. Purple blocks represent types, while blue blocks represent functions or methods. The arrows and their direction represent the approximate flow of data. The bottom half of the diagram contains functionality that is only concerned -with syntax, while the upper half contains functionality that assigns -semantic meaning to syntactic data handled by the bottom half. +with syntax (implemented by the `jsontext` package), +while the upper half contains functionality that assigns +semantic meaning to syntactic data handled by the bottom half +(as implemented by the v2 `json` package). In contrast to v1 `encoding/json`, options are represented as separate types rather than being setter methods on the `Encoder` or `Decoder` types. +Some options affects JSON serialization at the syntactic layer, +while others affect it at the semantic layer. +Some options only affect JSON when decoding, +while others affect JSON while encoding. ## Behavior changes @@ -128,194 +141,35 @@ This table shows an overview of the changes: | v1 | v2 | Details | | -- | -- | ------- | -| JSON object members are unmarshaled into a Go struct using a **case-insensitive name match**. | JSON object members are unmarshaled into a Go struct using a **case-sensitive name match**. | [CaseSensitivity](/diff_test.go#:~:text=TestCaseSensitivity) | -| When marshaling a Go struct, a struct field marked as `omitempty` is omitted if **the field value is an empty Go value**, which is defined as false, 0, a nil pointer, a nil interface value, and any empty array, slice, map, or string. | When marshaling a Go struct, a struct field marked as `omitempty` is omitted if **the field value would encode as an empty JSON value**, which is defined as a JSON null, or an empty JSON string, object, or array. | [OmitEmptyOption](/diff_test.go#:~:text=TestOmitEmptyOption) | -| The `string` option **does affect** Go bools. | The `string` option **does not affect** Go bools. | [StringOption](/diff_test.go#:~:text=TestStringOption) | -| The `string` option **does not recursively affect** sub-values of the Go field value. | The `string` option **does recursively affect** sub-values of the Go field value. | [StringOption](/diff_test.go#:~:text=TestStringOption) | -| The `string` option **sometimes accepts** a JSON null escaped within a JSON string. | The `string` option **never accepts** a JSON null escaped within a JSON string. | [StringOption](/diff_test.go#:~:text=TestStringOption) | -| A nil Go slice is marshaled as a **JSON null**. | A nil Go slice is marshaled as an **empty JSON array**. | [NilSlicesAndMaps](/diff_test.go#:~:text=TestNilSlicesAndMaps) | -| A nil Go map is marshaled as a **JSON null**. | A nil Go map is marshaled as an **empty JSON object**. | [NilSlicesAndMaps](/diff_test.go#:~:text=TestNilSlicesAndMaps) | -| A Go array may be unmarshaled from a **JSON array of any length**. | A Go array must be unmarshaled from a **JSON array of the same length**. | [Arrays](/diff_test.go#:~:text=Arrays) | -| A Go byte array is represented as a **JSON array of JSON numbers**. | A Go byte array is represented as a **Base64-encoded JSON string**. | [ByteArrays](/diff_test.go#:~:text=TestByteArrays) | -| `MarshalJSON` and `UnmarshalJSON` methods declared on a pointer receiver are **inconsistently called**. | `MarshalJSON` and `UnmarshalJSON` methods declared on a pointer receiver are **consistently called**. | [PointerReceiver](/diff_test.go#:~:text=TestPointerReceiver) | -| A Go map is marshaled in a **deterministic order**. | A Go map is marshaled in a **non-deterministic order**. | [MapDeterminism](/diff_test.go#:~:text=TestMapDeterminism) | -| JSON strings are encoded **with HTML-specific characters being escaped**. | JSON strings are encoded **without any characters being escaped** (unless necessary). | [EscapeHTML](/diff_test.go#:~:text=TestEscapeHTML) | -| When marshaling, invalid UTF-8 within a Go string **are silently replaced**. | When marshaling, invalid UTF-8 within a Go string **results in an error**. | [InvalidUTF8](/diff_test.go#:~:text=TestInvalidUTF8) | -| When unmarshaling, invalid UTF-8 within a JSON string **are silently replaced**. | When unmarshaling, invalid UTF-8 within a JSON string **results in an error**. | [InvalidUTF8](/diff_test.go#:~:text=TestInvalidUTF8) | -| When marshaling, **an error does not occur** if the output JSON value contains objects with duplicate names. | When marshaling, **an error does occur** if the output JSON value contains objects with duplicate names. | [DuplicateNames](/diff_test.go#:~:text=TestDuplicateNames) | -| When unmarshaling, **an error does not occur** if the input JSON value contains objects with duplicate names. | When unmarshaling, **an error does occur** if the input JSON value contains objects with duplicate names. | [DuplicateNames](/diff_test.go#:~:text=TestDuplicateNames) | -| Unmarshaling a JSON null into a non-empty Go value **inconsistently clears the value or does nothing**. | Unmarshaling a JSON null into a non-empty Go value **always clears the value**. | [MergeNull](/diff_test.go#:~:text=TestMergeNull) | -| Unmarshaling a JSON value into a non-empty Go value **follows inconsistent and bizarre behavior**. | Unmarshaling a JSON value into a non-empty Go value **always merges if the input is an object, and otherwise replaces**. | [MergeComposite](/diff_test.go#:~:text=TestMergeComposite) | -| A `time.Duration` is represented as a **JSON number containing the decimal number of nanoseconds**. | A `time.Duration` is represented as a **JSON string containing the formatted duration (e.g., "1h2m3.456s")**. | [TimeDurations](/diff_test.go#:~:text=TestTimeDurations) | -| Unmarshaling a JSON number into a Go float beyond its representation **results in an error**. | Unmarshaling a JSON number into a Go float beyond its representation **uses the closest representable value (e.g., ±`math.MaxFloat`)**. | [MaxFloats](/diff_test.go#:~:text=TestMaxFloats) | -| A Go struct with only unexported fields **can be serialized**. | A Go struct with only unexported fields **cannot be serialized**. | [EmptyStructs](/diff_test.go#:~:text=TestEmptyStructs) | -| A Go struct that embeds an unexported struct type **can sometimes be serialized**. | A Go struct that embeds an unexported struct type **cannot be serialized**. | [EmbedUnexported](/diff_test.go#:~:text=TestEmbedUnexported) | - -See [diff_test.go](/diff_test.go) for details about every change. +| JSON object members are unmarshaled into a Go struct using a **case-insensitive name match**. | JSON object members are unmarshaled into a Go struct using a **case-sensitive name match**. | [CaseSensitivity](/v1/diff_test.go#:~:text=TestCaseSensitivity) | +| When marshaling a Go struct, a struct field marked as `omitempty` is omitted if **the field value is an empty Go value**, which is defined as false, 0, a nil pointer, a nil interface value, and any empty array, slice, map, or string. | When marshaling a Go struct, a struct field marked as `omitempty` is omitted if **the field value would encode as an empty JSON value**, which is defined as a JSON null, or an empty JSON string, object, or array. | [OmitEmptyOption](/v1/diff_test.go#:~:text=TestOmitEmptyOption) | +| The `string` option **does affect** Go strings and bools. | The `string` option **does not affect** Go strings or bools. | [StringOption](/v1/diff_test.go#:~:text=TestStringOption) | +| The `string` option **does not recursively affect** sub-values of the Go field value. | The `string` option **does recursively affect** sub-values of the Go field value. | [StringOption](/v1/diff_test.go#:~:text=TestStringOption) | +| The `string` option **sometimes accepts** a JSON null escaped within a JSON string. | The `string` option **never accepts** a JSON null escaped within a JSON string. | [StringOption](/v1/diff_test.go#:~:text=TestStringOption) | +| A nil Go slice is marshaled as a **JSON null**. | A nil Go slice is marshaled as an **empty JSON array**. | [NilSlicesAndMaps](/v1/diff_test.go#:~:text=TestNilSlicesAndMaps) | +| A nil Go map is marshaled as a **JSON null**. | A nil Go map is marshaled as an **empty JSON object**. | [NilSlicesAndMaps](/v1/diff_test.go#:~:text=TestNilSlicesAndMaps) | +| A Go array may be unmarshaled from a **JSON array of any length**. | A Go array must be unmarshaled from a **JSON array of the same length**. | [Arrays](/v1/diff_test.go#:~:text=Arrays) | +| A Go byte array is represented as a **JSON array of JSON numbers**. | A Go byte array is represented as a **Base64-encoded JSON string**. | [ByteArrays](/v1/diff_test.go#:~:text=TestByteArrays) | +| `MarshalJSON` and `UnmarshalJSON` methods declared on a pointer receiver are **inconsistently called**. | `MarshalJSON` and `UnmarshalJSON` methods declared on a pointer receiver are **consistently called**. | [PointerReceiver](/v1/diff_test.go#:~:text=TestPointerReceiver) | +| A Go map is marshaled in a **deterministic order**. | A Go map is marshaled in a **non-deterministic order**. | [MapDeterminism](/v1/diff_test.go#:~:text=TestMapDeterminism) | +| JSON strings are encoded **with HTML-specific characters being escaped**. | JSON strings are encoded **without any characters being escaped** (unless necessary). | [EscapeHTML](/v1/diff_test.go#:~:text=TestEscapeHTML) | +| When marshaling, invalid UTF-8 within a Go string **are silently replaced**. | When marshaling, invalid UTF-8 within a Go string **results in an error**. | [InvalidUTF8](/v1/diff_test.go#:~:text=TestInvalidUTF8) | +| When unmarshaling, invalid UTF-8 within a JSON string **are silently replaced**. | When unmarshaling, invalid UTF-8 within a JSON string **results in an error**. | [InvalidUTF8](/v1/diff_test.go#:~:text=TestInvalidUTF8) | +| When marshaling, **an error does not occur** if the output JSON value contains objects with duplicate names. | When marshaling, **an error does occur** if the output JSON value contains objects with duplicate names. | [DuplicateNames](/v1/diff_test.go#:~:text=TestDuplicateNames) | +| When unmarshaling, **an error does not occur** if the input JSON value contains objects with duplicate names. | When unmarshaling, **an error does occur** if the input JSON value contains objects with duplicate names. | [DuplicateNames](/v1/diff_test.go#:~:text=TestDuplicateNames) | +| Unmarshaling a JSON null into a non-empty Go value **inconsistently clears the value or does nothing**. | Unmarshaling a JSON null into a non-empty Go value **always clears the value**. | [MergeNull](/v1/diff_test.go#:~:text=TestMergeNull) | +| Unmarshaling a JSON value into a non-empty Go value **follows inconsistent and bizarre behavior**. | Unmarshaling a JSON value into a non-empty Go value **always merges if the input is an object, and otherwise replaces**. | [MergeComposite](/v1/diff_test.go#:~:text=TestMergeComposite) | +| A `time.Duration` is represented as a **JSON number containing the decimal number of nanoseconds**. | A `time.Duration` has no default representation in v2 (see [#71631](https://golang.org/issue/71631)) and results in an error. | | +| A Go struct with only unexported fields **can be serialized**. | A Go struct with only unexported fields **cannot be serialized**. | [EmptyStructs](/v1/diff_test.go#:~:text=TestEmptyStructs) | + +See [diff_test.go](/v1/diff_test.go) for details about every change. ## Performance -One of the goals of the v2 module is to be more performant than v1. - -Each of the charts below show the performance across -several different JSON implementations: - -* `JSONv1` is `encoding/json` at `v1.18.2` -* `JSONv2` is `github.com/go-json-experiment/json` at `v0.0.0-20220524042235-dd8be80fc4a7` -* `JSONIterator` is `github.com/json-iterator/go` at `v1.1.12` -* `SegmentJSON` is `github.com/segmentio/encoding/json` at `v0.3.5` -* `GoJSON` is `github.com/goccy/go-json` at `v0.9.7` -* `SonicJSON` is `github.com/bytedance/sonic` at `v1.3.0` - -Benchmarks were run across various datasets: - -* `CanadaGeometry` is a GeoJSON (RFC 7946) representation of Canada. - It contains many JSON arrays of arrays of two-element arrays of numbers. -* `CITMCatalog` contains many JSON objects using numeric names. -* `SyntheaFHIR` is sample JSON data from the healthcare industry. - It contains many nested JSON objects with mostly string values, - where the set of unique string values is relatively small. -* `TwitterStatus` is the JSON response from the Twitter API. - It contains a mix of all different JSON kinds, where string values - are a mix of both single-byte ASCII and multi-byte Unicode. -* `GolangSource` is a simple tree representing the Go source code. - It contains many nested JSON objects, each with the same schema. -* `StringUnicode` contains many strings with multi-byte Unicode runes. - -All of the implementations other than `JSONv1` and `JSONv2` make -extensive use of `unsafe`. As such, we expect those to generally be faster, -but at the cost of memory and type safety. `SonicJSON` goes a step even further -and uses just-in-time compilation to generate machine code specialized -for the Go type being marshaled or unmarshaled. -Also, `SonicJSON` does not validate JSON strings for valid UTF-8, -and so gains a notable performance boost on datasets with multi-byte Unicode. -Benchmarks are performed based on the default marshal and unmarshal behavior -of each package. Note that `JSONv2` aims to be safe and correct by default, -which may not be the most performant strategy. - -`JSONv2` has several semantic changes relative to `JSONv1` that -impacts performance: - -1. When marshaling, `JSONv2` no longer sorts the keys of a Go map. - This will improve performance. -2. When marshaling or unmarshaling, `JSONv2` always checks - to make sure JSON object names are unique. - This will hurt performance, but is more correct. -3. When marshaling or unmarshaling, `JSONv2` always - shallow copies the underlying value for a Go interface and - shallow copies the key and value for entries in a Go map. - This is done to keep the value as addressable so that `JSONv2` can - call methods and functions that operate on a pointer receiver. - This will hurt performance, but is more correct. - -All of the charts are unit-less since the values are normalized -relative to `JSONv1`, which is why `JSONv1` always has a value of 1. -A lower value is better (i.e., runs faster). - -Benchmarks were performed on an AMD Ryzen 9 5900X. - -The code for the benchmarks is located at -https://github.com/go-json-experiment/jsonbench. - -### Marshal Performance - -#### Concrete types - -![Benchmark Marshal Concrete](benchmark-marshal-concrete.png) - -* This compares marshal performance when serializing - [from concrete types](/testdata_test.go). -* The `JSONv1` implementation is close to optimal (without the use of `unsafe`). -* Relative to `JSONv1`, `JSONv2` is generally as fast or slightly faster. -* Relative to `JSONIterator`, `JSONv2` is up to 1.3x faster. -* Relative to `SegmentJSON`, `JSONv2` is up to 1.8x slower. -* Relative to `GoJSON`, `JSONv2` is up to 2.0x slower. -* Relative to `SonicJSON`, `JSONv2` is about 1.8x to 3.2x slower - (ignoring `StringUnicode` since `SonicJSON` does not validate UTF-8). -* For `JSONv1` and `JSONv2`, marshaling from concrete types is - mostly limited by the performance of Go reflection. - -#### Interface types - -![Benchmark Marshal Interface](benchmark-marshal-interface.png) - -* This compares marshal performance when serializing from - `any`, `map[string]any`, and `[]any` types. -* Relative to `JSONv1`, `JSONv2` is about 1.5x to 4.2x faster. -* Relative to `JSONIterator`, `JSONv2` is about 1.1x to 2.4x faster. -* Relative to `SegmentJSON`, `JSONv2` is about 1.2x to 1.8x faster. -* Relative to `GoJSON`, `JSONv2` is about 1.1x to 2.5x faster. -* Relative to `SonicJSON`, `JSONv2` is up to 1.5x slower - (ignoring `StringUnicode` since `SonicJSON` does not validate UTF-8). -* `JSONv2` is faster than the alternatives. - One advantange is because it does not sort the keys for a `map[string]any`, - while alternatives (except `SonicJSON` and `JSONIterator`) do sort the keys. - -#### RawValue types - -![Benchmark Marshal Rawvalue](benchmark-marshal-rawvalue.png) - -* This compares performance when marshaling from a `json.RawValue`. - This mostly exercises the underlying encoder and - hides the cost of Go reflection. -* Relative to `JSONv1`, `JSONv2` is about 3.5x to 7.8x faster. -* `JSONIterator` is blazingly fast because - [it does not validate whether the raw value is valid](https://go.dev/play/p/bun9IXQCKRe) - and simply copies it to the output. -* Relative to `SegmentJSON`, `JSONv2` is about 1.5x to 2.7x faster. -* Relative to `GoJSON`, `JSONv2` is up to 2.2x faster. -* Relative to `SonicJSON`, `JSONv2` is up to 1.5x faster. -* Aside from `JSONIterator`, `JSONv2` is generally the fastest. - -### Unmarshal Performance - -#### Concrete types - -![Benchmark Unmarshal Concrete](benchmark-unmarshal-concrete.png) - -* This compares unmarshal performance when deserializing - [into concrete types](/testdata_test.go). -* Relative to `JSONv1`, `JSONv2` is about 1.8x to 5.7x faster. -* Relative to `JSONIterator`, `JSONv2` is about 1.1x to 1.6x slower. -* Relative to `SegmentJSON`, `JSONv2` is up to 2.5x slower. -* Relative to `GoJSON`, `JSONv2` is about 1.4x to 2.1x slower. -* Relative to `SonicJSON`, `JSONv2` is up to 4.0x slower - (ignoring `StringUnicode` since `SonicJSON` does not validate UTF-8). -* For `JSONv1` and `JSONv2`, unmarshaling into concrete types is - mostly limited by the performance of Go reflection. - -#### Interface types - -![Benchmark Unmarshal Interface](benchmark-unmarshal-interface.png) - -* This compares unmarshal performance when deserializing into - `any`, `map[string]any`, and `[]any` types. -* Relative to `JSONv1`, `JSONv2` is about 1.tx to 4.3x faster. -* Relative to `JSONIterator`, `JSONv2` is up to 1.5x faster. -* Relative to `SegmentJSON`, `JSONv2` is about 1.5 to 3.7x faster. -* Relative to `GoJSON`, `JSONv2` is up to 1.3x faster. -* Relative to `SonicJSON`, `JSONv2` is up to 1.5x slower - (ignoring `StringUnicode` since `SonicJSON` does not validate UTF-8). -* Aside from `SonicJSON`, `JSONv2` is generally just as fast - or faster than all the alternatives. - -#### RawValue types - -![Benchmark Unmarshal Rawvalue](benchmark-unmarshal-rawvalue.png) - -* This compares performance when unmarshaling into a `json.RawValue`. - This mostly exercises the underlying decoder and - hides away most of the cost of Go reflection. -* Relative to `JSONv1`, `JSONv2` is about 8.3x to 17.0x faster. -* Relative to `JSONIterator`, `JSONv2` is up to 2.0x faster. -* Relative to `SegmentJSON`, `JSONv2` is up to 1.6x faster or 1.7x slower. -* Relative to `GoJSON`, `JSONv2` is up to 1.9x faster or 2.1x slower. -* Relative to `SonicJSON`, `JSONv2` is up to 2.0x faster - (ignoring `StringUnicode` since `SonicJSON` does not validate UTF-8). -* `JSONv1` takes a - [lexical scanning approach](https://talks.golang.org/2011/lex.slide#1), - which performs a virtual function call for every byte of input. - In contrast, `JSONv2` makes heavy use of iterative and linear parsing logic - (with extra complexity to resume parsing when encountering segmented buffers). -* `JSONv2` is comparable to the alternatives that use `unsafe`. - Generally it is faster, but sometimes it is slower. +One of the goals of the v2 module is to be more performant than v1, +but not at the expense of correctness. +In general, v2 is at performance parity with v1 for marshaling, +but dramatically faster for unmarshaling. + +See https://github.com/go-json-experiment/jsonbench for benchmarks +comparing v2 with v1 and a number of other popular JSON implementations. diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/alias.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/alias.go new file mode 100644 index 000000000..fbf256d52 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/alias.go @@ -0,0 +1,967 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Code generated by alias_gen.go; DO NOT EDIT. + +//go:build goexperiment.jsonv2 && go1.25 + +// Package json implements semantic processing of JSON as specified in RFC 8259. +// JSON is a simple data interchange format that can represent +// primitive data types such as booleans, strings, and numbers, +// in addition to structured data types such as objects and arrays. +// +// [Marshal] and [Unmarshal] encode and decode Go values +// to/from JSON text contained within a []byte. +// [MarshalWrite] and [UnmarshalRead] operate on JSON text +// by writing to or reading from an [io.Writer] or [io.Reader]. +// [MarshalEncode] and [UnmarshalDecode] operate on JSON text +// by encoding to or decoding from a [jsontext.Encoder] or [jsontext.Decoder]. +// [Options] may be passed to each of the marshal or unmarshal functions +// to configure the semantic behavior of marshaling and unmarshaling +// (i.e., alter how JSON data is understood as Go data and vice versa). +// [jsontext.Options] may also be passed to the marshal or unmarshal functions +// to configure the syntactic behavior of encoding or decoding. +// +// The data types of JSON are mapped to/from the data types of Go based on +// the closest logical equivalent between the two type systems. For example, +// a JSON boolean corresponds with a Go bool, +// a JSON string corresponds with a Go string, +// a JSON number corresponds with a Go int, uint or float, +// a JSON array corresponds with a Go slice or array, and +// a JSON object corresponds with a Go struct or map. +// See the documentation on [Marshal] and [Unmarshal] for a comprehensive list +// of how the JSON and Go type systems correspond. +// +// Arbitrary Go types can customize their JSON representation by implementing +// [Marshaler], [MarshalerTo], [Unmarshaler], or [UnmarshalerFrom]. +// This provides authors of Go types with control over how their types are +// serialized as JSON. Alternatively, users can implement functions that match +// [MarshalFunc], [MarshalToFunc], [UnmarshalFunc], or [UnmarshalFromFunc] +// to specify the JSON representation for arbitrary types. +// This provides callers of JSON functionality with control over +// how any arbitrary type is serialized as JSON. +// +// # JSON Representation of Go structs +// +// A Go struct is naturally represented as a JSON object, +// where each Go struct field corresponds with a JSON object member. +// When marshaling, all Go struct fields are recursively encoded in depth-first +// order as JSON object members except those that are ignored or omitted. +// When unmarshaling, JSON object members are recursively decoded +// into the corresponding Go struct fields. +// Object members that do not match any struct fields, +// also known as “unknown members”, are ignored by default or rejected +// if [RejectUnknownMembers] is specified. +// +// The representation of each struct field can be customized in the +// "json" struct field tag, where the tag is a comma separated list of options. +// As a special case, if the entire tag is `json:"-"`, +// then the field is ignored with regard to its JSON representation. +// Some options also have equivalent behavior controlled by a caller-specified [Options]. +// Field-specified options take precedence over caller-specified options. +// +// The first option is the JSON object name override for the Go struct field. +// If the name is not specified, then the Go struct field name +// is used as the JSON object name. JSON names containing commas or quotes, +// or names identical to "" or "-", can be specified using +// a single-quoted string literal, where the syntax is identical to +// the Go grammar for a double-quoted string literal, +// but instead uses single quotes as the delimiters. +// By default, unmarshaling uses case-sensitive matching to identify +// the Go struct field associated with a JSON object name. +// +// After the name, the following tag options are supported: +// +// - omitzero: When marshaling, the "omitzero" option specifies that +// the struct field should be omitted if the field value is zero +// as determined by the "IsZero() bool" method if present, +// otherwise based on whether the field is the zero Go value. +// This option has no effect when unmarshaling. +// +// - omitempty: When marshaling, the "omitempty" option specifies that +// the struct field should be omitted if the field value would have been +// encoded as a JSON null, empty string, empty object, or empty array. +// This option has no effect when unmarshaling. +// +// - string: The "string" option specifies that [StringifyNumbers] +// be set when marshaling or unmarshaling a struct field value. +// This causes numeric types to be encoded as a JSON number +// within a JSON string, and to be decoded from a JSON string +// containing the JSON number without any surrounding whitespace. +// This extra level of encoding is often necessary since +// many JSON parsers cannot precisely represent 64-bit integers. +// +// - case: When unmarshaling, the "case" option specifies how +// JSON object names are matched with the JSON name for Go struct fields. +// The option is a key-value pair specified as "case:value" where +// the value must either be 'ignore' or 'strict'. +// The 'ignore' value specifies that matching is case-insensitive +// where dashes and underscores are also ignored. If multiple fields match, +// the first declared field in breadth-first order takes precedence. +// The 'strict' value specifies that matching is case-sensitive. +// This takes precedence over the [MatchCaseInsensitiveNames] option. +// +// - inline: The "inline" option specifies that +// the JSON representable content of this field type is to be promoted +// as if they were specified in the parent struct. +// It is the JSON equivalent of Go struct embedding. +// A Go embedded field is implicitly inlined unless an explicit JSON name +// is specified. The inlined field must be a Go struct +// (that does not implement any JSON methods), [jsontext.Value], +// map[~string]T, or an unnamed pointer to such types. When marshaling, +// inlined fields from a pointer type are omitted if it is nil. +// Inlined fields of type [jsontext.Value] and map[~string]T are called +// “inlined fallbacks” as they can represent all possible +// JSON object members not directly handled by the parent struct. +// Only one inlined fallback field may be specified in a struct, +// while many non-fallback fields may be specified. This option +// must not be specified with any other option (including the JSON name). +// +// - unknown: The "unknown" option is a specialized variant +// of the inlined fallback to indicate that this Go struct field +// contains any number of unknown JSON object members. The field type must +// be a [jsontext.Value], map[~string]T, or an unnamed pointer to such types. +// If [DiscardUnknownMembers] is specified when marshaling, +// the contents of this field are ignored. +// If [RejectUnknownMembers] is specified when unmarshaling, +// any unknown object members are rejected regardless of whether +// an inlined fallback with the "unknown" option exists. This option +// must not be specified with any other option (including the JSON name). +// +// - format: The "format" option specifies a format flag +// used to specialize the formatting of the field value. +// The option is a key-value pair specified as "format:value" where +// the value must be either a literal consisting of letters and numbers +// (e.g., "format:RFC3339") or a single-quoted string literal +// (e.g., "format:'2006-01-02'"). The interpretation of the format flag +// is determined by the struct field type. +// +// The "omitzero" and "omitempty" options are mostly semantically identical. +// The former is defined in terms of the Go type system, +// while the latter in terms of the JSON type system. +// Consequently they behave differently in some circumstances. +// For example, only a nil slice or map is omitted under "omitzero", while +// an empty slice or map is omitted under "omitempty" regardless of nilness. +// The "omitzero" option is useful for types with a well-defined zero value +// (e.g., [net/netip.Addr]) or have an IsZero method (e.g., [time.Time.IsZero]). +// +// Every Go struct corresponds to a list of JSON representable fields +// which is constructed by performing a breadth-first search over +// all struct fields (excluding unexported or ignored fields), +// where the search recursively descends into inlined structs. +// The set of non-inlined fields in a struct must have unique JSON names. +// If multiple fields all have the same JSON name, then the one +// at shallowest depth takes precedence and the other fields at deeper depths +// are excluded from the list of JSON representable fields. +// If multiple fields at the shallowest depth have the same JSON name, +// but exactly one is explicitly tagged with a JSON name, +// then that field takes precedence and all others are excluded from the list. +// This is analogous to Go visibility rules for struct field selection +// with embedded struct types. +// +// Marshaling or unmarshaling a non-empty struct +// without any JSON representable fields results in a [SemanticError]. +// Unexported fields must not have any `json` tags except for `json:"-"`. +// +// # Security Considerations +// +// JSON is frequently used as a data interchange format to communicate +// between different systems, possibly implemented in different languages. +// For interoperability and security reasons, it is important that +// all implementations agree upon the semantic meaning of the data. +// +// [For example, suppose we have two micro-services.] +// The first service is responsible for authenticating a JSON request, +// while the second service is responsible for executing the request +// (having assumed that the prior service authenticated the request). +// If an attacker were able to maliciously craft a JSON request such that +// both services believe that the same request is from different users, +// it could bypass the authenticator with valid credentials for one user, +// but maliciously perform an action on behalf of a different user. +// +// According to RFC 8259, there unfortunately exist many JSON texts +// that are syntactically valid but semantically ambiguous. +// For example, the standard does not define how to interpret duplicate +// names within an object. +// +// The v1 [encoding/json] and [encoding/json/v2] packages +// interpret some inputs in different ways. In particular: +// +// - The standard specifies that JSON must be encoded using UTF-8. +// By default, v1 replaces invalid bytes of UTF-8 in JSON strings +// with the Unicode replacement character, +// while v2 rejects inputs with invalid UTF-8. +// To change the default, specify the [jsontext.AllowInvalidUTF8] option. +// The replacement of invalid UTF-8 is a form of data corruption +// that alters the precise meaning of strings. +// +// - The standard does not specify a particular behavior when +// duplicate names are encountered within a JSON object, +// which means that different implementations may behave differently. +// By default, v1 allows for the presence of duplicate names, +// while v2 rejects duplicate names. +// To change the default, specify the [jsontext.AllowDuplicateNames] option. +// If allowed, object members are processed in the order they are observed, +// meaning that later values will replace or be merged into prior values, +// depending on the Go value type. +// +// - The standard defines a JSON object as an unordered collection of name/value pairs. +// While ordering can be observed through the underlying [jsontext] API, +// both v1 and v2 generally avoid exposing the ordering. +// No application should semantically depend on the order of object members. +// Allowing duplicate names is a vector through which ordering of members +// can accidentally be observed and depended upon. +// +// - The standard suggests that JSON object names are typically compared +// based on equality of the sequence of Unicode code points, +// which implies that comparing names is often case-sensitive. +// When unmarshaling a JSON object into a Go struct, +// by default, v1 uses a (loose) case-insensitive match on the name, +// while v2 uses a (strict) case-sensitive match on the name. +// To change the default, specify the [MatchCaseInsensitiveNames] option. +// The use of case-insensitive matching provides another vector through +// which duplicate names can occur. Allowing case-insensitive matching +// means that v1 or v2 might interpret JSON objects differently from most +// other JSON implementations (which typically use a case-sensitive match). +// +// - The standard does not specify a particular behavior when +// an unknown name in a JSON object is encountered. +// When unmarshaling a JSON object into a Go struct, by default +// both v1 and v2 ignore unknown names and their corresponding values. +// To change the default, specify the [RejectUnknownMembers] option. +// +// - The standard suggests that implementations may use a float64 +// to represent a JSON number. Consequently, large JSON integers +// may lose precision when stored as a floating-point type. +// Both v1 and v2 correctly preserve precision when marshaling and +// unmarshaling a concrete integer type. However, even if v1 and v2 +// preserve precision for concrete types, other JSON implementations +// may not be able to preserve precision for outputs produced by v1 or v2. +// The `string` tag option can be used to specify that an integer type +// is to be quoted within a JSON string to avoid loss of precision. +// Furthermore, v1 and v2 may still lose precision when unmarshaling +// into an any interface value, where unmarshal uses a float64 +// by default to represent a JSON number. +// To change the default, specify the [WithUnmarshalers] option +// with a custom unmarshaler that pre-populates the interface value +// with a concrete Go type that can preserve precision. +// +// RFC 8785 specifies a canonical form for any JSON text, +// which explicitly defines specific behaviors that RFC 8259 leaves undefined. +// In theory, if a text can successfully [jsontext.Value.Canonicalize] +// without changing the semantic meaning of the data, then it provides a +// greater degree of confidence that the data is more secure and interoperable. +// +// The v2 API generally chooses more secure defaults than v1, +// but care should still be taken with large integers or unknown members. +// +// [For example, suppose we have two micro-services.]: https://www.youtube.com/watch?v=avilmOcHKHE&t=1057s +package json + +import ( + "encoding/json/jsontext" + "encoding/json/v2" + "io" +) + +// Marshal serializes a Go value as a []byte according to the provided +// marshal and encode options (while ignoring unmarshal or decode options). +// It does not terminate the output with a newline. +// +// Type-specific marshal functions and methods take precedence +// over the default representation of a value. +// Functions or methods that operate on *T are only called when encoding +// a value of type T (by taking its address) or a non-nil value of *T. +// Marshal ensures that a value is always addressable +// (by boxing it on the heap if necessary) so that +// these functions and methods can be consistently called. For performance, +// it is recommended that Marshal be passed a non-nil pointer to the value. +// +// The input value is encoded as JSON according the following rules: +// +// - If any type-specific functions in a [WithMarshalers] option match +// the value type, then those functions are called to encode the value. +// If all applicable functions return [SkipFunc], +// then the value is encoded according to subsequent rules. +// +// - If the value type implements [MarshalerTo], +// then the MarshalJSONTo method is called to encode the value. +// +// - If the value type implements [Marshaler], +// then the MarshalJSON method is called to encode the value. +// +// - If the value type implements [encoding.TextAppender], +// then the AppendText method is called to encode the value and +// subsequently encode its result as a JSON string. +// +// - If the value type implements [encoding.TextMarshaler], +// then the MarshalText method is called to encode the value and +// subsequently encode its result as a JSON string. +// +// - Otherwise, the value is encoded according to the value's type +// as described in detail below. +// +// Most Go types have a default JSON representation. +// Certain types support specialized formatting according to +// a format flag optionally specified in the Go struct tag +// for the struct field that contains the current value +// (see the “JSON Representation of Go structs” section for more details). +// +// The representation of each type is as follows: +// +// - A Go boolean is encoded as a JSON boolean (e.g., true or false). +// It does not support any custom format flags. +// +// - A Go string is encoded as a JSON string. +// It does not support any custom format flags. +// +// - A Go []byte or [N]byte is encoded as a JSON string containing +// the binary value encoded using RFC 4648. +// If the format is "base64" or unspecified, then this uses RFC 4648, section 4. +// If the format is "base64url", then this uses RFC 4648, section 5. +// If the format is "base32", then this uses RFC 4648, section 6. +// If the format is "base32hex", then this uses RFC 4648, section 7. +// If the format is "base16" or "hex", then this uses RFC 4648, section 8. +// If the format is "array", then the bytes value is encoded as a JSON array +// where each byte is recursively JSON-encoded as each JSON array element. +// +// - A Go integer is encoded as a JSON number without fractions or exponents. +// If [StringifyNumbers] is specified or encoding a JSON object name, +// then the JSON number is encoded within a JSON string. +// It does not support any custom format flags. +// +// - A Go float is encoded as a JSON number. +// If [StringifyNumbers] is specified or encoding a JSON object name, +// then the JSON number is encoded within a JSON string. +// If the format is "nonfinite", then NaN, +Inf, and -Inf are encoded as +// the JSON strings "NaN", "Infinity", and "-Infinity", respectively. +// Otherwise, the presence of non-finite numbers results in a [SemanticError]. +// +// - A Go map is encoded as a JSON object, where each Go map key and value +// is recursively encoded as a name and value pair in the JSON object. +// The Go map key must encode as a JSON string, otherwise this results +// in a [SemanticError]. The Go map is traversed in a non-deterministic order. +// For deterministic encoding, consider using the [Deterministic] option. +// If the format is "emitnull", then a nil map is encoded as a JSON null. +// If the format is "emitempty", then a nil map is encoded as an empty JSON object, +// regardless of whether [FormatNilMapAsNull] is specified. +// Otherwise by default, a nil map is encoded as an empty JSON object. +// +// - A Go struct is encoded as a JSON object. +// See the “JSON Representation of Go structs” section +// in the package-level documentation for more details. +// +// - A Go slice is encoded as a JSON array, where each Go slice element +// is recursively JSON-encoded as the elements of the JSON array. +// If the format is "emitnull", then a nil slice is encoded as a JSON null. +// If the format is "emitempty", then a nil slice is encoded as an empty JSON array, +// regardless of whether [FormatNilSliceAsNull] is specified. +// Otherwise by default, a nil slice is encoded as an empty JSON array. +// +// - A Go array is encoded as a JSON array, where each Go array element +// is recursively JSON-encoded as the elements of the JSON array. +// The JSON array length is always identical to the Go array length. +// It does not support any custom format flags. +// +// - A Go pointer is encoded as a JSON null if nil, otherwise it is +// the recursively JSON-encoded representation of the underlying value. +// Format flags are forwarded to the encoding of the underlying value. +// +// - A Go interface is encoded as a JSON null if nil, otherwise it is +// the recursively JSON-encoded representation of the underlying value. +// It does not support any custom format flags. +// +// - A Go [time.Time] is encoded as a JSON string containing the timestamp +// formatted in RFC 3339 with nanosecond precision. +// If the format matches one of the format constants declared +// in the time package (e.g., RFC1123), then that format is used. +// If the format is "unix", "unixmilli", "unixmicro", or "unixnano", +// then the timestamp is encoded as a possibly fractional JSON number +// of the number of seconds (or milliseconds, microseconds, or nanoseconds) +// since the Unix epoch, which is January 1st, 1970 at 00:00:00 UTC. +// To avoid a fractional component, round the timestamp to the relevant unit. +// Otherwise, the format is used as-is with [time.Time.Format] if non-empty. +// +// - A Go [time.Duration] currently has no default representation and +// requires an explicit format to be specified. +// If the format is "sec", "milli", "micro", or "nano", +// then the duration is encoded as a possibly fractional JSON number +// of the number of seconds (or milliseconds, microseconds, or nanoseconds). +// To avoid a fractional component, round the duration to the relevant unit. +// If the format is "units", it is encoded as a JSON string formatted using +// [time.Duration.String] (e.g., "1h30m" for 1 hour 30 minutes). +// If the format is "iso8601", it is encoded as a JSON string using the +// ISO 8601 standard for durations (e.g., "PT1H30M" for 1 hour 30 minutes) +// using only accurate units of hours, minutes, and seconds. +// +// - All other Go types (e.g., complex numbers, channels, and functions) +// have no default representation and result in a [SemanticError]. +// +// JSON cannot represent cyclic data structures and Marshal does not handle them. +// Passing cyclic structures will result in an error. +func Marshal(in any, opts ...Options) (out []byte, err error) { + return json.Marshal(in, opts...) +} + +// MarshalWrite serializes a Go value into an [io.Writer] according to the provided +// marshal and encode options (while ignoring unmarshal or decode options). +// It does not terminate the output with a newline. +// See [Marshal] for details about the conversion of a Go value into JSON. +func MarshalWrite(out io.Writer, in any, opts ...Options) (err error) { + return json.MarshalWrite(out, in, opts...) +} + +// MarshalEncode serializes a Go value into an [jsontext.Encoder] according to +// the provided marshal options (while ignoring unmarshal, encode, or decode options). +// Any marshal-relevant options already specified on the [jsontext.Encoder] +// take lower precedence than the set of options provided by the caller. +// Unlike [Marshal] and [MarshalWrite], encode options are ignored because +// they must have already been specified on the provided [jsontext.Encoder]. +// +// See [Marshal] for details about the conversion of a Go value into JSON. +func MarshalEncode(out *jsontext.Encoder, in any, opts ...Options) (err error) { + return json.MarshalEncode(out, in, opts...) +} + +// Unmarshal decodes a []byte input into a Go value according to the provided +// unmarshal and decode options (while ignoring marshal or encode options). +// The input must be a single JSON value with optional whitespace interspersed. +// The output must be a non-nil pointer. +// +// Type-specific unmarshal functions and methods take precedence +// over the default representation of a value. +// Functions or methods that operate on *T are only called when decoding +// a value of type T (by taking its address) or a non-nil value of *T. +// Unmarshal ensures that a value is always addressable +// (by boxing it on the heap if necessary) so that +// these functions and methods can be consistently called. +// +// The input is decoded into the output according the following rules: +// +// - If any type-specific functions in a [WithUnmarshalers] option match +// the value type, then those functions are called to decode the JSON +// value. If all applicable functions return [SkipFunc], +// then the input is decoded according to subsequent rules. +// +// - If the value type implements [UnmarshalerFrom], +// then the UnmarshalJSONFrom method is called to decode the JSON value. +// +// - If the value type implements [Unmarshaler], +// then the UnmarshalJSON method is called to decode the JSON value. +// +// - If the value type implements [encoding.TextUnmarshaler], +// then the input is decoded as a JSON string and +// the UnmarshalText method is called with the decoded string value. +// This fails with a [SemanticError] if the input is not a JSON string. +// +// - Otherwise, the JSON value is decoded according to the value's type +// as described in detail below. +// +// Most Go types have a default JSON representation. +// Certain types support specialized formatting according to +// a format flag optionally specified in the Go struct tag +// for the struct field that contains the current value +// (see the “JSON Representation of Go structs” section for more details). +// A JSON null may be decoded into every supported Go value where +// it is equivalent to storing the zero value of the Go value. +// If the input JSON kind is not handled by the current Go value type, +// then this fails with a [SemanticError]. Unless otherwise specified, +// the decoded value replaces any pre-existing value. +// +// The representation of each type is as follows: +// +// - A Go boolean is decoded from a JSON boolean (e.g., true or false). +// It does not support any custom format flags. +// +// - A Go string is decoded from a JSON string. +// It does not support any custom format flags. +// +// - A Go []byte or [N]byte is decoded from a JSON string +// containing the binary value encoded using RFC 4648. +// If the format is "base64" or unspecified, then this uses RFC 4648, section 4. +// If the format is "base64url", then this uses RFC 4648, section 5. +// If the format is "base32", then this uses RFC 4648, section 6. +// If the format is "base32hex", then this uses RFC 4648, section 7. +// If the format is "base16" or "hex", then this uses RFC 4648, section 8. +// If the format is "array", then the Go slice or array is decoded from a +// JSON array where each JSON element is recursively decoded for each byte. +// When decoding into a non-nil []byte, the slice length is reset to zero +// and the decoded input is appended to it. +// When decoding into a [N]byte, the input must decode to exactly N bytes, +// otherwise it fails with a [SemanticError]. +// +// - A Go integer is decoded from a JSON number. +// It must be decoded from a JSON string containing a JSON number +// if [StringifyNumbers] is specified or decoding a JSON object name. +// It fails with a [SemanticError] if the JSON number +// has a fractional or exponent component. +// It also fails if it overflows the representation of the Go integer type. +// It does not support any custom format flags. +// +// - A Go float is decoded from a JSON number. +// It must be decoded from a JSON string containing a JSON number +// if [StringifyNumbers] is specified or decoding a JSON object name. +// It fails if it overflows the representation of the Go float type. +// If the format is "nonfinite", then the JSON strings +// "NaN", "Infinity", and "-Infinity" are decoded as NaN, +Inf, and -Inf. +// Otherwise, the presence of such strings results in a [SemanticError]. +// +// - A Go map is decoded from a JSON object, +// where each JSON object name and value pair is recursively decoded +// as the Go map key and value. Maps are not cleared. +// If the Go map is nil, then a new map is allocated to decode into. +// If the decoded key matches an existing Go map entry, the entry value +// is reused by decoding the JSON object value into it. +// The formats "emitnull" and "emitempty" have no effect when decoding. +// +// - A Go struct is decoded from a JSON object. +// See the “JSON Representation of Go structs” section +// in the package-level documentation for more details. +// +// - A Go slice is decoded from a JSON array, where each JSON element +// is recursively decoded and appended to the Go slice. +// Before appending into a Go slice, a new slice is allocated if it is nil, +// otherwise the slice length is reset to zero. +// The formats "emitnull" and "emitempty" have no effect when decoding. +// +// - A Go array is decoded from a JSON array, where each JSON array element +// is recursively decoded as each corresponding Go array element. +// Each Go array element is zeroed before decoding into it. +// It fails with a [SemanticError] if the JSON array does not contain +// the exact same number of elements as the Go array. +// It does not support any custom format flags. +// +// - A Go pointer is decoded based on the JSON kind and underlying Go type. +// If the input is a JSON null, then this stores a nil pointer. +// Otherwise, it allocates a new underlying value if the pointer is nil, +// and recursively JSON decodes into the underlying value. +// Format flags are forwarded to the decoding of the underlying type. +// +// - A Go interface is decoded based on the JSON kind and underlying Go type. +// If the input is a JSON null, then this stores a nil interface value. +// Otherwise, a nil interface value of an empty interface type is initialized +// with a zero Go bool, string, float64, map[string]any, or []any if the +// input is a JSON boolean, string, number, object, or array, respectively. +// If the interface value is still nil, then this fails with a [SemanticError] +// since decoding could not determine an appropriate Go type to decode into. +// For example, unmarshaling into a nil io.Reader fails since +// there is no concrete type to populate the interface value with. +// Otherwise an underlying value exists and it recursively decodes +// the JSON input into it. It does not support any custom format flags. +// +// - A Go [time.Time] is decoded from a JSON string containing the time +// formatted in RFC 3339 with nanosecond precision. +// If the format matches one of the format constants declared in +// the time package (e.g., RFC1123), then that format is used for parsing. +// If the format is "unix", "unixmilli", "unixmicro", or "unixnano", +// then the timestamp is decoded from an optionally fractional JSON number +// of the number of seconds (or milliseconds, microseconds, or nanoseconds) +// since the Unix epoch, which is January 1st, 1970 at 00:00:00 UTC. +// Otherwise, the format is used as-is with [time.Time.Parse] if non-empty. +// +// - A Go [time.Duration] currently has no default representation and +// requires an explicit format to be specified. +// If the format is "sec", "milli", "micro", or "nano", +// then the duration is decoded from an optionally fractional JSON number +// of the number of seconds (or milliseconds, microseconds, or nanoseconds). +// If the format is "units", it is decoded from a JSON string parsed using +// [time.ParseDuration] (e.g., "1h30m" for 1 hour 30 minutes). +// If the format is "iso8601", it is decoded from a JSON string using the +// ISO 8601 standard for durations (e.g., "PT1H30M" for 1 hour 30 minutes) +// accepting only accurate units of hours, minutes, or seconds. +// +// - All other Go types (e.g., complex numbers, channels, and functions) +// have no default representation and result in a [SemanticError]. +// +// In general, unmarshaling follows merge semantics (similar to RFC 7396) +// where the decoded Go value replaces the destination value +// for any JSON kind other than an object. +// For JSON objects, the input object is merged into the destination value +// where matching object members recursively apply merge semantics. +func Unmarshal(in []byte, out any, opts ...Options) (err error) { + return json.Unmarshal(in, out, opts...) +} + +// UnmarshalRead deserializes a Go value from an [io.Reader] according to the +// provided unmarshal and decode options (while ignoring marshal or encode options). +// The input must be a single JSON value with optional whitespace interspersed. +// It consumes the entirety of [io.Reader] until [io.EOF] is encountered, +// without reporting an error for EOF. The output must be a non-nil pointer. +// See [Unmarshal] for details about the conversion of JSON into a Go value. +func UnmarshalRead(in io.Reader, out any, opts ...Options) (err error) { + return json.UnmarshalRead(in, out, opts...) +} + +// UnmarshalDecode deserializes a Go value from a [jsontext.Decoder] according to +// the provided unmarshal options (while ignoring marshal, encode, or decode options). +// Any unmarshal options already specified on the [jsontext.Decoder] +// take lower precedence than the set of options provided by the caller. +// Unlike [Unmarshal] and [UnmarshalRead], decode options are ignored because +// they must have already been specified on the provided [jsontext.Decoder]. +// +// The input may be a stream of one or more JSON values, +// where this only unmarshals the next JSON value in the stream. +// The output must be a non-nil pointer. +// See [Unmarshal] for details about the conversion of JSON into a Go value. +func UnmarshalDecode(in *jsontext.Decoder, out any, opts ...Options) (err error) { + return json.UnmarshalDecode(in, out, opts...) +} + +// Marshalers is a list of functions that may override the marshal behavior +// of specific types. Populate [WithMarshalers] to use it with +// [Marshal], [MarshalWrite], or [MarshalEncode]. +// A nil *Marshalers is equivalent to an empty list. +// There are no exported fields or methods on Marshalers. +type Marshalers = json.Marshalers + +// JoinMarshalers constructs a flattened list of marshal functions. +// If multiple functions in the list are applicable for a value of a given type, +// then those earlier in the list take precedence over those that come later. +// If a function returns [SkipFunc], then the next applicable function is called, +// otherwise the default marshaling behavior is used. +// +// For example: +// +// m1 := JoinMarshalers(f1, f2) +// m2 := JoinMarshalers(f0, m1, f3) // equivalent to m3 +// m3 := JoinMarshalers(f0, f1, f2, f3) // equivalent to m2 +func JoinMarshalers(ms ...*Marshalers) *Marshalers { + return json.JoinMarshalers(ms...) +} + +// Unmarshalers is a list of functions that may override the unmarshal behavior +// of specific types. Populate [WithUnmarshalers] to use it with +// [Unmarshal], [UnmarshalRead], or [UnmarshalDecode]. +// A nil *Unmarshalers is equivalent to an empty list. +// There are no exported fields or methods on Unmarshalers. +type Unmarshalers = json.Unmarshalers + +// JoinUnmarshalers constructs a flattened list of unmarshal functions. +// If multiple functions in the list are applicable for a value of a given type, +// then those earlier in the list take precedence over those that come later. +// If a function returns [SkipFunc], then the next applicable function is called, +// otherwise the default unmarshaling behavior is used. +// +// For example: +// +// u1 := JoinUnmarshalers(f1, f2) +// u2 := JoinUnmarshalers(f0, u1, f3) // equivalent to u3 +// u3 := JoinUnmarshalers(f0, f1, f2, f3) // equivalent to u2 +func JoinUnmarshalers(us ...*Unmarshalers) *Unmarshalers { + return json.JoinUnmarshalers(us...) +} + +// MarshalFunc constructs a type-specific marshaler that +// specifies how to marshal values of type T. +// T can be any type except a named pointer. +// The function is always provided with a non-nil pointer value +// if T is an interface or pointer type. +// +// The function must marshal exactly one JSON value. +// The value of T must not be retained outside the function call. +// It may not return [SkipFunc]. +func MarshalFunc[T any](fn func(T) ([]byte, error)) *Marshalers { + return json.MarshalFunc[T](fn) +} + +// MarshalToFunc constructs a type-specific marshaler that +// specifies how to marshal values of type T. +// T can be any type except a named pointer. +// The function is always provided with a non-nil pointer value +// if T is an interface or pointer type. +// +// The function must marshal exactly one JSON value by calling write methods +// on the provided encoder. It may return [SkipFunc] such that marshaling can +// move on to the next marshal function. However, no mutable method calls may +// be called on the encoder if [SkipFunc] is returned. +// The pointer to [jsontext.Encoder] and the value of T +// must not be retained outside the function call. +func MarshalToFunc[T any](fn func(*jsontext.Encoder, T) error) *Marshalers { + return json.MarshalToFunc[T](fn) +} + +// UnmarshalFunc constructs a type-specific unmarshaler that +// specifies how to unmarshal values of type T. +// T must be an unnamed pointer or an interface type. +// The function is always provided with a non-nil pointer value. +// +// The function must unmarshal exactly one JSON value. +// The input []byte must not be mutated. +// The input []byte and value T must not be retained outside the function call. +// It may not return [SkipFunc]. +func UnmarshalFunc[T any](fn func([]byte, T) error) *Unmarshalers { + return json.UnmarshalFunc[T](fn) +} + +// UnmarshalFromFunc constructs a type-specific unmarshaler that +// specifies how to unmarshal values of type T. +// T must be an unnamed pointer or an interface type. +// The function is always provided with a non-nil pointer value. +// +// The function must unmarshal exactly one JSON value by calling read methods +// on the provided decoder. It may return [SkipFunc] such that unmarshaling can +// move on to the next unmarshal function. However, no mutable method calls may +// be called on the decoder if [SkipFunc] is returned. +// The pointer to [jsontext.Decoder] and the value of T +// must not be retained outside the function call. +func UnmarshalFromFunc[T any](fn func(*jsontext.Decoder, T) error) *Unmarshalers { + return json.UnmarshalFromFunc[T](fn) +} + +// Marshaler is implemented by types that can marshal themselves. +// It is recommended that types implement [MarshalerTo] unless the implementation +// is trying to avoid a hard dependency on the "jsontext" package. +// +// It is recommended that implementations return a buffer that is safe +// for the caller to retain and potentially mutate. +type Marshaler = json.Marshaler + +// MarshalerTo is implemented by types that can marshal themselves. +// It is recommended that types implement MarshalerTo instead of [Marshaler] +// since this is both more performant and flexible. +// If a type implements both Marshaler and MarshalerTo, +// then MarshalerTo takes precedence. In such a case, both implementations +// should aim to have equivalent behavior for the default marshal options. +// +// The implementation must write only one JSON value to the Encoder and +// must not retain the pointer to [jsontext.Encoder]. +type MarshalerTo = json.MarshalerTo + +// Unmarshaler is implemented by types that can unmarshal themselves. +// It is recommended that types implement [UnmarshalerFrom] unless the implementation +// is trying to avoid a hard dependency on the "jsontext" package. +// +// The input can be assumed to be a valid encoding of a JSON value +// if called from unmarshal functionality in this package. +// UnmarshalJSON must copy the JSON data if it is retained after returning. +// It is recommended that UnmarshalJSON implement merge semantics when +// unmarshaling into a pre-populated value. +// +// Implementations must not retain or mutate the input []byte. +type Unmarshaler = json.Unmarshaler + +// UnmarshalerFrom is implemented by types that can unmarshal themselves. +// It is recommended that types implement UnmarshalerFrom instead of [Unmarshaler] +// since this is both more performant and flexible. +// If a type implements both Unmarshaler and UnmarshalerFrom, +// then UnmarshalerFrom takes precedence. In such a case, both implementations +// should aim to have equivalent behavior for the default unmarshal options. +// +// The implementation must read only one JSON value from the Decoder. +// It is recommended that UnmarshalJSONFrom implement merge semantics when +// unmarshaling into a pre-populated value. +// +// Implementations must not retain the pointer to [jsontext.Decoder]. +type UnmarshalerFrom = json.UnmarshalerFrom + +// ErrUnknownName indicates that a JSON object member could not be +// unmarshaled because the name is not known to the target Go struct. +// This error is directly wrapped within a [SemanticError] when produced. +// +// The name of an unknown JSON object member can be extracted as: +// +// err := ... +// var serr json.SemanticError +// if errors.As(err, &serr) && serr.Err == json.ErrUnknownName { +// ptr := serr.JSONPointer // JSON pointer to unknown name +// name := ptr.LastToken() // unknown name itself +// ... +// } +// +// This error is only returned if [RejectUnknownMembers] is true. +var ErrUnknownName = json.ErrUnknownName + +// SemanticError describes an error determining the meaning +// of JSON data as Go data or vice-versa. +// +// The contents of this error as produced by this package may change over time. +type SemanticError = json.SemanticError + +// Options configure [Marshal], [MarshalWrite], [MarshalEncode], +// [Unmarshal], [UnmarshalRead], and [UnmarshalDecode] with specific features. +// Each function takes in a variadic list of options, where properties +// set in later options override the value of previously set properties. +// +// The Options type is identical to [encoding/json.Options] and +// [encoding/json/jsontext.Options]. Options from the other packages can +// be used interchangeably with functionality in this package. +// +// Options represent either a singular option or a set of options. +// It can be functionally thought of as a Go map of option properties +// (even though the underlying implementation avoids Go maps for performance). +// +// The constructors (e.g., [Deterministic]) return a singular option value: +// +// opt := Deterministic(true) +// +// which is analogous to creating a single entry map: +// +// opt := Options{"Deterministic": true} +// +// [JoinOptions] composes multiple options values to together: +// +// out := JoinOptions(opts...) +// +// which is analogous to making a new map and copying the options over: +// +// out := make(Options) +// for _, m := range opts { +// for k, v := range m { +// out[k] = v +// } +// } +// +// [GetOption] looks up the value of options parameter: +// +// v, ok := GetOption(opts, Deterministic) +// +// which is analogous to a Go map lookup: +// +// v, ok := Options["Deterministic"] +// +// There is a single Options type, which is used with both marshal and unmarshal. +// Some options affect both operations, while others only affect one operation: +// +// - [StringifyNumbers] affects marshaling and unmarshaling +// - [Deterministic] affects marshaling only +// - [FormatNilSliceAsNull] affects marshaling only +// - [FormatNilMapAsNull] affects marshaling only +// - [OmitZeroStructFields] affects marshaling only +// - [MatchCaseInsensitiveNames] affects marshaling and unmarshaling +// - [DiscardUnknownMembers] affects marshaling only +// - [RejectUnknownMembers] affects unmarshaling only +// - [WithMarshalers] affects marshaling only +// - [WithUnmarshalers] affects unmarshaling only +// +// Options that do not affect a particular operation are ignored. +type Options = json.Options + +// JoinOptions coalesces the provided list of options into a single Options. +// Properties set in later options override the value of previously set properties. +func JoinOptions(srcs ...Options) Options { + return json.JoinOptions(srcs...) +} + +// GetOption returns the value stored in opts with the provided setter, +// reporting whether the value is present. +// +// Example usage: +// +// v, ok := json.GetOption(opts, json.Deterministic) +// +// Options are most commonly introspected to alter the JSON representation of +// [MarshalerTo.MarshalJSONTo] and [UnmarshalerFrom.UnmarshalJSONFrom] methods, and +// [MarshalToFunc] and [UnmarshalFromFunc] functions. +// In such cases, the presence bit should generally be ignored. +func GetOption[T any](opts Options, setter func(T) Options) (T, bool) { + return json.GetOption[T](opts, setter) +} + +// DefaultOptionsV2 is the full set of all options that define v2 semantics. +// It is equivalent to all options under [Options], [encoding/json.Options], +// and [encoding/json/jsontext.Options] being set to false or the zero value, +// except for the options related to whitespace formatting. +func DefaultOptionsV2() Options { + return json.DefaultOptionsV2() +} + +// StringifyNumbers specifies that numeric Go types should be marshaled +// as a JSON string containing the equivalent JSON number value. +// When unmarshaling, numeric Go types are parsed from a JSON string +// containing the JSON number without any surrounding whitespace. +// +// According to RFC 8259, section 6, a JSON implementation may choose to +// limit the representation of a JSON number to an IEEE 754 binary64 value. +// This may cause decoders to lose precision for int64 and uint64 types. +// Quoting JSON numbers as a JSON string preserves the exact precision. +// +// This affects either marshaling or unmarshaling. +func StringifyNumbers(v bool) Options { + return json.StringifyNumbers(v) +} + +// Deterministic specifies that the same input value will be serialized +// as the exact same output bytes. Different processes of +// the same program will serialize equal values to the same bytes, +// but different versions of the same program are not guaranteed +// to produce the exact same sequence of bytes. +// +// This only affects marshaling and is ignored when unmarshaling. +func Deterministic(v bool) Options { + return json.Deterministic(v) +} + +// FormatNilSliceAsNull specifies that a nil Go slice should marshal as a +// JSON null instead of the default representation as an empty JSON array +// (or an empty JSON string in the case of ~[]byte). +// Slice fields explicitly marked with `format:emitempty` still marshal +// as an empty JSON array. +// +// This only affects marshaling and is ignored when unmarshaling. +func FormatNilSliceAsNull(v bool) Options { + return json.FormatNilSliceAsNull(v) +} + +// FormatNilMapAsNull specifies that a nil Go map should marshal as a +// JSON null instead of the default representation as an empty JSON object. +// Map fields explicitly marked with `format:emitempty` still marshal +// as an empty JSON object. +// +// This only affects marshaling and is ignored when unmarshaling. +func FormatNilMapAsNull(v bool) Options { + return json.FormatNilMapAsNull(v) +} + +// OmitZeroStructFields specifies that a Go struct should marshal in such a way +// that all struct fields that are zero are omitted from the marshaled output +// if the value is zero as determined by the "IsZero() bool" method if present, +// otherwise based on whether the field is the zero Go value. +// This is semantically equivalent to specifying the `omitzero` tag option +// on every field in a Go struct. +// +// This only affects marshaling and is ignored when unmarshaling. +func OmitZeroStructFields(v bool) Options { + return json.OmitZeroStructFields(v) +} + +// MatchCaseInsensitiveNames specifies that JSON object members are matched +// against Go struct fields using a case-insensitive match of the name. +// Go struct fields explicitly marked with `case:strict` or `case:ignore` +// always use case-sensitive (or case-insensitive) name matching, +// regardless of the value of this option. +// +// This affects either marshaling or unmarshaling. +// For marshaling, this option may alter the detection of duplicate names +// (assuming [jsontext.AllowDuplicateNames] is false) from inlined fields +// if it matches one of the declared fields in the Go struct. +func MatchCaseInsensitiveNames(v bool) Options { + return json.MatchCaseInsensitiveNames(v) +} + +// RejectUnknownMembers specifies that unknown members should be rejected +// when unmarshaling a JSON object, regardless of whether there is a field +// to store unknown members. +// +// This only affects unmarshaling and is ignored when marshaling. +func RejectUnknownMembers(v bool) Options { + return json.RejectUnknownMembers(v) +} + +// WithMarshalers specifies a list of type-specific marshalers to use, +// which can be used to override the default marshal behavior for values +// of particular types. +// +// This only affects marshaling and is ignored when unmarshaling. +func WithMarshalers(v *Marshalers) Options { + return json.WithMarshalers(v) +} + +// WithUnmarshalers specifies a list of type-specific unmarshalers to use, +// which can be used to override the default unmarshal behavior for values +// of particular types. +// +// This only affects unmarshaling and is ignored when marshaling. +func WithUnmarshalers(v *Unmarshalers) Options { + return json.WithUnmarshalers(v) +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal.go index e6c6216ff..85d530389 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal.go @@ -2,112 +2,70 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json import ( - "errors" + "bytes" + "encoding" "io" "reflect" + "slices" + "strings" "sync" -) + "time" -// MarshalOptions configures how Go data is serialized as JSON data. -// The zero value is equivalent to the default marshal settings. -type MarshalOptions struct { - requireKeyedLiterals - nonComparable - - // Marshalers is a list of type-specific marshalers to use. - Marshalers *Marshalers - - // StringifyNumbers specifies that numeric Go types should be serialized - // as a JSON string containing the equivalent JSON number value. - // - // According to RFC 8259, section 6, a JSON implementation may choose to - // limit the representation of a JSON number to an IEEE 754 binary64 value. - // This may cause decoders to lose precision for int64 and uint64 types. - // Escaping JSON numbers as a JSON string preserves the exact precision. - StringifyNumbers bool - - // DiscardUnknownMembers specifies that marshaling should ignore any - // JSON object members stored in Go struct fields dedicated to storing - // unknown JSON object members. - DiscardUnknownMembers bool - - // Deterministic specifies that the same input value will be serialized - // as the exact same output bytes. Different processes of - // the same program will serialize equal values to the same bytes, - // but different versions of the same program are not guaranteed - // to produce the exact same sequence of bytes. - Deterministic bool - - // formatDepth is the depth at which we respect the format flag. - formatDepth int - // format is custom formatting for the value at the specified depth. - format string -} + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" +) -// Marshal serializes a Go value as a []byte with default options. -// It is a thin wrapper over MarshalOptions.Marshal. -func Marshal(in any) (out []byte, err error) { - return MarshalOptions{}.Marshal(EncodeOptions{}, in) -} +// Reference encoding and time packages to assist pkgsite +// in being able to hotlink references to those packages. +var ( + _ encoding.TextMarshaler + _ encoding.TextAppender + _ encoding.TextUnmarshaler + _ time.Time + _ time.Duration +) -// MarshalFull serializes a Go value into an io.Writer with default options. -// It is a thin wrapper over MarshalOptions.MarshalFull. -func MarshalFull(out io.Writer, in any) error { - return MarshalOptions{}.MarshalFull(EncodeOptions{}, out, in) -} +// export exposes internal functionality of the "jsontext" package. +var export = jsontext.Internal.Export(&internal.AllowInternalUse) // Marshal serializes a Go value as a []byte according to the provided -// marshal and encode options. It does not terminate the output with a newline. -// See MarshalNext for details about the conversion of a Go value into JSON. -func (mo MarshalOptions) Marshal(eo EncodeOptions, in any) (out []byte, err error) { - enc := getBufferedEncoder(eo) - defer putBufferedEncoder(enc) - enc.options.omitTopLevelNewline = true - err = mo.MarshalNext(enc, in) - // TODO(https://go.dev/issue/45038): Use bytes.Clone. - return append([]byte(nil), enc.buf...), err -} - -// MarshalFull serializes a Go value into an io.Writer according to the provided -// marshal and encode options. It does not terminate the output with a newline. -// See MarshalNext for details about the conversion of a Go value into JSON. -func (mo MarshalOptions) MarshalFull(eo EncodeOptions, out io.Writer, in any) error { - enc := getStreamingEncoder(out, eo) - defer putStreamingEncoder(enc) - enc.options.omitTopLevelNewline = true - err := mo.MarshalNext(enc, in) - return err -} - -// MarshalNext encodes a Go value as the next JSON value according to -// the provided marshal options. +// marshal and encode options (while ignoring unmarshal or decode options). +// It does not terminate the output with a newline. // // Type-specific marshal functions and methods take precedence // over the default representation of a value. // Functions or methods that operate on *T are only called when encoding // a value of type T (by taking its address) or a non-nil value of *T. -// MarshalNext ensures that a value is always addressable +// Marshal ensures that a value is always addressable // (by boxing it on the heap if necessary) so that // these functions and methods can be consistently called. For performance, -// it is recommended that MarshalNext be passed a non-nil pointer to the value. +// it is recommended that Marshal be passed a non-nil pointer to the value. // // The input value is encoded as JSON according the following rules: // -// - If any type-specific functions in MarshalOptions.Marshalers match +// - If any type-specific functions in a [WithMarshalers] option match // the value type, then those functions are called to encode the value. -// If all applicable functions return SkipFunc, +// If all applicable functions return [SkipFunc], // then the value is encoded according to subsequent rules. // -// - If the value type implements MarshalerV2, -// then the MarshalNextJSON method is called to encode the value. +// - If the value type implements [MarshalerTo], +// then the MarshalJSONTo method is called to encode the value. // -// - If the value type implements MarshalerV1, +// - If the value type implements [Marshaler], // then the MarshalJSON method is called to encode the value. // -// - If the value type implements encoding.TextMarshaler, +// - If the value type implements [encoding.TextAppender], +// then the AppendText method is called to encode the value and +// subsequently encode its result as a JSON string. +// +// - If the value type implements [encoding.TextMarshaler], // then the MarshalText method is called to encode the value and // subsequently encode its result as a JSON string. // @@ -139,25 +97,25 @@ func (mo MarshalOptions) MarshalFull(eo EncodeOptions, out io.Writer, in any) er // where each byte is recursively JSON-encoded as each JSON array element. // // - A Go integer is encoded as a JSON number without fractions or exponents. -// If MarshalOptions.StringifyNumbers is specified, then the JSON number is -// encoded within a JSON string. It does not support any custom format -// flags. +// If [StringifyNumbers] is specified or encoding a JSON object name, +// then the JSON number is encoded within a JSON string. +// It does not support any custom format flags. // // - A Go float is encoded as a JSON number. -// If MarshalOptions.StringifyNumbers is specified, +// If [StringifyNumbers] is specified or encoding a JSON object name, // then the JSON number is encoded within a JSON string. // If the format is "nonfinite", then NaN, +Inf, and -Inf are encoded as // the JSON strings "NaN", "Infinity", and "-Infinity", respectively. -// Otherwise, the presence of non-finite numbers results in a SemanticError. +// Otherwise, the presence of non-finite numbers results in a [SemanticError]. // // - A Go map is encoded as a JSON object, where each Go map key and value // is recursively encoded as a name and value pair in the JSON object. // The Go map key must encode as a JSON string, otherwise this results -// in a SemanticError. When encoding keys, MarshalOptions.StringifyNumbers -// is automatically applied so that numeric keys encode as JSON strings. -// The Go map is traversed in a non-deterministic order. -// For deterministic encoding, consider using RawValue.Canonicalize. +// in a [SemanticError]. The Go map is traversed in a non-deterministic order. +// For deterministic encoding, consider using the [Deterministic] option. // If the format is "emitnull", then a nil map is encoded as a JSON null. +// If the format is "emitempty", then a nil map is encoded as an empty JSON object, +// regardless of whether [FormatNilMapAsNull] is specified. // Otherwise by default, a nil map is encoded as an empty JSON object. // // - A Go struct is encoded as a JSON object. @@ -167,6 +125,8 @@ func (mo MarshalOptions) MarshalFull(eo EncodeOptions, out io.Writer, in any) er // - A Go slice is encoded as a JSON array, where each Go slice element // is recursively JSON-encoded as the elements of the JSON array. // If the format is "emitnull", then a nil slice is encoded as a JSON null. +// If the format is "emitempty", then a nil slice is encoded as an empty JSON array, +// regardless of whether [FormatNilSliceAsNull] is specified. // Otherwise by default, a nil slice is encoded as an empty JSON array. // // - A Go array is encoded as a JSON array, where each Go array element @@ -182,148 +142,144 @@ func (mo MarshalOptions) MarshalFull(eo EncodeOptions, out io.Writer, in any) er // the recursively JSON-encoded representation of the underlying value. // It does not support any custom format flags. // -// - A Go time.Time is encoded as a JSON string containing the timestamp -// formatted in RFC 3339 with nanosecond resolution. +// - A Go [time.Time] is encoded as a JSON string containing the timestamp +// formatted in RFC 3339 with nanosecond precision. // If the format matches one of the format constants declared // in the time package (e.g., RFC1123), then that format is used. -// Otherwise, the format is used as-is with time.Time.Format if non-empty. -// -// - A Go time.Duration is encoded as a JSON string containing the duration -// formatted according to time.Duration.String. -// If the format is "nanos", it is encoded as a JSON number -// containing the number of nanoseconds in the duration. +// If the format is "unix", "unixmilli", "unixmicro", or "unixnano", +// then the timestamp is encoded as a possibly fractional JSON number +// of the number of seconds (or milliseconds, microseconds, or nanoseconds) +// since the Unix epoch, which is January 1st, 1970 at 00:00:00 UTC. +// To avoid a fractional component, round the timestamp to the relevant unit. +// Otherwise, the format is used as-is with [time.Time.Format] if non-empty. +// +// - A Go [time.Duration] currently has no default representation and +// requires an explicit format to be specified. +// If the format is "sec", "milli", "micro", or "nano", +// then the duration is encoded as a possibly fractional JSON number +// of the number of seconds (or milliseconds, microseconds, or nanoseconds). +// To avoid a fractional component, round the duration to the relevant unit. +// If the format is "units", it is encoded as a JSON string formatted using +// [time.Duration.String] (e.g., "1h30m" for 1 hour 30 minutes). +// If the format is "iso8601", it is encoded as a JSON string using the +// ISO 8601 standard for durations (e.g., "PT1H30M" for 1 hour 30 minutes) +// using only accurate units of hours, minutes, and seconds. // // - All other Go types (e.g., complex numbers, channels, and functions) -// have no default representation and result in a SemanticError. +// have no default representation and result in a [SemanticError]. // -// JSON cannot represent cyclic data structures and -// MarshalNext does not handle them. +// JSON cannot represent cyclic data structures and Marshal does not handle them. // Passing cyclic structures will result in an error. -func (mo MarshalOptions) MarshalNext(out *Encoder, in any) error { +func Marshal(in any, opts ...Options) (out []byte, err error) { + enc := export.GetBufferedEncoder(opts...) + defer export.PutBufferedEncoder(enc) + xe := export.Encoder(enc) + xe.Flags.Set(jsonflags.OmitTopLevelNewline | 1) + err = marshalEncode(enc, in, &xe.Struct) + if err != nil && xe.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return nil, internal.TransformMarshalError(in, err) + } + return bytes.Clone(xe.Buf), err +} + +// MarshalWrite serializes a Go value into an [io.Writer] according to the provided +// marshal and encode options (while ignoring unmarshal or decode options). +// It does not terminate the output with a newline. +// See [Marshal] for details about the conversion of a Go value into JSON. +func MarshalWrite(out io.Writer, in any, opts ...Options) (err error) { + enc := export.GetStreamingEncoder(out, opts...) + defer export.PutStreamingEncoder(enc) + xe := export.Encoder(enc) + xe.Flags.Set(jsonflags.OmitTopLevelNewline | 1) + err = marshalEncode(enc, in, &xe.Struct) + if err != nil && xe.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.TransformMarshalError(in, err) + } + return err +} + +// MarshalEncode serializes a Go value into an [jsontext.Encoder] according to +// the provided marshal options (while ignoring unmarshal, encode, or decode options). +// Any marshal-relevant options already specified on the [jsontext.Encoder] +// take lower precedence than the set of options provided by the caller. +// Unlike [Marshal] and [MarshalWrite], encode options are ignored because +// they must have already been specified on the provided [jsontext.Encoder]. +// +// See [Marshal] for details about the conversion of a Go value into JSON. +func MarshalEncode(out *jsontext.Encoder, in any, opts ...Options) (err error) { + xe := export.Encoder(out) + if len(opts) > 0 { + optsOriginal := xe.Struct + defer func() { xe.Struct = optsOriginal }() + xe.Struct.JoinWithoutCoderOptions(opts...) + } + err = marshalEncode(out, in, &xe.Struct) + if err != nil && xe.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.TransformMarshalError(in, err) + } + return err +} + +func marshalEncode(out *jsontext.Encoder, in any, mo *jsonopts.Struct) (err error) { v := reflect.ValueOf(in) if !v.IsValid() || (v.Kind() == reflect.Pointer && v.IsNil()) { - return out.WriteToken(Null) + return out.WriteToken(jsontext.Null) } // Shallow copy non-pointer values to obtain an addressable value. // It is beneficial to performance to always pass pointers to avoid this. - if v.Kind() != reflect.Pointer { + forceAddr := v.Kind() != reflect.Pointer + if forceAddr { v2 := reflect.New(v.Type()) v2.Elem().Set(v) v = v2 } - va := addressableValue{v.Elem()} // dereferenced pointer is always addressable + va := addressableValue{v.Elem(), forceAddr} // dereferenced pointer is always addressable t := va.Type() // Lookup and call the marshal function for this type. marshal := lookupArshaler(t).marshal if mo.Marshalers != nil { - marshal, _ = mo.Marshalers.lookup(marshal, t) + marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, t) } - if err := marshal(mo, out, va); err != nil { - if !out.options.AllowDuplicateNames { - out.tokens.invalidateDisabledNamespaces() + if err := marshal(out, va, mo); err != nil { + if !mo.Flags.Get(jsonflags.AllowDuplicateNames) { + export.Encoder(out).Tokens.InvalidateDisabledNamespaces() } return err } return nil } -// UnmarshalOptions configures how JSON data is deserialized as Go data. -// The zero value is equivalent to the default unmarshal settings. -type UnmarshalOptions struct { - requireKeyedLiterals - nonComparable - - // Unmarshalers is a list of type-specific unmarshalers to use. - Unmarshalers *Unmarshalers - - // StringifyNumbers specifies that numeric Go types can be deserialized - // from either a JSON number or a JSON string containing a JSON number - // without any surrounding whitespace. - StringifyNumbers bool - - // RejectUnknownMembers specifies that unknown members should be rejected - // when unmarshaling a JSON object, regardless of whether there is a field - // to store unknown members. - RejectUnknownMembers bool - - // formatDepth is the depth at which we respect the format flag. - formatDepth int - // format is custom formatting for the value at the specified depth. - format string -} - -// Unmarshal deserializes a Go value from a []byte with default options. -// It is a thin wrapper over UnmarshalOptions.Unmarshal. -func Unmarshal(in []byte, out any) error { - return UnmarshalOptions{}.Unmarshal(DecodeOptions{}, in, out) -} - -// UnmarshalFull deserializes a Go value from an io.Reader with default options. -// It is a thin wrapper over UnmarshalOptions.UnmarshalFull. -func UnmarshalFull(in io.Reader, out any) error { - return UnmarshalOptions{}.UnmarshalFull(DecodeOptions{}, in, out) -} - -// Unmarshal deserializes a Go value from a []byte according to the -// provided unmarshal and decode options. The output must be a non-nil pointer. +// Unmarshal decodes a []byte input into a Go value according to the provided +// unmarshal and decode options (while ignoring marshal or encode options). // The input must be a single JSON value with optional whitespace interspersed. -// See UnmarshalNext for details about the conversion of JSON into a Go value. -func (uo UnmarshalOptions) Unmarshal(do DecodeOptions, in []byte, out any) error { - dec := getBufferedDecoder(in, do) - defer putBufferedDecoder(dec) - return uo.unmarshalFull(dec, out) -} - -// UnmarshalFull deserializes a Go value from an io.Reader according to the -// provided unmarshal and decode options. The output must be a non-nil pointer. -// The input must be a single JSON value with optional whitespace interspersed. -// It consumes the entirety of io.Reader until io.EOF is encountered. -// See UnmarshalNext for details about the conversion of JSON into a Go value. -func (uo UnmarshalOptions) UnmarshalFull(do DecodeOptions, in io.Reader, out any) error { - dec := getStreamingDecoder(in, do) - defer putStreamingDecoder(dec) - return uo.unmarshalFull(dec, out) -} -func (uo UnmarshalOptions) unmarshalFull(in *Decoder, out any) error { - switch err := uo.UnmarshalNext(in, out); err { - case nil: - return in.checkEOF() - case io.EOF: - return io.ErrUnexpectedEOF - default: - return err - } -} - -// UnmarshalNext decodes the next JSON value into a Go value according to -// the provided unmarshal options. The output must be a non-nil pointer. +// The output must be a non-nil pointer. // // Type-specific unmarshal functions and methods take precedence // over the default representation of a value. // Functions or methods that operate on *T are only called when decoding // a value of type T (by taking its address) or a non-nil value of *T. -// UnmarshalNext ensures that a value is always addressable +// Unmarshal ensures that a value is always addressable // (by boxing it on the heap if necessary) so that // these functions and methods can be consistently called. // // The input is decoded into the output according the following rules: // -// - If any type-specific functions in UnmarshalOptions.Unmarshalers match +// - If any type-specific functions in a [WithUnmarshalers] option match // the value type, then those functions are called to decode the JSON -// value. If all applicable functions return SkipFunc, +// value. If all applicable functions return [SkipFunc], // then the input is decoded according to subsequent rules. // -// - If the value type implements UnmarshalerV2, -// then the UnmarshalNextJSON method is called to decode the JSON value. +// - If the value type implements [UnmarshalerFrom], +// then the UnmarshalJSONFrom method is called to decode the JSON value. // -// - If the value type implements UnmarshalerV1, +// - If the value type implements [Unmarshaler], // then the UnmarshalJSON method is called to decode the JSON value. // -// - If the value type implements encoding.TextUnmarshaler, +// - If the value type implements [encoding.TextUnmarshaler], // then the input is decoded as a JSON string and // the UnmarshalText method is called with the decoded string value. -// This fails with a SemanticError if the input is not a JSON string. +// This fails with a [SemanticError] if the input is not a JSON string. // // - Otherwise, the JSON value is decoded according to the value's type // as described in detail below. @@ -336,7 +292,7 @@ func (uo UnmarshalOptions) unmarshalFull(in *Decoder, out any) error { // A JSON null may be decoded into every supported Go value where // it is equivalent to storing the zero value of the Go value. // If the input JSON kind is not handled by the current Go value type, -// then this fails with a SemanticError. Unless otherwise specified, +// then this fails with a [SemanticError]. Unless otherwise specified, // the decoded value replaces any pre-existing value. // // The representation of each type is as follows: @@ -359,33 +315,31 @@ func (uo UnmarshalOptions) unmarshalFull(in *Decoder, out any) error { // When decoding into a non-nil []byte, the slice length is reset to zero // and the decoded input is appended to it. // When decoding into a [N]byte, the input must decode to exactly N bytes, -// otherwise it fails with a SemanticError. +// otherwise it fails with a [SemanticError]. // // - A Go integer is decoded from a JSON number. -// It may also be decoded from a JSON string containing a JSON number -// if UnmarshalOptions.StringifyNumbers is specified. -// It fails with a SemanticError if the JSON number +// It must be decoded from a JSON string containing a JSON number +// if [StringifyNumbers] is specified or decoding a JSON object name. +// It fails with a [SemanticError] if the JSON number // has a fractional or exponent component. // It also fails if it overflows the representation of the Go integer type. // It does not support any custom format flags. // // - A Go float is decoded from a JSON number. -// It may also be decoded from a JSON string containing a JSON number -// if UnmarshalOptions.StringifyNumbers is specified. -// The JSON number is parsed as the closest representable Go float value. +// It must be decoded from a JSON string containing a JSON number +// if [StringifyNumbers] is specified or decoding a JSON object name. +// It fails if it overflows the representation of the Go float type. // If the format is "nonfinite", then the JSON strings // "NaN", "Infinity", and "-Infinity" are decoded as NaN, +Inf, and -Inf. -// Otherwise, the presence of such strings results in a SemanticError. +// Otherwise, the presence of such strings results in a [SemanticError]. // // - A Go map is decoded from a JSON object, // where each JSON object name and value pair is recursively decoded -// as the Go map key and value. When decoding keys, -// UnmarshalOptions.StringifyNumbers is automatically applied so that -// numeric keys can decode from JSON strings. Maps are not cleared. +// as the Go map key and value. Maps are not cleared. // If the Go map is nil, then a new map is allocated to decode into. // If the decoded key matches an existing Go map entry, the entry value // is reused by decoding the JSON object value into it. -// The only supported format is "emitnull" and has no effect when decoding. +// The formats "emitnull" and "emitempty" have no effect when decoding. // // - A Go struct is decoded from a JSON object. // See the “JSON Representation of Go structs” section @@ -395,12 +349,12 @@ func (uo UnmarshalOptions) unmarshalFull(in *Decoder, out any) error { // is recursively decoded and appended to the Go slice. // Before appending into a Go slice, a new slice is allocated if it is nil, // otherwise the slice length is reset to zero. -// The only supported format is "emitnull" and has no effect when decoding. +// The formats "emitnull" and "emitempty" have no effect when decoding. // // - A Go array is decoded from a JSON array, where each JSON array element // is recursively decoded as each corresponding Go array element. // Each Go array element is zeroed before decoding into it. -// It fails with a SemanticError if the JSON array does not contain +// It fails with a [SemanticError] if the JSON array does not contain // the exact same number of elements as the Go array. // It does not support any custom format flags. // @@ -415,59 +369,133 @@ func (uo UnmarshalOptions) unmarshalFull(in *Decoder, out any) error { // Otherwise, a nil interface value of an empty interface type is initialized // with a zero Go bool, string, float64, map[string]any, or []any if the // input is a JSON boolean, string, number, object, or array, respectively. -// If the interface value is still nil, then this fails with a SemanticError +// If the interface value is still nil, then this fails with a [SemanticError] // since decoding could not determine an appropriate Go type to decode into. // For example, unmarshaling into a nil io.Reader fails since // there is no concrete type to populate the interface value with. // Otherwise an underlying value exists and it recursively decodes // the JSON input into it. It does not support any custom format flags. // -// - A Go time.Time is decoded from a JSON string containing the time -// formatted in RFC 3339 with nanosecond resolution. +// - A Go [time.Time] is decoded from a JSON string containing the time +// formatted in RFC 3339 with nanosecond precision. // If the format matches one of the format constants declared in // the time package (e.g., RFC1123), then that format is used for parsing. -// Otherwise, the format is used as-is with time.Time.Parse if non-empty. -// -// - A Go time.Duration is decoded from a JSON string by -// passing the decoded string to time.ParseDuration. -// If the format is "nanos", it is instead decoded from a JSON number -// containing the number of nanoseconds in the duration. +// If the format is "unix", "unixmilli", "unixmicro", or "unixnano", +// then the timestamp is decoded from an optionally fractional JSON number +// of the number of seconds (or milliseconds, microseconds, or nanoseconds) +// since the Unix epoch, which is January 1st, 1970 at 00:00:00 UTC. +// Otherwise, the format is used as-is with [time.Time.Parse] if non-empty. +// +// - A Go [time.Duration] currently has no default representation and +// requires an explicit format to be specified. +// If the format is "sec", "milli", "micro", or "nano", +// then the duration is decoded from an optionally fractional JSON number +// of the number of seconds (or milliseconds, microseconds, or nanoseconds). +// If the format is "units", it is decoded from a JSON string parsed using +// [time.ParseDuration] (e.g., "1h30m" for 1 hour 30 minutes). +// If the format is "iso8601", it is decoded from a JSON string using the +// ISO 8601 standard for durations (e.g., "PT1H30M" for 1 hour 30 minutes) +// accepting only accurate units of hours, minutes, or seconds. // // - All other Go types (e.g., complex numbers, channels, and functions) -// have no default representation and result in a SemanticError. +// have no default representation and result in a [SemanticError]. // // In general, unmarshaling follows merge semantics (similar to RFC 7396) // where the decoded Go value replaces the destination value // for any JSON kind other than an object. // For JSON objects, the input object is merged into the destination value // where matching object members recursively apply merge semantics. -func (uo UnmarshalOptions) UnmarshalNext(in *Decoder, out any) error { +func Unmarshal(in []byte, out any, opts ...Options) (err error) { + dec := export.GetBufferedDecoder(in, opts...) + defer export.PutBufferedDecoder(dec) + xd := export.Decoder(dec) + err = unmarshalDecode(dec, out, &xd.Struct, true) + if err != nil && xd.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.TransformUnmarshalError(out, err) + } + return err +} + +// UnmarshalRead deserializes a Go value from an [io.Reader] according to the +// provided unmarshal and decode options (while ignoring marshal or encode options). +// The input must be a single JSON value with optional whitespace interspersed. +// It consumes the entirety of [io.Reader] until [io.EOF] is encountered, +// without reporting an error for EOF. The output must be a non-nil pointer. +// See [Unmarshal] for details about the conversion of JSON into a Go value. +func UnmarshalRead(in io.Reader, out any, opts ...Options) (err error) { + dec := export.GetStreamingDecoder(in, opts...) + defer export.PutStreamingDecoder(dec) + xd := export.Decoder(dec) + err = unmarshalDecode(dec, out, &xd.Struct, true) + if err != nil && xd.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.TransformUnmarshalError(out, err) + } + return err +} + +// UnmarshalDecode deserializes a Go value from a [jsontext.Decoder] according to +// the provided unmarshal options (while ignoring marshal, encode, or decode options). +// Any unmarshal options already specified on the [jsontext.Decoder] +// take lower precedence than the set of options provided by the caller. +// Unlike [Unmarshal] and [UnmarshalRead], decode options are ignored because +// they must have already been specified on the provided [jsontext.Decoder]. +// +// The input may be a stream of one or more JSON values, +// where this only unmarshals the next JSON value in the stream. +// The output must be a non-nil pointer. +// See [Unmarshal] for details about the conversion of JSON into a Go value. +func UnmarshalDecode(in *jsontext.Decoder, out any, opts ...Options) (err error) { + xd := export.Decoder(in) + if len(opts) > 0 { + optsOriginal := xd.Struct + defer func() { xd.Struct = optsOriginal }() + xd.Struct.JoinWithoutCoderOptions(opts...) + } + err = unmarshalDecode(in, out, &xd.Struct, false) + if err != nil && xd.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.TransformUnmarshalError(out, err) + } + return err +} + +func unmarshalDecode(in *jsontext.Decoder, out any, uo *jsonopts.Struct, last bool) (err error) { v := reflect.ValueOf(out) - if !v.IsValid() || v.Kind() != reflect.Pointer || v.IsNil() { - var t reflect.Type - if v.IsValid() { - t = v.Type() - if t.Kind() == reflect.Pointer { - t = t.Elem() + if v.Kind() != reflect.Pointer || v.IsNil() { + return &SemanticError{action: "unmarshal", GoType: reflect.TypeOf(out), Err: internal.ErrNonNilReference} + } + va := addressableValue{v.Elem(), false} // dereferenced pointer is always addressable + t := va.Type() + + // In legacy semantics, the entirety of the next JSON value + // was validated before attempting to unmarshal it. + if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + if err := export.Decoder(in).CheckNextValue(last); err != nil { + if err == io.EOF && last { + offset := in.InputOffset() + int64(len(in.UnreadBuffer())) + return &jsontext.SyntacticError{ByteOffset: offset, Err: io.ErrUnexpectedEOF} } + return err } - err := errors.New("value must be passed as a non-nil pointer reference") - return &SemanticError{action: "unmarshal", GoType: t, Err: err} } - va := addressableValue{v.Elem()} // dereferenced pointer is always addressable - t := va.Type() // Lookup and call the unmarshal function for this type. unmarshal := lookupArshaler(t).unmarshal if uo.Unmarshalers != nil { - unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, t) + unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, t) } - if err := unmarshal(uo, in, va); err != nil { - if !in.options.AllowDuplicateNames { - in.tokens.invalidateDisabledNamespaces() + if err := unmarshal(in, va, uo); err != nil { + if !uo.Flags.Get(jsonflags.AllowDuplicateNames) { + export.Decoder(in).Tokens.InvalidateDisabledNamespaces() + } + if err == io.EOF && last { + offset := in.InputOffset() + int64(len(in.UnreadBuffer())) + return &jsontext.SyntacticError{ByteOffset: offset, Err: io.ErrUnexpectedEOF} } return err } + if last { + return export.Decoder(in).CheckEOF() + } return nil } @@ -477,17 +505,31 @@ func (uo UnmarshalOptions) UnmarshalNext(in *Decoder, out any) error { // There is no compile magic that enforces this property, // but rather the need to construct this type makes it easier to examine each // construction site to ensure that this property is upheld. -type addressableValue struct{ reflect.Value } +type addressableValue struct { + reflect.Value + + // forcedAddr reports whether this value is addressable + // only through the use of [newAddressableValue]. + // This is only used for [jsonflags.CallMethodsWithLegacySemantics]. + forcedAddr bool +} // newAddressableValue constructs a new addressable value of type t. func newAddressableValue(t reflect.Type) addressableValue { - return addressableValue{reflect.New(t).Elem()} + return addressableValue{reflect.New(t).Elem(), true} } +// TODO: Remove *jsonopts.Struct argument from [marshaler] and [unmarshaler]. +// This can be directly accessed on the encoder or decoder. + // All marshal and unmarshal behavior is implemented using these signatures. +// The *jsonopts.Struct argument is guaranteed to identical to or at least +// a strict super-set of the options in Encoder.Struct or Decoder.Struct. +// It is identical for Marshal, Unmarshal, MarshalWrite, and UnmarshalRead. +// It is a super-set for MarshalEncode and UnmarshalDecode. type ( - marshaler = func(MarshalOptions, *Encoder, addressableValue) error - unmarshaler = func(UnmarshalOptions, *Decoder, addressableValue) error + marshaler = func(*jsontext.Encoder, addressableValue, *jsonopts.Struct) error + unmarshaler = func(*jsontext.Decoder, addressableValue, *jsonopts.Struct) error ) type arshaler struct { @@ -511,3 +553,28 @@ func lookupArshaler(t reflect.Type) *arshaler { v, _ := lookupArshalerCache.LoadOrStore(t, fncs) return v.(*arshaler) } + +var stringsPools = &sync.Pool{New: func() any { return new(stringSlice) }} + +type stringSlice []string + +// getStrings returns a non-nil pointer to a slice with length n. +func getStrings(n int) *stringSlice { + s := stringsPools.Get().(*stringSlice) + if cap(*s) < n { + *s = make([]string, n) + } + *s = (*s)[:n] + return s +} + +func putStrings(s *stringSlice) { + if cap(*s) > 1<<10 { + *s = nil // avoid pinning arbitrarily large amounts of memory + } + stringsPools.Put(s) +} + +func (ss *stringSlice) Sort() { + slices.SortFunc(*ss, func(x, y string) int { return strings.Compare(x, y) }) +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_any.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_any.go index c62b1f320..22ed430fb 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_any.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_any.go @@ -2,49 +2,73 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json -import "reflect" +import ( + "cmp" + "math" + "reflect" + "strconv" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" +) -// This files contains an optimized marshal and unmarshal implementation +// This file contains an optimized marshal and unmarshal implementation // for the any type. This type is often used when the Go program has // no knowledge of the JSON schema. This is a common enough occurrence // to justify the complexity of adding logic for this. -func marshalValueAny(mo MarshalOptions, enc *Encoder, val any) error { +// marshalValueAny marshals a Go any as a JSON value. +// This assumes that there are no special formatting directives +// for any possible nested value. +func marshalValueAny(enc *jsontext.Encoder, val any, mo *jsonopts.Struct) error { switch val := val.(type) { case nil: - return enc.WriteToken(Null) + return enc.WriteToken(jsontext.Null) case bool: - return enc.WriteToken(Bool(val)) + return enc.WriteToken(jsontext.Bool(val)) case string: - return enc.WriteToken(String(val)) + return enc.WriteToken(jsontext.String(val)) case float64: - return enc.WriteToken(Float(val)) + if math.IsNaN(val) || math.IsInf(val, 0) { + break // use default logic below + } + return enc.WriteToken(jsontext.Float(val)) case map[string]any: - return marshalObjectAny(mo, enc, val) + return marshalObjectAny(enc, val, mo) case []any: - return marshalArrayAny(mo, enc, val) - default: - v := newAddressableValue(reflect.TypeOf(val)) - v.Set(reflect.ValueOf(val)) - marshal := lookupArshaler(v.Type()).marshal - if mo.Marshalers != nil { - marshal, _ = mo.Marshalers.lookup(marshal, v.Type()) - } - return marshal(mo, enc, v) + return marshalArrayAny(enc, val, mo) } + + v := newAddressableValue(reflect.TypeOf(val)) + v.Set(reflect.ValueOf(val)) + marshal := lookupArshaler(v.Type()).marshal + if mo.Marshalers != nil { + marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, v.Type()) + } + return marshal(enc, v, mo) } -func unmarshalValueAny(uo UnmarshalOptions, dec *Decoder) (any, error) { +// unmarshalValueAny unmarshals a JSON value as a Go any. +// This assumes that there are no special formatting directives +// for any possible nested value. +// Duplicate names must be rejected since this does not implement merging. +func unmarshalValueAny(dec *jsontext.Decoder, uo *jsonopts.Struct) (any, error) { switch k := dec.PeekKind(); k { case '{': - return unmarshalObjectAny(uo, dec) + return unmarshalObjectAny(dec, uo) case '[': - return unmarshalArrayAny(uo, dec) + return unmarshalArrayAny(dec, uo) default: - var flags valueFlags - val, err := dec.readValue(&flags) + xd := export.Decoder(dec) + var flags jsonwire.ValueFlags + val, err := xd.ReadValue(&flags) if err != nil { return nil, err } @@ -56,13 +80,19 @@ func unmarshalValueAny(uo UnmarshalOptions, dec *Decoder) (any, error) { case 't': return true, nil case '"': - val = unescapeStringMayCopy(val, flags.isVerbatim()) - if dec.stringCache == nil { - dec.stringCache = new(stringCache) + val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) + if xd.StringCache == nil { + xd.StringCache = new(stringCache) } - return dec.stringCache.make(val), nil + return makeString(xd.StringCache, val), nil case '0': - fv, _ := parseFloat(val, 64) // ignore error since readValue guarantees val is valid + if uo.Flags.Get(jsonflags.UnmarshalAnyWithRawNumber) { + return internal.RawNumberOf(val), nil + } + fv, ok := jsonwire.ParseFloat(val, 64) + if !ok { + return fv, newUnmarshalErrorAfterWithValue(dec, float64Type, strconv.ErrRange) + } return fv, nil default: panic("BUG: invalid kind: " + k.String()) @@ -70,41 +100,49 @@ func unmarshalValueAny(uo UnmarshalOptions, dec *Decoder) (any, error) { } } -func marshalObjectAny(mo MarshalOptions, enc *Encoder, obj map[string]any) error { +// marshalObjectAny marshals a Go map[string]any as a JSON object +// (or as a JSON null if nil and [jsonflags.FormatNilMapAsNull]). +func marshalObjectAny(enc *jsontext.Encoder, obj map[string]any, mo *jsonopts.Struct) error { // Check for cycles. - if enc.tokens.depth() > startDetectingCyclesAfter { + xe := export.Encoder(enc) + if xe.Tokens.Depth() > startDetectingCyclesAfter { v := reflect.ValueOf(obj) - if err := enc.seenPointers.visit(v); err != nil { - return err + if err := visitPointer(&xe.SeenPointers, v); err != nil { + return newMarshalErrorBefore(enc, mapStringAnyType, err) } - defer enc.seenPointers.leave(v) + defer leavePointer(&xe.SeenPointers, v) } - // Optimize for marshaling an empty map without any preceding whitespace. - if len(obj) == 0 && !enc.options.multiline && !enc.tokens.last.needObjectName() { - enc.buf = enc.tokens.mayAppendDelim(enc.buf, '{') - enc.buf = append(enc.buf, "{}"...) - enc.tokens.last.increment() - if enc.needFlush() { - return enc.flush() + // Handle empty maps. + if len(obj) == 0 { + if mo.Flags.Get(jsonflags.FormatNilMapAsNull) && obj == nil { + return enc.WriteToken(jsontext.Null) + } + // Optimize for marshaling an empty map without any preceding whitespace. + if !mo.Flags.Get(jsonflags.AnyWhitespace) && !xe.Tokens.Last.NeedObjectName() { + xe.Buf = append(xe.Tokens.MayAppendDelim(xe.Buf, '{'), "{}"...) + xe.Tokens.Last.Increment() + if xe.NeedFlush() { + return xe.Flush() + } + return nil } - return nil } - if err := enc.WriteToken(ObjectStart); err != nil { + if err := enc.WriteToken(jsontext.BeginObject); err != nil { return err } // A Go map guarantees that each entry has a unique key // The only possibility of duplicates is due to invalid UTF-8. - if !enc.options.AllowInvalidUTF8 { - enc.tokens.last.disableNamespace() + if !mo.Flags.Get(jsonflags.AllowInvalidUTF8) { + xe.Tokens.Last.DisableNamespace() } - if !mo.Deterministic || len(obj) <= 1 { + if !mo.Flags.Get(jsonflags.Deterministic) || len(obj) <= 1 { for name, val := range obj { - if err := enc.WriteToken(String(name)); err != nil { + if err := enc.WriteToken(jsontext.String(name)); err != nil { return err } - if err := marshalValueAny(mo, enc, val); err != nil { + if err := marshalValueAny(enc, val, mo); err != nil { return err } } @@ -117,122 +155,133 @@ func marshalObjectAny(mo MarshalOptions, enc *Encoder, obj map[string]any) error } names.Sort() for _, name := range *names { - if err := enc.WriteToken(String(name)); err != nil { + if err := enc.WriteToken(jsontext.String(name)); err != nil { return err } - if err := marshalValueAny(mo, enc, obj[name]); err != nil { + if err := marshalValueAny(enc, obj[name], mo); err != nil { return err } } putStrings(names) } - if err := enc.WriteToken(ObjectEnd); err != nil { + if err := enc.WriteToken(jsontext.EndObject); err != nil { return err } return nil } -func unmarshalObjectAny(uo UnmarshalOptions, dec *Decoder) (map[string]any, error) { - tok, err := dec.ReadToken() - if err != nil { +// unmarshalObjectAny unmarshals a JSON object as a Go map[string]any. +// It panics if not decoding a JSON object. +func unmarshalObjectAny(dec *jsontext.Decoder, uo *jsonopts.Struct) (map[string]any, error) { + switch tok, err := dec.ReadToken(); { + case err != nil: return nil, err + case tok.Kind() != '{': + panic("BUG: invalid kind: " + tok.Kind().String()) } - k := tok.Kind() - switch k { - case 'n': - return nil, nil - case '{': - obj := make(map[string]any) - // A Go map guarantees that each entry has a unique key - // The only possibility of duplicates is due to invalid UTF-8. - if !dec.options.AllowInvalidUTF8 { - dec.tokens.last.disableNamespace() - } - for dec.PeekKind() != '}' { - tok, err := dec.ReadToken() - if err != nil { - return obj, err - } - name := tok.String() + obj := make(map[string]any) + // A Go map guarantees that each entry has a unique key + // The only possibility of duplicates is due to invalid UTF-8. + if !uo.Flags.Get(jsonflags.AllowInvalidUTF8) { + export.Decoder(dec).Tokens.Last.DisableNamespace() + } + var errUnmarshal error + for dec.PeekKind() != '}' { + tok, err := dec.ReadToken() + if err != nil { + return obj, err + } + name := tok.String() - // Manually check for duplicate names. - if _, ok := obj[name]; ok { - name := dec.previousBuffer() - err := &SyntacticError{str: "duplicate name " + string(name) + " in object"} - return obj, err.withOffset(dec.InputOffset() - int64(len(name))) - } + // Manually check for duplicate names. + if _, ok := obj[name]; ok { + // TODO: Unread the object name. + name := export.Decoder(dec).PreviousTokenOrValue() + err := newDuplicateNameError(dec.StackPointer(), nil, dec.InputOffset()-len64(name)) + return obj, err + } - val, err := unmarshalValueAny(uo, dec) - obj[name] = val - if err != nil { + val, err := unmarshalValueAny(dec, uo) + obj[name] = val + if err != nil { + if isFatalError(err, uo.Flags) { return obj, err } + errUnmarshal = cmp.Or(err, errUnmarshal) } - if _, err := dec.ReadToken(); err != nil { - return obj, err - } - return obj, nil } - return nil, &SemanticError{action: "unmarshal", JSONKind: k, GoType: mapStringAnyType} + if _, err := dec.ReadToken(); err != nil { + return obj, err + } + return obj, errUnmarshal } -func marshalArrayAny(mo MarshalOptions, enc *Encoder, arr []any) error { +// marshalArrayAny marshals a Go []any as a JSON array +// (or as a JSON null if nil and [jsonflags.FormatNilSliceAsNull]). +func marshalArrayAny(enc *jsontext.Encoder, arr []any, mo *jsonopts.Struct) error { // Check for cycles. - if enc.tokens.depth() > startDetectingCyclesAfter { + xe := export.Encoder(enc) + if xe.Tokens.Depth() > startDetectingCyclesAfter { v := reflect.ValueOf(arr) - if err := enc.seenPointers.visit(v); err != nil { - return err + if err := visitPointer(&xe.SeenPointers, v); err != nil { + return newMarshalErrorBefore(enc, sliceAnyType, err) } - defer enc.seenPointers.leave(v) + defer leavePointer(&xe.SeenPointers, v) } - // Optimize for marshaling an empty slice without any preceding whitespace. - if len(arr) == 0 && !enc.options.multiline && !enc.tokens.last.needObjectName() { - enc.buf = enc.tokens.mayAppendDelim(enc.buf, '[') - enc.buf = append(enc.buf, "[]"...) - enc.tokens.last.increment() - if enc.needFlush() { - return enc.flush() + // Handle empty slices. + if len(arr) == 0 { + if mo.Flags.Get(jsonflags.FormatNilSliceAsNull) && arr == nil { + return enc.WriteToken(jsontext.Null) + } + // Optimize for marshaling an empty slice without any preceding whitespace. + if !mo.Flags.Get(jsonflags.AnyWhitespace) && !xe.Tokens.Last.NeedObjectName() { + xe.Buf = append(xe.Tokens.MayAppendDelim(xe.Buf, '['), "[]"...) + xe.Tokens.Last.Increment() + if xe.NeedFlush() { + return xe.Flush() + } + return nil } - return nil } - if err := enc.WriteToken(ArrayStart); err != nil { + if err := enc.WriteToken(jsontext.BeginArray); err != nil { return err } for _, val := range arr { - if err := marshalValueAny(mo, enc, val); err != nil { + if err := marshalValueAny(enc, val, mo); err != nil { return err } } - if err := enc.WriteToken(ArrayEnd); err != nil { + if err := enc.WriteToken(jsontext.EndArray); err != nil { return err } return nil } -func unmarshalArrayAny(uo UnmarshalOptions, dec *Decoder) ([]any, error) { - tok, err := dec.ReadToken() - if err != nil { +// unmarshalArrayAny unmarshals a JSON array as a Go []any. +// It panics if not decoding a JSON array. +func unmarshalArrayAny(dec *jsontext.Decoder, uo *jsonopts.Struct) ([]any, error) { + switch tok, err := dec.ReadToken(); { + case err != nil: return nil, err + case tok.Kind() != '[': + panic("BUG: invalid kind: " + tok.Kind().String()) } - k := tok.Kind() - switch k { - case 'n': - return nil, nil - case '[': - arr := []any{} - for dec.PeekKind() != ']' { - val, err := unmarshalValueAny(uo, dec) - arr = append(arr, val) - if err != nil { + arr := []any{} + var errUnmarshal error + for dec.PeekKind() != ']' { + val, err := unmarshalValueAny(dec, uo) + arr = append(arr, val) + if err != nil { + if isFatalError(err, uo.Flags) { return arr, err } + errUnmarshal = cmp.Or(errUnmarshal, err) } - if _, err := dec.ReadToken(); err != nil { - return arr, err - } - return arr, nil } - return nil, &SemanticError{action: "unmarshal", JSONKind: k, GoType: sliceAnyType} + if _, err := dec.ReadToken(); err != nil { + return arr, err + } + return arr, errUnmarshal } diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_default.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_default.go index fd26eba35..64d2b7a9b 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_default.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_default.go @@ -2,10 +2,14 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json import ( "bytes" + "cmp" + "encoding" "encoding/base32" "encoding/base64" "encoding/hex" @@ -13,9 +17,16 @@ import ( "fmt" "math" "reflect" - "sort" + "slices" "strconv" + "strings" "sync" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // optimizeCommon specifies whether to use optimizations targeted for certain @@ -25,44 +36,56 @@ const optimizeCommon = true var ( // Most natural Go type that correspond with each JSON type. - anyType = reflect.TypeOf((*any)(nil)).Elem() // JSON value - boolType = reflect.TypeOf((*bool)(nil)).Elem() // JSON bool - stringType = reflect.TypeOf((*string)(nil)).Elem() // JSON string - float64Type = reflect.TypeOf((*float64)(nil)).Elem() // JSON number - mapStringAnyType = reflect.TypeOf((*map[string]any)(nil)).Elem() // JSON object - sliceAnyType = reflect.TypeOf((*[]any)(nil)).Elem() // JSON array - - bytesType = reflect.TypeOf((*[]byte)(nil)).Elem() - emptyStructType = reflect.TypeOf((*struct{})(nil)).Elem() + anyType = reflect.TypeFor[any]() // JSON value + boolType = reflect.TypeFor[bool]() // JSON bool + stringType = reflect.TypeFor[string]() // JSON string + float64Type = reflect.TypeFor[float64]() // JSON number + mapStringAnyType = reflect.TypeFor[map[string]any]() // JSON object + sliceAnyType = reflect.TypeFor[[]any]() // JSON array + + bytesType = reflect.TypeFor[[]byte]() + emptyStructType = reflect.TypeFor[struct{}]() ) const startDetectingCyclesAfter = 1000 -type seenPointers map[typedPointer]struct{} +type seenPointers = map[any]struct{} type typedPointer struct { typ reflect.Type ptr any // always stores unsafe.Pointer, but avoids depending on unsafe + len int // remember slice length to avoid false positives } -// visit visits pointer p of type t, reporting an error if seen before. +// visitPointer visits pointer p of type t, reporting an error if seen before. // If successfully visited, then the caller must eventually call leave. -func (m *seenPointers) visit(v reflect.Value) error { - p := typedPointer{v.Type(), v.UnsafePointer()} +func visitPointer(m *seenPointers, v reflect.Value) error { + p := typedPointer{v.Type(), v.UnsafePointer(), sliceLen(v)} if _, ok := (*m)[p]; ok { - return &SemanticError{action: "marshal", GoType: p.typ, Err: errors.New("encountered a cycle")} + return internal.ErrCycle } if *m == nil { - *m = make(map[typedPointer]struct{}) + *m = make(seenPointers) } (*m)[p] = struct{}{} return nil } -func (m *seenPointers) leave(v reflect.Value) { - p := typedPointer{v.Type(), v.UnsafePointer()} +func leavePointer(m *seenPointers, v reflect.Value) { + p := typedPointer{v.Type(), v.UnsafePointer(), sliceLen(v)} delete(*m, p) } +func sliceLen(v reflect.Value) int { + if v.Kind() == reflect.Slice { + return v.Len() + } + return 0 +} + +func len64[Bytes ~[]byte | ~string](in Bytes) int64 { + return int64(len(in)) +} + func makeDefaultArshaler(t reflect.Type) *arshaler { switch t.Kind() { case reflect.Bool: @@ -71,7 +94,7 @@ func makeDefaultArshaler(t reflect.Type) *arshaler { return makeStringArshaler(t) case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: return makeIntArshaler(t) - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: return makeUintArshaler(t) case reflect.Float32, reflect.Float64: return makeFloatArshaler(t) @@ -81,13 +104,13 @@ func makeDefaultArshaler(t reflect.Type) *arshaler { return makeStructArshaler(t) case reflect.Slice: fncs := makeSliceArshaler(t) - if t.AssignableTo(bytesType) { + if t.Elem().Kind() == reflect.Uint8 { return makeBytesArshaler(t, fncs) } return fncs case reflect.Array: fncs := makeArrayArshaler(t) - if reflect.SliceOf(t.Elem()).AssignableTo(bytesType) { + if t.Elem().Kind() == reflect.Uint8 { return makeBytesArshaler(t, fncs) } return fncs @@ -102,31 +125,35 @@ func makeDefaultArshaler(t reflect.Type) *arshaler { func makeBoolArshaler(t reflect.Type) *arshaler { var fncs arshaler - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - return newInvalidFormatError("marshal", t, mo.format) + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + xe := export.Encoder(enc) + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + return newInvalidFormatError(enc, t) } // Optimize for marshaling without preceding whitespace. - if optimizeCommon && !enc.options.multiline && !enc.tokens.last.needObjectName() { - enc.buf = enc.tokens.mayAppendDelim(enc.buf, 't') - if va.Bool() { - enc.buf = append(enc.buf, "true"...) - } else { - enc.buf = append(enc.buf, "false"...) - } - enc.tokens.last.increment() - if enc.needFlush() { - return enc.flush() + if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace|jsonflags.StringifyBoolsAndStrings) && !xe.Tokens.Last.NeedObjectName() { + xe.Buf = strconv.AppendBool(xe.Tokens.MayAppendDelim(xe.Buf, 't'), va.Bool()) + xe.Tokens.Last.Increment() + if xe.NeedFlush() { + return xe.Flush() } return nil } - return enc.WriteToken(Bool(va.Bool())) + if mo.Flags.Get(jsonflags.StringifyBoolsAndStrings) { + if va.Bool() { + return enc.WriteToken(jsontext.String("true")) + } else { + return enc.WriteToken(jsontext.String("false")) + } + } + return enc.WriteToken(jsontext.Bool(va.Bool())) } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - return newInvalidFormatError("unmarshal", t, uo.format) + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + return newInvalidFormatError(dec, t) } tok, err := dec.ReadToken() if err != nil { @@ -135,187 +162,267 @@ func makeBoolArshaler(t reflect.Type) *arshaler { k := tok.Kind() switch k { case 'n': - va.SetBool(false) + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetBool(false) + } return nil case 't', 'f': - va.SetBool(tok.Bool()) - return nil + if !uo.Flags.Get(jsonflags.StringifyBoolsAndStrings) { + va.SetBool(tok.Bool()) + return nil + } + case '"': + if uo.Flags.Get(jsonflags.StringifyBoolsAndStrings) { + switch tok.String() { + case "true": + va.SetBool(true) + case "false": + va.SetBool(false) + default: + if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && tok.String() == "null" { + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetBool(false) + } + return nil + } + return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrSyntax) + } + return nil + } } - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} + return newUnmarshalErrorAfterWithSkipping(dec, t, nil) } return &fncs } func makeStringArshaler(t reflect.Type) *arshaler { var fncs arshaler - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - return newInvalidFormatError("marshal", t, mo.format) + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + xe := export.Encoder(enc) + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + return newInvalidFormatError(enc, t) } - return enc.WriteToken(String(va.String())) + + // Optimize for marshaling without preceding whitespace. + s := va.String() + if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace|jsonflags.StringifyBoolsAndStrings) && !xe.Tokens.Last.NeedObjectName() { + b := xe.Buf + b = xe.Tokens.MayAppendDelim(b, '"') + b, err := jsonwire.AppendQuote(b, s, &mo.Flags) + if err == nil { + xe.Buf = b + xe.Tokens.Last.Increment() + if xe.NeedFlush() { + return xe.Flush() + } + return nil + } + // Otherwise, the string contains invalid UTF-8, + // so let the logic below construct the proper error. + } + + if mo.Flags.Get(jsonflags.StringifyBoolsAndStrings) { + b, err := jsonwire.AppendQuote(nil, s, &mo.Flags) + if err != nil { + return newMarshalErrorBefore(enc, t, &jsontext.SyntacticError{Err: err}) + } + q, err := jsontext.AppendQuote(nil, b) + if err != nil { + panic("BUG: second AppendQuote should never fail: " + err.Error()) + } + return enc.WriteValue(q) + } + return enc.WriteToken(jsontext.String(s)) } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - return newInvalidFormatError("unmarshal", t, uo.format) + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + return newInvalidFormatError(dec, t) } - var flags valueFlags - val, err := dec.readValue(&flags) + var flags jsonwire.ValueFlags + val, err := xd.ReadValue(&flags) if err != nil { return err } k := val.Kind() switch k { case 'n': - va.SetString("") + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetString("") + } return nil case '"': - val = unescapeStringMayCopy(val, flags.isVerbatim()) - if dec.stringCache == nil { - dec.stringCache = new(stringCache) + val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) + if uo.Flags.Get(jsonflags.StringifyBoolsAndStrings) { + val, err = jsontext.AppendUnquote(nil, val) + if err != nil { + return newUnmarshalErrorAfter(dec, t, err) + } + if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && string(val) == "null" { + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetString("") + } + return nil + } } - str := dec.stringCache.make(val) + if xd.StringCache == nil { + xd.StringCache = new(stringCache) + } + str := makeString(xd.StringCache, val) va.SetString(str) return nil } - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} + return newUnmarshalErrorAfter(dec, t, nil) } return &fncs } var ( - encodeBase16 = func(dst, src []byte) { hex.Encode(dst, src) } - encodeBase32 = base32.StdEncoding.Encode - encodeBase32Hex = base32.HexEncoding.Encode - encodeBase64 = base64.StdEncoding.Encode - encodeBase64URL = base64.URLEncoding.Encode - encodedLenBase16 = hex.EncodedLen - encodedLenBase32 = base32.StdEncoding.EncodedLen - encodedLenBase32Hex = base32.HexEncoding.EncodedLen - encodedLenBase64 = base64.StdEncoding.EncodedLen - encodedLenBase64URL = base64.URLEncoding.EncodedLen - decodeBase16 = hex.Decode - decodeBase32 = base32.StdEncoding.Decode - decodeBase32Hex = base32.HexEncoding.Decode - decodeBase64 = base64.StdEncoding.Decode - decodeBase64URL = base64.URLEncoding.Decode - decodedLenBase16 = hex.DecodedLen - decodedLenBase32 = base32.StdEncoding.WithPadding(base32.NoPadding).DecodedLen - decodedLenBase32Hex = base32.HexEncoding.WithPadding(base32.NoPadding).DecodedLen - decodedLenBase64 = base64.StdEncoding.WithPadding(base64.NoPadding).DecodedLen - decodedLenBase64URL = base64.URLEncoding.WithPadding(base64.NoPadding).DecodedLen + appendEncodeBase16 = hex.AppendEncode + appendEncodeBase32 = base32.StdEncoding.AppendEncode + appendEncodeBase32Hex = base32.HexEncoding.AppendEncode + appendEncodeBase64 = base64.StdEncoding.AppendEncode + appendEncodeBase64URL = base64.URLEncoding.AppendEncode + encodedLenBase16 = hex.EncodedLen + encodedLenBase32 = base32.StdEncoding.EncodedLen + encodedLenBase32Hex = base32.HexEncoding.EncodedLen + encodedLenBase64 = base64.StdEncoding.EncodedLen + encodedLenBase64URL = base64.URLEncoding.EncodedLen + appendDecodeBase16 = hex.AppendDecode + appendDecodeBase32 = base32.StdEncoding.AppendDecode + appendDecodeBase32Hex = base32.HexEncoding.AppendDecode + appendDecodeBase64 = base64.StdEncoding.AppendDecode + appendDecodeBase64URL = base64.URLEncoding.AppendDecode ) func makeBytesArshaler(t reflect.Type, fncs *arshaler) *arshaler { - // NOTE: This handles both []byte and [N]byte. - marshalDefault := fncs.marshal - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - encode, encodedLen := encodeBase64, encodedLenBase64 - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - switch mo.format { + // NOTE: This handles both []~byte and [N]~byte. + // The v2 default is to treat a []namedByte as equivalent to []T + // since being able to convert []namedByte to []byte relies on + // dubious Go reflection behavior (see https://go.dev/issue/24746). + // For v1 emulation, we use jsonflags.FormatBytesWithLegacySemantics + // to forcibly treat []namedByte as a []byte. + marshalArray := fncs.marshal + isNamedByte := t.Elem().PkgPath() != "" + hasMarshaler := implementsAny(t.Elem(), allMarshalerTypes...) + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + if !mo.Flags.Get(jsonflags.FormatBytesWithLegacySemantics) && isNamedByte { + return marshalArray(enc, va, mo) // treat as []T or [N]T + } + xe := export.Encoder(enc) + appendEncode := appendEncodeBase64 + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + switch mo.Format { case "base64": - encode, encodedLen = encodeBase64, encodedLenBase64 + appendEncode = appendEncodeBase64 case "base64url": - encode, encodedLen = encodeBase64URL, encodedLenBase64URL + appendEncode = appendEncodeBase64URL case "base32": - encode, encodedLen = encodeBase32, encodedLenBase32 + appendEncode = appendEncodeBase32 case "base32hex": - encode, encodedLen = encodeBase32Hex, encodedLenBase32Hex + appendEncode = appendEncodeBase32Hex case "base16", "hex": - encode, encodedLen = encodeBase16, encodedLenBase16 + appendEncode = appendEncodeBase16 case "array": - mo.format = "" - return marshalDefault(mo, enc, va) + mo.Format = "" + return marshalArray(enc, va, mo) default: - return newInvalidFormatError("marshal", t, mo.format) + return newInvalidFormatError(enc, t) } + } else if mo.Flags.Get(jsonflags.FormatByteArrayAsArray) && va.Kind() == reflect.Array { + return marshalArray(enc, va, mo) + } else if mo.Flags.Get(jsonflags.FormatBytesWithLegacySemantics) && hasMarshaler { + return marshalArray(enc, va, mo) } - val := enc.UnusedBuffer() - b := va.Bytes() - n := len(`"`) + encodedLen(len(b)) + len(`"`) - if cap(val) < n { - val = make([]byte, n) - } else { - val = val[:n] + if mo.Flags.Get(jsonflags.FormatNilSliceAsNull) && va.Kind() == reflect.Slice && va.IsNil() { + // TODO: Provide a "emitempty" format override? + return enc.WriteToken(jsontext.Null) } - val[0] = '"' - encode(val[len(`"`):len(val)-len(`"`)], b) - val[len(val)-1] = '"' - return enc.WriteValue(val) + return xe.AppendRaw('"', true, func(b []byte) ([]byte, error) { + return appendEncode(b, va.Bytes()), nil + }) } - unmarshalDefault := fncs.unmarshal - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - decode, decodedLen, encodedLen := decodeBase64, decodedLenBase64, encodedLenBase64 - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - switch uo.format { + unmarshalArray := fncs.unmarshal + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + if !uo.Flags.Get(jsonflags.FormatBytesWithLegacySemantics) && isNamedByte { + return unmarshalArray(dec, va, uo) // treat as []T or [N]T + } + xd := export.Decoder(dec) + appendDecode, encodedLen := appendDecodeBase64, encodedLenBase64 + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + switch uo.Format { case "base64": - decode, decodedLen, encodedLen = decodeBase64, decodedLenBase64, encodedLenBase64 + appendDecode, encodedLen = appendDecodeBase64, encodedLenBase64 case "base64url": - decode, decodedLen, encodedLen = decodeBase64URL, decodedLenBase64URL, encodedLenBase64URL + appendDecode, encodedLen = appendDecodeBase64URL, encodedLenBase64URL case "base32": - decode, decodedLen, encodedLen = decodeBase32, decodedLenBase32, encodedLenBase32 + appendDecode, encodedLen = appendDecodeBase32, encodedLenBase32 case "base32hex": - decode, decodedLen, encodedLen = decodeBase32Hex, decodedLenBase32Hex, encodedLenBase32Hex + appendDecode, encodedLen = appendDecodeBase32Hex, encodedLenBase32Hex case "base16", "hex": - decode, decodedLen, encodedLen = decodeBase16, decodedLenBase16, encodedLenBase16 + appendDecode, encodedLen = appendDecodeBase16, encodedLenBase16 case "array": - uo.format = "" - return unmarshalDefault(uo, dec, va) + uo.Format = "" + return unmarshalArray(dec, va, uo) default: - return newInvalidFormatError("unmarshal", t, uo.format) + return newInvalidFormatError(dec, t) } + } else if uo.Flags.Get(jsonflags.FormatByteArrayAsArray) && va.Kind() == reflect.Array { + return unmarshalArray(dec, va, uo) + } else if uo.Flags.Get(jsonflags.FormatBytesWithLegacySemantics) && dec.PeekKind() == '[' { + return unmarshalArray(dec, va, uo) } - var flags valueFlags - val, err := dec.readValue(&flags) + var flags jsonwire.ValueFlags + val, err := xd.ReadValue(&flags) if err != nil { return err } k := val.Kind() switch k { case 'n': - va.Set(reflect.Zero(t)) + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) || va.Kind() != reflect.Array { + va.SetZero() + } return nil case '"': - val = unescapeStringMayCopy(val, flags.isVerbatim()) - - // For base64 and base32, decodedLen computes the maximum output size - // when given the original input size. To compute the exact size, - // adjust the input size by excluding trailing padding characters. - // This is unnecessary for base16, but also harmless. - n := len(val) - for n > 0 && val[n-1] == '=' { - n-- - } - n = decodedLen(n) - b := va.Bytes() - if va.Kind() == reflect.Array { - if n != len(b) { - err := fmt.Errorf("decoded base64 length of %d mismatches array length of %d", n, len(b)) - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err} - } - } else { - if b == nil || cap(b) < n { - b = make([]byte, n) - } else { - b = b[:n] - } + // NOTE: The v2 default is to strictly comply with RFC 4648. + // Section 3.2 specifies that padding is required. + // Section 3.3 specifies that non-alphabet characters + // (e.g., '\r' or '\n') must be rejected. + // Section 3.5 specifies that unnecessary non-zero bits in + // the last quantum may be rejected. Since this is optional, + // we do not reject such inputs. + val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) + b, err := appendDecode(va.Bytes()[:0], val) + if err != nil { + return newUnmarshalErrorAfter(dec, t, err) } - n2, err := decode(b, val) - if err == nil && len(val) != encodedLen(n2) { + if len(val) != encodedLen(len(b)) && !uo.Flags.Get(jsonflags.ParseBytesWithLooseRFC4648) { // TODO(https://go.dev/issue/53845): RFC 4648, section 3.3, // specifies that non-alphabet characters must be rejected. // Unfortunately, the "base32" and "base64" packages allow // '\r' and '\n' characters by default. - err = errors.New("illegal data at input byte " + strconv.Itoa(bytes.IndexAny(val, "\r\n"))) + i := bytes.IndexAny(val, "\r\n") + err := fmt.Errorf("illegal character %s at offset %d", jsonwire.QuoteRune(val[i:]), i) + return newUnmarshalErrorAfter(dec, t, err) } - if err != nil { - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err} - } - if va.Kind() == reflect.Slice { + + if va.Kind() == reflect.Array { + dst := va.Bytes() + clear(dst[copy(dst, b):]) // noop if len(b) <= len(dst) + if len(b) != len(dst) && !uo.Flags.Get(jsonflags.UnmarshalArrayFromAnyLength) { + err := fmt.Errorf("decoded length of %d mismatches array length of %d", len(b), len(dst)) + return newUnmarshalErrorAfter(dec, t, err) + } + } else { + if b == nil { + b = []byte{} + } va.SetBytes(b) } return nil } - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} + return newUnmarshalErrorAfter(dec, t, nil) } return fncs } @@ -323,64 +430,77 @@ func makeBytesArshaler(t reflect.Type, fncs *arshaler) *arshaler { func makeIntArshaler(t reflect.Type) *arshaler { var fncs arshaler bits := t.Bits() - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - return newInvalidFormatError("marshal", t, mo.format) + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + xe := export.Encoder(enc) + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + return newInvalidFormatError(enc, t) } // Optimize for marshaling without preceding whitespace or string escaping. - if optimizeCommon && !enc.options.multiline && !mo.StringifyNumbers && !enc.tokens.last.needObjectName() { - enc.buf = enc.tokens.mayAppendDelim(enc.buf, '0') - enc.buf = strconv.AppendInt(enc.buf, va.Int(), 10) - enc.tokens.last.increment() - if enc.needFlush() { - return enc.flush() + if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace|jsonflags.StringifyNumbers) && !xe.Tokens.Last.NeedObjectName() { + xe.Buf = strconv.AppendInt(xe.Tokens.MayAppendDelim(xe.Buf, '0'), va.Int(), 10) + xe.Tokens.Last.Increment() + if xe.NeedFlush() { + return xe.Flush() } return nil } - x := math.Float64frombits(uint64(va.Int())) - return enc.writeNumber(x, rawIntNumber, mo.StringifyNumbers) + k := stringOrNumberKind(xe.Tokens.Last.NeedObjectName() || mo.Flags.Get(jsonflags.StringifyNumbers)) + return xe.AppendRaw(k, true, func(b []byte) ([]byte, error) { + return strconv.AppendInt(b, va.Int(), 10), nil + }) } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - return newInvalidFormatError("unmarshal", t, uo.format) - } - var flags valueFlags - val, err := dec.readValue(&flags) + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + return newInvalidFormatError(dec, t) + } + stringify := xd.Tokens.Last.NeedObjectName() || uo.Flags.Get(jsonflags.StringifyNumbers) + var flags jsonwire.ValueFlags + val, err := xd.ReadValue(&flags) if err != nil { return err } k := val.Kind() switch k { case 'n': - va.SetInt(0) + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetInt(0) + } return nil case '"': - if !uo.StringifyNumbers { + if !stringify { break } - val = unescapeStringMayCopy(val, flags.isVerbatim()) + val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) + if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && string(val) == "null" { + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetInt(0) + } + return nil + } fallthrough case '0': + if stringify && k == '0' { + break + } var negOffset int - neg := val[0] == '-' + neg := len(val) > 0 && val[0] == '-' if neg { negOffset = 1 } - n, ok := parseDecUint(val[negOffset:]) + n, ok := jsonwire.ParseUint(val[negOffset:]) maxInt := uint64(1) << (bits - 1) overflow := (neg && n > maxInt) || (!neg && n > maxInt-1) if !ok { if n != math.MaxUint64 { - err := fmt.Errorf("cannot parse %q as signed integer: %w", val, strconv.ErrSyntax) - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err} + return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrSyntax) } overflow = true } if overflow { - err := fmt.Errorf("cannot parse %q as signed integer: %w", val, strconv.ErrRange) - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err} + return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrRange) } if neg { va.SetInt(int64(-n)) @@ -389,7 +509,7 @@ func makeIntArshaler(t reflect.Type) *arshaler { } return nil } - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} + return newUnmarshalErrorAfter(dec, t, nil) } return &fncs } @@ -397,64 +517,77 @@ func makeIntArshaler(t reflect.Type) *arshaler { func makeUintArshaler(t reflect.Type) *arshaler { var fncs arshaler bits := t.Bits() - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - return newInvalidFormatError("marshal", t, mo.format) + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + xe := export.Encoder(enc) + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + return newInvalidFormatError(enc, t) } // Optimize for marshaling without preceding whitespace or string escaping. - if optimizeCommon && !enc.options.multiline && !mo.StringifyNumbers && !enc.tokens.last.needObjectName() { - enc.buf = enc.tokens.mayAppendDelim(enc.buf, '0') - enc.buf = strconv.AppendUint(enc.buf, va.Uint(), 10) - enc.tokens.last.increment() - if enc.needFlush() { - return enc.flush() + if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace|jsonflags.StringifyNumbers) && !xe.Tokens.Last.NeedObjectName() { + xe.Buf = strconv.AppendUint(xe.Tokens.MayAppendDelim(xe.Buf, '0'), va.Uint(), 10) + xe.Tokens.Last.Increment() + if xe.NeedFlush() { + return xe.Flush() } return nil } - x := math.Float64frombits(va.Uint()) - return enc.writeNumber(x, rawUintNumber, mo.StringifyNumbers) + k := stringOrNumberKind(xe.Tokens.Last.NeedObjectName() || mo.Flags.Get(jsonflags.StringifyNumbers)) + return xe.AppendRaw(k, true, func(b []byte) ([]byte, error) { + return strconv.AppendUint(b, va.Uint(), 10), nil + }) } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - return newInvalidFormatError("unmarshal", t, uo.format) - } - var flags valueFlags - val, err := dec.readValue(&flags) + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + return newInvalidFormatError(dec, t) + } + stringify := xd.Tokens.Last.NeedObjectName() || uo.Flags.Get(jsonflags.StringifyNumbers) + var flags jsonwire.ValueFlags + val, err := xd.ReadValue(&flags) if err != nil { return err } k := val.Kind() switch k { case 'n': - va.SetUint(0) + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetUint(0) + } return nil case '"': - if !uo.StringifyNumbers { + if !stringify { break } - val = unescapeStringMayCopy(val, flags.isVerbatim()) + val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) + if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && string(val) == "null" { + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetUint(0) + } + return nil + } fallthrough case '0': - n, ok := parseDecUint(val) + if stringify && k == '0' { + break + } + n, ok := jsonwire.ParseUint(val) maxUint := uint64(1) << bits overflow := n > maxUint-1 if !ok { if n != math.MaxUint64 { - err := fmt.Errorf("cannot parse %q as unsigned integer: %w", val, strconv.ErrSyntax) - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err} + return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrSyntax) } overflow = true } if overflow { - err := fmt.Errorf("cannot parse %q as unsigned integer: %w", val, strconv.ErrRange) - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err} + return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrRange) } va.SetUint(n) return nil } - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} + return newUnmarshalErrorAfter(dec, t, nil) } return &fncs } @@ -462,59 +595,66 @@ func makeUintArshaler(t reflect.Type) *arshaler { func makeFloatArshaler(t reflect.Type) *arshaler { var fncs arshaler bits := t.Bits() - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + xe := export.Encoder(enc) var allowNonFinite bool - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - if mo.format == "nonfinite" { + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + if mo.Format == "nonfinite" { allowNonFinite = true } else { - return newInvalidFormatError("marshal", t, mo.format) + return newInvalidFormatError(enc, t) } } fv := va.Float() if math.IsNaN(fv) || math.IsInf(fv, 0) { if !allowNonFinite { - err := fmt.Errorf("invalid value: %v", fv) - return &SemanticError{action: "marshal", GoType: t, Err: err} + err := fmt.Errorf("unsupported value: %v", fv) + return newMarshalErrorBefore(enc, t, err) } - return enc.WriteToken(Float(fv)) + return enc.WriteToken(jsontext.Float(fv)) } // Optimize for marshaling without preceding whitespace or string escaping. - if optimizeCommon && !enc.options.multiline && !mo.StringifyNumbers && !enc.tokens.last.needObjectName() { - enc.buf = enc.tokens.mayAppendDelim(enc.buf, '0') - enc.buf = appendNumber(enc.buf, fv, bits) - enc.tokens.last.increment() - if enc.needFlush() { - return enc.flush() + if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace|jsonflags.StringifyNumbers) && !xe.Tokens.Last.NeedObjectName() { + xe.Buf = jsonwire.AppendFloat(xe.Tokens.MayAppendDelim(xe.Buf, '0'), fv, bits) + xe.Tokens.Last.Increment() + if xe.NeedFlush() { + return xe.Flush() } return nil } - return enc.writeNumber(fv, bits, mo.StringifyNumbers) + k := stringOrNumberKind(xe.Tokens.Last.NeedObjectName() || mo.Flags.Get(jsonflags.StringifyNumbers)) + return xe.AppendRaw(k, true, func(b []byte) ([]byte, error) { + return jsonwire.AppendFloat(b, va.Float(), bits), nil + }) } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) var allowNonFinite bool - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - if uo.format == "nonfinite" { + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + if uo.Format == "nonfinite" { allowNonFinite = true } else { - return newInvalidFormatError("unmarshal", t, uo.format) + return newInvalidFormatError(dec, t) } } - var flags valueFlags - val, err := dec.readValue(&flags) + stringify := xd.Tokens.Last.NeedObjectName() || uo.Flags.Get(jsonflags.StringifyNumbers) + var flags jsonwire.ValueFlags + val, err := xd.ReadValue(&flags) if err != nil { return err } k := val.Kind() switch k { case 'n': - va.SetFloat(0) + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetFloat(0) + } return nil case '"': - val = unescapeStringMayCopy(val, flags.isVerbatim()) + val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) if allowNonFinite { switch string(val) { case "NaN": @@ -528,24 +668,31 @@ func makeFloatArshaler(t reflect.Type) *arshaler { return nil } } - if !uo.StringifyNumbers { + if !stringify { break } - if n, err := consumeNumber(val); n != len(val) || err != nil { - err := fmt.Errorf("cannot parse %q as JSON number: %w", val, strconv.ErrSyntax) - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err} + if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && string(val) == "null" { + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetFloat(0) + } + return nil + } + if n, err := jsonwire.ConsumeNumber(val); n != len(val) || err != nil { + return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrSyntax) } fallthrough case '0': - // NOTE: Floating-point parsing is by nature a lossy operation. - // We never report an overflow condition since we can always - // round the input to the closest representable finite value. - // For extremely large numbers, the closest value is ±MaxFloat. - fv, _ := parseFloat(val, bits) + if stringify && k == '0' { + break + } + fv, ok := jsonwire.ParseFloat(val, bits) va.SetFloat(fv) + if !ok { + return newUnmarshalErrorAfterWithValue(dec, t, strconv.ErrRange) + } return nil } - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} + return newUnmarshalErrorAfter(dec, t, nil) } return &fncs } @@ -568,54 +715,61 @@ func makeMapArshaler(t reflect.Type) *arshaler { keyFncs = lookupArshaler(t.Key()) valFncs = lookupArshaler(t.Elem()) } - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { + nillableLegacyKey := t.Key().Kind() == reflect.Pointer && + implementsAny(t.Key(), textMarshalerType, textAppenderType) + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { // Check for cycles. - if enc.tokens.depth() > startDetectingCyclesAfter { - if err := enc.seenPointers.visit(va.Value); err != nil { - return err - } - defer enc.seenPointers.leave(va.Value) - } - - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - if mo.format == "emitnull" { - if va.IsNil() { - return enc.WriteToken(Null) - } - mo.format = "" - } else { - return newInvalidFormatError("marshal", t, mo.format) + xe := export.Encoder(enc) + if xe.Tokens.Depth() > startDetectingCyclesAfter { + if err := visitPointer(&xe.SeenPointers, va.Value); err != nil { + return newMarshalErrorBefore(enc, t, err) + } + defer leavePointer(&xe.SeenPointers, va.Value) + } + + emitNull := mo.Flags.Get(jsonflags.FormatNilMapAsNull) + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + switch mo.Format { + case "emitnull": + emitNull = true + mo.Format = "" + case "emitempty": + emitNull = false + mo.Format = "" + default: + return newInvalidFormatError(enc, t) } } - // Optimize for marshaling an empty map without any preceding whitespace. + // Handle empty maps. n := va.Len() - if optimizeCommon && n == 0 && !enc.options.multiline && !enc.tokens.last.needObjectName() { - enc.buf = enc.tokens.mayAppendDelim(enc.buf, '{') - enc.buf = append(enc.buf, "{}"...) - enc.tokens.last.increment() - if enc.needFlush() { - return enc.flush() + if n == 0 { + if emitNull && va.IsNil() { + return enc.WriteToken(jsontext.Null) + } + // Optimize for marshaling an empty map without any preceding whitespace. + if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace) && !xe.Tokens.Last.NeedObjectName() { + xe.Buf = append(xe.Tokens.MayAppendDelim(xe.Buf, '{'), "{}"...) + xe.Tokens.Last.Increment() + if xe.NeedFlush() { + return xe.Flush() + } + return nil } - return nil } once.Do(init) - if err := enc.WriteToken(ObjectStart); err != nil { + if err := enc.WriteToken(jsontext.BeginObject); err != nil { return err } if n > 0 { - // Handle maps with numeric key types by stringifying them. - mko := mo - mko.StringifyNumbers = true - nonDefaultKey := keyFncs.nonDefault marshalKey := keyFncs.marshal marshalVal := valFncs.marshal if mo.Marshalers != nil { var ok bool - marshalKey, ok = mo.Marshalers.lookup(marshalKey, t.Key()) - marshalVal, _ = mo.Marshalers.lookup(marshalVal, t.Elem()) + marshalKey, ok = mo.Marshalers.(*Marshalers).lookup(marshalKey, t.Key()) + marshalVal, _ = mo.Marshalers.(*Marshalers).lookup(marshalVal, t.Elem()) nonDefaultKey = nonDefaultKey || ok } k := newAddressableValue(t.Key()) @@ -624,22 +778,29 @@ func makeMapArshaler(t reflect.Type) *arshaler { // A Go map guarantees that each entry has a unique key. // As such, disable the expensive duplicate name check if we know // that every Go key will serialize as a unique JSON string. - if !nonDefaultKey && mapKeyWithUniqueRepresentation(k.Kind(), enc.options.AllowInvalidUTF8) { - enc.tokens.last.disableNamespace() + if !nonDefaultKey && mapKeyWithUniqueRepresentation(k.Kind(), mo.Flags.Get(jsonflags.AllowInvalidUTF8)) { + xe.Tokens.Last.DisableNamespace() } switch { - case !mo.Deterministic || n <= 1: + case !mo.Flags.Get(jsonflags.Deterministic) || n <= 1: for iter := va.Value.MapRange(); iter.Next(); { k.SetIterKey(iter) - if err := marshalKey(mko, enc, k); err != nil { - // TODO: If err is errMissingName, then wrap it as a - // SemanticError since this key type cannot be serialized - // as a JSON string. - return err + err := marshalKey(enc, k, mo) + if err != nil { + if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) && + errors.Is(err, jsontext.ErrNonStringName) && nillableLegacyKey && k.IsNil() { + err = enc.WriteToken(jsontext.String("")) + } + if err != nil { + if serr, ok := err.(*jsontext.SyntacticError); ok && serr.Err == jsontext.ErrNonStringName { + err = newMarshalErrorBefore(enc, k.Type(), err) + } + return err + } } v.SetIterValue(iter) - if err := marshalVal(mo, enc, v); err != nil { + if err := marshalVal(enc, v, mo); err != nil { return err } } @@ -651,13 +812,13 @@ func makeMapArshaler(t reflect.Type) *arshaler { } names.Sort() for _, name := range *names { - if err := enc.WriteToken(String(name)); err != nil { + if err := enc.WriteToken(jsontext.String(name)); err != nil { return err } // TODO(https://go.dev/issue/57061): Use v.SetMapIndexOf. k.SetString(name) v.Set(va.MapIndex(k.Value)) - if err := marshalVal(mo, enc, v); err != nil { + if err := marshalVal(enc, v, mo); err != nil { return err } } @@ -666,52 +827,62 @@ func makeMapArshaler(t reflect.Type) *arshaler { type member struct { name string // unquoted name key addressableValue + val addressableValue } members := make([]member, n) keys := reflect.MakeSlice(reflect.SliceOf(t.Key()), n, n) + vals := reflect.MakeSlice(reflect.SliceOf(t.Elem()), n, n) for i, iter := 0, va.Value.MapRange(); i < n && iter.Next(); i++ { // Marshal the member name. - k := addressableValue{keys.Index(i)} // indexed slice element is always addressable + k := addressableValue{keys.Index(i), true} // indexed slice element is always addressable k.SetIterKey(iter) - if err := marshalKey(mko, enc, k); err != nil { - // TODO: If err is errMissingName, then wrap it as a - // SemanticError since this key type cannot be serialized - // as a JSON string. - return err + v := addressableValue{vals.Index(i), true} // indexed slice element is always addressable + v.SetIterValue(iter) + err := marshalKey(enc, k, mo) + if err != nil { + if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) && + errors.Is(err, jsontext.ErrNonStringName) && nillableLegacyKey && k.IsNil() { + err = enc.WriteToken(jsontext.String("")) + } + if err != nil { + if serr, ok := err.(*jsontext.SyntacticError); ok && serr.Err == jsontext.ErrNonStringName { + err = newMarshalErrorBefore(enc, k.Type(), err) + } + return err + } } - name := enc.unwriteOnlyObjectMemberName() - members[i] = member{name, k} + name := xe.UnwriteOnlyObjectMemberName() + members[i] = member{name, k, v} } // TODO: If AllowDuplicateNames is enabled, then sort according // to reflect.Value as well if the names are equal. // See internal/fmtsort. - // TODO(https://go.dev/issue/47619): Use slices.SortFunc instead. - sort.Slice(members, func(i, j int) bool { - return lessUTF16(members[i].name, members[j].name) + slices.SortFunc(members, func(x, y member) int { + return strings.Compare(x.name, y.name) }) for _, member := range members { - if err := enc.WriteToken(String(member.name)); err != nil { + if err := enc.WriteToken(jsontext.String(member.name)); err != nil { return err } - // TODO(https://go.dev/issue/57061): Use v.SetMapIndexOf. - v.Set(va.MapIndex(member.key.Value)) - if err := marshalVal(mo, enc, v); err != nil { + if err := marshalVal(enc, member.val, mo); err != nil { return err } } } } - if err := enc.WriteToken(ObjectEnd); err != nil { + if err := enc.WriteToken(jsontext.EndObject); err != nil { return err } return nil } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - if uo.format == "emitnull" { - uo.format = "" // only relevant for marshaling - } else { - return newInvalidFormatError("unmarshal", t, uo.format) + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + switch uo.Format { + case "emitnull", "emitempty": + uo.Format = "" // only relevant for marshaling + default: + return newInvalidFormatError(dec, t) } } tok, err := dec.ReadToken() @@ -721,7 +892,7 @@ func makeMapArshaler(t reflect.Type) *arshaler { k := tok.Kind() switch k { case 'n': - va.Set(reflect.Zero(t)) + va.SetZero() return nil case '{': once.Do(init) @@ -729,17 +900,13 @@ func makeMapArshaler(t reflect.Type) *arshaler { va.Set(reflect.MakeMap(t)) } - // Handle maps with numeric key types by stringifying them. - uko := uo - uko.StringifyNumbers = true - nonDefaultKey := keyFncs.nonDefault unmarshalKey := keyFncs.unmarshal unmarshalVal := valFncs.unmarshal if uo.Unmarshalers != nil { var ok bool - unmarshalKey, ok = uo.Unmarshalers.lookup(unmarshalKey, t.Key()) - unmarshalVal, _ = uo.Unmarshalers.lookup(unmarshalVal, t.Elem()) + unmarshalKey, ok = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshalKey, t.Key()) + unmarshalVal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshalVal, t.Elem()) nonDefaultKey = nonDefaultKey || ok } k := newAddressableValue(t.Key()) @@ -751,8 +918,8 @@ func makeMapArshaler(t reflect.Type) *arshaler { // will be rejected as duplicates since they semantically refer // to the same Go value. This is an unusual interaction // between syntax and semantics, but is more correct. - if !nonDefaultKey && mapKeyWithUniqueRepresentation(k.Kind(), dec.options.AllowInvalidUTF8) { - dec.tokens.last.disableNamespace() + if !nonDefaultKey && mapKeyWithUniqueRepresentation(k.Kind(), uo.Flags.Get(jsonflags.AllowInvalidUTF8)) { + xd.Tokens.Last.DisableNamespace() } // In the rare case where the map is not already empty, @@ -760,46 +927,72 @@ func makeMapArshaler(t reflect.Type) *arshaler { // since existing presence alone is insufficient to indicate // whether the input had a duplicate name. var seen reflect.Value - if !dec.options.AllowDuplicateNames && va.Len() > 0 { + if !uo.Flags.Get(jsonflags.AllowDuplicateNames) && va.Len() > 0 { seen = reflect.MakeMap(reflect.MapOf(k.Type(), emptyStructType)) } + var errUnmarshal error for dec.PeekKind() != '}' { - k.Set(reflect.Zero(t.Key())) - if err := unmarshalKey(uko, dec, k); err != nil { - return err + // Unmarshal the map entry key. + k.SetZero() + err := unmarshalKey(dec, k, uo) + if err != nil { + if isFatalError(err, uo.Flags) { + return err + } + if err := dec.SkipValue(); err != nil { + return err + } + errUnmarshal = cmp.Or(errUnmarshal, err) + continue } if k.Kind() == reflect.Interface && !k.IsNil() && !k.Elem().Type().Comparable() { - err := fmt.Errorf("invalid incomparable key type %v", k.Elem().Type()) - return &SemanticError{action: "unmarshal", GoType: t, Err: err} + err := newUnmarshalErrorAfter(dec, t, fmt.Errorf("invalid incomparable key type %v", k.Elem().Type())) + if !uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return err + } + if err2 := dec.SkipValue(); err2 != nil { + return err2 + } + errUnmarshal = cmp.Or(errUnmarshal, err) + continue } + // Check if a pre-existing map entry value exists for this key. if v2 := va.MapIndex(k.Value); v2.IsValid() { - if !dec.options.AllowDuplicateNames && (!seen.IsValid() || seen.MapIndex(k.Value).IsValid()) { + if !uo.Flags.Get(jsonflags.AllowDuplicateNames) && (!seen.IsValid() || seen.MapIndex(k.Value).IsValid()) { // TODO: Unread the object name. - name := dec.previousBuffer() - err := &SyntacticError{str: "duplicate name " + string(name) + " in object"} - return err.withOffset(dec.InputOffset() - int64(len(name))) + name := xd.PreviousTokenOrValue() + return newDuplicateNameError(dec.StackPointer(), nil, dec.InputOffset()-len64(name)) + } + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + v.Set(v2) + } else { + v.SetZero() } - v.Set(v2) } else { - v.Set(reflect.Zero(v.Type())) + v.SetZero() } - err := unmarshalVal(uo, dec, v) + + // Unmarshal the map entry value. + err = unmarshalVal(dec, v, uo) va.SetMapIndex(k.Value, v.Value) if seen.IsValid() { seen.SetMapIndex(k.Value, reflect.Zero(emptyStructType)) } if err != nil { - return err + if isFatalError(err, uo.Flags) { + return err + } + errUnmarshal = cmp.Or(errUnmarshal, err) } } if _, err := dec.ReadToken(); err != nil { return err } - return nil + return errUnmarshal } - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} + return newUnmarshalErrorAfterWithSkipping(dec, t, nil) } return &fncs } @@ -812,7 +1005,7 @@ func mapKeyWithUniqueRepresentation(k reflect.Kind, allowInvalidUTF8 bool) bool switch k { case reflect.Bool, reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, - reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: return true case reflect.String: // For strings, we have to be careful since names with invalid UTF-8 @@ -825,6 +1018,8 @@ func mapKeyWithUniqueRepresentation(k reflect.Kind, allowInvalidUTF8 bool) bool } } +var errNilField = errors.New("cannot set embedded pointer to unexported struct type") + func makeStructArshaler(t reflect.Type) *arshaler { // NOTE: The logic below disables namespaces for tracking duplicate names // and does the tracking locally with an efficient bit-set based on which @@ -839,27 +1034,26 @@ func makeStructArshaler(t reflect.Type) *arshaler { init := func() { fields, errInit = makeStructFields(t) } - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - return newInvalidFormatError("marshal", t, mo.format) + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + xe := export.Encoder(enc) + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + return newInvalidFormatError(enc, t) } once.Do(init) - if errInit != nil { - err := *errInit // shallow copy SemanticError - err.action = "marshal" - return &err + if errInit != nil && !mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return newMarshalErrorBefore(enc, errInit.GoType, errInit.Err) } - if err := enc.WriteToken(ObjectStart); err != nil { + if err := enc.WriteToken(jsontext.BeginObject); err != nil { return err } var seenIdxs uintSet prevIdx := -1 - enc.tokens.last.disableNamespace() // we manually ensure unique names below + xe.Tokens.Last.DisableNamespace() // we manually ensure unique names below for i := range fields.flattened { f := &fields.flattened[i] - v := addressableValue{va.Field(f.index[0])} // addressable if struct value is addressable - if len(f.index) > 1 { - v = v.fieldByIndex(f.index[1:], false) + v := addressableValue{va.Field(f.index0), va.forcedAddr} // addressable if struct value is addressable + if len(f.index) > 0 { + v = v.fieldByIndex(f.index, false) if !v.IsValid() { continue // implies a nil inlined field } @@ -867,7 +1061,13 @@ func makeStructArshaler(t reflect.Type) *arshaler { // OmitZero skips the field if the Go value is zero, // which we can determine up front without calling the marshaler. - if f.omitzero && ((f.isZero == nil && v.IsZero()) || (f.isZero != nil && f.isZero(v))) { + if (f.omitzero || mo.Flags.Get(jsonflags.OmitZeroStructFields)) && + ((f.isZero == nil && v.IsZero()) || (f.isZero != nil && f.isZero(v))) { + continue + } + + // Check for the legacy definition of omitempty. + if f.omitempty && mo.Flags.Get(jsonflags.OmitEmptyWithLegacySemantics) && isLegacyEmpty(v) { continue } @@ -875,14 +1075,15 @@ func makeStructArshaler(t reflect.Type) *arshaler { nonDefault := f.fncs.nonDefault if mo.Marshalers != nil { var ok bool - marshal, ok = mo.Marshalers.lookup(marshal, f.typ) + marshal, ok = mo.Marshalers.(*Marshalers).lookup(marshal, f.typ) nonDefault = nonDefault || ok } // OmitEmpty skips the field if the marshaled JSON value is empty, // which we can know up front if there are no custom marshalers, // otherwise we must marshal the value and unwrite it if empty. - if f.omitempty && !nonDefault && f.isEmpty != nil && f.isEmpty(v) { + if f.omitempty && !mo.Flags.Get(jsonflags.OmitEmptyWithLegacySemantics) && + !nonDefault && f.isEmpty != nil && f.isEmpty(v) { continue // fast path for omitempty } @@ -898,50 +1099,60 @@ func makeStructArshaler(t reflect.Type) *arshaler { // 5. There is no possibility of an error occurring. if optimizeCommon { // Append any delimiters or optional whitespace. - if enc.tokens.last.length() > 0 { - enc.buf = append(enc.buf, ',') + b := xe.Buf + if xe.Tokens.Last.Length() > 0 { + b = append(b, ',') + if mo.Flags.Get(jsonflags.SpaceAfterComma) { + b = append(b, ' ') + } } - if enc.options.multiline { - enc.buf = enc.appendIndent(enc.buf, enc.tokens.needIndent('"')) + if mo.Flags.Get(jsonflags.Multiline) { + b = xe.AppendIndent(b, xe.Tokens.NeedIndent('"')) } // Append the token to the output and to the state machine. - n0 := len(enc.buf) // offset before calling appendString - if enc.options.EscapeRune == nil { - enc.buf = append(enc.buf, f.quotedName...) + n0 := len(b) // offset before calling AppendQuote + if !f.nameNeedEscape { + b = append(b, f.quotedName...) } else { - enc.buf, _ = appendString(enc.buf, f.name, false, enc.options.EscapeRune) + b, _ = jsonwire.AppendQuote(b, f.name, &mo.Flags) } - if !enc.options.AllowDuplicateNames { - enc.names.replaceLastQuotedOffset(n0) - } - enc.tokens.last.increment() + xe.Buf = b + xe.Names.ReplaceLastQuotedOffset(n0) + xe.Tokens.Last.Increment() } else { - if err := enc.WriteToken(String(f.name)); err != nil { + if err := enc.WriteToken(jsontext.String(f.name)); err != nil { return err } } // Write the object member value. - mo2 := mo + flagsOriginal := mo.Flags if f.string { - mo2.StringifyNumbers = true + if !mo.Flags.Get(jsonflags.StringifyWithLegacySemantics) { + mo.Flags.Set(jsonflags.StringifyNumbers | 1) + } else if canLegacyStringify(f.typ) { + mo.Flags.Set(jsonflags.StringifyNumbers | jsonflags.StringifyBoolsAndStrings | 1) + } } if f.format != "" { - mo2.formatDepth = enc.tokens.depth() - mo2.format = f.format + mo.FormatDepth = xe.Tokens.Depth() + mo.Format = f.format } - if err := marshal(mo2, enc, v); err != nil { + err := marshal(enc, v, mo) + mo.Flags = flagsOriginal + mo.Format = "" + if err != nil { return err } // Try unwriting the member if empty (slow path for omitempty). - if f.omitempty { + if f.omitempty && !mo.Flags.Get(jsonflags.OmitEmptyWithLegacySemantics) { var prevName *string if prevIdx >= 0 { prevName = &fields.flattened[prevIdx].name } - if enc.unwriteEmptyObjectMember(prevName) { + if xe.UnwriteEmptyObjectMember(prevName) { continue } } @@ -949,23 +1160,23 @@ func makeStructArshaler(t reflect.Type) *arshaler { // Remember the previous written object member. // The set of seen fields only needs to be updated to detect // duplicate names with those from the inlined fallback. - if !enc.options.AllowDuplicateNames && fields.inlinedFallback != nil { + if !mo.Flags.Get(jsonflags.AllowDuplicateNames) && fields.inlinedFallback != nil { seenIdxs.insert(uint(f.id)) } prevIdx = f.id } - if fields.inlinedFallback != nil && !(mo.DiscardUnknownMembers && fields.inlinedFallback.unknown) { + if fields.inlinedFallback != nil && !(mo.Flags.Get(jsonflags.DiscardUnknownMembers) && fields.inlinedFallback.unknown) { var insertUnquotedName func([]byte) bool - if !enc.options.AllowDuplicateNames { + if !mo.Flags.Get(jsonflags.AllowDuplicateNames) { insertUnquotedName = func(name []byte) bool { // Check that the name from inlined fallback does not match // one of the previously marshaled names from known fields. - if foldedFields := fields.byFoldedName[string(foldName(name))]; len(foldedFields) > 0 { + if foldedFields := fields.lookupByFoldedName(name); len(foldedFields) > 0 { if f := fields.byActualName[string(name)]; f != nil { return seenIdxs.insert(uint(f.id)) } for _, f := range foldedFields { - if f.nocase { + if f.matchFoldedName(name, &mo.Flags) { return seenIdxs.insert(uint(f.id)) } } @@ -973,21 +1184,22 @@ func makeStructArshaler(t reflect.Type) *arshaler { // Check that the name does not match any other name // previously marshaled from the inlined fallback. - return enc.namespaces.last().insertUnquoted(name) + return xe.Namespaces.Last().InsertUnquoted(name) } } - if err := marshalInlinedFallbackAll(mo, enc, va, fields.inlinedFallback, insertUnquotedName); err != nil { + if err := marshalInlinedFallbackAll(enc, va, mo, fields.inlinedFallback, insertUnquotedName); err != nil { return err } } - if err := enc.WriteToken(ObjectEnd); err != nil { + if err := enc.WriteToken(jsontext.EndObject); err != nil { return err } return nil } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - return newInvalidFormatError("unmarshal", t, uo.format) + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + return newInvalidFormatError(dec, t) } tok, err := dec.ReadToken() if err != nil { @@ -996,41 +1208,45 @@ func makeStructArshaler(t reflect.Type) *arshaler { k := tok.Kind() switch k { case 'n': - va.Set(reflect.Zero(t)) + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetZero() + } return nil case '{': once.Do(init) - if errInit != nil { - err := *errInit // shallow copy SemanticError - err.action = "unmarshal" - return &err + if errInit != nil && !uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return newUnmarshalErrorAfter(dec, errInit.GoType, errInit.Err) } var seenIdxs uintSet - dec.tokens.last.disableNamespace() + xd.Tokens.Last.DisableNamespace() + var errUnmarshal error for dec.PeekKind() != '}' { // Process the object member name. - var flags valueFlags - val, err := dec.readValue(&flags) + var flags jsonwire.ValueFlags + val, err := xd.ReadValue(&flags) if err != nil { return err } - name := unescapeStringMayCopy(val, flags.isVerbatim()) + name := jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) f := fields.byActualName[string(name)] if f == nil { - for _, f2 := range fields.byFoldedName[string(foldName(name))] { - if f2.nocase { + for _, f2 := range fields.lookupByFoldedName(name) { + if f2.matchFoldedName(name, &uo.Flags) { f = f2 break } } if f == nil { - if uo.RejectUnknownMembers && (fields.inlinedFallback == nil || fields.inlinedFallback.unknown) { - return &SemanticError{action: "unmarshal", GoType: t, Err: fmt.Errorf("unknown name %s", val)} + if uo.Flags.Get(jsonflags.RejectUnknownMembers) && (fields.inlinedFallback == nil || fields.inlinedFallback.unknown) { + err := newUnmarshalErrorAfter(dec, t, ErrUnknownName) + if !uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return err + } + errUnmarshal = cmp.Or(errUnmarshal, err) } - if !dec.options.AllowDuplicateNames && !dec.namespaces.last().insertUnquoted(name) { + if !uo.Flags.Get(jsonflags.AllowDuplicateNames) && !xd.Namespaces.Last().InsertUnquoted(name) { // TODO: Unread the object name. - err := &SyntacticError{str: "duplicate name " + string(val) + " in object"} - return err.withOffset(dec.InputOffset() - int64(len(val))) + return newDuplicateNameError(dec.StackPointer(), nil, dec.InputOffset()-len64(val)) } if fields.inlinedFallback == nil { @@ -1040,46 +1256,68 @@ func makeStructArshaler(t reflect.Type) *arshaler { } } else { // Marshal into value capable of storing arbitrary object members. - if err := unmarshalInlinedFallbackNext(uo, dec, va, fields.inlinedFallback, val, name); err != nil { - return err + if err := unmarshalInlinedFallbackNext(dec, va, uo, fields.inlinedFallback, val, name); err != nil { + if isFatalError(err, uo.Flags) { + return err + } + errUnmarshal = cmp.Or(errUnmarshal, err) } } continue } } - if !dec.options.AllowDuplicateNames && !seenIdxs.insert(uint(f.id)) { + if !uo.Flags.Get(jsonflags.AllowDuplicateNames) && !seenIdxs.insert(uint(f.id)) { // TODO: Unread the object name. - err := &SyntacticError{str: "duplicate name " + string(val) + " in object"} - return err.withOffset(dec.InputOffset() - int64(len(val))) + return newDuplicateNameError(dec.StackPointer(), nil, dec.InputOffset()-len64(val)) } // Process the object member value. unmarshal := f.fncs.unmarshal if uo.Unmarshalers != nil { - unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, f.typ) + unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, f.typ) } - uo2 := uo + flagsOriginal := uo.Flags if f.string { - uo2.StringifyNumbers = true + if !uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) { + uo.Flags.Set(jsonflags.StringifyNumbers | 1) + } else if canLegacyStringify(f.typ) { + uo.Flags.Set(jsonflags.StringifyNumbers | jsonflags.StringifyBoolsAndStrings | 1) + } } if f.format != "" { - uo2.formatDepth = dec.tokens.depth() - uo2.format = f.format + uo.FormatDepth = xd.Tokens.Depth() + uo.Format = f.format } - v := addressableValue{va.Field(f.index[0])} // addressable if struct value is addressable - if len(f.index) > 1 { - v = v.fieldByIndex(f.index[1:], true) + v := addressableValue{va.Field(f.index0), va.forcedAddr} // addressable if struct value is addressable + if len(f.index) > 0 { + v = v.fieldByIndex(f.index, true) + if !v.IsValid() { + err := newUnmarshalErrorBefore(dec, t, errNilField) + if !uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return err + } + errUnmarshal = cmp.Or(errUnmarshal, err) + unmarshal = func(dec *jsontext.Decoder, _ addressableValue, _ *jsonopts.Struct) error { + return dec.SkipValue() + } + } } - if err := unmarshal(uo2, dec, v); err != nil { - return err + err = unmarshal(dec, v, uo) + uo.Flags = flagsOriginal + uo.Format = "" + if err != nil { + if isFatalError(err, uo.Flags) { + return err + } + errUnmarshal = cmp.Or(errUnmarshal, err) } } if _, err := dec.ReadToken(); err != nil { return err } - return nil + return errUnmarshal } - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} + return newUnmarshalErrorAfterWithSkipping(dec, t, nil) } return &fncs } @@ -1090,7 +1328,7 @@ func (va addressableValue) fieldByIndex(index []int, mayAlloc bool) addressableV if !va.IsValid() { return va } - va = addressableValue{va.Field(i)} // addressable if struct value is addressable + va = addressableValue{va.Field(i), va.forcedAddr} // addressable if struct value is addressable } return va } @@ -1098,16 +1336,55 @@ func (va addressableValue) fieldByIndex(index []int, mayAlloc bool) addressableV func (va addressableValue) indirect(mayAlloc bool) addressableValue { if va.Kind() == reflect.Pointer { if va.IsNil() { - if !mayAlloc { + if !mayAlloc || !va.CanSet() { return addressableValue{} } va.Set(reflect.New(va.Type().Elem())) } - va = addressableValue{va.Elem()} // dereferenced pointer is always addressable + va = addressableValue{va.Elem(), false} // dereferenced pointer is always addressable } return va } +// isLegacyEmpty reports whether a value is empty according to the v1 definition. +func isLegacyEmpty(v addressableValue) bool { + // Equivalent to encoding/json.isEmptyValue@v1.21.0. + switch v.Kind() { + case reflect.Bool: + return v.Bool() == false + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return v.Int() == 0 + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return v.Uint() == 0 + case reflect.Float32, reflect.Float64: + return v.Float() == 0 + case reflect.String, reflect.Map, reflect.Slice, reflect.Array: + return v.Len() == 0 + case reflect.Pointer, reflect.Interface: + return v.IsNil() + } + return false +} + +// canLegacyStringify reports whether t can be stringified according to v1, +// where t is a bool, string, or number (or unnamed pointer to such). +// In v1, the `string` option does not apply recursively to nested types within +// a composite Go type (e.g., an array, slice, struct, map, or interface). +func canLegacyStringify(t reflect.Type) bool { + // Based on encoding/json.typeFields#L1126-L1143@v1.23.0 + if t.Name() == "" && t.Kind() == reflect.Ptr { + t = t.Elem() + } + switch t.Kind() { + case reflect.Bool, reflect.String, + reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, + reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr, + reflect.Float32, reflect.Float64: + return true + } + return false +} + func makeSliceArshaler(t reflect.Type) *arshaler { var fncs arshaler var ( @@ -1117,64 +1394,75 @@ func makeSliceArshaler(t reflect.Type) *arshaler { init := func() { valFncs = lookupArshaler(t.Elem()) } - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { // Check for cycles. - if enc.tokens.depth() > startDetectingCyclesAfter { - if err := enc.seenPointers.visit(va.Value); err != nil { - return err - } - defer enc.seenPointers.leave(va.Value) - } - - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - if mo.format == "emitnull" { - if va.IsNil() { - return enc.WriteToken(Null) - } - mo.format = "" - } else { - return newInvalidFormatError("marshal", t, mo.format) + xe := export.Encoder(enc) + if xe.Tokens.Depth() > startDetectingCyclesAfter { + if err := visitPointer(&xe.SeenPointers, va.Value); err != nil { + return newMarshalErrorBefore(enc, t, err) + } + defer leavePointer(&xe.SeenPointers, va.Value) + } + + emitNull := mo.Flags.Get(jsonflags.FormatNilSliceAsNull) + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + switch mo.Format { + case "emitnull": + emitNull = true + mo.Format = "" + case "emitempty": + emitNull = false + mo.Format = "" + default: + return newInvalidFormatError(enc, t) } } - // Optimize for marshaling an empty slice without any preceding whitespace. + // Handle empty slices. n := va.Len() - if optimizeCommon && n == 0 && !enc.options.multiline && !enc.tokens.last.needObjectName() { - enc.buf = enc.tokens.mayAppendDelim(enc.buf, '[') - enc.buf = append(enc.buf, "[]"...) - enc.tokens.last.increment() - if enc.needFlush() { - return enc.flush() + if n == 0 { + if emitNull && va.IsNil() { + return enc.WriteToken(jsontext.Null) + } + // Optimize for marshaling an empty slice without any preceding whitespace. + if optimizeCommon && !mo.Flags.Get(jsonflags.AnyWhitespace) && !xe.Tokens.Last.NeedObjectName() { + xe.Buf = append(xe.Tokens.MayAppendDelim(xe.Buf, '['), "[]"...) + xe.Tokens.Last.Increment() + if xe.NeedFlush() { + return xe.Flush() + } + return nil } - return nil } once.Do(init) - if err := enc.WriteToken(ArrayStart); err != nil { + if err := enc.WriteToken(jsontext.BeginArray); err != nil { return err } marshal := valFncs.marshal if mo.Marshalers != nil { - marshal, _ = mo.Marshalers.lookup(marshal, t.Elem()) + marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, t.Elem()) } - for i := 0; i < n; i++ { - v := addressableValue{va.Index(i)} // indexed slice element is always addressable - if err := marshal(mo, enc, v); err != nil { + for i := range n { + v := addressableValue{va.Index(i), false} // indexed slice element is always addressable + if err := marshal(enc, v, mo); err != nil { return err } } - if err := enc.WriteToken(ArrayEnd); err != nil { + if err := enc.WriteToken(jsontext.EndArray); err != nil { return err } return nil } emptySlice := reflect.MakeSlice(t, 0, 0) - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - if uo.format == "emitnull" { - uo.format = "" // only relevant for marshaling - } else { - return newInvalidFormatError("unmarshal", t, uo.format) + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + switch uo.Format { + case "emitnull", "emitempty": + uo.Format = "" // only relevant for marshaling + default: + return newInvalidFormatError(dec, t) } } @@ -1185,13 +1473,13 @@ func makeSliceArshaler(t reflect.Type) *arshaler { k := tok.Kind() switch k { case 'n': - va.Set(reflect.Zero(t)) + va.SetZero() return nil case '[': once.Do(init) unmarshal := valFncs.unmarshal if uo.Unmarshalers != nil { - unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, t.Elem()) + unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, t.Elem()) } mustZero := true // we do not know the cleanliness of unused capacity cap := va.Cap() @@ -1199,22 +1487,25 @@ func makeSliceArshaler(t reflect.Type) *arshaler { va.SetLen(cap) } var i int + var errUnmarshal error for dec.PeekKind() != ']' { if i == cap { - // TODO(https://go.dev/issue/48000): Use reflect.Value.Append. - va.Set(reflect.Append(va.Value, reflect.Zero(t.Elem()))) + va.Value.Grow(1) cap = va.Cap() va.SetLen(cap) - mustZero = false // append guarantees that unused capacity is zero-initialized + mustZero = false // reflect.Value.Grow ensures new capacity is zero-initialized } - v := addressableValue{va.Index(i)} // indexed slice element is always addressable + v := addressableValue{va.Index(i), false} // indexed slice element is always addressable i++ - if mustZero { - v.Set(reflect.Zero(t.Elem())) + if mustZero && !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + v.SetZero() } - if err := unmarshal(uo, dec, v); err != nil { - va.SetLen(i) - return err + if err := unmarshal(dec, v, uo); err != nil { + if isFatalError(err, uo.Flags) { + va.SetLen(i) + return err + } + errUnmarshal = cmp.Or(errUnmarshal, err) } } if i == 0 { @@ -1225,13 +1516,16 @@ func makeSliceArshaler(t reflect.Type) *arshaler { if _, err := dec.ReadToken(); err != nil { return err } - return nil + return errUnmarshal } - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} + return newUnmarshalErrorAfterWithSkipping(dec, t, nil) } return &fncs } +var errArrayUnderflow = errors.New("too few array elements") +var errArrayOverflow = errors.New("too many array elements") + func makeArrayArshaler(t reflect.Type) *arshaler { var fncs arshaler var ( @@ -1242,32 +1536,34 @@ func makeArrayArshaler(t reflect.Type) *arshaler { valFncs = lookupArshaler(t.Elem()) } n := t.Len() - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - return newInvalidFormatError("marshal", t, mo.format) + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + xe := export.Encoder(enc) + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + return newInvalidFormatError(enc, t) } once.Do(init) - if err := enc.WriteToken(ArrayStart); err != nil { + if err := enc.WriteToken(jsontext.BeginArray); err != nil { return err } marshal := valFncs.marshal if mo.Marshalers != nil { - marshal, _ = mo.Marshalers.lookup(marshal, t.Elem()) + marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, t.Elem()) } - for i := 0; i < n; i++ { - v := addressableValue{va.Index(i)} // indexed array element is addressable if array is addressable - if err := marshal(mo, enc, v); err != nil { + for i := range n { + v := addressableValue{va.Index(i), va.forcedAddr} // indexed array element is addressable if array is addressable + if err := marshal(enc, v, mo); err != nil { return err } } - if err := enc.WriteToken(ArrayEnd); err != nil { + if err := enc.WriteToken(jsontext.EndArray); err != nil { return err } return nil } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - return newInvalidFormatError("unmarshal", t, uo.format) + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + return newInvalidFormatError(dec, t) } tok, err := dec.ReadToken() if err != nil { @@ -1276,37 +1572,51 @@ func makeArrayArshaler(t reflect.Type) *arshaler { k := tok.Kind() switch k { case 'n': - va.Set(reflect.Zero(t)) + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetZero() + } return nil case '[': once.Do(init) unmarshal := valFncs.unmarshal if uo.Unmarshalers != nil { - unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, t.Elem()) + unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, t.Elem()) } var i int + var errUnmarshal error for dec.PeekKind() != ']' { if i >= n { - err := errors.New("too many array elements") - return &SemanticError{action: "unmarshal", GoType: t, Err: err} + if err := dec.SkipValue(); err != nil { + return err + } + err = errArrayOverflow + continue } - v := addressableValue{va.Index(i)} // indexed array element is addressable if array is addressable - v.Set(reflect.Zero(v.Type())) - if err := unmarshal(uo, dec, v); err != nil { - return err + v := addressableValue{va.Index(i), va.forcedAddr} // indexed array element is addressable if array is addressable + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + v.SetZero() + } + if err := unmarshal(dec, v, uo); err != nil { + if isFatalError(err, uo.Flags) { + return err + } + errUnmarshal = cmp.Or(errUnmarshal, err) } i++ } + for ; i < n; i++ { + va.Index(i).SetZero() + err = errArrayUnderflow + } if _, err := dec.ReadToken(); err != nil { return err } - if i < n { - err := errors.New("too few array elements") - return &SemanticError{action: "unmarshal", GoType: t, Err: err} + if err != nil && !uo.Flags.Get(jsonflags.UnmarshalArrayFromAnyLength) { + return newUnmarshalErrorAfter(dec, t, err) } - return nil + return errUnmarshal } - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} + return newUnmarshalErrorAfterWithSkipping(dec, t, nil) } return &fncs } @@ -1320,46 +1630,62 @@ func makePointerArshaler(t reflect.Type) *arshaler { init := func() { valFncs = lookupArshaler(t.Elem()) } - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { // Check for cycles. - if enc.tokens.depth() > startDetectingCyclesAfter { - if err := enc.seenPointers.visit(va.Value); err != nil { - return err + xe := export.Encoder(enc) + if xe.Tokens.Depth() > startDetectingCyclesAfter { + if err := visitPointer(&xe.SeenPointers, va.Value); err != nil { + return newMarshalErrorBefore(enc, t, err) } - defer enc.seenPointers.leave(va.Value) + defer leavePointer(&xe.SeenPointers, va.Value) } - // NOTE: MarshalOptions.format is forwarded to underlying marshal. + // NOTE: Struct.Format is forwarded to underlying marshal. if va.IsNil() { - return enc.WriteToken(Null) + return enc.WriteToken(jsontext.Null) } once.Do(init) marshal := valFncs.marshal if mo.Marshalers != nil { - marshal, _ = mo.Marshalers.lookup(marshal, t.Elem()) + marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, t.Elem()) } - v := addressableValue{va.Elem()} // dereferenced pointer is always addressable - return marshal(mo, enc, v) + v := addressableValue{va.Elem(), false} // dereferenced pointer is always addressable + return marshal(enc, v, mo) } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - // NOTE: UnmarshalOptions.format is forwarded to underlying unmarshal. + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + // NOTE: Struct.Format is forwarded to underlying unmarshal. if dec.PeekKind() == 'n' { if _, err := dec.ReadToken(); err != nil { return err } - va.Set(reflect.Zero(t)) + va.SetZero() return nil } once.Do(init) unmarshal := valFncs.unmarshal if uo.Unmarshalers != nil { - unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, t.Elem()) + unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, t.Elem()) } if va.IsNil() { va.Set(reflect.New(t.Elem())) } - v := addressableValue{va.Elem()} // dereferenced pointer is always addressable - return unmarshal(uo, dec, v) + v := addressableValue{va.Elem(), false} // dereferenced pointer is always addressable + if err := unmarshal(dec, v, uo); err != nil { + return err + } + if uo.Flags.Get(jsonflags.StringifyWithLegacySemantics) && + uo.Flags.Get(jsonflags.StringifyNumbers|jsonflags.StringifyBoolsAndStrings) { + // A JSON null quoted within a JSON string should take effect + // within the pointer value, rather than the indirect value. + // + // TODO: This does not correctly handle escaped nulls + // (e.g., "\u006e\u0075\u006c\u006c"), but is good enough + // for such an esoteric use case of the `string` option. + if string(export.Decoder(dec).PreviousTokenOrValue()) == `"null"` { + va.SetZero() + } + } + return nil } return &fncs } @@ -1370,34 +1696,82 @@ func makeInterfaceArshaler(t reflect.Type) *arshaler { // store them back into the interface afterwards. var fncs arshaler - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - return newInvalidFormatError("marshal", t, mo.format) + var whichMarshaler reflect.Type + for _, iface := range allMarshalerTypes { + if t.Implements(iface) { + whichMarshaler = t + break + } + } + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + xe := export.Encoder(enc) + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + return newInvalidFormatError(enc, t) } if va.IsNil() { - return enc.WriteToken(Null) + return enc.WriteToken(jsontext.Null) + } else if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) && whichMarshaler != nil { + // The marshaler for a pointer never calls the method on a nil receiver. + // Wrap the nil pointer within a struct type so that marshal + // instead appears on a value receiver and may be called. + if va.Elem().Kind() == reflect.Pointer && va.Elem().IsNil() { + v2 := newAddressableValue(whichMarshaler) + switch whichMarshaler { + case jsonMarshalerToType: + v2.Set(reflect.ValueOf(struct{ MarshalerTo }{va.Elem().Interface().(MarshalerTo)})) + case jsonMarshalerType: + v2.Set(reflect.ValueOf(struct{ Marshaler }{va.Elem().Interface().(Marshaler)})) + case textAppenderType: + v2.Set(reflect.ValueOf(struct{ encoding.TextAppender }{va.Elem().Interface().(encoding.TextAppender)})) + case textMarshalerType: + v2.Set(reflect.ValueOf(struct{ encoding.TextMarshaler }{va.Elem().Interface().(encoding.TextMarshaler)})) + } + va = v2 + } } v := newAddressableValue(va.Elem().Type()) v.Set(va.Elem()) marshal := lookupArshaler(v.Type()).marshal if mo.Marshalers != nil { - marshal, _ = mo.Marshalers.lookup(marshal, v.Type()) + marshal, _ = mo.Marshalers.(*Marshalers).lookup(marshal, v.Type()) } // Optimize for the any type if there are no special options. - if optimizeCommon && t == anyType && !mo.StringifyNumbers && mo.format == "" && (mo.Marshalers == nil || !mo.Marshalers.fromAny) { - return marshalValueAny(mo, enc, va.Elem().Interface()) + if optimizeCommon && + t == anyType && !mo.Flags.Get(jsonflags.StringifyNumbers|jsonflags.StringifyBoolsAndStrings) && mo.Format == "" && + (mo.Marshalers == nil || !mo.Marshalers.(*Marshalers).fromAny) { + return marshalValueAny(enc, va.Elem().Interface(), mo) } - return marshal(mo, enc, v) + return marshal(enc, v, mo) } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - return newInvalidFormatError("unmarshal", t, uo.format) + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + return newInvalidFormatError(dec, t) + } + if uo.Flags.Get(jsonflags.MergeWithLegacySemantics) && !va.IsNil() { + // Legacy merge behavior is difficult to explain. + // In general, it only merges for non-nil pointer kinds. + // As a special case, unmarshaling a JSON null into a pointer + // sets a concrete nil pointer of the underlying type + // (rather than setting the interface value itself to nil). + e := va.Elem() + if e.Kind() == reflect.Pointer && !e.IsNil() { + if dec.PeekKind() == 'n' && e.Elem().Kind() == reflect.Pointer { + if _, err := dec.ReadToken(); err != nil { + return err + } + va.Elem().Elem().SetZero() + return nil + } + } else { + va.SetZero() + } } if dec.PeekKind() == 'n' { if _, err := dec.ReadToken(); err != nil { return err } - va.Set(reflect.Zero(t)) + va.SetZero() return nil } var v addressableValue @@ -1407,8 +1781,10 @@ func makeInterfaceArshaler(t reflect.Type) *arshaler { // are always unmarshaled into an any value as Go strings. // Duplicate name check must be enforced since unmarshalValueAny // does not implement merge semantics. - if optimizeCommon && t == anyType && uo.format == "" && (uo.Unmarshalers == nil || !uo.Unmarshalers.fromAny) && !dec.options.AllowDuplicateNames { - v, err := unmarshalValueAny(uo, dec) + if optimizeCommon && + t == anyType && !uo.Flags.Get(jsonflags.AllowDuplicateNames) && uo.Format == "" && + (uo.Unmarshalers == nil || !uo.Unmarshalers.(*Unmarshalers).fromAny) { + v, err := unmarshalValueAny(dec, uo) // We must check for nil interface values up front. // See https://go.dev/issue/52310. if v != nil { @@ -1419,8 +1795,7 @@ func makeInterfaceArshaler(t reflect.Type) *arshaler { k := dec.PeekKind() if !isAnyType(t) { - err := errors.New("cannot derive concrete type for non-empty interface") - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err} + return newUnmarshalErrorBeforeWithSkipping(dec, t, internal.ErrNilInterface) } switch k { case 'f', 't': @@ -1428,7 +1803,11 @@ func makeInterfaceArshaler(t reflect.Type) *arshaler { case '"': v = newAddressableValue(stringType) case '0': - v = newAddressableValue(float64Type) + if uo.Flags.Get(jsonflags.UnmarshalAnyWithRawNumber) { + v = addressableValue{reflect.ValueOf(internal.NewRawNumber()).Elem(), true} + } else { + v = newAddressableValue(float64Type) + } case '{': v = newAddressableValue(mapStringAnyType) case '[': @@ -1450,9 +1829,9 @@ func makeInterfaceArshaler(t reflect.Type) *arshaler { } unmarshal := lookupArshaler(v.Type()).unmarshal if uo.Unmarshalers != nil { - unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, v.Type()) + unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, v.Type()) } - err := unmarshal(uo, dec, v) + err := unmarshal(dec, v, uo) va.Set(v.Value) return err } @@ -1470,16 +1849,62 @@ func isAnyType(t reflect.Type) bool { func makeInvalidArshaler(t reflect.Type) *arshaler { var fncs arshaler - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - return &SemanticError{action: "marshal", GoType: t} + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + return newMarshalErrorBefore(enc, t, nil) } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - return &SemanticError{action: "unmarshal", GoType: t} + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + return newUnmarshalErrorBefore(dec, t, nil) } return &fncs } -func newInvalidFormatError(action string, t reflect.Type, format string) error { - err := fmt.Errorf("invalid format flag: %q", format) - return &SemanticError{action: action, GoType: t, Err: err} +func stringOrNumberKind(isString bool) jsontext.Kind { + if isString { + return '"' + } else { + return '0' + } +} + +type uintSet64 uint64 + +func (s uintSet64) has(i uint) bool { return s&(1< 0 } +func (s *uintSet64) set(i uint) { *s |= 1 << i } + +// uintSet is a set of unsigned integers. +// It is optimized for most integers being close to zero. +type uintSet struct { + lo uintSet64 + hi []uintSet64 +} + +// has reports whether i is in the set. +func (s *uintSet) has(i uint) bool { + if i < 64 { + return s.lo.has(i) + } else { + i -= 64 + iHi, iLo := int(i/64), i%64 + return iHi < len(s.hi) && s.hi[iHi].has(iLo) + } +} + +// insert inserts i into the set and reports whether it was the first insertion. +func (s *uintSet) insert(i uint) bool { + // TODO: Make this inlinable at least for the lower 64-bit case. + if i < 64 { + has := s.lo.has(i) + s.lo.set(i) + return !has + } else { + i -= 64 + iHi, iLo := int(i/64), i%64 + if iHi >= len(s.hi) { + s.hi = append(s.hi, make([]uintSet64, iHi+1-len(s.hi))...) + s.hi = s.hi[:cap(s.hi)] + } + has := s.hi[iHi].has(iLo) + s.hi[iHi].set(iLo) + return !has + } } diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_funcs.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_funcs.go index 8a4e70083..1f5d01868 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_funcs.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_funcs.go @@ -2,6 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json import ( @@ -9,62 +11,75 @@ import ( "fmt" "reflect" "sync" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) -// SkipFunc may be returned by MarshalFuncV2 and UnmarshalFuncV2 functions. +// SkipFunc may be returned by [MarshalToFunc] and [UnmarshalFromFunc] functions. // // Any function that returns SkipFunc must not cause observable side effects -// on the provided Encoder or Decoder. For example, it is permissible to call -// Decoder.PeekKind, but not permissible to call Decoder.ReadToken or -// Encoder.WriteToken since such methods mutate the state. -const SkipFunc = jsonError("skip function") +// on the provided [jsontext.Encoder] or [jsontext.Decoder]. +// For example, it is permissible to call [jsontext.Decoder.PeekKind], +// but not permissible to call [jsontext.Decoder.ReadToken] or +// [jsontext.Encoder.WriteToken] since such methods mutate the state. +var SkipFunc = errors.New("json: skip function") + +var errSkipMutation = errors.New("must not read or write any tokens when skipping") +var errNonSingularValue = errors.New("must read or write exactly one value") // Marshalers is a list of functions that may override the marshal behavior -// of specific types. Populate MarshalOptions.Marshalers to use it. +// of specific types. Populate [WithMarshalers] to use it with +// [Marshal], [MarshalWrite], or [MarshalEncode]. // A nil *Marshalers is equivalent to an empty list. +// There are no exported fields or methods on Marshalers. type Marshalers = typedMarshalers -// NewMarshalers constructs a flattened list of marshal functions. +// JoinMarshalers constructs a flattened list of marshal functions. // If multiple functions in the list are applicable for a value of a given type, // then those earlier in the list take precedence over those that come later. -// If a function returns SkipFunc, then the next applicable function is called, +// If a function returns [SkipFunc], then the next applicable function is called, // otherwise the default marshaling behavior is used. // // For example: // -// m1 := NewMarshalers(f1, f2) -// m2 := NewMarshalers(f0, m1, f3) // equivalent to m3 -// m3 := NewMarshalers(f0, f1, f2, f3) // equivalent to m2 -func NewMarshalers(ms ...*Marshalers) *Marshalers { +// m1 := JoinMarshalers(f1, f2) +// m2 := JoinMarshalers(f0, m1, f3) // equivalent to m3 +// m3 := JoinMarshalers(f0, f1, f2, f3) // equivalent to m2 +func JoinMarshalers(ms ...*Marshalers) *Marshalers { return newMarshalers(ms...) } // Unmarshalers is a list of functions that may override the unmarshal behavior -// of specific types. Populate UnmarshalOptions.Unmarshalers to use it. +// of specific types. Populate [WithUnmarshalers] to use it with +// [Unmarshal], [UnmarshalRead], or [UnmarshalDecode]. // A nil *Unmarshalers is equivalent to an empty list. +// There are no exported fields or methods on Unmarshalers. type Unmarshalers = typedUnmarshalers -// NewUnmarshalers constructs a flattened list of unmarshal functions. +// JoinUnmarshalers constructs a flattened list of unmarshal functions. // If multiple functions in the list are applicable for a value of a given type, // then those earlier in the list take precedence over those that come later. -// If a function returns SkipFunc, then the next applicable function is called, +// If a function returns [SkipFunc], then the next applicable function is called, // otherwise the default unmarshaling behavior is used. // // For example: // -// u1 := NewUnmarshalers(f1, f2) -// u2 := NewUnmarshalers(f0, u1, f3) // equivalent to u3 -// u3 := NewUnmarshalers(f0, f1, f2, f3) // equivalent to u2 -func NewUnmarshalers(us ...*Unmarshalers) *Unmarshalers { +// u1 := JoinUnmarshalers(f1, f2) +// u2 := JoinUnmarshalers(f0, u1, f3) // equivalent to u3 +// u3 := JoinUnmarshalers(f0, f1, f2, f3) // equivalent to u2 +func JoinUnmarshalers(us ...*Unmarshalers) *Unmarshalers { return newUnmarshalers(us...) } -type typedMarshalers = typedArshalers[MarshalOptions, Encoder] -type typedUnmarshalers = typedArshalers[UnmarshalOptions, Decoder] -type typedArshalers[Options, Coder any] struct { +type typedMarshalers = typedArshalers[jsontext.Encoder] +type typedUnmarshalers = typedArshalers[jsontext.Decoder] +type typedArshalers[Coder any] struct { nonComparable - fncVals []typedArshaler[Options, Coder] + fncVals []typedArshaler[Coder] fncCache sync.Map // map[reflect.Type]arshaler // fromAny reports whether any of Go types used to represent arbitrary JSON @@ -78,18 +93,18 @@ type typedArshalers[Options, Coder any] struct { // if this is true. fromAny bool } -type typedMarshaler = typedArshaler[MarshalOptions, Encoder] -type typedUnmarshaler = typedArshaler[UnmarshalOptions, Decoder] -type typedArshaler[Options, Coder any] struct { +type typedMarshaler = typedArshaler[jsontext.Encoder] +type typedUnmarshaler = typedArshaler[jsontext.Decoder] +type typedArshaler[Coder any] struct { typ reflect.Type - fnc func(Options, *Coder, addressableValue) error + fnc func(*Coder, addressableValue, *jsonopts.Struct) error maySkip bool } func newMarshalers(ms ...*Marshalers) *Marshalers { return newTypedArshalers(ms...) } func newUnmarshalers(us ...*Unmarshalers) *Unmarshalers { return newTypedArshalers(us...) } -func newTypedArshalers[Options, Coder any](as ...*typedArshalers[Options, Coder]) *typedArshalers[Options, Coder] { - var a typedArshalers[Options, Coder] +func newTypedArshalers[Coder any](as ...*typedArshalers[Coder]) *typedArshalers[Coder] { + var a typedArshalers[Coder] for _, a2 := range as { if a2 != nil { a.fncVals = append(a.fncVals, a2.fncVals...) @@ -102,7 +117,7 @@ func newTypedArshalers[Options, Coder any](as ...*typedArshalers[Options, Coder] return &a } -func (a *typedArshalers[Options, Coder]) lookup(fnc func(Options, *Coder, addressableValue) error, t reflect.Type) (func(Options, *Coder, addressableValue) error, bool) { +func (a *typedArshalers[Coder]) lookup(fnc func(*Coder, addressableValue, *jsonopts.Struct) error, t reflect.Type) (func(*Coder, addressableValue, *jsonopts.Struct) error, bool) { if a == nil { return fnc, false } @@ -110,12 +125,12 @@ func (a *typedArshalers[Options, Coder]) lookup(fnc func(Options, *Coder, addres if v == nil { return fnc, false } - return v.(func(Options, *Coder, addressableValue) error), true + return v.(func(*Coder, addressableValue, *jsonopts.Struct) error), true } // Collect a list of arshalers that can be called for this type. // This list may be longer than 1 since some arshalers can be skipped. - var fncs []func(Options, *Coder, addressableValue) error + var fncs []func(*Coder, addressableValue, *jsonopts.Struct) error for _, fncVal := range a.fncVals { if !castableTo(t, fncVal.typ) { continue @@ -133,21 +148,21 @@ func (a *typedArshalers[Options, Coder]) lookup(fnc func(Options, *Coder, addres // Construct an arshaler that may call every applicable arshaler. fncDefault := fnc - fnc = func(o Options, c *Coder, v addressableValue) error { + fnc = func(c *Coder, v addressableValue, o *jsonopts.Struct) error { for _, fnc := range fncs { - if err := fnc(o, c, v); err != SkipFunc { + if err := fnc(c, v, o); err != SkipFunc { return err // may be nil or non-nil } } - return fncDefault(o, c, v) + return fncDefault(c, v, o) } // Use the first stored so duplicate work can be garbage collected. v, _ := a.fncCache.LoadOrStore(t, fnc) - return v.(func(Options, *Coder, addressableValue) error), true + return v.(func(*Coder, addressableValue, *jsonopts.Struct) error), true } -// MarshalFuncV1 constructs a type-specific marshaler that +// MarshalFunc constructs a type-specific marshaler that // specifies how to marshal values of type T. // T can be any type except a named pointer. // The function is always provided with a non-nil pointer value @@ -155,22 +170,30 @@ func (a *typedArshalers[Options, Coder]) lookup(fnc func(Options, *Coder, addres // // The function must marshal exactly one JSON value. // The value of T must not be retained outside the function call. -// It may not return SkipFunc. -func MarshalFuncV1[T any](fn func(T) ([]byte, error)) *Marshalers { - t := reflect.TypeOf((*T)(nil)).Elem() +// It may not return [SkipFunc]. +func MarshalFunc[T any](fn func(T) ([]byte, error)) *Marshalers { + t := reflect.TypeFor[T]() assertCastableTo(t, true) typFnc := typedMarshaler{ typ: t, - fnc: func(mo MarshalOptions, enc *Encoder, va addressableValue) error { + fnc: func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { val, err := fn(va.castTo(t).Interface().(T)) if err != nil { err = wrapSkipFunc(err, "marshal function of type func(T) ([]byte, error)") - // TODO: Avoid wrapping semantic errors. - return &SemanticError{action: "marshal", GoType: t, Err: err} + if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalFunc") // unlike unmarshal, always wrapped + } + err = newMarshalErrorBefore(enc, t, err) + return collapseSemanticErrors(err) } if err := enc.WriteValue(val); err != nil { - // TODO: Avoid wrapping semantic or I/O errors. - return &SemanticError{action: "marshal", JSONKind: RawValue(val).Kind(), GoType: t, Err: err} + if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalFunc") // unlike unmarshal, always wrapped + } + if isSyntacticError(err) { + err = newMarshalErrorBefore(enc, t, err) + } + return err } return nil }, @@ -178,39 +201,47 @@ func MarshalFuncV1[T any](fn func(T) ([]byte, error)) *Marshalers { return &Marshalers{fncVals: []typedMarshaler{typFnc}, fromAny: castableToFromAny(t)} } -// MarshalFuncV2 constructs a type-specific marshaler that +// MarshalToFunc constructs a type-specific marshaler that // specifies how to marshal values of type T. // T can be any type except a named pointer. // The function is always provided with a non-nil pointer value // if T is an interface or pointer type. // // The function must marshal exactly one JSON value by calling write methods -// on the provided encoder. It may return SkipFunc such that marshaling can +// on the provided encoder. It may return [SkipFunc] such that marshaling can // move on to the next marshal function. However, no mutable method calls may -// be called on the encoder if SkipFunc is returned. -// The pointer to Encoder and the value of T must not be retained -// outside the function call. -func MarshalFuncV2[T any](fn func(MarshalOptions, *Encoder, T) error) *Marshalers { - t := reflect.TypeOf((*T)(nil)).Elem() +// be called on the encoder if [SkipFunc] is returned. +// The pointer to [jsontext.Encoder] and the value of T +// must not be retained outside the function call. +func MarshalToFunc[T any](fn func(*jsontext.Encoder, T) error) *Marshalers { + t := reflect.TypeFor[T]() assertCastableTo(t, true) typFnc := typedMarshaler{ typ: t, - fnc: func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - prevDepth, prevLength := enc.tokens.depthLength() - err := fn(mo, enc, va.castTo(t).Interface().(T)) - currDepth, currLength := enc.tokens.depthLength() + fnc: func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + xe := export.Encoder(enc) + prevDepth, prevLength := xe.Tokens.DepthLength() + xe.Flags.Set(jsonflags.WithinArshalCall | 1) + err := fn(enc, va.castTo(t).Interface().(T)) + xe.Flags.Set(jsonflags.WithinArshalCall | 0) + currDepth, currLength := xe.Tokens.DepthLength() if err == nil && (prevDepth != currDepth || prevLength+1 != currLength) { - err = errors.New("must write exactly one JSON value") + err = errNonSingularValue } if err != nil { if err == SkipFunc { if prevDepth == currDepth && prevLength == currLength { return SkipFunc } - err = errors.New("must not write any JSON tokens when skipping") + err = errSkipMutation } - // TODO: Avoid wrapping semantic or I/O errors. - return &SemanticError{action: "marshal", GoType: t, Err: err} + if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalToFunc") // unlike unmarshal, always wrapped + } + if !export.IsIOError(err) { + err = newSemanticErrorWithPosition(enc, t, prevDepth, prevLength, err) + } + return err } return nil }, @@ -219,7 +250,7 @@ func MarshalFuncV2[T any](fn func(MarshalOptions, *Encoder, T) error) *Marshaler return &Marshalers{fncVals: []typedMarshaler{typFnc}, fromAny: castableToFromAny(t)} } -// UnmarshalFuncV1 constructs a type-specific unmarshaler that +// UnmarshalFunc constructs a type-specific unmarshaler that // specifies how to unmarshal values of type T. // T must be an unnamed pointer or an interface type. // The function is always provided with a non-nil pointer value. @@ -227,13 +258,13 @@ func MarshalFuncV2[T any](fn func(MarshalOptions, *Encoder, T) error) *Marshaler // The function must unmarshal exactly one JSON value. // The input []byte must not be mutated. // The input []byte and value T must not be retained outside the function call. -// It may not return SkipFunc. -func UnmarshalFuncV1[T any](fn func([]byte, T) error) *Unmarshalers { - t := reflect.TypeOf((*T)(nil)).Elem() +// It may not return [SkipFunc]. +func UnmarshalFunc[T any](fn func([]byte, T) error) *Unmarshalers { + t := reflect.TypeFor[T]() assertCastableTo(t, false) typFnc := typedUnmarshaler{ typ: t, - fnc: func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { + fnc: func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { val, err := dec.ReadValue() if err != nil { return err // must be a syntactic or I/O error @@ -241,8 +272,11 @@ func UnmarshalFuncV1[T any](fn func([]byte, T) error) *Unmarshalers { err = fn(val, va.castTo(t).Interface().(T)) if err != nil { err = wrapSkipFunc(err, "unmarshal function of type func([]byte, T) error") - // TODO: Avoid wrapping semantic, syntactic, or I/O errors. - return &SemanticError{action: "unmarshal", JSONKind: val.Kind(), GoType: t, Err: err} + if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return err // unlike marshal, never wrapped + } + err = newUnmarshalErrorAfter(dec, t, err) + return collapseSemanticErrors(err) } return nil }, @@ -250,38 +284,49 @@ func UnmarshalFuncV1[T any](fn func([]byte, T) error) *Unmarshalers { return &Unmarshalers{fncVals: []typedUnmarshaler{typFnc}, fromAny: castableToFromAny(t)} } -// UnmarshalFuncV2 constructs a type-specific unmarshaler that +// UnmarshalFromFunc constructs a type-specific unmarshaler that // specifies how to unmarshal values of type T. // T must be an unnamed pointer or an interface type. // The function is always provided with a non-nil pointer value. // // The function must unmarshal exactly one JSON value by calling read methods -// on the provided decoder. It may return SkipFunc such that unmarshaling can +// on the provided decoder. It may return [SkipFunc] such that unmarshaling can // move on to the next unmarshal function. However, no mutable method calls may -// be called on the decoder if SkipFunc is returned. -// The pointer to Decoder and the value of T must not be retained -// outside the function call. -func UnmarshalFuncV2[T any](fn func(UnmarshalOptions, *Decoder, T) error) *Unmarshalers { - t := reflect.TypeOf((*T)(nil)).Elem() +// be called on the decoder if [SkipFunc] is returned. +// The pointer to [jsontext.Decoder] and the value of T +// must not be retained outside the function call. +func UnmarshalFromFunc[T any](fn func(*jsontext.Decoder, T) error) *Unmarshalers { + t := reflect.TypeFor[T]() assertCastableTo(t, false) typFnc := typedUnmarshaler{ typ: t, - fnc: func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - prevDepth, prevLength := dec.tokens.depthLength() - err := fn(uo, dec, va.castTo(t).Interface().(T)) - currDepth, currLength := dec.tokens.depthLength() + fnc: func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + prevDepth, prevLength := xd.Tokens.DepthLength() + xd.Flags.Set(jsonflags.WithinArshalCall | 1) + err := fn(dec, va.castTo(t).Interface().(T)) + xd.Flags.Set(jsonflags.WithinArshalCall | 0) + currDepth, currLength := xd.Tokens.DepthLength() if err == nil && (prevDepth != currDepth || prevLength+1 != currLength) { - err = errors.New("must read exactly one JSON value") + err = errNonSingularValue } if err != nil { if err == SkipFunc { if prevDepth == currDepth && prevLength == currLength { return SkipFunc } - err = errors.New("must not read any JSON tokens when skipping") + err = errSkipMutation + } + if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + if err2 := xd.SkipUntil(prevDepth, prevLength+1); err2 != nil { + return err2 + } + return err // unlike marshal, never wrapped + } + if !isSyntacticError(err) && !export.IsIOError(err) { + err = newSemanticErrorWithPosition(dec, t, prevDepth, prevLength, err) } - // TODO: Avoid wrapping semantic, syntactic, or I/O errors. - return &SemanticError{action: "unmarshal", GoType: t, Err: err} + return err } return nil }, diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_inlined.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_inlined.go index 258a98247..f73ed3240 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_inlined.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_inlined.go @@ -2,12 +2,20 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json import ( "bytes" "errors" + "io" "reflect" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // This package supports "inlining" a Go struct field, where the contents @@ -18,18 +26,20 @@ import ( // nested struct are virtually hoisted up to the parent struct using rules // similar to how Go embedding works (but operating within the JSON namespace). // -// However, inlined fields may also be of a Go map type with a string key -// or a RawValue. Such inlined fields are called "fallback" fields since they +// However, inlined fields may also be of a Go map type with a string key or +// a jsontext.Value. Such inlined fields are called "fallback" fields since they // represent any arbitrary JSON object member. Explicitly named fields take // precedence over the inlined fallback. Only one inlined fallback is allowed. -var rawValueType = reflect.TypeOf((*RawValue)(nil)).Elem() +var errRawInlinedNotObject = errors.New("inlined raw value must be a JSON object") + +var jsontextValueType = reflect.TypeFor[jsontext.Value]() // marshalInlinedFallbackAll marshals all the members in an inlined fallback. -func marshalInlinedFallbackAll(mo MarshalOptions, enc *Encoder, va addressableValue, f *structField, insertUnquotedName func([]byte) bool) error { - v := addressableValue{va.Field(f.index[0])} // addressable if struct value is addressable - if len(f.index) > 1 { - v = v.fieldByIndex(f.index[1:], false) +func marshalInlinedFallbackAll(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct, f *structField, insertUnquotedName func([]byte) bool) error { + v := addressableValue{va.Field(f.index0), va.forcedAddr} // addressable if struct value is addressable + if len(f.index) > 0 { + v = v.fieldByIndex(f.index, false) if !v.IsValid() { return nil // implies a nil inlined field } @@ -39,34 +49,39 @@ func marshalInlinedFallbackAll(mo MarshalOptions, enc *Encoder, va addressableVa return nil } - if v.Type() == rawValueType { - b := v.Interface().(RawValue) + if v.Type() == jsontextValueType { + // TODO(https://go.dev/issue/62121): Use reflect.Value.AssertTo. + b := *v.Addr().Interface().(*jsontext.Value) if len(b) == 0 { // TODO: Should this be nil? What if it were all whitespace? return nil } - dec := getBufferedDecoder(b, DecodeOptions{AllowDuplicateNames: true, AllowInvalidUTF8: true}) - defer putBufferedDecoder(dec) + dec := export.GetBufferedDecoder(b) + defer export.PutBufferedDecoder(dec) + xd := export.Decoder(dec) + xd.Flags.Set(jsonflags.AllowDuplicateNames | jsonflags.AllowInvalidUTF8 | 1) tok, err := dec.ReadToken() if err != nil { - return &SemanticError{action: "marshal", GoType: rawValueType, Err: err} + if err == io.EOF { + err = io.ErrUnexpectedEOF + } + return newMarshalErrorBefore(enc, v.Type(), err) } if tok.Kind() != '{' { - err := errors.New("inlined raw value must be a JSON object") - return &SemanticError{action: "marshal", JSONKind: tok.Kind(), GoType: rawValueType, Err: err} + return newMarshalErrorBefore(enc, v.Type(), errRawInlinedNotObject) } for dec.PeekKind() != '}' { // Parse the JSON object name. - var flags valueFlags - val, err := dec.readValue(&flags) + var flags jsonwire.ValueFlags + val, err := xd.ReadValue(&flags) if err != nil { - return &SemanticError{action: "marshal", GoType: rawValueType, Err: err} + return newMarshalErrorBefore(enc, v.Type(), err) } if insertUnquotedName != nil { - name := unescapeStringMayCopy(val, flags.isVerbatim()) + name := jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) if !insertUnquotedName(name) { - return &SyntacticError{str: "duplicate name " + string(val) + " in object"} + return newDuplicateNameError(enc.StackPointer().Parent(), val, enc.OutputOffset()) } } if err := enc.WriteValue(val); err != nil { @@ -74,55 +89,55 @@ func marshalInlinedFallbackAll(mo MarshalOptions, enc *Encoder, va addressableVa } // Parse the JSON object value. - val, err = dec.readValue(&flags) + val, err = xd.ReadValue(&flags) if err != nil { - return &SemanticError{action: "marshal", GoType: rawValueType, Err: err} + return newMarshalErrorBefore(enc, v.Type(), err) } if err := enc.WriteValue(val); err != nil { return err } } if _, err := dec.ReadToken(); err != nil { - return &SemanticError{action: "marshal", GoType: rawValueType, Err: err} + return newMarshalErrorBefore(enc, v.Type(), err) } - if err := dec.checkEOF(); err != nil { - return &SemanticError{action: "marshal", GoType: rawValueType, Err: err} + if err := xd.CheckEOF(); err != nil { + return newMarshalErrorBefore(enc, v.Type(), err) } return nil } else { - m := v // must be a map[string]V + m := v // must be a map[~string]V n := m.Len() if n == 0 { return nil } - mk := newAddressableValue(stringType) + mk := newAddressableValue(m.Type().Key()) mv := newAddressableValue(m.Type().Elem()) marshalKey := func(mk addressableValue) error { - b, err := appendString(enc.UnusedBuffer(), mk.String(), !enc.options.AllowInvalidUTF8, nil) + b, err := jsonwire.AppendQuote(enc.AvailableBuffer(), mk.String(), &mo.Flags) if err != nil { - return err + return newMarshalErrorBefore(enc, m.Type().Key(), err) } if insertUnquotedName != nil { isVerbatim := bytes.IndexByte(b, '\\') < 0 - name := unescapeStringMayCopy(b, isVerbatim) + name := jsonwire.UnquoteMayCopy(b, isVerbatim) if !insertUnquotedName(name) { - return &SyntacticError{str: "duplicate name " + string(b) + " in object"} + return newDuplicateNameError(enc.StackPointer().Parent(), b, enc.OutputOffset()) } } return enc.WriteValue(b) } marshalVal := f.fncs.marshal if mo.Marshalers != nil { - marshalVal, _ = mo.Marshalers.lookup(marshalVal, mv.Type()) + marshalVal, _ = mo.Marshalers.(*Marshalers).lookup(marshalVal, mv.Type()) } - if !mo.Deterministic || n <= 1 { + if !mo.Flags.Get(jsonflags.Deterministic) || n <= 1 { for iter := m.MapRange(); iter.Next(); { mk.SetIterKey(iter) if err := marshalKey(mk); err != nil { return err } mv.Set(iter.Value()) - if err := marshalVal(mo, enc, mv); err != nil { + if err := marshalVal(enc, mv, mo); err != nil { return err } } @@ -140,7 +155,7 @@ func marshalInlinedFallbackAll(mo MarshalOptions, enc *Encoder, va addressableVa } // TODO(https://go.dev/issue/57061): Use mv.SetMapIndexOf. mv.Set(m.MapIndex(mk.Value)) - if err := marshalVal(mo, enc, mv); err != nil { + if err := marshalVal(enc, mv, mo); err != nil { return err } } @@ -151,59 +166,61 @@ func marshalInlinedFallbackAll(mo MarshalOptions, enc *Encoder, va addressableVa } // unmarshalInlinedFallbackNext unmarshals only the next member in an inlined fallback. -func unmarshalInlinedFallbackNext(uo UnmarshalOptions, dec *Decoder, va addressableValue, f *structField, quotedName, unquotedName []byte) error { - v := addressableValue{va.Field(f.index[0])} // addressable if struct value is addressable - if len(f.index) > 1 { - v = v.fieldByIndex(f.index[1:], true) +func unmarshalInlinedFallbackNext(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct, f *structField, quotedName, unquotedName []byte) error { + v := addressableValue{va.Field(f.index0), va.forcedAddr} // addressable if struct value is addressable + if len(f.index) > 0 { + v = v.fieldByIndex(f.index, true) } v = v.indirect(true) - if v.Type() == rawValueType { - b := v.Addr().Interface().(*RawValue) + if v.Type() == jsontextValueType { + b := v.Addr().Interface().(*jsontext.Value) if len(*b) == 0 { // TODO: Should this be nil? What if it were all whitespace? *b = append(*b, '{') } else { - *b = trimSuffixWhitespace(*b) - if hasSuffixByte(*b, '}') { + *b = jsonwire.TrimSuffixWhitespace(*b) + if jsonwire.HasSuffixByte(*b, '}') { // TODO: When merging into an object for the first time, // should we verify that it is valid? - *b = trimSuffixByte(*b, '}') - *b = trimSuffixWhitespace(*b) - if !hasSuffixByte(*b, ',') && !hasSuffixByte(*b, '{') { + *b = jsonwire.TrimSuffixByte(*b, '}') + *b = jsonwire.TrimSuffixWhitespace(*b) + if !jsonwire.HasSuffixByte(*b, ',') && !jsonwire.HasSuffixByte(*b, '{') { *b = append(*b, ',') } } else { - err := errors.New("inlined raw value must be a JSON object") - return &SemanticError{action: "unmarshal", GoType: rawValueType, Err: err} + return newUnmarshalErrorAfterWithSkipping(dec, v.Type(), errRawInlinedNotObject) } } *b = append(*b, quotedName...) *b = append(*b, ':') - rawValue, err := dec.ReadValue() + val, err := dec.ReadValue() if err != nil { return err } - *b = append(*b, rawValue...) + *b = append(*b, val...) *b = append(*b, '}') return nil } else { name := string(unquotedName) // TODO: Intern this? - m := v // must be a map[string]V + m := v // must be a map[~string]V if m.IsNil() { m.Set(reflect.MakeMap(m.Type())) } mk := reflect.ValueOf(name) - mv := newAddressableValue(v.Type().Elem()) // TODO: Cache across calls? + if mkt := m.Type().Key(); mkt != stringType { + mk = mk.Convert(mkt) + } + mv := newAddressableValue(m.Type().Elem()) // TODO: Cache across calls? if v2 := m.MapIndex(mk); v2.IsValid() { mv.Set(v2) } unmarshal := f.fncs.unmarshal if uo.Unmarshalers != nil { - unmarshal, _ = uo.Unmarshalers.lookup(unmarshal, mv.Type()) + unmarshal, _ = uo.Unmarshalers.(*Unmarshalers).lookup(unmarshal, mv.Type()) } - err := unmarshal(uo, dec, mv) + err := unmarshal(dec, mv, uo) m.SetMapIndex(mk, mv.Value) if err != nil { return err diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_methods.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_methods.go index 20899c868..d6736342b 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_methods.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_methods.go @@ -2,53 +2,68 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json import ( "encoding" "errors" "reflect" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) +var errNonStringValue = errors.New("JSON value must be string type") + // Interfaces for custom serialization. var ( - jsonMarshalerV1Type = reflect.TypeOf((*MarshalerV1)(nil)).Elem() - jsonMarshalerV2Type = reflect.TypeOf((*MarshalerV2)(nil)).Elem() - jsonUnmarshalerV1Type = reflect.TypeOf((*UnmarshalerV1)(nil)).Elem() - jsonUnmarshalerV2Type = reflect.TypeOf((*UnmarshalerV2)(nil)).Elem() - textMarshalerType = reflect.TypeOf((*encoding.TextMarshaler)(nil)).Elem() - textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem() + jsonMarshalerType = reflect.TypeFor[Marshaler]() + jsonMarshalerToType = reflect.TypeFor[MarshalerTo]() + jsonUnmarshalerType = reflect.TypeFor[Unmarshaler]() + jsonUnmarshalerFromType = reflect.TypeFor[UnmarshalerFrom]() + textAppenderType = reflect.TypeFor[encoding.TextAppender]() + textMarshalerType = reflect.TypeFor[encoding.TextMarshaler]() + textUnmarshalerType = reflect.TypeFor[encoding.TextUnmarshaler]() + + allMarshalerTypes = []reflect.Type{jsonMarshalerToType, jsonMarshalerType, textAppenderType, textMarshalerType} + allUnmarshalerTypes = []reflect.Type{jsonUnmarshalerFromType, jsonUnmarshalerType, textUnmarshalerType} + allMethodTypes = append(allMarshalerTypes, allUnmarshalerTypes...) ) -// MarshalerV1 is implemented by types that can marshal themselves. -// It is recommended that types implement MarshalerV2 unless the implementation +// Marshaler is implemented by types that can marshal themselves. +// It is recommended that types implement [MarshalerTo] unless the implementation // is trying to avoid a hard dependency on the "jsontext" package. // // It is recommended that implementations return a buffer that is safe // for the caller to retain and potentially mutate. -type MarshalerV1 interface { +type Marshaler interface { MarshalJSON() ([]byte, error) } -// MarshalerV2 is implemented by types that can marshal themselves. -// It is recommended that types implement MarshalerV2 instead of MarshalerV1 +// MarshalerTo is implemented by types that can marshal themselves. +// It is recommended that types implement MarshalerTo instead of [Marshaler] // since this is both more performant and flexible. -// If a type implements both MarshalerV1 and MarshalerV2, -// then MarshalerV2 takes precedence. In such a case, both implementations +// If a type implements both Marshaler and MarshalerTo, +// then MarshalerTo takes precedence. In such a case, both implementations // should aim to have equivalent behavior for the default marshal options. // // The implementation must write only one JSON value to the Encoder and -// must not retain the pointer to Encoder. -type MarshalerV2 interface { - MarshalNextJSON(MarshalOptions, *Encoder) error +// must not retain the pointer to [jsontext.Encoder]. +type MarshalerTo interface { + MarshalJSONTo(*jsontext.Encoder) error - // TODO: Should users call the MarshalOptions.MarshalNext method or + // TODO: Should users call the MarshalEncode function or // should/can they call this method directly? Does it matter? } -// UnmarshalerV1 is implemented by types that can unmarshal themselves. -// It is recommended that types implement UnmarshalerV2 unless -// the implementation is trying to avoid a hard dependency on this package. +// Unmarshaler is implemented by types that can unmarshal themselves. +// It is recommended that types implement [UnmarshalerFrom] unless the implementation +// is trying to avoid a hard dependency on the "jsontext" package. // // The input can be assumed to be a valid encoding of a JSON value // if called from unmarshal functionality in this package. @@ -57,26 +72,26 @@ type MarshalerV2 interface { // unmarshaling into a pre-populated value. // // Implementations must not retain or mutate the input []byte. -type UnmarshalerV1 interface { +type Unmarshaler interface { UnmarshalJSON([]byte) error } -// UnmarshalerV2 is implemented by types that can unmarshal themselves. -// It is recommended that types implement UnmarshalerV2 instead of UnmarshalerV1 +// UnmarshalerFrom is implemented by types that can unmarshal themselves. +// It is recommended that types implement UnmarshalerFrom instead of [Unmarshaler] // since this is both more performant and flexible. -// If a type implements both UnmarshalerV1 and UnmarshalerV2, -// then UnmarshalerV2 takes precedence. In such a case, both implementations +// If a type implements both Unmarshaler and UnmarshalerFrom, +// then UnmarshalerFrom takes precedence. In such a case, both implementations // should aim to have equivalent behavior for the default unmarshal options. // // The implementation must read only one JSON value from the Decoder. -// It is recommended that UnmarshalNextJSON implement merge semantics when +// It is recommended that UnmarshalJSONFrom implement merge semantics when // unmarshaling into a pre-populated value. // -// Implementations must not retain the pointer to Decoder. -type UnmarshalerV2 interface { - UnmarshalNextJSON(UnmarshalOptions, *Decoder) error +// Implementations must not retain the pointer to [jsontext.Decoder]. +type UnmarshalerFrom interface { + UnmarshalJSONFrom(*jsontext.Decoder) error - // TODO: Should users call the UnmarshalOptions.UnmarshalNext method or + // TODO: Should users call the UnmarshalDecode function or // should/can they call this method directly? Does it matter? } @@ -88,114 +103,205 @@ func makeMethodArshaler(fncs *arshaler, t reflect.Type) *arshaler { return fncs } - // Handle custom marshaler. - switch which, needAddr := implementsWhich(t, jsonMarshalerV2Type, jsonMarshalerV1Type, textMarshalerType); which { - case jsonMarshalerV2Type: + if needAddr, ok := implements(t, textMarshalerType); ok { fncs.nonDefault = true - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - prevDepth, prevLength := enc.tokens.depthLength() - err := va.addrWhen(needAddr).Interface().(MarshalerV2).MarshalNextJSON(mo, enc) - currDepth, currLength := enc.tokens.depthLength() - if (prevDepth != currDepth || prevLength+1 != currLength) && err == nil { - err = errors.New("must write exactly one JSON value") + prevMarshal := fncs.marshal + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) && + (needAddr && va.forcedAddr) { + return prevMarshal(enc, va, mo) } - if err != nil { + marshaler := va.Addr().Interface().(encoding.TextMarshaler) + if err := export.Encoder(enc).AppendRaw('"', false, func(b []byte) ([]byte, error) { + b2, err := marshaler.MarshalText() + return append(b, b2...), err + }); err != nil { err = wrapSkipFunc(err, "marshal method") - // TODO: Avoid wrapping semantic or I/O errors. - return &SemanticError{action: "marshal", GoType: t, Err: err} + if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalText") // unlike unmarshal, always wrapped + } + if !isSemanticError(err) && !export.IsIOError(err) { + err = newMarshalErrorBefore(enc, t, err) + } + return err } return nil } - case jsonMarshalerV1Type: + } + + if needAddr, ok := implements(t, textAppenderType); ok { fncs.nonDefault = true - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - marshaler := va.addrWhen(needAddr).Interface().(MarshalerV1) - val, err := marshaler.MarshalJSON() - if err != nil { - err = wrapSkipFunc(err, "marshal method") - // TODO: Avoid wrapping semantic errors. - return &SemanticError{action: "marshal", GoType: t, Err: err} + prevMarshal := fncs.marshal + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) (err error) { + if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) && + (needAddr && va.forcedAddr) { + return prevMarshal(enc, va, mo) } - if err := enc.WriteValue(val); err != nil { - // TODO: Avoid wrapping semantic or I/O errors. - return &SemanticError{action: "marshal", JSONKind: RawValue(val).Kind(), GoType: t, Err: err} + appender := va.Addr().Interface().(encoding.TextAppender) + if err := export.Encoder(enc).AppendRaw('"', false, appender.AppendText); err != nil { + err = wrapSkipFunc(err, "append method") + if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.NewMarshalerError(va.Addr().Interface(), err, "AppendText") // unlike unmarshal, always wrapped + } + if !isSemanticError(err) && !export.IsIOError(err) { + err = newMarshalErrorBefore(enc, t, err) + } + return err } return nil } - case textMarshalerType: + } + + if needAddr, ok := implements(t, jsonMarshalerType); ok { fncs.nonDefault = true - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - marshaler := va.addrWhen(needAddr).Interface().(encoding.TextMarshaler) - s, err := marshaler.MarshalText() - if err != nil { - err = wrapSkipFunc(err, "marshal method") - // TODO: Avoid wrapping semantic errors. - return &SemanticError{action: "marshal", JSONKind: '"', GoType: t, Err: err} + prevMarshal := fncs.marshal + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) && + ((needAddr && va.forcedAddr) || export.Encoder(enc).Tokens.Last.NeedObjectName()) { + return prevMarshal(enc, va, mo) } - val := enc.UnusedBuffer() - val, err = appendString(val, string(s), true, nil) + marshaler := va.Addr().Interface().(Marshaler) + val, err := marshaler.MarshalJSON() if err != nil { - return &SemanticError{action: "marshal", JSONKind: '"', GoType: t, Err: err} + err = wrapSkipFunc(err, "marshal method") + if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalJSON") // unlike unmarshal, always wrapped + } + err = newMarshalErrorBefore(enc, t, err) + return collapseSemanticErrors(err) } if err := enc.WriteValue(val); err != nil { - // TODO: Avoid wrapping syntactic or I/O errors. - return &SemanticError{action: "marshal", JSONKind: '"', GoType: t, Err: err} + if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalJSON") // unlike unmarshal, always wrapped + } + if isSyntacticError(err) { + err = newMarshalErrorBefore(enc, t, err) + } + return err } return nil } } - // Handle custom unmarshaler. - switch which, needAddr := implementsWhich(t, jsonUnmarshalerV2Type, jsonUnmarshalerV1Type, textUnmarshalerType); which { - case jsonUnmarshalerV2Type: + if needAddr, ok := implements(t, jsonMarshalerToType); ok { fncs.nonDefault = true - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - prevDepth, prevLength := dec.tokens.depthLength() - err := va.addrWhen(needAddr).Interface().(UnmarshalerV2).UnmarshalNextJSON(uo, dec) - currDepth, currLength := dec.tokens.depthLength() + prevMarshal := fncs.marshal + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + if mo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) && + ((needAddr && va.forcedAddr) || export.Encoder(enc).Tokens.Last.NeedObjectName()) { + return prevMarshal(enc, va, mo) + } + xe := export.Encoder(enc) + prevDepth, prevLength := xe.Tokens.DepthLength() + xe.Flags.Set(jsonflags.WithinArshalCall | 1) + err := va.Addr().Interface().(MarshalerTo).MarshalJSONTo(enc) + xe.Flags.Set(jsonflags.WithinArshalCall | 0) + currDepth, currLength := xe.Tokens.DepthLength() if (prevDepth != currDepth || prevLength+1 != currLength) && err == nil { - err = errors.New("must read exactly one JSON value") + err = errNonSingularValue } if err != nil { + err = wrapSkipFunc(err, "marshal method") + if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalJSONTo") // unlike unmarshal, always wrapped + } + if !export.IsIOError(err) { + err = newSemanticErrorWithPosition(enc, t, prevDepth, prevLength, err) + } + return err + } + return nil + } + } + + if _, ok := implements(t, textUnmarshalerType); ok { + fncs.nonDefault = true + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + var flags jsonwire.ValueFlags + val, err := xd.ReadValue(&flags) + if err != nil { + return err // must be a syntactic or I/O error + } + if val.Kind() == 'n' { + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + va.SetZero() + } + return nil + } + if val.Kind() != '"' { + return newUnmarshalErrorAfter(dec, t, errNonStringValue) + } + s := jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) + unmarshaler := va.Addr().Interface().(encoding.TextUnmarshaler) + if err := unmarshaler.UnmarshalText(s); err != nil { err = wrapSkipFunc(err, "unmarshal method") - // TODO: Avoid wrapping semantic, syntactic, or I/O errors. - return &SemanticError{action: "unmarshal", GoType: t, Err: err} + if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return err // unlike marshal, never wrapped + } + if !isSemanticError(err) && !isSyntacticError(err) && !export.IsIOError(err) { + err = newUnmarshalErrorAfter(dec, t, err) + } + return err } return nil } - case jsonUnmarshalerV1Type: + } + + if _, ok := implements(t, jsonUnmarshalerType); ok { fncs.nonDefault = true - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { + prevUnmarshal := fncs.unmarshal + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + if uo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) && + export.Decoder(dec).Tokens.Last.NeedObjectName() { + return prevUnmarshal(dec, va, uo) + } val, err := dec.ReadValue() if err != nil { return err // must be a syntactic or I/O error } - unmarshaler := va.addrWhen(needAddr).Interface().(UnmarshalerV1) + unmarshaler := va.Addr().Interface().(Unmarshaler) if err := unmarshaler.UnmarshalJSON(val); err != nil { err = wrapSkipFunc(err, "unmarshal method") - // TODO: Avoid wrapping semantic, syntactic, or I/O errors. - return &SemanticError{action: "unmarshal", JSONKind: val.Kind(), GoType: t, Err: err} + if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return err // unlike marshal, never wrapped + } + err = newUnmarshalErrorAfter(dec, t, err) + return collapseSemanticErrors(err) } return nil } - case textUnmarshalerType: + } + + if _, ok := implements(t, jsonUnmarshalerFromType); ok { fncs.nonDefault = true - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - var flags valueFlags - val, err := dec.readValue(&flags) - if err != nil { - return err // must be a syntactic or I/O error + prevUnmarshal := fncs.unmarshal + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + if uo.Flags.Get(jsonflags.CallMethodsWithLegacySemantics) && + export.Decoder(dec).Tokens.Last.NeedObjectName() { + return prevUnmarshal(dec, va, uo) } - if val.Kind() != '"' { - err = errors.New("JSON value must be string type") - return &SemanticError{action: "unmarshal", JSONKind: val.Kind(), GoType: t, Err: err} + xd := export.Decoder(dec) + prevDepth, prevLength := xd.Tokens.DepthLength() + xd.Flags.Set(jsonflags.WithinArshalCall | 1) + err := va.Addr().Interface().(UnmarshalerFrom).UnmarshalJSONFrom(dec) + xd.Flags.Set(jsonflags.WithinArshalCall | 0) + currDepth, currLength := xd.Tokens.DepthLength() + if (prevDepth != currDepth || prevLength+1 != currLength) && err == nil { + err = errNonSingularValue } - s := unescapeStringMayCopy(val, flags.isVerbatim()) - unmarshaler := va.addrWhen(needAddr).Interface().(encoding.TextUnmarshaler) - if err := unmarshaler.UnmarshalText(s); err != nil { + if err != nil { err = wrapSkipFunc(err, "unmarshal method") - // TODO: Avoid wrapping semantic, syntactic, or I/O errors. - return &SemanticError{action: "unmarshal", JSONKind: val.Kind(), GoType: t, Err: err} + if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + if err2 := xd.SkipUntil(prevDepth, prevLength+1); err2 != nil { + return err2 + } + return err // unlike marshal, never wrapped + } + if !isSyntacticError(err) && !export.IsIOError(err) { + err = newSemanticErrorWithPosition(dec, t, prevDepth, prevLength, err) + } + return err } return nil } @@ -204,26 +310,28 @@ func makeMethodArshaler(fncs *arshaler, t reflect.Type) *arshaler { return fncs } -// implementsWhich is like t.Implements(ifaceType) for a list of interfaces, +// implementsAny is like t.Implements(ifaceType) for a list of interfaces, // but checks whether either t or reflect.PointerTo(t) implements the interface. -// It returns the first interface type that matches and whether a value of t -// needs to be addressed first before it implements the interface. -func implementsWhich(t reflect.Type, ifaceTypes ...reflect.Type) (which reflect.Type, needAddr bool) { +func implementsAny(t reflect.Type, ifaceTypes ...reflect.Type) bool { for _, ifaceType := range ifaceTypes { - switch { - case t.Implements(ifaceType): - return ifaceType, false - case reflect.PointerTo(t).Implements(ifaceType): - return ifaceType, true + if _, ok := implements(t, ifaceType); ok { + return true } } - return nil, false + return false } -// addrWhen returns va.Addr if addr is specified, otherwise it returns itself. -func (va addressableValue) addrWhen(addr bool) reflect.Value { - if addr { - return va.Addr() +// implements is like t.Implements(ifaceType) but checks whether +// either t or reflect.PointerTo(t) implements the interface. +// It also reports whether the value needs to be addressed +// in order to satisfy the interface. +func implements(t, ifaceType reflect.Type) (needAddr, ok bool) { + switch { + case t.Implements(ifaceType): + return false, true + case reflect.PointerTo(t).Implements(ifaceType): + return true, true + default: + return false, false } - return va.Value } diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_time.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_time.go index fc8d5b007..4d328ebee 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_time.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/arshal_time.go @@ -2,23 +2,36 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json import ( + "bytes" + "cmp" "errors" "fmt" + "math" + "math/bits" "reflect" + "strconv" "strings" "time" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) var ( - timeDurationType = reflect.TypeOf((*time.Duration)(nil)).Elem() - timeTimeType = reflect.TypeOf((*time.Time)(nil)).Elem() + timeDurationType = reflect.TypeFor[time.Duration]() + timeTimeType = reflect.TypeFor[time.Time]() ) func makeTimeArshaler(fncs *arshaler, t reflect.Type) *arshaler { - // Ideally, time types would implement MarshalerV2 and UnmarshalerV2, + // Ideally, time types would implement MarshalerTo and UnmarshalerFrom, // but that would incur a dependency on package json from package time. // Given how widely used time is, it is more acceptable that we incur a // dependency on time from json. @@ -29,213 +42,736 @@ func makeTimeArshaler(fncs *arshaler, t reflect.Type) *arshaler { switch t { case timeDurationType: fncs.nonDefault = true - marshalNanos := fncs.marshal - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - if mo.format == "nanos" { - mo.format = "" - return marshalNanos(mo, enc, va) - } else { - return newInvalidFormatError("marshal", t, mo.format) + marshalNano := fncs.marshal + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) error { + xe := export.Encoder(enc) + var m durationArshaler + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + if !m.initFormat(mo.Format) { + return newInvalidFormatError(enc, t) } + } else if mo.Flags.Get(jsonflags.FormatDurationAsNano) { + return marshalNano(enc, va, mo) + } else { + // TODO(https://go.dev/issue/71631): Decide on default duration representation. + return newMarshalErrorBefore(enc, t, errors.New("no default representation (see https://go.dev/issue/71631); specify an explicit format")) } - td := va.Interface().(time.Duration) - b := enc.UnusedBuffer() - b = append(b, '"') - b = append(b, td.String()...) // never contains special characters - b = append(b, '"') - return enc.WriteValue(b) - } - unmarshalNanos := fncs.unmarshal - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - // TODO: Should there be a flag that specifies that we can unmarshal - // from either form since there would be no ambiguity? - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - if uo.format == "nanos" { - uo.format = "" - return unmarshalNanos(uo, dec, va) - } else { - return newInvalidFormatError("unmarshal", t, uo.format) + // TODO(https://go.dev/issue/62121): Use reflect.Value.AssertTo. + m.td = *va.Addr().Interface().(*time.Duration) + k := stringOrNumberKind(!m.isNumeric() || xe.Tokens.Last.NeedObjectName() || mo.Flags.Get(jsonflags.StringifyNumbers)) + if err := xe.AppendRaw(k, true, m.appendMarshal); err != nil { + if !isSyntacticError(err) && !export.IsIOError(err) { + err = newMarshalErrorBefore(enc, t, err) + } + return err + } + return nil + } + unmarshalNano := fncs.unmarshal + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) error { + xd := export.Decoder(dec) + var u durationArshaler + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + if !u.initFormat(uo.Format) { + return newInvalidFormatError(dec, t) } + } else if uo.Flags.Get(jsonflags.FormatDurationAsNano) { + return unmarshalNano(dec, va, uo) + } else { + // TODO(https://go.dev/issue/71631): Decide on default duration representation. + return newUnmarshalErrorBeforeWithSkipping(dec, t, errors.New("no default representation (see https://go.dev/issue/71631); specify an explicit format")) } - var flags valueFlags + stringify := !u.isNumeric() || xd.Tokens.Last.NeedObjectName() || uo.Flags.Get(jsonflags.StringifyNumbers) + var flags jsonwire.ValueFlags td := va.Addr().Interface().(*time.Duration) - val, err := dec.readValue(&flags) + val, err := xd.ReadValue(&flags) if err != nil { return err } switch k := val.Kind(); k { case 'n': - *td = time.Duration(0) + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + *td = time.Duration(0) + } return nil case '"': - val = unescapeStringMayCopy(val, flags.isVerbatim()) - td2, err := time.ParseDuration(string(val)) - if err != nil { - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err} + if !stringify { + break + } + val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) + if err := u.unmarshal(val); err != nil { + return newUnmarshalErrorAfter(dec, t, err) } - *td = td2 + *td = u.td + return nil + case '0': + if stringify { + break + } + if err := u.unmarshal(val); err != nil { + return newUnmarshalErrorAfter(dec, t, err) + } + *td = u.td return nil - default: - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} } + return newUnmarshalErrorAfter(dec, t, nil) } case timeTimeType: fncs.nonDefault = true - fncs.marshal = func(mo MarshalOptions, enc *Encoder, va addressableValue) error { - format := time.RFC3339Nano - isRFC3339 := true - if mo.format != "" && mo.formatDepth == enc.tokens.depth() { - var err error - format, isRFC3339, err = checkTimeFormat(mo.format) - if err != nil { - return &SemanticError{action: "marshal", GoType: t, Err: err} + fncs.marshal = func(enc *jsontext.Encoder, va addressableValue, mo *jsonopts.Struct) (err error) { + xe := export.Encoder(enc) + var m timeArshaler + if mo.Format != "" && mo.FormatDepth == xe.Tokens.Depth() { + if !m.initFormat(mo.Format) { + return newInvalidFormatError(enc, t) } } - tt := va.Interface().(time.Time) - b := enc.UnusedBuffer() - b = append(b, '"') - b = tt.AppendFormat(b, format) - b = append(b, '"') - if isRFC3339 { - // Not all Go timestamps can be represented as valid RFC 3339. - // Explicitly check for these edge cases. - // See https://go.dev/issue/4556 and https://go.dev/issue/54580. - var err error - switch b := b[len(`"`) : len(b)-len(`"`)]; { - case b[len("9999")] != '-': // year must be exactly 4 digits wide - err = errors.New("year outside of range [0,9999]") - case b[len(b)-1] != 'Z': - c := b[len(b)-len("Z07:00")] - if ('0' <= c && c <= '9') || parseDec2(b[len(b)-len("07:00"):]) >= 24 { - err = errors.New("timezone hour outside of range [0,23]") - } + // TODO(https://go.dev/issue/62121): Use reflect.Value.AssertTo. + m.tt = *va.Addr().Interface().(*time.Time) + k := stringOrNumberKind(!m.isNumeric() || xe.Tokens.Last.NeedObjectName() || mo.Flags.Get(jsonflags.StringifyNumbers)) + if err := xe.AppendRaw(k, !m.hasCustomFormat(), m.appendMarshal); err != nil { + if mo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return internal.NewMarshalerError(va.Addr().Interface(), err, "MarshalJSON") // unlike unmarshal, always wrapped } - if err != nil { - return &SemanticError{action: "marshal", GoType: t, Err: err} + if !isSyntacticError(err) && !export.IsIOError(err) { + err = newMarshalErrorBefore(enc, t, err) } - return enc.WriteValue(b) // RFC 3339 never needs JSON escaping - } - // The format may contain special characters that need escaping. - // Verify that the result is a valid JSON string (common case), - // otherwise escape the string correctly (slower case). - if consumeSimpleString(b) != len(b) { - b, _ = appendString(nil, string(b[len(`"`):len(b)-len(`"`)]), true, nil) + return err } - return enc.WriteValue(b) + return nil } - fncs.unmarshal = func(uo UnmarshalOptions, dec *Decoder, va addressableValue) error { - format := time.RFC3339 - isRFC3339 := true - if uo.format != "" && uo.formatDepth == dec.tokens.depth() { - var err error - format, isRFC3339, err = checkTimeFormat(uo.format) - if err != nil { - return &SemanticError{action: "unmarshal", GoType: t, Err: err} + fncs.unmarshal = func(dec *jsontext.Decoder, va addressableValue, uo *jsonopts.Struct) (err error) { + xd := export.Decoder(dec) + var u timeArshaler + if uo.Format != "" && uo.FormatDepth == xd.Tokens.Depth() { + if !u.initFormat(uo.Format) { + return newInvalidFormatError(dec, t) } + } else if uo.Flags.Get(jsonflags.ParseTimeWithLooseRFC3339) { + u.looseRFC3339 = true } - var flags valueFlags + stringify := !u.isNumeric() || xd.Tokens.Last.NeedObjectName() || uo.Flags.Get(jsonflags.StringifyNumbers) + var flags jsonwire.ValueFlags tt := va.Addr().Interface().(*time.Time) - val, err := dec.readValue(&flags) + val, err := xd.ReadValue(&flags) if err != nil { return err } - k := val.Kind() - switch k { + switch k := val.Kind(); k { case 'n': - *tt = time.Time{} + if !uo.Flags.Get(jsonflags.MergeWithLegacySemantics) { + *tt = time.Time{} + } return nil case '"': - val = unescapeStringMayCopy(val, flags.isVerbatim()) - tt2, err := time.Parse(format, string(val)) - if isRFC3339 && err == nil { - // TODO(https://go.dev/issue/54580): RFC 3339 specifies - // the exact grammar of a valid timestamp. However, - // the parsing functionality in "time" is too loose and - // incorrectly accepts invalid timestamps as valid. - // Remove these manual checks when "time" checks it for us. - newParseError := func(layout, value, layoutElem, valueElem, message string) error { - return &time.ParseError{Layout: layout, Value: value, LayoutElem: layoutElem, ValueElem: valueElem, Message: message} - } - switch { - case val[len("2006-01-02T")+1] == ':': // hour must be two digits - err = newParseError(format, string(val), "15", string(val[len("2006-01-02T"):][:1]), "") - case val[len("2006-01-02T15:04:05")] == ',': // sub-second separator must be a period - err = newParseError(format, string(val), ".", ",", "") - case val[len(val)-1] != 'Z': - switch { - case parseDec2(val[len(val)-len("07:00"):]) >= 24: // timezone hour must be in range - err = newParseError(format, string(val), "Z07:00", string(val[len(val)-len("Z07:00"):]), ": timezone hour out of range") - case parseDec2(val[len(val)-len("00"):]) >= 60: // timezone minute must be in range - err = newParseError(format, string(val), "Z07:00", string(val[len(val)-len("Z07:00"):]), ": timezone minute out of range") - } + if !stringify { + break + } + val = jsonwire.UnquoteMayCopy(val, flags.IsVerbatim()) + if err := u.unmarshal(val); err != nil { + if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return err // unlike marshal, never wrapped } + return newUnmarshalErrorAfter(dec, t, err) + } + *tt = u.tt + return nil + case '0': + if stringify { + break } - if err != nil { - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t, Err: err} + if err := u.unmarshal(val); err != nil { + if uo.Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + return err // unlike marshal, never wrapped + } + return newUnmarshalErrorAfter(dec, t, err) } - *tt = tt2 + *tt = u.tt return nil - default: - return &SemanticError{action: "unmarshal", JSONKind: k, GoType: t} } + return newUnmarshalErrorAfter(dec, t, nil) } } return fncs } -func checkTimeFormat(format string) (string, bool, error) { +type durationArshaler struct { + td time.Duration + + // base records the representation where: + // - 0 uses time.Duration.String + // - 1e0, 1e3, 1e6, or 1e9 use a decimal encoding of the duration as + // nanoseconds, microseconds, milliseconds, or seconds. + // - 8601 uses ISO 8601 + base uint64 +} + +func (a *durationArshaler) initFormat(format string) (ok bool) { + switch format { + case "units": + a.base = 0 + case "sec": + a.base = 1e9 + case "milli": + a.base = 1e6 + case "micro": + a.base = 1e3 + case "nano": + a.base = 1e0 + case "iso8601": + a.base = 8601 + default: + return false + } + return true +} + +func (a *durationArshaler) isNumeric() bool { + return a.base != 0 && a.base != 8601 +} + +func (a *durationArshaler) appendMarshal(b []byte) ([]byte, error) { + switch a.base { + case 0: + return append(b, a.td.String()...), nil + case 8601: + return appendDurationISO8601(b, a.td), nil + default: + return appendDurationBase10(b, a.td, a.base), nil + } +} + +func (a *durationArshaler) unmarshal(b []byte) (err error) { + switch a.base { + case 0: + a.td, err = time.ParseDuration(string(b)) + case 8601: + a.td, err = parseDurationISO8601(b) + default: + a.td, err = parseDurationBase10(b, a.base) + } + return err +} + +type timeArshaler struct { + tt time.Time + + // base records the representation where: + // - 0 uses RFC 3339 encoding of the timestamp + // - 1e0, 1e3, 1e6, or 1e9 use a decimal encoding of the timestamp as + // seconds, milliseconds, microseconds, or nanoseconds since Unix epoch. + // - math.MaxUint uses time.Time.Format to encode the timestamp + base uint64 + format string // time format passed to time.Parse + + looseRFC3339 bool +} + +func (a *timeArshaler) initFormat(format string) bool { // We assume that an exported constant in the time package will // always start with an uppercase ASCII letter. - if len(format) > 0 && 'A' <= format[0] && format[0] <= 'Z' { - switch format { - case "ANSIC": - return time.ANSIC, false, nil - case "UnixDate": - return time.UnixDate, false, nil - case "RubyDate": - return time.RubyDate, false, nil - case "RFC822": - return time.RFC822, false, nil - case "RFC822Z": - return time.RFC822Z, false, nil - case "RFC850": - return time.RFC850, false, nil - case "RFC1123": - return time.RFC1123, false, nil - case "RFC1123Z": - return time.RFC1123Z, false, nil - case "RFC3339": - return time.RFC3339, true, nil - case "RFC3339Nano": - return time.RFC3339Nano, true, nil - case "Kitchen": - return time.Kitchen, false, nil - case "Stamp": - return time.Stamp, false, nil - case "StampMilli": - return time.StampMilli, false, nil - case "StampMicro": - return time.StampMicro, false, nil - case "StampNano": - return time.StampNano, false, nil - default: - // Reject any format that is an exported Go identifier in case - // new format constants are added to the time package. - if strings.TrimFunc(format, isLetterOrDigit) == "" { - return "", false, fmt.Errorf("undefined format layout: %v", format) + if len(format) == 0 { + return false + } + a.base = math.MaxUint // implies custom format + if c := format[0]; !('a' <= c && c <= 'z') && !('A' <= c && c <= 'Z') { + a.format = format + return true + } + switch format { + case "ANSIC": + a.format = time.ANSIC + case "UnixDate": + a.format = time.UnixDate + case "RubyDate": + a.format = time.RubyDate + case "RFC822": + a.format = time.RFC822 + case "RFC822Z": + a.format = time.RFC822Z + case "RFC850": + a.format = time.RFC850 + case "RFC1123": + a.format = time.RFC1123 + case "RFC1123Z": + a.format = time.RFC1123Z + case "RFC3339": + a.base = 0 + a.format = time.RFC3339 + case "RFC3339Nano": + a.base = 0 + a.format = time.RFC3339Nano + case "Kitchen": + a.format = time.Kitchen + case "Stamp": + a.format = time.Stamp + case "StampMilli": + a.format = time.StampMilli + case "StampMicro": + a.format = time.StampMicro + case "StampNano": + a.format = time.StampNano + case "DateTime": + a.format = time.DateTime + case "DateOnly": + a.format = time.DateOnly + case "TimeOnly": + a.format = time.TimeOnly + case "unix": + a.base = 1e0 + case "unixmilli": + a.base = 1e3 + case "unixmicro": + a.base = 1e6 + case "unixnano": + a.base = 1e9 + default: + // Reject any Go identifier in case new constants are supported. + if strings.TrimFunc(format, isLetterOrDigit) == "" { + return false + } + a.format = format + } + return true +} + +func (a *timeArshaler) isNumeric() bool { + return int(a.base) > 0 +} + +func (a *timeArshaler) hasCustomFormat() bool { + return a.base == math.MaxUint +} + +func (a *timeArshaler) appendMarshal(b []byte) ([]byte, error) { + switch a.base { + case 0: + format := cmp.Or(a.format, time.RFC3339Nano) + n0 := len(b) + b = a.tt.AppendFormat(b, format) + // Not all Go timestamps can be represented as valid RFC 3339. + // Explicitly check for these edge cases. + // See https://go.dev/issue/4556 and https://go.dev/issue/54580. + switch b := b[n0:]; { + case b[len("9999")] != '-': // year must be exactly 4 digits wide + return b, errors.New("year outside of range [0,9999]") + case b[len(b)-1] != 'Z': + c := b[len(b)-len("Z07:00")] + if ('0' <= c && c <= '9') || parseDec2(b[len(b)-len("07:00"):]) >= 24 { + return b, errors.New("timezone hour outside of range [0,23]") + } + } + return b, nil + case math.MaxUint: + return a.tt.AppendFormat(b, a.format), nil + default: + return appendTimeUnix(b, a.tt, a.base), nil + } +} + +func (a *timeArshaler) unmarshal(b []byte) (err error) { + switch a.base { + case 0: + // Use time.Time.UnmarshalText to avoid possible string allocation. + if err := a.tt.UnmarshalText(b); err != nil { + return err + } + // TODO(https://go.dev/issue/57912): + // RFC 3339 specifies the grammar for a valid timestamp. + // However, the parsing functionality in "time" is too loose and + // incorrectly accepts invalid timestamps as valid. + // Remove these manual checks when "time" checks it for us. + newParseError := func(layout, value, layoutElem, valueElem, message string) error { + return &time.ParseError{Layout: layout, Value: value, LayoutElem: layoutElem, ValueElem: valueElem, Message: message} + } + switch { + case a.looseRFC3339: + return nil + case b[len("2006-01-02T")+1] == ':': // hour must be two digits + return newParseError(time.RFC3339, string(b), "15", string(b[len("2006-01-02T"):][:1]), "") + case b[len("2006-01-02T15:04:05")] == ',': // sub-second separator must be a period + return newParseError(time.RFC3339, string(b), ".", ",", "") + case b[len(b)-1] != 'Z': + switch { + case parseDec2(b[len(b)-len("07:00"):]) >= 24: // timezone hour must be in range + return newParseError(time.RFC3339, string(b), "Z07:00", string(b[len(b)-len("Z07:00"):]), ": timezone hour out of range") + case parseDec2(b[len(b)-len("00"):]) >= 60: // timezone minute must be in range + return newParseError(time.RFC3339, string(b), "Z07:00", string(b[len(b)-len("Z07:00"):]), ": timezone minute out of range") + } + } + return nil + case math.MaxUint: + a.tt, err = time.Parse(a.format, string(b)) + return err + default: + a.tt, err = parseTimeUnix(b, a.base) + return err + } +} + +// appendDurationBase10 appends d formatted as a decimal fractional number, +// where pow10 is a power-of-10 used to scale down the number. +func appendDurationBase10(b []byte, d time.Duration, pow10 uint64) []byte { + b, n := mayAppendDurationSign(b, d) // append sign + whole, frac := bits.Div64(0, n, uint64(pow10)) // compute whole and frac fields + b = strconv.AppendUint(b, whole, 10) // append whole field + return appendFracBase10(b, frac, pow10) // append frac field +} + +// parseDurationBase10 parses d from a decimal fractional number, +// where pow10 is a power-of-10 used to scale up the number. +func parseDurationBase10(b []byte, pow10 uint64) (time.Duration, error) { + suffix, neg := consumeSign(b, false) // consume sign + wholeBytes, fracBytes := bytesCutByte(suffix, '.', true) // consume whole and frac fields + whole, okWhole := jsonwire.ParseUint(wholeBytes) // parse whole field; may overflow + frac, okFrac := parseFracBase10(fracBytes, pow10) // parse frac field + hi, lo := bits.Mul64(whole, uint64(pow10)) // overflow if hi > 0 + sum, co := bits.Add64(lo, uint64(frac), 0) // overflow if co > 0 + switch d := mayApplyDurationSign(sum, neg); { // overflow if neg != (d < 0) + case (!okWhole && whole != math.MaxUint64) || !okFrac: + return 0, fmt.Errorf("invalid duration %q: %w", b, strconv.ErrSyntax) + case !okWhole || hi > 0 || co > 0 || neg != (d < 0): + return 0, fmt.Errorf("invalid duration %q: %w", b, strconv.ErrRange) + default: + return d, nil + } +} + +// appendDurationISO8601 appends an ISO 8601 duration with a restricted grammar, +// where leading and trailing zeroes and zero-value designators are omitted. +// It only uses hour, minute, and second designators since ISO 8601 defines +// those as being "accurate", while year, month, week, and day are "nominal". +func appendDurationISO8601(b []byte, d time.Duration) []byte { + if d == 0 { + return append(b, "PT0S"...) + } + b, n := mayAppendDurationSign(b, d) + b = append(b, "PT"...) + n, nsec := bits.Div64(0, n, 1e9) // compute nsec field + n, sec := bits.Div64(0, n, 60) // compute sec field + hour, min := bits.Div64(0, n, 60) // compute hour and min fields + if hour > 0 { + b = append(strconv.AppendUint(b, hour, 10), 'H') + } + if min > 0 { + b = append(strconv.AppendUint(b, min, 10), 'M') + } + if sec > 0 || nsec > 0 { + b = append(appendFracBase10(strconv.AppendUint(b, sec, 10), nsec, 1e9), 'S') + } + return b +} + +// daysPerYear is the exact average number of days in a year according to +// the Gregorian calender, which has an extra day each year that is +// a multiple of 4, unless it is evenly divisible by 100 but not by 400. +// This does not take into account leap seconds, which are not deterministic. +const daysPerYear = 365.2425 + +var errInaccurateDateUnits = errors.New("inaccurate year, month, week, or day units") + +// parseDurationISO8601 parses a duration according to ISO 8601-1:2019, +// section 5.5.2.2 and 5.5.2.3 with the following restrictions or extensions: +// +// - A leading minus sign is permitted for negative duration according +// to ISO 8601-2:2019, section 4.4.1.9. We do not permit negative values +// for each "time scale component", which is permitted by section 4.4.1.1, +// but rarely supported by parsers. +// +// - A leading plus sign is permitted (and ignored). +// This is not required by ISO 8601, but not forbidden either. +// There is some precedent for this as it is supported by the principle of +// duration arithmetic as specified in ISO 8601-2-2019, section 14.1. +// Of note, the JavaScript grammar for ISO 8601 permits a leading plus sign. +// +// - A fractional value is only permitted for accurate units +// (i.e., hour, minute, and seconds) in the last time component, +// which is permissible by ISO 8601-1:2019, section 5.5.2.3. +// +// - Both periods ('.') and commas (',') are supported as the separator +// between the integer part and fraction part of a number, +// as specified in ISO 8601-1:2019, section 3.2.6. +// While ISO 8601 recommends comma as the default separator, +// most formatters uses a period. +// +// - Leading zeros are ignored. This is not required by ISO 8601, +// but also not forbidden by the standard. Many parsers support this. +// +// - Lowercase designators are supported. This is not required by ISO 8601, +// but also not forbidden by the standard. Many parsers support this. +// +// If the nominal units of year, month, week, or day are present, +// this produces a best-effort value and also reports [errInaccurateDateUnits]. +// +// The accepted grammar is identical to JavaScript's Duration: +// +// https://tc39.es/proposal-temporal/#prod-Duration +// +// We follow JavaScript's grammar as JSON itself is derived from JavaScript. +// The Temporal.Duration.toJSON method is guaranteed to produce an output +// that can be parsed by this function so long as arithmetic in JavaScript +// do not use a largestUnit value higher than "hours" (which is the default). +// Even if it does, this will do a best-effort parsing with inaccurate units, +// but report [errInaccurateDateUnits]. +func parseDurationISO8601(b []byte) (time.Duration, error) { + var invalid, overflow, inaccurate, sawFrac bool + var sumNanos, n, co uint64 + + // cutBytes is like [bytes.Cut], but uses either c0 or c1 as the separator. + cutBytes := func(b []byte, c0, c1 byte) (prefix, suffix []byte, ok bool) { + for i, c := range b { + if c == c0 || c == c1 { + return b[:i], b[i+1:], true + } + } + return b, nil, false + } + + // mayParseUnit attempts to parse another date or time number + // identified by the desHi and desLo unit characters. + // If the part is absent for current unit, it returns b as is. + mayParseUnit := func(b []byte, desHi, desLo byte, unit time.Duration) []byte { + number, suffix, ok := cutBytes(b, desHi, desLo) + if !ok || sawFrac { + return b // designator is not present or already saw fraction, which can only be in the last component + } + + // Parse the number. + // A fraction allowed for the accurate units in the last part. + whole, frac, ok := cutBytes(number, '.', ',') + if ok { + sawFrac = true + invalid = invalid || len(frac) == len("") || unit > time.Hour + if unit == time.Second { + n, ok = parsePaddedBase10(frac, uint64(time.Second)) + invalid = invalid || !ok + } else { + f, err := strconv.ParseFloat("0."+string(frac), 64) + invalid = invalid || err != nil || len(bytes.Trim(frac[len("."):], "0123456789")) > 0 + n = uint64(math.Round(f * float64(unit))) // never overflows since f is within [0..1] + } + sumNanos, co = bits.Add64(sumNanos, n, 0) // overflow if co > 0 + overflow = overflow || co > 0 + } + for len(whole) > 1 && whole[0] == '0' { + whole = whole[len("0"):] // trim leading zeros + } + n, ok := jsonwire.ParseUint(whole) // overflow if !ok && MaxUint64 + hi, lo := bits.Mul64(n, uint64(unit)) // overflow if hi > 0 + sumNanos, co = bits.Add64(sumNanos, lo, 0) // overflow if co > 0 + invalid = invalid || (!ok && n != math.MaxUint64) + overflow = overflow || (!ok && n == math.MaxUint64) || hi > 0 || co > 0 + inaccurate = inaccurate || unit > time.Hour + return suffix + } + + suffix, neg := consumeSign(b, true) + prefix, suffix, okP := cutBytes(suffix, 'P', 'p') + durDate, durTime, okT := cutBytes(suffix, 'T', 't') + invalid = invalid || len(prefix) > 0 || !okP || (okT && len(durTime) == 0) || len(durDate)+len(durTime) == 0 + if len(durDate) > 0 { // nominal portion of the duration + durDate = mayParseUnit(durDate, 'Y', 'y', time.Duration(daysPerYear*24*60*60*1e9)) + durDate = mayParseUnit(durDate, 'M', 'm', time.Duration(daysPerYear/12*24*60*60*1e9)) + durDate = mayParseUnit(durDate, 'W', 'w', time.Duration(7*24*60*60*1e9)) + durDate = mayParseUnit(durDate, 'D', 'd', time.Duration(24*60*60*1e9)) + invalid = invalid || len(durDate) > 0 // unknown elements + } + if len(durTime) > 0 { // accurate portion of the duration + durTime = mayParseUnit(durTime, 'H', 'h', time.Duration(60*60*1e9)) + durTime = mayParseUnit(durTime, 'M', 'm', time.Duration(60*1e9)) + durTime = mayParseUnit(durTime, 'S', 's', time.Duration(1e9)) + invalid = invalid || len(durTime) > 0 // unknown elements + } + d := mayApplyDurationSign(sumNanos, neg) + overflow = overflow || (neg != (d < 0) && d != 0) // overflows signed duration + + switch { + case invalid: + return 0, fmt.Errorf("invalid ISO 8601 duration %q: %w", b, strconv.ErrSyntax) + case overflow: + return 0, fmt.Errorf("invalid ISO 8601 duration %q: %w", b, strconv.ErrRange) + case inaccurate: + return d, fmt.Errorf("invalid ISO 8601 duration %q: %w", b, errInaccurateDateUnits) + default: + return d, nil + } +} + +// mayAppendDurationSign appends a negative sign if n is negative. +func mayAppendDurationSign(b []byte, d time.Duration) ([]byte, uint64) { + if d < 0 { + b = append(b, '-') + d *= -1 + } + return b, uint64(d) +} + +// mayApplyDurationSign inverts n if neg is specified. +func mayApplyDurationSign(n uint64, neg bool) time.Duration { + if neg { + return -1 * time.Duration(n) + } else { + return +1 * time.Duration(n) + } +} + +// appendTimeUnix appends t formatted as a decimal fractional number, +// where pow10 is a power-of-10 used to scale up the number. +func appendTimeUnix(b []byte, t time.Time, pow10 uint64) []byte { + sec, nsec := t.Unix(), int64(t.Nanosecond()) + if sec < 0 { + b = append(b, '-') + sec, nsec = negateSecNano(sec, nsec) + } + switch { + case pow10 == 1e0: // fast case where units is in seconds + b = strconv.AppendUint(b, uint64(sec), 10) + return appendFracBase10(b, uint64(nsec), 1e9) + case uint64(sec) < 1e9: // intermediate case where units is not seconds, but no overflow + b = strconv.AppendUint(b, uint64(sec)*uint64(pow10)+uint64(uint64(nsec)/(1e9/pow10)), 10) + return appendFracBase10(b, (uint64(nsec)*pow10)%1e9, 1e9) + default: // slow case where units is not seconds and overflow would occur + b = strconv.AppendUint(b, uint64(sec), 10) + b = appendPaddedBase10(b, uint64(nsec)/(1e9/pow10), pow10) + return appendFracBase10(b, (uint64(nsec)*pow10)%1e9, 1e9) + } +} + +// parseTimeUnix parses t formatted as a decimal fractional number, +// where pow10 is a power-of-10 used to scale down the number. +func parseTimeUnix(b []byte, pow10 uint64) (time.Time, error) { + suffix, neg := consumeSign(b, false) // consume sign + wholeBytes, fracBytes := bytesCutByte(suffix, '.', true) // consume whole and frac fields + whole, okWhole := jsonwire.ParseUint(wholeBytes) // parse whole field; may overflow + frac, okFrac := parseFracBase10(fracBytes, 1e9/pow10) // parse frac field + var sec, nsec int64 + switch { + case pow10 == 1e0: // fast case where units is in seconds + sec = int64(whole) // check overflow later after negation + nsec = int64(frac) // cannot overflow + case okWhole: // intermediate case where units is not seconds, but no overflow + sec = int64(whole / pow10) // check overflow later after negation + nsec = int64((whole%pow10)*(1e9/pow10) + frac) // cannot overflow + case !okWhole && whole == math.MaxUint64: // slow case where units is not seconds and overflow occurred + width := int(math.Log10(float64(pow10))) // compute len(strconv.Itoa(pow10-1)) + whole, okWhole = jsonwire.ParseUint(wholeBytes[:len(wholeBytes)-width]) // parse the upper whole field + mid, _ := parsePaddedBase10(wholeBytes[len(wholeBytes)-width:], pow10) // parse the lower whole field + sec = int64(whole) // check overflow later after negation + nsec = int64(mid*(1e9/pow10) + frac) // cannot overflow + } + if neg { + sec, nsec = negateSecNano(sec, nsec) + } + switch t := time.Unix(sec, nsec).UTC(); { + case (!okWhole && whole != math.MaxUint64) || !okFrac: + return time.Time{}, fmt.Errorf("invalid time %q: %w", b, strconv.ErrSyntax) + case !okWhole || neg != (t.Unix() < 0): + return time.Time{}, fmt.Errorf("invalid time %q: %w", b, strconv.ErrRange) + default: + return t, nil + } +} + +// negateSecNano negates a Unix timestamp, where nsec must be within [0, 1e9). +func negateSecNano(sec, nsec int64) (int64, int64) { + sec = ^sec // twos-complement negation (i.e., -1*sec + 1) + nsec = -nsec + 1e9 // negate nsec and add 1e9 (which is the extra +1 from sec negation) + sec += int64(nsec / 1e9) // handle possible overflow of nsec if it started as zero + nsec %= 1e9 // ensure nsec stays within [0, 1e9) + return sec, nsec +} + +// appendFracBase10 appends the fraction of n/max10, +// where max10 is a power-of-10 that is larger than n. +func appendFracBase10(b []byte, n, max10 uint64) []byte { + if n == 0 { + return b + } + return bytes.TrimRight(appendPaddedBase10(append(b, '.'), n, max10), "0") +} + +// parseFracBase10 parses the fraction of n/max10, +// where max10 is a power-of-10 that is larger than n. +func parseFracBase10(b []byte, max10 uint64) (n uint64, ok bool) { + switch { + case len(b) == 0: + return 0, true + case len(b) < len(".0") || b[0] != '.': + return 0, false + } + return parsePaddedBase10(b[len("."):], max10) +} + +// appendPaddedBase10 appends a zero-padded encoding of n, +// where max10 is a power-of-10 that is larger than n. +func appendPaddedBase10(b []byte, n, max10 uint64) []byte { + if n < max10/10 { + // Formatting of n is shorter than log10(max10), + // so add max10/10 to ensure the length is equal to log10(max10). + i := len(b) + b = strconv.AppendUint(b, n+max10/10, 10) + b[i]-- // subtract the addition of max10/10 + return b + } + return strconv.AppendUint(b, n, 10) +} + +// parsePaddedBase10 parses b as the zero-padded encoding of n, +// where max10 is a power-of-10 that is larger than n. +// Truncated suffix is treated as implicit zeros. +// Extended suffix is ignored, but verified to contain only digits. +func parsePaddedBase10(b []byte, max10 uint64) (n uint64, ok bool) { + pow10 := uint64(1) + for pow10 < max10 { + n *= 10 + if len(b) > 0 { + if b[0] < '0' || '9' < b[0] { + return n, false } + n += uint64(b[0] - '0') + b = b[1:] + } + pow10 *= 10 + } + if len(b) > 0 && len(bytes.TrimRight(b, "0123456789")) > 0 { + return n, false // trailing characters are not digits + } + return n, true +} + +// consumeSign consumes an optional leading negative or positive sign. +func consumeSign(b []byte, allowPlus bool) ([]byte, bool) { + if len(b) > 0 { + if b[0] == '-' { + return b[len("-"):], true + } else if b[0] == '+' && allowPlus { + return b[len("+"):], false + } + } + return b, false +} + +// bytesCutByte is similar to bytes.Cut(b, []byte{c}), +// except c may optionally be included as part of the suffix. +func bytesCutByte(b []byte, c byte, include bool) ([]byte, []byte) { + if i := bytes.IndexByte(b, c); i >= 0 { + if include { + return b[:i], b[i:] } + return b[:i], b[i+1:] } - return format, false, nil + return b, nil } // parseDec2 parses b as an unsigned, base-10, 2-digit number. -// It panics if len(b) < 2. The result is undefined if digits are not base-10. +// The result is undefined if digits are not base-10. func parseDec2(b []byte) byte { + if len(b) < 2 { + return 0 + } return 10*(b[0]-'0') + (b[1] - '0') } diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/decode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/decode.go deleted file mode 100644 index 0d68b3233..000000000 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/decode.go +++ /dev/null @@ -1,1655 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package json - -import ( - "bytes" - "errors" - "io" - "math" - "strconv" - "unicode/utf16" - "unicode/utf8" -) - -// NOTE: The logic for decoding is complicated by the fact that reading from -// an io.Reader into a temporary buffer means that the buffer may contain a -// truncated portion of some valid input, requiring the need to fetch more data. -// -// This file is structured in the following way: -// -// - consumeXXX functions parse an exact JSON token from a []byte. -// If the buffer appears truncated, then it returns io.ErrUnexpectedEOF. -// The consumeSimpleXXX functions are so named because they only handle -// a subset of the grammar for the JSON token being parsed. -// They do not handle the full grammar to keep these functions inlineable. -// -// - Decoder.consumeXXX methods parse the next JSON token from Decoder.buf, -// automatically fetching more input if necessary. These methods take -// a position relative to the start of Decoder.buf as an argument and -// return the end of the consumed JSON token as a position, -// also relative to the start of Decoder.buf. -// -// - In the event of an I/O errors or state machine violations, -// the implementation avoids mutating the state of Decoder -// (aside from the book-keeping needed to implement Decoder.fetch). -// For this reason, only Decoder.ReadToken and Decoder.ReadValue are -// responsible for updated Decoder.prevStart and Decoder.prevEnd. -// -// - For performance, much of the implementation uses the pattern of calling -// the inlineable consumeXXX functions first, and if more work is necessary, -// then it calls the slower Decoder.consumeXXX methods. -// TODO: Revisit this pattern if the Go compiler provides finer control -// over exactly which calls are inlined or not. - -// DecodeOptions configures how JSON decoding operates. -// The zero value is equivalent to the default settings, -// which is compliant with both RFC 7493 and RFC 8259. -type DecodeOptions struct { - requireKeyedLiterals - nonComparable - - // AllowDuplicateNames specifies that JSON objects may contain - // duplicate member names. Disabling the duplicate name check may provide - // computational and performance benefits, but breaks compliance with - // RFC 7493, section 2.3. The input will still be compliant with RFC 8259, - // which leaves the handling of duplicate names as unspecified behavior. - AllowDuplicateNames bool - - // AllowInvalidUTF8 specifies that JSON strings may contain invalid UTF-8, - // which will be mangled as the Unicode replacement character, U+FFFD. - // This causes the decoder to break compliance with - // RFC 7493, section 2.1, and RFC 8259, section 8.1. - AllowInvalidUTF8 bool -} - -// Decoder is a streaming decoder for raw JSON tokens and values. -// It is used to read a stream of top-level JSON values, -// each separated by optional whitespace characters. -// -// ReadToken and ReadValue calls may be interleaved. -// For example, the following JSON value: -// -// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}} -// -// can be parsed with the following calls (ignoring errors for brevity): -// -// d.ReadToken() // { -// d.ReadToken() // "name" -// d.ReadToken() // "value" -// d.ReadValue() // "array" -// d.ReadToken() // [ -// d.ReadToken() // null -// d.ReadToken() // false -// d.ReadValue() // true -// d.ReadToken() // 3.14159 -// d.ReadToken() // ] -// d.ReadValue() // "object" -// d.ReadValue() // {"k":"v"} -// d.ReadToken() // } -// -// The above is one of many possible sequence of calls and -// may not represent the most sensible method to call for any given token/value. -// For example, it is probably more common to call ReadToken to obtain a -// string token for object names. -type Decoder struct { - state - decodeBuffer - options DecodeOptions - - stringCache *stringCache // only used when unmarshaling -} - -// decodeBuffer is a buffer split into 4 segments: -// -// - buf[0:prevEnd] // already read portion of the buffer -// - buf[prevStart:prevEnd] // previously read value -// - buf[prevEnd:len(buf)] // unread portion of the buffer -// - buf[len(buf):cap(buf)] // unused portion of the buffer -// -// Invariants: -// -// 0 ≤ prevStart ≤ prevEnd ≤ len(buf) ≤ cap(buf) -type decodeBuffer struct { - peekPos int // non-zero if valid offset into buf for start of next token - peekErr error // implies peekPos is -1 - - buf []byte // may alias rd if it is a bytes.Buffer - prevStart int - prevEnd int - - // baseOffset is added to prevStart and prevEnd to obtain - // the absolute offset relative to the start of io.Reader stream. - baseOffset int64 - - rd io.Reader -} - -// NewDecoder constructs a new streaming decoder reading from r. -// -// If r is a bytes.Buffer, then the decoder parses directly from the buffer -// without first copying the contents to an intermediate buffer. -// Additional writes to the buffer must not occur while the decoder is in use. -func NewDecoder(r io.Reader) *Decoder { - return DecodeOptions{}.NewDecoder(r) -} - -// NewDecoder constructs a new streaming decoder reading from r -// configured with the provided options. -func (o DecodeOptions) NewDecoder(r io.Reader) *Decoder { - d := new(Decoder) - o.ResetDecoder(d, r) - return d -} - -// ResetDecoder resets a decoder such that it is reading afresh from r and -// configured with the provided options. -func (o DecodeOptions) ResetDecoder(d *Decoder, r io.Reader) { - if d == nil { - panic("json: invalid nil Decoder") - } - if r == nil { - panic("json: invalid nil io.Reader") - } - d.reset(nil, r, o) -} - -func (d *Decoder) reset(b []byte, r io.Reader, o DecodeOptions) { - d.state.reset() - d.decodeBuffer = decodeBuffer{buf: b, rd: r} - d.options = o -} - -// Reset resets a decoder such that it is reading afresh from r but -// keep any pre-existing decoder options. -func (d *Decoder) Reset(r io.Reader) { - d.options.ResetDecoder(d, r) -} - -var errBufferWriteAfterNext = errors.New("invalid bytes.Buffer.Write call after calling bytes.Buffer.Next") - -// fetch reads at least 1 byte from the underlying io.Reader. -// It returns io.ErrUnexpectedEOF if zero bytes were read and io.EOF was seen. -func (d *Decoder) fetch() error { - if d.rd == nil { - return io.ErrUnexpectedEOF - } - - // Inform objectNameStack that we are about to fetch new buffer content. - d.names.copyQuotedBuffer(d.buf) - - // Specialize bytes.Buffer for better performance. - if bb, ok := d.rd.(*bytes.Buffer); ok { - switch { - case bb.Len() == 0: - return io.ErrUnexpectedEOF - case len(d.buf) == 0: - d.buf = bb.Next(bb.Len()) // "read" all data in the buffer - return nil - default: - // This only occurs if a partially filled bytes.Buffer was provided - // and more data is written to it while Decoder is reading from it. - // This practice will lead to data corruption since future writes - // may overwrite the contents of the current buffer. - // - // The user is trying to use a bytes.Buffer as a pipe, - // but a bytes.Buffer is poor implementation of a pipe, - // the purpose-built io.Pipe should be used instead. - return &ioError{action: "read", err: errBufferWriteAfterNext} - } - } - - // Allocate initial buffer if empty. - if cap(d.buf) == 0 { - d.buf = make([]byte, 0, 64) - } - - // Check whether to grow the buffer. - const maxBufferSize = 4 << 10 - const growthSizeFactor = 2 // higher value is faster - const growthRateFactor = 2 // higher value is slower - // By default, grow if below the maximum buffer size. - grow := cap(d.buf) <= maxBufferSize/growthSizeFactor - // Growing can be expensive, so only grow - // if a sufficient number of bytes have been processed. - grow = grow && int64(cap(d.buf)) < d.previousOffsetEnd()/growthRateFactor - // If prevStart==0, then fetch was called in order to fetch more data - // to finish consuming a large JSON value contiguously. - // Grow if less than 25% of the remaining capacity is available. - // Note that this may cause the input buffer to exceed maxBufferSize. - grow = grow || (d.prevStart == 0 && len(d.buf) >= 3*cap(d.buf)/4) - - if grow { - // Allocate a new buffer and copy the contents of the old buffer over. - // TODO: Provide a hard limit on the maximum internal buffer size? - buf := make([]byte, 0, cap(d.buf)*growthSizeFactor) - d.buf = append(buf, d.buf[d.prevStart:]...) - } else { - // Move unread portion of the data to the front. - n := copy(d.buf[:cap(d.buf)], d.buf[d.prevStart:]) - d.buf = d.buf[:n] - } - d.baseOffset += int64(d.prevStart) - d.prevEnd -= d.prevStart - d.prevStart = 0 - - // Read more data into the internal buffer. - for { - n, err := d.rd.Read(d.buf[len(d.buf):cap(d.buf)]) - switch { - case n > 0: - d.buf = d.buf[:len(d.buf)+n] - return nil // ignore errors if any bytes are read - case err == io.EOF: - return io.ErrUnexpectedEOF - case err != nil: - return &ioError{action: "read", err: err} - default: - continue // Read returned (0, nil) - } - } -} - -const invalidateBufferByte = '#' // invalid starting character for JSON grammar - -// invalidatePreviousRead invalidates buffers returned by Peek and Read calls -// so that the first byte is an invalid character. -// This Hyrum-proofs the API against faulty application code that assumes -// values returned by ReadValue remain valid past subsequent Read calls. -func (d *decodeBuffer) invalidatePreviousRead() { - // Avoid mutating the buffer if d.rd is nil which implies that d.buf - // is provided by the user code and may not expect mutations. - isBytesBuffer := func(r io.Reader) bool { - _, ok := r.(*bytes.Buffer) - return ok - } - if d.rd != nil && !isBytesBuffer(d.rd) && d.prevStart < d.prevEnd && uint(d.prevStart) < uint(len(d.buf)) { - d.buf[d.prevStart] = invalidateBufferByte - d.prevStart = d.prevEnd - } -} - -// needMore reports whether there are no more unread bytes. -func (d *decodeBuffer) needMore(pos int) bool { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - return pos == len(d.buf) -} - -// injectSyntacticErrorWithPosition wraps a SyntacticError with the position, -// otherwise it returns the error as is. -// It takes a position relative to the start of the start of d.buf. -func (d *decodeBuffer) injectSyntacticErrorWithPosition(err error, pos int) error { - if serr, ok := err.(*SyntacticError); ok { - return serr.withOffset(d.baseOffset + int64(pos)) - } - return err -} - -func (d *decodeBuffer) previousOffsetStart() int64 { return d.baseOffset + int64(d.prevStart) } -func (d *decodeBuffer) previousOffsetEnd() int64 { return d.baseOffset + int64(d.prevEnd) } -func (d *decodeBuffer) previousBuffer() []byte { return d.buf[d.prevStart:d.prevEnd] } -func (d *decodeBuffer) unreadBuffer() []byte { return d.buf[d.prevEnd:len(d.buf)] } - -// PeekKind retrieves the next token kind, but does not advance the read offset. -// It returns 0 if there are no more tokens. -func (d *Decoder) PeekKind() Kind { - // Check whether we have a cached peek result. - if d.peekPos > 0 { - return Kind(d.buf[d.peekPos]).normalize() - } - - var err error - d.invalidatePreviousRead() - pos := d.prevEnd - - // Consume leading whitespace. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - if err == io.ErrUnexpectedEOF && d.tokens.depth() == 1 { - err = io.EOF // EOF possibly if no Tokens present after top-level value - } - d.peekPos, d.peekErr = -1, err - return invalidKind - } - } - - // Consume colon or comma. - var delim byte - if c := d.buf[pos]; c == ':' || c == ',' { - delim = c - pos += 1 - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - d.peekPos, d.peekErr = -1, err - return invalidKind - } - } - } - next := Kind(d.buf[pos]).normalize() - if d.tokens.needDelim(next) != delim { - pos = d.prevEnd // restore position to right after leading whitespace - pos += consumeWhitespace(d.buf[pos:]) - err = d.tokens.checkDelim(delim, next) - err = d.injectSyntacticErrorWithPosition(err, pos) - d.peekPos, d.peekErr = -1, err - return invalidKind - } - - // This may set peekPos to zero, which is indistinguishable from - // the uninitialized state. While a small hit to performance, it is correct - // since ReadValue and ReadToken will disregard the cached result and - // recompute the next kind. - d.peekPos, d.peekErr = pos, nil - return next -} - -// SkipValue is semantically equivalent to calling ReadValue and discarding -// the result except that memory is not wasted trying to hold the entire result. -func (d *Decoder) SkipValue() error { - switch d.PeekKind() { - case '{', '[': - // For JSON objects and arrays, keep skipping all tokens - // until the depth matches the starting depth. - depth := d.tokens.depth() - for { - if _, err := d.ReadToken(); err != nil { - return err - } - if depth >= d.tokens.depth() { - return nil - } - } - default: - // Trying to skip a value when the next token is a '}' or ']' - // will result in an error being returned here. - if _, err := d.ReadValue(); err != nil { - return err - } - return nil - } -} - -// ReadToken reads the next Token, advancing the read offset. -// The returned token is only valid until the next Peek, Read, or Skip call. -// It returns io.EOF if there are no more tokens. -func (d *Decoder) ReadToken() (Token, error) { - // Determine the next kind. - var err error - var next Kind - pos := d.peekPos - if pos != 0 { - // Use cached peek result. - if d.peekErr != nil { - err := d.peekErr - d.peekPos, d.peekErr = 0, nil // possibly a transient I/O error - return Token{}, err - } - next = Kind(d.buf[pos]).normalize() - d.peekPos = 0 // reset cache - } else { - d.invalidatePreviousRead() - pos = d.prevEnd - - // Consume leading whitespace. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - if err == io.ErrUnexpectedEOF && d.tokens.depth() == 1 { - err = io.EOF // EOF possibly if no Tokens present after top-level value - } - return Token{}, err - } - } - - // Consume colon or comma. - var delim byte - if c := d.buf[pos]; c == ':' || c == ',' { - delim = c - pos += 1 - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - return Token{}, err - } - } - } - next = Kind(d.buf[pos]).normalize() - if d.tokens.needDelim(next) != delim { - pos = d.prevEnd // restore position to right after leading whitespace - pos += consumeWhitespace(d.buf[pos:]) - err = d.tokens.checkDelim(delim, next) - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } - } - - // Handle the next token. - var n int - switch next { - case 'n': - if consumeNull(d.buf[pos:]) == 0 { - pos, err = d.consumeLiteral(pos, "null") - if err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } - } else { - pos += len("null") - } - if err = d.tokens.appendLiteral(); err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos-len("null")) // report position at start of literal - } - d.prevStart, d.prevEnd = pos, pos - return Null, nil - - case 'f': - if consumeFalse(d.buf[pos:]) == 0 { - pos, err = d.consumeLiteral(pos, "false") - if err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } - } else { - pos += len("false") - } - if err = d.tokens.appendLiteral(); err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos-len("false")) // report position at start of literal - } - d.prevStart, d.prevEnd = pos, pos - return False, nil - - case 't': - if consumeTrue(d.buf[pos:]) == 0 { - pos, err = d.consumeLiteral(pos, "true") - if err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } - } else { - pos += len("true") - } - if err = d.tokens.appendLiteral(); err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos-len("true")) // report position at start of literal - } - d.prevStart, d.prevEnd = pos, pos - return True, nil - - case '"': - var flags valueFlags // TODO: Preserve this in Token? - if n = consumeSimpleString(d.buf[pos:]); n == 0 { - oldAbsPos := d.baseOffset + int64(pos) - pos, err = d.consumeString(&flags, pos) - newAbsPos := d.baseOffset + int64(pos) - n = int(newAbsPos - oldAbsPos) - if err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } - } else { - pos += n - } - if !d.options.AllowDuplicateNames && d.tokens.last.needObjectName() { - if !d.tokens.last.isValidNamespace() { - return Token{}, errInvalidNamespace - } - if d.tokens.last.isActiveNamespace() && !d.namespaces.last().insertQuoted(d.buf[pos-n:pos], flags.isVerbatim()) { - err = &SyntacticError{str: "duplicate name " + string(d.buf[pos-n:pos]) + " in object"} - return Token{}, d.injectSyntacticErrorWithPosition(err, pos-n) // report position at start of string - } - d.names.replaceLastQuotedOffset(pos - n) // only replace if insertQuoted succeeds - } - if err = d.tokens.appendString(); err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos-n) // report position at start of string - } - d.prevStart, d.prevEnd = pos-n, pos - return Token{raw: &d.decodeBuffer, num: uint64(d.previousOffsetStart())}, nil - - case '0': - // NOTE: Since JSON numbers are not self-terminating, - // we need to make sure that the next byte is not part of a number. - if n = consumeSimpleNumber(d.buf[pos:]); n == 0 || d.needMore(pos+n) { - oldAbsPos := d.baseOffset + int64(pos) - pos, err = d.consumeNumber(pos) - newAbsPos := d.baseOffset + int64(pos) - n = int(newAbsPos - oldAbsPos) - if err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } - } else { - pos += n - } - if err = d.tokens.appendNumber(); err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos-n) // report position at start of number - } - d.prevStart, d.prevEnd = pos-n, pos - return Token{raw: &d.decodeBuffer, num: uint64(d.previousOffsetStart())}, nil - - case '{': - if err = d.tokens.pushObject(); err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } - if !d.options.AllowDuplicateNames { - d.names.push() - d.namespaces.push() - } - pos += 1 - d.prevStart, d.prevEnd = pos, pos - return ObjectStart, nil - - case '}': - if err = d.tokens.popObject(); err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } - if !d.options.AllowDuplicateNames { - d.names.pop() - d.namespaces.pop() - } - pos += 1 - d.prevStart, d.prevEnd = pos, pos - return ObjectEnd, nil - - case '[': - if err = d.tokens.pushArray(); err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } - pos += 1 - d.prevStart, d.prevEnd = pos, pos - return ArrayStart, nil - - case ']': - if err = d.tokens.popArray(); err != nil { - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } - pos += 1 - d.prevStart, d.prevEnd = pos, pos - return ArrayEnd, nil - - default: - err = newInvalidCharacterError(d.buf[pos:], "at start of token") - return Token{}, d.injectSyntacticErrorWithPosition(err, pos) - } -} - -type valueFlags uint - -const ( - _ valueFlags = (1 << iota) / 2 // powers of two starting with zero - - stringNonVerbatim // string cannot be naively treated as valid UTF-8 - stringNonCanonical // string not formatted according to RFC 8785, section 3.2.2.2. - // TODO: Track whether a number is a non-integer? -) - -func (f *valueFlags) set(f2 valueFlags) { *f |= f2 } -func (f valueFlags) isVerbatim() bool { return f&stringNonVerbatim == 0 } -func (f valueFlags) isCanonical() bool { return f&stringNonCanonical == 0 } - -// ReadValue returns the next raw JSON value, advancing the read offset. -// The value is stripped of any leading or trailing whitespace. -// The returned value is only valid until the next Peek, Read, or Skip call and -// may not be mutated while the Decoder remains in use. -// If the decoder is currently at the end token for an object or array, -// then it reports a SyntacticError and the internal state remains unchanged. -// It returns io.EOF if there are no more values. -func (d *Decoder) ReadValue() (RawValue, error) { - var flags valueFlags - return d.readValue(&flags) -} -func (d *Decoder) readValue(flags *valueFlags) (RawValue, error) { - // Determine the next kind. - var err error - var next Kind - pos := d.peekPos - if pos != 0 { - // Use cached peek result. - if d.peekErr != nil { - err := d.peekErr - d.peekPos, d.peekErr = 0, nil // possibly a transient I/O error - return nil, err - } - next = Kind(d.buf[pos]).normalize() - d.peekPos = 0 // reset cache - } else { - d.invalidatePreviousRead() - pos = d.prevEnd - - // Consume leading whitespace. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - if err == io.ErrUnexpectedEOF && d.tokens.depth() == 1 { - err = io.EOF // EOF possibly if no Tokens present after top-level value - } - return nil, err - } - } - - // Consume colon or comma. - var delim byte - if c := d.buf[pos]; c == ':' || c == ',' { - delim = c - pos += 1 - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - return nil, err - } - } - } - next = Kind(d.buf[pos]).normalize() - if d.tokens.needDelim(next) != delim { - pos = d.prevEnd // restore position to right after leading whitespace - pos += consumeWhitespace(d.buf[pos:]) - err = d.tokens.checkDelim(delim, next) - return nil, d.injectSyntacticErrorWithPosition(err, pos) - } - } - - // Handle the next value. - oldAbsPos := d.baseOffset + int64(pos) - pos, err = d.consumeValue(flags, pos) - newAbsPos := d.baseOffset + int64(pos) - n := int(newAbsPos - oldAbsPos) - if err != nil { - return nil, d.injectSyntacticErrorWithPosition(err, pos) - } - switch next { - case 'n', 't', 'f': - err = d.tokens.appendLiteral() - case '"': - if !d.options.AllowDuplicateNames && d.tokens.last.needObjectName() { - if !d.tokens.last.isValidNamespace() { - err = errInvalidNamespace - break - } - if d.tokens.last.isActiveNamespace() && !d.namespaces.last().insertQuoted(d.buf[pos-n:pos], flags.isVerbatim()) { - err = &SyntacticError{str: "duplicate name " + string(d.buf[pos-n:pos]) + " in object"} - break - } - d.names.replaceLastQuotedOffset(pos - n) // only replace if insertQuoted succeeds - } - err = d.tokens.appendString() - case '0': - err = d.tokens.appendNumber() - case '{': - if err = d.tokens.pushObject(); err != nil { - break - } - if err = d.tokens.popObject(); err != nil { - panic("BUG: popObject should never fail immediately after pushObject: " + err.Error()) - } - case '[': - if err = d.tokens.pushArray(); err != nil { - break - } - if err = d.tokens.popArray(); err != nil { - panic("BUG: popArray should never fail immediately after pushArray: " + err.Error()) - } - } - if err != nil { - return nil, d.injectSyntacticErrorWithPosition(err, pos-n) // report position at start of value - } - d.prevEnd = pos - d.prevStart = pos - n - return d.buf[pos-n : pos : pos], nil -} - -// checkEOF verifies that the input has no more data. -func (d *Decoder) checkEOF() error { - switch pos, err := d.consumeWhitespace(d.prevEnd); err { - case nil: - return newInvalidCharacterError(d.buf[pos:], "after top-level value") - case io.ErrUnexpectedEOF: - return nil - default: - return err - } -} - -// consumeWhitespace consumes all whitespace starting at d.buf[pos:]. -// It returns the new position in d.buf immediately after the last whitespace. -// If it returns nil, there is guaranteed to at least be one unread byte. -// -// The following pattern is common in this implementation: -// -// pos += consumeWhitespace(d.buf[pos:]) -// if d.needMore(pos) { -// if pos, err = d.consumeWhitespace(pos); err != nil { -// return ... -// } -// } -// -// It is difficult to simplify this without sacrificing performance since -// consumeWhitespace must be inlined. The body of the if statement is -// executed only in rare situations where we need to fetch more data. -// Since fetching may return an error, we also need to check the error. -func (d *Decoder) consumeWhitespace(pos int) (newPos int, err error) { - for { - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - absPos := d.baseOffset + int64(pos) - err = d.fetch() // will mutate d.buf and invalidate pos - pos = int(absPos - d.baseOffset) - if err != nil { - return pos, err - } - continue - } - return pos, nil - } -} - -// consumeValue consumes a single JSON value starting at d.buf[pos:]. -// It returns the new position in d.buf immediately after the value. -func (d *Decoder) consumeValue(flags *valueFlags, pos int) (newPos int, err error) { - for { - var n int - var err error - switch next := Kind(d.buf[pos]).normalize(); next { - case 'n': - if n = consumeNull(d.buf[pos:]); n == 0 { - n, err = consumeLiteral(d.buf[pos:], "null") - } - case 'f': - if n = consumeFalse(d.buf[pos:]); n == 0 { - n, err = consumeLiteral(d.buf[pos:], "false") - } - case 't': - if n = consumeTrue(d.buf[pos:]); n == 0 { - n, err = consumeLiteral(d.buf[pos:], "true") - } - case '"': - if n = consumeSimpleString(d.buf[pos:]); n == 0 { - return d.consumeString(flags, pos) - } - case '0': - // NOTE: Since JSON numbers are not self-terminating, - // we need to make sure that the next byte is not part of a number. - if n = consumeSimpleNumber(d.buf[pos:]); n == 0 || d.needMore(pos+n) { - return d.consumeNumber(pos) - } - case '{': - return d.consumeObject(flags, pos) - case '[': - return d.consumeArray(flags, pos) - default: - return pos, newInvalidCharacterError(d.buf[pos:], "at start of value") - } - if err == io.ErrUnexpectedEOF { - absPos := d.baseOffset + int64(pos) - err = d.fetch() // will mutate d.buf and invalidate pos - pos = int(absPos - d.baseOffset) - if err != nil { - return pos, err - } - continue - } - return pos + n, err - } -} - -// consumeLiteral consumes a single JSON literal starting at d.buf[pos:]. -// It returns the new position in d.buf immediately after the literal. -func (d *Decoder) consumeLiteral(pos int, lit string) (newPos int, err error) { - for { - n, err := consumeLiteral(d.buf[pos:], lit) - if err == io.ErrUnexpectedEOF { - absPos := d.baseOffset + int64(pos) - err = d.fetch() // will mutate d.buf and invalidate pos - pos = int(absPos - d.baseOffset) - if err != nil { - return pos, err - } - continue - } - return pos + n, err - } -} - -// consumeString consumes a single JSON string starting at d.buf[pos:]. -// It returns the new position in d.buf immediately after the string. -func (d *Decoder) consumeString(flags *valueFlags, pos int) (newPos int, err error) { - var n int - for { - n, err = consumeStringResumable(flags, d.buf[pos:], n, !d.options.AllowInvalidUTF8) - if err == io.ErrUnexpectedEOF { - absPos := d.baseOffset + int64(pos) - err = d.fetch() // will mutate d.buf and invalidate pos - pos = int(absPos - d.baseOffset) - if err != nil { - return pos, err - } - continue - } - return pos + n, err - } -} - -// consumeNumber consumes a single JSON number starting at d.buf[pos:]. -// It returns the new position in d.buf immediately after the number. -func (d *Decoder) consumeNumber(pos int) (newPos int, err error) { - var n int - var state consumeNumberState - for { - n, state, err = consumeNumberResumable(d.buf[pos:], n, state) - // NOTE: Since JSON numbers are not self-terminating, - // we need to make sure that the next byte is not part of a number. - if err == io.ErrUnexpectedEOF || d.needMore(pos+n) { - mayTerminate := err == nil - absPos := d.baseOffset + int64(pos) - err = d.fetch() // will mutate d.buf and invalidate pos - pos = int(absPos - d.baseOffset) - if err != nil { - if mayTerminate && err == io.ErrUnexpectedEOF { - return pos + n, nil - } - return pos, err - } - continue - } - return pos + n, err - } -} - -// consumeObject consumes a single JSON object starting at d.buf[pos:]. -// It returns the new position in d.buf immediately after the object. -func (d *Decoder) consumeObject(flags *valueFlags, pos int) (newPos int, err error) { - var n int - var names *objectNamespace - if !d.options.AllowDuplicateNames { - d.namespaces.push() - defer d.namespaces.pop() - names = d.namespaces.last() - } - - // Handle before start. - if d.buf[pos] != '{' { - panic("BUG: consumeObject must be called with a buffer that starts with '{'") - } - pos++ - - // Handle after start. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - return pos, err - } - } - if d.buf[pos] == '}' { - pos++ - return pos, nil - } - - for { - // Handle before name. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - return pos, err - } - } - var flags2 valueFlags - if n = consumeSimpleString(d.buf[pos:]); n == 0 { - oldAbsPos := d.baseOffset + int64(pos) - pos, err = d.consumeString(&flags2, pos) - newAbsPos := d.baseOffset + int64(pos) - n = int(newAbsPos - oldAbsPos) - flags.set(flags2) - if err != nil { - return pos, err - } - } else { - pos += n - } - if !d.options.AllowDuplicateNames && !names.insertQuoted(d.buf[pos-n:pos], flags2.isVerbatim()) { - return pos - n, &SyntacticError{str: "duplicate name " + string(d.buf[pos-n:pos]) + " in object"} - } - - // Handle after name. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - return pos, err - } - } - if d.buf[pos] != ':' { - return pos, newInvalidCharacterError(d.buf[pos:], "after object name (expecting ':')") - } - pos++ - - // Handle before value. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - return pos, err - } - } - pos, err = d.consumeValue(flags, pos) - if err != nil { - return pos, err - } - - // Handle after value. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - return pos, err - } - } - switch d.buf[pos] { - case ',': - pos++ - continue - case '}': - pos++ - return pos, nil - default: - return pos, newInvalidCharacterError(d.buf[pos:], "after object value (expecting ',' or '}')") - } - } -} - -// consumeArray consumes a single JSON array starting at d.buf[pos:]. -// It returns the new position in d.buf immediately after the array. -func (d *Decoder) consumeArray(flags *valueFlags, pos int) (newPos int, err error) { - // Handle before start. - if d.buf[pos] != '[' { - panic("BUG: consumeArray must be called with a buffer that starts with '['") - } - pos++ - - // Handle after start. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - return pos, err - } - } - if d.buf[pos] == ']' { - pos++ - return pos, nil - } - - for { - // Handle before value. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - return pos, err - } - } - pos, err = d.consumeValue(flags, pos) - if err != nil { - return pos, err - } - - // Handle after value. - pos += consumeWhitespace(d.buf[pos:]) - if d.needMore(pos) { - if pos, err = d.consumeWhitespace(pos); err != nil { - return pos, err - } - } - switch d.buf[pos] { - case ',': - pos++ - continue - case ']': - pos++ - return pos, nil - default: - return pos, newInvalidCharacterError(d.buf[pos:], "after array value (expecting ',' or ']')") - } - } -} - -// InputOffset returns the current input byte offset. It gives the location -// of the next byte immediately after the most recently returned token or value. -// The number of bytes actually read from the underlying io.Reader may be more -// than this offset due to internal buffering effects. -func (d *Decoder) InputOffset() int64 { - return d.previousOffsetEnd() -} - -// UnreadBuffer returns the data remaining in the unread buffer, -// which may contain zero or more bytes. -// The returned buffer must not be mutated while Decoder continues to be used. -// The buffer contents are valid until the next Peek, Read, or Skip call. -func (d *Decoder) UnreadBuffer() []byte { - return d.unreadBuffer() -} - -// StackDepth returns the depth of the state machine for read JSON data. -// Each level on the stack represents a nested JSON object or array. -// It is incremented whenever an ObjectStart or ArrayStart token is encountered -// and decremented whenever an ObjectEnd or ArrayEnd token is encountered. -// The depth is zero-indexed, where zero represents the top-level JSON value. -func (d *Decoder) StackDepth() int { - // NOTE: Keep in sync with Encoder.StackDepth. - return d.tokens.depth() - 1 -} - -// StackIndex returns information about the specified stack level. -// It must be a number between 0 and StackDepth, inclusive. -// For each level, it reports the kind: -// -// - 0 for a level of zero, -// - '{' for a level representing a JSON object, and -// - '[' for a level representing a JSON array. -// -// It also reports the length of that JSON object or array. -// Each name and value in a JSON object is counted separately, -// so the effective number of members would be half the length. -// A complete JSON object must have an even length. -func (d *Decoder) StackIndex(i int) (Kind, int) { - // NOTE: Keep in sync with Encoder.StackIndex. - switch s := d.tokens.index(i); { - case i > 0 && s.isObject(): - return '{', s.length() - case i > 0 && s.isArray(): - return '[', s.length() - default: - return 0, s.length() - } -} - -// StackPointer returns a JSON Pointer (RFC 6901) to the most recently read value. -// Object names are only present if AllowDuplicateNames is false, otherwise -// object members are represented using their index within the object. -func (d *Decoder) StackPointer() string { - d.names.copyQuotedBuffer(d.buf) - return string(d.appendStackPointer(nil)) -} - -// consumeWhitespace consumes leading JSON whitespace per RFC 7159, section 2. -func consumeWhitespace(b []byte) (n int) { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - for len(b) > n && (b[n] == ' ' || b[n] == '\t' || b[n] == '\r' || b[n] == '\n') { - n++ - } - return n -} - -// consumeNull consumes the next JSON null literal per RFC 7159, section 3. -// It returns 0 if it is invalid, in which case consumeLiteral should be used. -func consumeNull(b []byte) int { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - const literal = "null" - if len(b) >= len(literal) && string(b[:len(literal)]) == literal { - return len(literal) - } - return 0 -} - -// consumeFalse consumes the next JSON false literal per RFC 7159, section 3. -// It returns 0 if it is invalid, in which case consumeLiteral should be used. -func consumeFalse(b []byte) int { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - const literal = "false" - if len(b) >= len(literal) && string(b[:len(literal)]) == literal { - return len(literal) - } - return 0 -} - -// consumeTrue consumes the next JSON true literal per RFC 7159, section 3. -// It returns 0 if it is invalid, in which case consumeLiteral should be used. -func consumeTrue(b []byte) int { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - const literal = "true" - if len(b) >= len(literal) && string(b[:len(literal)]) == literal { - return len(literal) - } - return 0 -} - -// consumeLiteral consumes the next JSON literal per RFC 7159, section 3. -// If the input appears truncated, it returns io.ErrUnexpectedEOF. -func consumeLiteral(b []byte, lit string) (n int, err error) { - for i := 0; i < len(b) && i < len(lit); i++ { - if b[i] != lit[i] { - return i, newInvalidCharacterError(b[i:], "within literal "+lit+" (expecting "+strconv.QuoteRune(rune(lit[i]))+")") - } - } - if len(b) < len(lit) { - return len(b), io.ErrUnexpectedEOF - } - return len(lit), nil -} - -// consumeSimpleString consumes the next JSON string per RFC 7159, section 7 -// but is limited to the grammar for an ASCII string without escape sequences. -// It returns 0 if it is invalid or more complicated than a simple string, -// in which case consumeString should be called. -func consumeSimpleString(b []byte) (n int) { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - if len(b) > 0 && b[0] == '"' { - n++ - for len(b) > n && (' ' <= b[n] && b[n] != '\\' && b[n] != '"' && b[n] < utf8.RuneSelf) { - n++ - } - if len(b) > n && b[n] == '"' { - n++ - return n - } - } - return 0 -} - -// consumeString consumes the next JSON string per RFC 7159, section 7. -// If validateUTF8 is false, then this allows the presence of invalid UTF-8 -// characters within the string itself. -// It reports the number of bytes consumed and whether an error was encountered. -// If the input appears truncated, it returns io.ErrUnexpectedEOF. -func consumeString(flags *valueFlags, b []byte, validateUTF8 bool) (n int, err error) { - return consumeStringResumable(flags, b, 0, validateUTF8) -} - -// consumeStringResumable is identical to consumeString but supports resuming -// from a previous call that returned io.ErrUnexpectedEOF. -func consumeStringResumable(flags *valueFlags, b []byte, resumeOffset int, validateUTF8 bool) (n int, err error) { - // Consume the leading double quote. - switch { - case resumeOffset > 0: - n = resumeOffset // already handled the leading quote - case uint(len(b)) == 0: - return n, io.ErrUnexpectedEOF - case b[0] == '"': - n++ - default: - return n, newInvalidCharacterError(b[n:], `at start of string (expecting '"')`) - } - - // Consume every character in the string. - for uint(len(b)) > uint(n) { - // Optimize for long sequences of unescaped characters. - noEscape := func(c byte) bool { - return c < utf8.RuneSelf && ' ' <= c && c != '\\' && c != '"' - } - for uint(len(b)) > uint(n) && noEscape(b[n]) { - n++ - } - if uint(len(b)) <= uint(n) { - return n, io.ErrUnexpectedEOF - } - - // Check for terminating double quote. - if b[n] == '"' { - n++ - return n, nil - } - - switch r, rn := utf8.DecodeRune(b[n:]); { - // Handle UTF-8 encoded byte sequence. - // Due to specialized handling of ASCII above, we know that - // all normal sequences at this point must be 2 bytes or larger. - case rn > 1: - n += rn - // Handle escape sequence. - case r == '\\': - flags.set(stringNonVerbatim) - resumeOffset = n - if uint(len(b)) < uint(n+2) { - return resumeOffset, io.ErrUnexpectedEOF - } - switch r := b[n+1]; r { - case '/': - // Forward slash is the only character with 3 representations. - // Per RFC 8785, section 3.2.2.2., this must not be escaped. - flags.set(stringNonCanonical) - n += 2 - case '"', '\\', 'b', 'f', 'n', 'r', 't': - n += 2 - case 'u': - if uint(len(b)) < uint(n+6) { - if !hasEscapeSequencePrefix(b[n:]) { - flags.set(stringNonCanonical) - return n, &SyntacticError{str: "invalid escape sequence " + strconv.Quote(string(b[n:])) + " within string"} - } - return resumeOffset, io.ErrUnexpectedEOF - } - v1, ok := parseHexUint16(b[n+2 : n+6]) - if !ok { - flags.set(stringNonCanonical) - return n, &SyntacticError{str: "invalid escape sequence " + strconv.Quote(string(b[n:n+6])) + " within string"} - } - // Only certain control characters can use the \uFFFF notation - // for canonical formatting (per RFC 8785, section 3.2.2.2.). - switch v1 { - // \uFFFF notation not permitted for these characters. - case '\b', '\f', '\n', '\r', '\t': - flags.set(stringNonCanonical) - default: - // \uFFFF notation only permitted for control characters. - if v1 >= ' ' { - flags.set(stringNonCanonical) - } else { - // \uFFFF notation must be lower case. - for _, c := range b[n+2 : n+6] { - if 'A' <= c && c <= 'F' { - flags.set(stringNonCanonical) - } - } - } - } - n += 6 - - if validateUTF8 && utf16.IsSurrogate(rune(v1)) { - if uint(len(b)) >= uint(n+2) && (b[n] != '\\' || b[n+1] != 'u') { - return n, &SyntacticError{str: "invalid unpaired surrogate half within string"} - } - if uint(len(b)) < uint(n+6) { - if !hasEscapeSequencePrefix(b[n:]) { - flags.set(stringNonCanonical) - return n, &SyntacticError{str: "invalid escape sequence " + strconv.Quote(string(b[n:])) + " within string"} - } - return resumeOffset, io.ErrUnexpectedEOF - } - v2, ok := parseHexUint16(b[n+2 : n+6]) - if !ok { - return n, &SyntacticError{str: "invalid escape sequence " + strconv.Quote(string(b[n:n+6])) + " within string"} - } - if utf16.DecodeRune(rune(v1), rune(v2)) == utf8.RuneError { - return n, &SyntacticError{str: "invalid surrogate pair in string"} - } - n += 6 - } - default: - flags.set(stringNonCanonical) - return n, &SyntacticError{str: "invalid escape sequence " + strconv.Quote(string(b[n:n+2])) + " within string"} - } - // Handle invalid UTF-8. - case r == utf8.RuneError: - if !utf8.FullRune(b[n:]) { - return n, io.ErrUnexpectedEOF - } - flags.set(stringNonVerbatim | stringNonCanonical) - if validateUTF8 { - return n, &SyntacticError{str: "invalid UTF-8 within string"} - } - n++ - // Handle invalid control characters. - case r < ' ': - flags.set(stringNonVerbatim | stringNonCanonical) - return n, newInvalidCharacterError(b[n:], "within string (expecting non-control character)") - default: - panic("BUG: unhandled character " + quoteRune(b[n:])) - } - } - return n, io.ErrUnexpectedEOF -} - -// hasEscapeSequencePrefix reports whether b is possibly -// the truncated prefix of a \uFFFF escape sequence. -func hasEscapeSequencePrefix(b []byte) bool { - for i, c := range b { - switch { - case i == 0 && c != '\\': - return false - case i == 1 && c != 'u': - return false - case i >= 2 && i < 6 && !('0' <= c && c <= '9') && !('a' <= c && c <= 'f') && !('A' <= c && c <= 'F'): - return false - } - } - return true -} - -// unescapeString appends the unescaped form of a JSON string in src to dst. -// Any invalid UTF-8 within the string will be replaced with utf8.RuneError. -// The input must be an entire JSON string with no surrounding whitespace. -func unescapeString(dst, src []byte) (v []byte, ok bool) { - // Consume leading double quote. - if uint(len(src)) == 0 || src[0] != '"' { - return dst, false - } - i, n := 1, 1 - - // Consume every character until completion. - for uint(len(src)) > uint(n) { - // Optimize for long sequences of unescaped characters. - noEscape := func(c byte) bool { - return c < utf8.RuneSelf && ' ' <= c && c != '\\' && c != '"' - } - for uint(len(src)) > uint(n) && noEscape(src[n]) { - n++ - } - if uint(len(src)) <= uint(n) { - break - } - - // Check for terminating double quote. - if src[n] == '"' { - dst = append(dst, src[i:n]...) - n++ - return dst, len(src) == n - } - - switch r, rn := utf8.DecodeRune(src[n:]); { - // Handle UTF-8 encoded byte sequence. - // Due to specialized handling of ASCII above, we know that - // all normal sequences at this point must be 2 bytes or larger. - case rn > 1: - n += rn - // Handle escape sequence. - case r == '\\': - dst = append(dst, src[i:n]...) - if r < ' ' { - return dst, false // invalid control character or unescaped quote - } - - // Handle escape sequence. - if uint(len(src)) < uint(n+2) { - return dst, false // truncated escape sequence - } - switch r := src[n+1]; r { - case '"', '\\', '/': - dst = append(dst, r) - n += 2 - case 'b': - dst = append(dst, '\b') - n += 2 - case 'f': - dst = append(dst, '\f') - n += 2 - case 'n': - dst = append(dst, '\n') - n += 2 - case 'r': - dst = append(dst, '\r') - n += 2 - case 't': - dst = append(dst, '\t') - n += 2 - case 'u': - if uint(len(src)) < uint(n+6) { - return dst, false // truncated escape sequence - } - v1, ok := parseHexUint16(src[n+2 : n+6]) - if !ok { - return dst, false // invalid escape sequence - } - n += 6 - - // Check whether this is a surrogate half. - r := rune(v1) - if utf16.IsSurrogate(r) { - r = utf8.RuneError // assume failure unless the following succeeds - if uint(len(src)) >= uint(n+6) && src[n+0] == '\\' && src[n+1] == 'u' { - if v2, ok := parseHexUint16(src[n+2 : n+6]); ok { - if r = utf16.DecodeRune(rune(v1), rune(v2)); r != utf8.RuneError { - n += 6 - } - } - } - } - - dst = utf8.AppendRune(dst, r) - default: - return dst, false // invalid escape sequence - } - i = n - // Handle invalid UTF-8. - case r == utf8.RuneError: - // NOTE: An unescaped string may be longer than the escaped string - // because invalid UTF-8 bytes are being replaced. - dst = append(dst, src[i:n]...) - dst = append(dst, "\uFFFD"...) - n += rn - i = n - // Handle invalid control characters. - case r < ' ': - dst = append(dst, src[i:n]...) - return dst, false // invalid control character or unescaped quote - default: - panic("BUG: unhandled character " + quoteRune(src[n:])) - } - } - dst = append(dst, src[i:n]...) - return dst, false // truncated input -} - -// unescapeStringMayCopy returns the unescaped form of b. -// If there are no escaped characters, the output is simply a subslice of -// the input with the surrounding quotes removed. -// Otherwise, a new buffer is allocated for the output. -func unescapeStringMayCopy(b []byte, isVerbatim bool) []byte { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - if isVerbatim { - return b[len(`"`) : len(b)-len(`"`)] - } - b, _ = unescapeString(make([]byte, 0, len(b)), b) - return b -} - -// consumeSimpleNumber consumes the next JSON number per RFC 7159, section 6 -// but is limited to the grammar for a positive integer. -// It returns 0 if it is invalid or more complicated than a simple integer, -// in which case consumeNumber should be called. -func consumeSimpleNumber(b []byte) (n int) { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - if len(b) > 0 { - if b[0] == '0' { - n++ - } else if '1' <= b[0] && b[0] <= '9' { - n++ - for len(b) > n && ('0' <= b[n] && b[n] <= '9') { - n++ - } - } else { - return 0 - } - if len(b) == n || !(b[n] == '.' || b[n] == 'e' || b[n] == 'E') { - return n - } - } - return 0 -} - -type consumeNumberState uint - -const ( - consumeNumberInit consumeNumberState = iota - beforeIntegerDigits - withinIntegerDigits - beforeFractionalDigits - withinFractionalDigits - beforeExponentDigits - withinExponentDigits -) - -// consumeNumber consumes the next JSON number per RFC 7159, section 6. -// It reports the number of bytes consumed and whether an error was encountered. -// If the input appears truncated, it returns io.ErrUnexpectedEOF. -// -// Note that JSON numbers are not self-terminating. -// If the entire input is consumed, then the caller needs to consider whether -// there may be subsequent unread data that may still be part of this number. -func consumeNumber(b []byte) (n int, err error) { - n, _, err = consumeNumberResumable(b, 0, consumeNumberInit) - return n, err -} - -// consumeNumberResumable is identical to consumeNumber but supports resuming -// from a previous call that returned io.ErrUnexpectedEOF. -func consumeNumberResumable(b []byte, resumeOffset int, state consumeNumberState) (n int, _ consumeNumberState, err error) { - // Jump to the right state when resuming from a partial consumption. - n = resumeOffset - if state > consumeNumberInit { - switch state { - case withinIntegerDigits, withinFractionalDigits, withinExponentDigits: - // Consume leading digits. - for len(b) > n && ('0' <= b[n] && b[n] <= '9') { - n++ - } - if len(b) == n { - return n, state, nil // still within the same state - } - state++ // switches "withinX" to "beforeY" where Y is the state after X - } - switch state { - case beforeIntegerDigits: - goto beforeInteger - case beforeFractionalDigits: - goto beforeFractional - case beforeExponentDigits: - goto beforeExponent - default: - return n, state, nil - } - } - - // Consume required integer component (with optional minus sign). -beforeInteger: - resumeOffset = n - if len(b) > 0 && b[0] == '-' { - n++ - } - switch { - case len(b) == n: - return resumeOffset, beforeIntegerDigits, io.ErrUnexpectedEOF - case b[n] == '0': - n++ - state = beforeFractionalDigits - case '1' <= b[n] && b[n] <= '9': - n++ - for len(b) > n && ('0' <= b[n] && b[n] <= '9') { - n++ - } - state = withinIntegerDigits - default: - return n, state, newInvalidCharacterError(b[n:], "within number (expecting digit)") - } - - // Consume optional fractional component. -beforeFractional: - if len(b) > n && b[n] == '.' { - resumeOffset = n - n++ - switch { - case len(b) == n: - return resumeOffset, beforeFractionalDigits, io.ErrUnexpectedEOF - case '0' <= b[n] && b[n] <= '9': - n++ - default: - return n, state, newInvalidCharacterError(b[n:], "within number (expecting digit)") - } - for len(b) > n && ('0' <= b[n] && b[n] <= '9') { - n++ - } - state = withinFractionalDigits - } - - // Consume optional exponent component. -beforeExponent: - if len(b) > n && (b[n] == 'e' || b[n] == 'E') { - resumeOffset = n - n++ - if len(b) > n && (b[n] == '-' || b[n] == '+') { - n++ - } - switch { - case len(b) == n: - return resumeOffset, beforeExponentDigits, io.ErrUnexpectedEOF - case '0' <= b[n] && b[n] <= '9': - n++ - default: - return n, state, newInvalidCharacterError(b[n:], "within number (expecting digit)") - } - for len(b) > n && ('0' <= b[n] && b[n] <= '9') { - n++ - } - state = withinExponentDigits - } - - return n, state, nil -} - -// parseHexUint16 is similar to strconv.ParseUint, -// but operates directly on []byte and is optimized for base-16. -// See https://go.dev/issue/42429. -func parseHexUint16(b []byte) (v uint16, ok bool) { - if len(b) != 4 { - return 0, false - } - for _, c := range b[:4] { - switch { - case '0' <= c && c <= '9': - c = c - '0' - case 'a' <= c && c <= 'f': - c = 10 + c - 'a' - case 'A' <= c && c <= 'F': - c = 10 + c - 'A' - default: - return 0, false - } - v = v*16 + uint16(c) - } - return v, true -} - -// parseDecUint is similar to strconv.ParseUint, -// but operates directly on []byte and is optimized for base-10. -// If the number is syntactically valid but overflows uint64, -// then it returns (math.MaxUint64, false). -// See https://go.dev/issue/42429. -func parseDecUint(b []byte) (v uint64, ok bool) { - // Overflow logic is based on strconv/atoi.go:138-149 from Go1.15, where: - // - cutoff is equal to math.MaxUint64/10+1, and - // - the n1 > maxVal check is unnecessary - // since maxVal is equivalent to math.MaxUint64. - var n int - var overflow bool - for len(b) > n && ('0' <= b[n] && b[n] <= '9') { - overflow = overflow || v >= math.MaxUint64/10+1 - v *= 10 - - v1 := v + uint64(b[n]-'0') - overflow = overflow || v1 < v - v = v1 - - n++ - } - if n == 0 || len(b) != n { - return 0, false - } - if overflow { - return math.MaxUint64, false - } - return v, true -} - -// parseFloat parses a floating point number according to the Go float grammar. -// Note that the JSON number grammar is a strict subset. -// -// If the number overflows the finite representation of a float, -// then we return MaxFloat since any finite value will always be infinitely -// more accurate at representing another finite value than an infinite value. -func parseFloat(b []byte, bits int) (v float64, ok bool) { - // Fast path for exact integer numbers which fit in the - // 24-bit or 53-bit significand of a float32 or float64. - var negLen int // either 0 or 1 - if len(b) > 0 && b[0] == '-' { - negLen = 1 - } - u, ok := parseDecUint(b[negLen:]) - if ok && ((bits == 32 && u <= 1<<24) || (bits == 64 && u <= 1<<53)) { - return math.Copysign(float64(u), float64(-1*negLen)), true - } - - // Note that the []byte->string conversion unfortunately allocates. - // See https://go.dev/issue/42429 for more information. - fv, err := strconv.ParseFloat(string(b), bits) - if math.IsInf(fv, 0) { - switch { - case bits == 32 && math.IsInf(fv, +1): - return +math.MaxFloat32, true - case bits == 64 && math.IsInf(fv, +1): - return +math.MaxFloat64, true - case bits == 32 && math.IsInf(fv, -1): - return -math.MaxFloat32, true - case bits == 64 && math.IsInf(fv, -1): - return -math.MaxFloat64, true - } - } - return fv, err == nil -} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/doc.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/doc.go index e4eefa3de..a46316858 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/doc.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/doc.go @@ -2,61 +2,43 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package json implements serialization of JSON -// as specified in RFC 4627, RFC 7159, RFC 7493, RFC 8259, and RFC 8785. +//go:build !goexperiment.jsonv2 || !go1.25 + +// Package json implements semantic processing of JSON as specified in RFC 8259. // JSON is a simple data interchange format that can represent // primitive data types such as booleans, strings, and numbers, // in addition to structured data types such as objects and arrays. // -// # Terminology -// -// This package uses the terms "encode" and "decode" for syntactic functionality -// that is concerned with processing JSON based on its grammar, and -// uses the terms "marshal" and "unmarshal" for semantic functionality -// that determines the meaning of JSON values as Go values and vice-versa. -// It aims to provide a clear distinction between functionality that -// is purely concerned with encoding versus that of marshaling. -// For example, one can directly encode a stream of JSON tokens without -// needing to marshal a concrete Go value representing them. -// Similarly, one can decode a stream of JSON tokens without -// needing to unmarshal them into a concrete Go value. -// -// This package uses JSON terminology when discussing JSON, which may differ -// from related concepts in Go or elsewhere in computing literature. -// -// - A JSON "object" refers to an unordered collection of name/value members. -// - A JSON "array" refers to an ordered sequence of elements. -// - A JSON "value" refers to either a literal (i.e., null, false, or true), -// string, number, object, or array. -// -// See RFC 8259 for more information. -// -// # Specifications -// -// Relevant specifications include RFC 4627, RFC 7159, RFC 7493, RFC 8259, -// and RFC 8785. Each RFC is generally a stricter subset of another RFC. -// In increasing order of strictness: -// -// - RFC 4627 and RFC 7159 do not require (but recommend) the use of UTF-8 -// and also do not require (but recommend) that object names be unique. -// - RFC 8259 requires the use of UTF-8, -// but does not require (but recommends) that object names be unique. -// - RFC 7493 requires the use of UTF-8 -// and also requires that object names be unique. -// - RFC 8785 defines a canonical representation. It requires the use of UTF-8 -// and also requires that object names be unique and in a specific ordering. -// It specifies exactly how strings and numbers must be formatted. -// -// The primary difference between RFC 4627 and RFC 7159 is that the former -// restricted top-level values to only JSON objects and arrays, while -// RFC 7159 and subsequent RFCs permit top-level values to additionally be -// JSON nulls, booleans, strings, or numbers. -// -// By default, this package operates on RFC 7493, but can be configured -// to operate according to the other RFC specifications. -// RFC 7493 is a stricter subset of RFC 8259 and fully compliant with it. -// In particular, it makes specific choices about behavior that RFC 8259 -// leaves as undefined in order to ensure greater interoperability. +// [Marshal] and [Unmarshal] encode and decode Go values +// to/from JSON text contained within a []byte. +// [MarshalWrite] and [UnmarshalRead] operate on JSON text +// by writing to or reading from an [io.Writer] or [io.Reader]. +// [MarshalEncode] and [UnmarshalDecode] operate on JSON text +// by encoding to or decoding from a [jsontext.Encoder] or [jsontext.Decoder]. +// [Options] may be passed to each of the marshal or unmarshal functions +// to configure the semantic behavior of marshaling and unmarshaling +// (i.e., alter how JSON data is understood as Go data and vice versa). +// [jsontext.Options] may also be passed to the marshal or unmarshal functions +// to configure the syntactic behavior of encoding or decoding. +// +// The data types of JSON are mapped to/from the data types of Go based on +// the closest logical equivalent between the two type systems. For example, +// a JSON boolean corresponds with a Go bool, +// a JSON string corresponds with a Go string, +// a JSON number corresponds with a Go int, uint or float, +// a JSON array corresponds with a Go slice or array, and +// a JSON object corresponds with a Go struct or map. +// See the documentation on [Marshal] and [Unmarshal] for a comprehensive list +// of how the JSON and Go type systems correspond. +// +// Arbitrary Go types can customize their JSON representation by implementing +// [Marshaler], [MarshalerTo], [Unmarshaler], or [UnmarshalerFrom]. +// This provides authors of Go types with control over how their types are +// serialized as JSON. Alternatively, users can implement functions that match +// [MarshalFunc], [MarshalToFunc], [UnmarshalFunc], or [UnmarshalFromFunc] +// to specify the JSON representation for arbitrary types. +// This provides callers of JSON functionality with control over +// how any arbitrary type is serialized as JSON. // // # JSON Representation of Go structs // @@ -68,12 +50,14 @@ // into the corresponding Go struct fields. // Object members that do not match any struct fields, // also known as “unknown members”, are ignored by default or rejected -// if UnmarshalOptions.RejectUnknownMembers is specified. +// if [RejectUnknownMembers] is specified. // // The representation of each struct field can be customized in the // "json" struct field tag, where the tag is a comma separated list of options. // As a special case, if the entire tag is `json:"-"`, // then the field is ignored with regard to its JSON representation. +// Some options also have equivalent behavior controlled by a caller-specified [Options]. +// Field-specified options take precedence over caller-specified options. // // The first option is the JSON object name override for the Go struct field. // If the name is not specified, then the Go struct field name @@ -98,21 +82,23 @@ // encoded as a JSON null, empty string, empty object, or empty array. // This option has no effect when unmarshaling. // -// - string: The "string" option specifies that -// MarshalOptions.StringifyNumbers and UnmarshalOptions.StringifyNumbers +// - string: The "string" option specifies that [StringifyNumbers] // be set when marshaling or unmarshaling a struct field value. // This causes numeric types to be encoded as a JSON number -// within a JSON string, and to be decoded from either a JSON number or -// a JSON string containing a JSON number. +// within a JSON string, and to be decoded from a JSON string +// containing the JSON number without any surrounding whitespace. // This extra level of encoding is often necessary since // many JSON parsers cannot precisely represent 64-bit integers. // -// - nocase: When unmarshaling, the "nocase" option specifies that -// if the JSON object name does not exactly match the JSON name -// for any of the struct fields, then it attempts to match the struct field -// using a case-insensitive match that also ignores dashes and underscores. -// If multiple fields match, the first declared field in breadth-first order -// takes precedence. This option has no effect when marshaling. +// - case: When unmarshaling, the "case" option specifies how +// JSON object names are matched with the JSON name for Go struct fields. +// The option is a key-value pair specified as "case:value" where +// the value must either be 'ignore' or 'strict'. +// The 'ignore' value specifies that matching is case-insensitive +// where dashes and underscores are also ignored. If multiple fields match, +// the first declared field in breadth-first order takes precedence. +// The 'strict' value specifies that matching is case-sensitive. +// This takes precedence over the [MatchCaseInsensitiveNames] option. // // - inline: The "inline" option specifies that // the JSON representable content of this field type is to be promoted @@ -120,10 +106,10 @@ // It is the JSON equivalent of Go struct embedding. // A Go embedded field is implicitly inlined unless an explicit JSON name // is specified. The inlined field must be a Go struct -// (that does not implement any JSON methods), RawValue, map[string]T, -// or an unnamed pointer to such types. When marshaling, +// (that does not implement any JSON methods), [jsontext.Value], +// map[~string]T, or an unnamed pointer to such types. When marshaling, // inlined fields from a pointer type are omitted if it is nil. -// Inlined fields of type RawValue and map[string]T are called +// Inlined fields of type [jsontext.Value] and map[~string]T are called // “inlined fallbacks” as they can represent all possible // JSON object members not directly handled by the parent struct. // Only one inlined fallback field may be specified in a struct, @@ -132,11 +118,11 @@ // // - unknown: The "unknown" option is a specialized variant // of the inlined fallback to indicate that this Go struct field -// contains any number of unknown JSON object members. The field type -// must be a RawValue, map[string]T, or an unnamed pointer to such types. -// If MarshalOptions.DiscardUnknownMembers is specified when marshaling, +// contains any number of unknown JSON object members. The field type must +// be a [jsontext.Value], map[~string]T, or an unnamed pointer to such types. +// If [DiscardUnknownMembers] is specified when marshaling, // the contents of this field are ignored. -// If UnmarshalOptions.RejectUnknownMembers is specified when unmarshaling, +// If [RejectUnknownMembers] is specified when unmarshaling, // any unknown object members are rejected regardless of whether // an inlined fallback with the "unknown" option exists. This option // must not be specified with any other option (including the JSON name). @@ -156,7 +142,7 @@ // For example, only a nil slice or map is omitted under "omitzero", while // an empty slice or map is omitted under "omitempty" regardless of nilness. // The "omitzero" option is useful for types with a well-defined zero value -// (e.g., netip.Addr) or have an IsZero method (e.g., time.Time). +// (e.g., [net/netip.Addr]) or have an IsZero method (e.g., [time.Time.IsZero]). // // Every Go struct corresponds to a list of JSON representable fields // which is constructed by performing a breadth-first search over @@ -167,12 +153,108 @@ // at shallowest depth takes precedence and the other fields at deeper depths // are excluded from the list of JSON representable fields. // If multiple fields at the shallowest depth have the same JSON name, -// then all of those fields are excluded from the list. This is analogous to -// Go visibility rules for struct field selection with embedded struct types. +// but exactly one is explicitly tagged with a JSON name, +// then that field takes precedence and all others are excluded from the list. +// This is analogous to Go visibility rules for struct field selection +// with embedded struct types. // // Marshaling or unmarshaling a non-empty struct -// without any JSON representable fields results in a SemanticError. +// without any JSON representable fields results in a [SemanticError]. // Unexported fields must not have any `json` tags except for `json:"-"`. +// +// # Security Considerations +// +// JSON is frequently used as a data interchange format to communicate +// between different systems, possibly implemented in different languages. +// For interoperability and security reasons, it is important that +// all implementations agree upon the semantic meaning of the data. +// +// [For example, suppose we have two micro-services.] +// The first service is responsible for authenticating a JSON request, +// while the second service is responsible for executing the request +// (having assumed that the prior service authenticated the request). +// If an attacker were able to maliciously craft a JSON request such that +// both services believe that the same request is from different users, +// it could bypass the authenticator with valid credentials for one user, +// but maliciously perform an action on behalf of a different user. +// +// According to RFC 8259, there unfortunately exist many JSON texts +// that are syntactically valid but semantically ambiguous. +// For example, the standard does not define how to interpret duplicate +// names within an object. +// +// The v1 [encoding/json] and [encoding/json/v2] packages +// interpret some inputs in different ways. In particular: +// +// - The standard specifies that JSON must be encoded using UTF-8. +// By default, v1 replaces invalid bytes of UTF-8 in JSON strings +// with the Unicode replacement character, +// while v2 rejects inputs with invalid UTF-8. +// To change the default, specify the [jsontext.AllowInvalidUTF8] option. +// The replacement of invalid UTF-8 is a form of data corruption +// that alters the precise meaning of strings. +// +// - The standard does not specify a particular behavior when +// duplicate names are encountered within a JSON object, +// which means that different implementations may behave differently. +// By default, v1 allows for the presence of duplicate names, +// while v2 rejects duplicate names. +// To change the default, specify the [jsontext.AllowDuplicateNames] option. +// If allowed, object members are processed in the order they are observed, +// meaning that later values will replace or be merged into prior values, +// depending on the Go value type. +// +// - The standard defines a JSON object as an unordered collection of name/value pairs. +// While ordering can be observed through the underlying [jsontext] API, +// both v1 and v2 generally avoid exposing the ordering. +// No application should semantically depend on the order of object members. +// Allowing duplicate names is a vector through which ordering of members +// can accidentally be observed and depended upon. +// +// - The standard suggests that JSON object names are typically compared +// based on equality of the sequence of Unicode code points, +// which implies that comparing names is often case-sensitive. +// When unmarshaling a JSON object into a Go struct, +// by default, v1 uses a (loose) case-insensitive match on the name, +// while v2 uses a (strict) case-sensitive match on the name. +// To change the default, specify the [MatchCaseInsensitiveNames] option. +// The use of case-insensitive matching provides another vector through +// which duplicate names can occur. Allowing case-insensitive matching +// means that v1 or v2 might interpret JSON objects differently from most +// other JSON implementations (which typically use a case-sensitive match). +// +// - The standard does not specify a particular behavior when +// an unknown name in a JSON object is encountered. +// When unmarshaling a JSON object into a Go struct, by default +// both v1 and v2 ignore unknown names and their corresponding values. +// To change the default, specify the [RejectUnknownMembers] option. +// +// - The standard suggests that implementations may use a float64 +// to represent a JSON number. Consequently, large JSON integers +// may lose precision when stored as a floating-point type. +// Both v1 and v2 correctly preserve precision when marshaling and +// unmarshaling a concrete integer type. However, even if v1 and v2 +// preserve precision for concrete types, other JSON implementations +// may not be able to preserve precision for outputs produced by v1 or v2. +// The `string` tag option can be used to specify that an integer type +// is to be quoted within a JSON string to avoid loss of precision. +// Furthermore, v1 and v2 may still lose precision when unmarshaling +// into an any interface value, where unmarshal uses a float64 +// by default to represent a JSON number. +// To change the default, specify the [WithUnmarshalers] option +// with a custom unmarshaler that pre-populates the interface value +// with a concrete Go type that can preserve precision. +// +// RFC 8785 specifies a canonical form for any JSON text, +// which explicitly defines specific behaviors that RFC 8259 leaves undefined. +// In theory, if a text can successfully [jsontext.Value.Canonicalize] +// without changing the semantic meaning of the data, then it provides a +// greater degree of confidence that the data is more secure and interoperable. +// +// The v2 API generally chooses more secure defaults than v1, +// but care should still be taken with large integers or unknown members. +// +// [For example, suppose we have two micro-services.]: https://www.youtube.com/watch?v=avilmOcHKHE&t=1057s package json // requireKeyedLiterals can be embedded in a struct to require keyed literals. diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/encode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/encode.go deleted file mode 100644 index 5b81ca15a..000000000 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/encode.go +++ /dev/null @@ -1,1170 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package json - -import ( - "bytes" - "io" - "math" - "math/bits" - "strconv" - "unicode/utf16" - "unicode/utf8" -) - -// EncodeOptions configures how JSON encoding operates. -// The zero value is equivalent to the default settings, -// which is compliant with both RFC 7493 and RFC 8259. -type EncodeOptions struct { - requireKeyedLiterals - nonComparable - - // multiline specifies whether the encoder should emit multiline output. - multiline bool - - // omitTopLevelNewline specifies whether to omit the newline - // that is appended after every top-level JSON value when streaming. - omitTopLevelNewline bool - - // AllowDuplicateNames specifies that JSON objects may contain - // duplicate member names. Disabling the duplicate name check may provide - // performance benefits, but breaks compliance with RFC 7493, section 2.3. - // The output will still be compliant with RFC 8259, - // which leaves the handling of duplicate names as unspecified behavior. - AllowDuplicateNames bool - - // AllowInvalidUTF8 specifies that JSON strings may contain invalid UTF-8, - // which will be mangled as the Unicode replacement character, U+FFFD. - // This causes the encoder to break compliance with - // RFC 7493, section 2.1, and RFC 8259, section 8.1. - AllowInvalidUTF8 bool - - // preserveRawStrings specifies that WriteToken and WriteValue should not - // reformat any JSON string, but keep the formatting verbatim. - preserveRawStrings bool - - // canonicalizeNumbers specifies that WriteToken and WriteValue should - // reformat any JSON numbers according to RFC 8785, section 3.2.2.3. - canonicalizeNumbers bool - - // EscapeRune reports whether the provided character should be escaped - // as a hexadecimal Unicode codepoint (e.g., \ufffd). - // If nil, the shortest and simplest encoding will be used, - // which is also the formatting specified by RFC 8785, section 3.2.2.2. - EscapeRune func(rune) bool - - // Indent (if non-empty) specifies that the encoder should emit multiline - // output where each element in a JSON object or array begins on a new, - // indented line beginning with the indent prefix followed by one or more - // copies of indent according to the indentation nesting. - // It may only be composed of space or tab characters. - Indent string - - // IndentPrefix is prepended to each line within a JSON object or array. - // The purpose of the indent prefix is to encode data that can more easily - // be embedded inside other formatted JSON data. - // It may only be composed of space or tab characters. - // It is ignored if Indent is empty. - IndentPrefix string -} - -// Encoder is a streaming encoder from raw JSON tokens and values. -// It is used to write a stream of top-level JSON values, -// each terminated with a newline character. -// -// WriteToken and WriteValue calls may be interleaved. -// For example, the following JSON value: -// -// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}} -// -// can be composed with the following calls (ignoring errors for brevity): -// -// e.WriteToken(ObjectStart) // { -// e.WriteToken(String("name")) // "name" -// e.WriteToken(String("value")) // "value" -// e.WriteValue(RawValue(`"array"`)) // "array" -// e.WriteToken(ArrayStart) // [ -// e.WriteToken(Null) // null -// e.WriteToken(False) // false -// e.WriteValue(RawValue("true")) // true -// e.WriteToken(Float(3.14159)) // 3.14159 -// e.WriteToken(ArrayEnd) // ] -// e.WriteValue(RawValue(`"object"`)) // "object" -// e.WriteValue(RawValue(`{"k":"v"}`)) // {"k":"v"} -// e.WriteToken(ObjectEnd) // } -// -// The above is one of many possible sequence of calls and -// may not represent the most sensible method to call for any given token/value. -// For example, it is probably more common to call WriteToken with a string -// for object names. -type Encoder struct { - state - encodeBuffer - options EncodeOptions - - seenPointers seenPointers // only used when marshaling -} - -// encodeBuffer is a buffer split into 2 segments: -// -// - buf[0:len(buf)] // written (but unflushed) portion of the buffer -// - buf[len(buf):cap(buf)] // unused portion of the buffer -type encodeBuffer struct { - buf []byte // may alias wr if it is a bytes.Buffer - - // baseOffset is added to len(buf) to obtain the absolute offset - // relative to the start of io.Writer stream. - baseOffset int64 - - wr io.Writer - - // maxValue is the approximate maximum RawValue size passed to WriteValue. - maxValue int - // unusedCache is the buffer returned by the UnusedBuffer method. - unusedCache []byte - // bufStats is statistics about buffer utilization. - // It is only used with pooled encoders in pools.go. - bufStats bufferStatistics -} - -// NewEncoder constructs a new streaming encoder writing to w. -func NewEncoder(w io.Writer) *Encoder { - return EncodeOptions{}.NewEncoder(w) -} - -// NewEncoder constructs a new streaming encoder writing to w -// configured with the provided options. -// It flushes the internal buffer when the buffer is sufficiently full or -// when a top-level value has been written. -// -// If w is a bytes.Buffer, then the encoder appends directly into the buffer -// without copying the contents from an intermediate buffer. -func (o EncodeOptions) NewEncoder(w io.Writer) *Encoder { - e := new(Encoder) - o.ResetEncoder(e, w) - return e -} - -// ResetEncoder resets an encoder such that it is writing afresh to w and -// configured with the provided options. -func (o EncodeOptions) ResetEncoder(e *Encoder, w io.Writer) { - if e == nil { - panic("json: invalid nil Encoder") - } - if w == nil { - panic("json: invalid nil io.Writer") - } - e.reset(nil, w, o) -} - -func (e *Encoder) reset(b []byte, w io.Writer, o EncodeOptions) { - if len(o.Indent) > 0 { - o.multiline = true - if s := trimLeftSpaceTab(o.IndentPrefix); len(s) > 0 { - panic("json: invalid character " + quoteRune([]byte(s)) + " in indent prefix") - } - if s := trimLeftSpaceTab(o.Indent); len(s) > 0 { - panic("json: invalid character " + quoteRune([]byte(s)) + " in indent") - } - } - e.state.reset() - e.encodeBuffer = encodeBuffer{buf: b, wr: w, bufStats: e.bufStats} - e.options = o - if bb, ok := w.(*bytes.Buffer); ok && bb != nil { - e.buf = bb.Bytes()[bb.Len():] // alias the unused buffer of bb - } -} - -// Reset resets an encoder such that it is writing afresh to w but -// keeps any pre-existing encoder options. -func (e *Encoder) Reset(w io.Writer) { - e.options.ResetEncoder(e, w) -} - -// needFlush determines whether to flush at this point. -func (e *Encoder) needFlush() bool { - // NOTE: This function is carefully written to be inlineable. - - // Avoid flushing if e.wr is nil since there is no underlying writer. - // Flush if less than 25% of the capacity remains. - // Flushing at some constant fraction ensures that the buffer stops growing - // so long as the largest Token or Value fits within that unused capacity. - return e.wr != nil && (e.tokens.depth() == 1 || len(e.buf) > 3*cap(e.buf)/4) -} - -// flush flushes the buffer to the underlying io.Writer. -// It may append a trailing newline after the top-level value. -func (e *Encoder) flush() error { - if e.wr == nil || e.avoidFlush() { - return nil - } - - // In streaming mode, always emit a newline after the top-level value. - if e.tokens.depth() == 1 && !e.options.omitTopLevelNewline { - e.buf = append(e.buf, '\n') - } - - // Inform objectNameStack that we are about to flush the buffer content. - e.names.copyQuotedBuffer(e.buf) - - // Specialize bytes.Buffer for better performance. - if bb, ok := e.wr.(*bytes.Buffer); ok { - // If e.buf already aliases the internal buffer of bb, - // then the Write call simply increments the internal offset, - // otherwise Write operates as expected. - // See https://go.dev/issue/42986. - n, _ := bb.Write(e.buf) // never fails unless bb is nil - e.baseOffset += int64(n) - - // If the internal buffer of bytes.Buffer is too small, - // append operations elsewhere in the Encoder may grow the buffer. - // This would be semantically correct, but hurts performance. - // As such, ensure 25% of the current length is always available - // to reduce the probability that other appends must allocate. - if avail := bb.Cap() - bb.Len(); avail < bb.Len()/4 { - bb.Grow(avail + 1) - } - - e.buf = bb.Bytes()[bb.Len():] // alias the unused buffer of bb - return nil - } - - // Flush the internal buffer to the underlying io.Writer. - n, err := e.wr.Write(e.buf) - e.baseOffset += int64(n) - if err != nil { - // In the event of an error, preserve the unflushed portion. - // Thus, write errors aren't fatal so long as the io.Writer - // maintains consistent state after errors. - if n > 0 { - e.buf = e.buf[:copy(e.buf, e.buf[n:])] - } - return &ioError{action: "write", err: err} - } - e.buf = e.buf[:0] - - // Check whether to grow the buffer. - // Note that cap(e.buf) may already exceed maxBufferSize since - // an append elsewhere already grew it to store a large token. - const maxBufferSize = 4 << 10 - const growthSizeFactor = 2 // higher value is faster - const growthRateFactor = 2 // higher value is slower - // By default, grow if below the maximum buffer size. - grow := cap(e.buf) <= maxBufferSize/growthSizeFactor - // Growing can be expensive, so only grow - // if a sufficient number of bytes have been processed. - grow = grow && int64(cap(e.buf)) < e.previousOffsetEnd()/growthRateFactor - if grow { - e.buf = make([]byte, 0, cap(e.buf)*growthSizeFactor) - } - - return nil -} - -func (e *encodeBuffer) previousOffsetEnd() int64 { return e.baseOffset + int64(len(e.buf)) } -func (e *encodeBuffer) unflushedBuffer() []byte { return e.buf } - -// avoidFlush indicates whether to avoid flushing to ensure there is always -// enough in the buffer to unwrite the last object member if it were empty. -func (e *Encoder) avoidFlush() bool { - switch { - case e.tokens.last.length() == 0: - // Never flush after ObjectStart or ArrayStart since we don't know yet - // if the object or array will end up being empty. - return true - case e.tokens.last.needObjectValue(): - // Never flush before the object value since we don't know yet - // if the object value will end up being empty. - return true - case e.tokens.last.needObjectName() && len(e.buf) >= 2: - // Never flush after the object value if it does turn out to be empty. - switch string(e.buf[len(e.buf)-2:]) { - case `ll`, `""`, `{}`, `[]`: // last two bytes of every empty value - return true - } - } - return false -} - -// unwriteEmptyObjectMember unwrites the last object member if it is empty -// and reports whether it performed an unwrite operation. -func (e *Encoder) unwriteEmptyObjectMember(prevName *string) bool { - if last := e.tokens.last; !last.isObject() || !last.needObjectName() || last.length() == 0 { - panic("BUG: must be called on an object after writing a value") - } - - // The flushing logic is modified to never flush a trailing empty value. - // The encoder never writes trailing whitespace eagerly. - b := e.unflushedBuffer() - - // Detect whether the last value was empty. - var n int - if len(b) >= 3 { - switch string(b[len(b)-2:]) { - case "ll": // last two bytes of `null` - n = len(`null`) - case `""`: - // It is possible for a non-empty string to have `""` as a suffix - // if the second to the last quote was escaped. - if b[len(b)-3] == '\\' { - return false // e.g., `"\""` is not empty - } - n = len(`""`) - case `{}`: - n = len(`{}`) - case `[]`: - n = len(`[]`) - } - } - if n == 0 { - return false - } - - // Unwrite the value, whitespace, colon, name, whitespace, and comma. - b = b[:len(b)-n] - b = trimSuffixWhitespace(b) - b = trimSuffixByte(b, ':') - b = trimSuffixString(b) - b = trimSuffixWhitespace(b) - b = trimSuffixByte(b, ',') - e.buf = b // store back truncated unflushed buffer - - // Undo state changes. - e.tokens.last.decrement() // for object member value - e.tokens.last.decrement() // for object member name - if !e.options.AllowDuplicateNames { - if e.tokens.last.isActiveNamespace() { - e.namespaces.last().removeLast() - } - e.names.clearLast() - if prevName != nil { - e.names.copyQuotedBuffer(e.buf) // required by objectNameStack.replaceLastUnquotedName - e.names.replaceLastUnquotedName(*prevName) - } - } - return true -} - -// unwriteOnlyObjectMemberName unwrites the only object member name -// and returns the unquoted name. -func (e *Encoder) unwriteOnlyObjectMemberName() string { - if last := e.tokens.last; !last.isObject() || last.length() != 1 { - panic("BUG: must be called on an object after writing first name") - } - - // Unwrite the name and whitespace. - b := trimSuffixString(e.buf) - isVerbatim := bytes.IndexByte(e.buf[len(b):], '\\') < 0 - name := string(unescapeStringMayCopy(e.buf[len(b):], isVerbatim)) - e.buf = trimSuffixWhitespace(b) - - // Undo state changes. - e.tokens.last.decrement() - if !e.options.AllowDuplicateNames { - if e.tokens.last.isActiveNamespace() { - e.namespaces.last().removeLast() - } - e.names.clearLast() - } - return name -} - -func trimSuffixWhitespace(b []byte) []byte { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - n := len(b) - 1 - for n >= 0 && (b[n] == ' ' || b[n] == '\t' || b[n] == '\r' || b[n] == '\n') { - n-- - } - return b[:n+1] -} - -func trimSuffixString(b []byte) []byte { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - if len(b) > 0 && b[len(b)-1] == '"' { - b = b[:len(b)-1] - } - for len(b) >= 2 && !(b[len(b)-1] == '"' && b[len(b)-2] != '\\') { - b = b[:len(b)-1] // trim all characters except an unescaped quote - } - if len(b) > 0 && b[len(b)-1] == '"' { - b = b[:len(b)-1] - } - return b -} - -func hasSuffixByte(b []byte, c byte) bool { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - return len(b) > 0 && b[len(b)-1] == c -} - -func trimSuffixByte(b []byte, c byte) []byte { - // NOTE: The arguments and logic are kept simple to keep this inlineable. - if len(b) > 0 && b[len(b)-1] == c { - return b[:len(b)-1] - } - return b -} - -// WriteToken writes the next token and advances the internal write offset. -// -// The provided token kind must be consistent with the JSON grammar. -// For example, it is an error to provide a number when the encoder -// is expecting an object name (which is always a string), or -// to provide an end object delimiter when the encoder is finishing an array. -// If the provided token is invalid, then it reports a SyntacticError and -// the internal state remains unchanged. -func (e *Encoder) WriteToken(t Token) error { - k := t.Kind() - b := e.buf // use local variable to avoid mutating e in case of error - - // Append any delimiters or optional whitespace. - b = e.tokens.mayAppendDelim(b, k) - if e.options.multiline { - b = e.appendWhitespace(b, k) - } - - // Append the token to the output and to the state machine. - var err error - switch k { - case 'n': - b = append(b, "null"...) - err = e.tokens.appendLiteral() - case 'f': - b = append(b, "false"...) - err = e.tokens.appendLiteral() - case 't': - b = append(b, "true"...) - err = e.tokens.appendLiteral() - case '"': - n0 := len(b) // offset before calling t.appendString - if b, err = t.appendString(b, !e.options.AllowInvalidUTF8, e.options.preserveRawStrings, e.options.EscapeRune); err != nil { - break - } - if !e.options.AllowDuplicateNames && e.tokens.last.needObjectName() { - if !e.tokens.last.isValidNamespace() { - err = errInvalidNamespace - break - } - if e.tokens.last.isActiveNamespace() && !e.namespaces.last().insertQuoted(b[n0:], false) { - err = &SyntacticError{str: "duplicate name " + string(b[n0:]) + " in object"} - break - } - e.names.replaceLastQuotedOffset(n0) // only replace if insertQuoted succeeds - } - err = e.tokens.appendString() - case '0': - if b, err = t.appendNumber(b, e.options.canonicalizeNumbers); err != nil { - break - } - err = e.tokens.appendNumber() - case '{': - b = append(b, '{') - if err = e.tokens.pushObject(); err != nil { - break - } - if !e.options.AllowDuplicateNames { - e.names.push() - e.namespaces.push() - } - case '}': - b = append(b, '}') - if err = e.tokens.popObject(); err != nil { - break - } - if !e.options.AllowDuplicateNames { - e.names.pop() - e.namespaces.pop() - } - case '[': - b = append(b, '[') - err = e.tokens.pushArray() - case ']': - b = append(b, ']') - err = e.tokens.popArray() - default: - return &SyntacticError{str: "invalid json.Token"} - } - if err != nil { - return err - } - - // Finish off the buffer and store it back into e. - e.buf = b - if e.needFlush() { - return e.flush() - } - return nil -} - -const ( - rawIntNumber = -1 - rawUintNumber = -2 -) - -// writeNumber is specialized version of WriteToken, but optimized for numbers. -// As a special-case, if bits is -1 or -2, it will treat v as -// the raw-encoded bits of an int64 or uint64, respectively. -// It is only called from arshal_default.go. -func (e *Encoder) writeNumber(v float64, bits int, quote bool) error { - b := e.buf // use local variable to avoid mutating e in case of error - - // Append any delimiters or optional whitespace. - b = e.tokens.mayAppendDelim(b, '0') - if e.options.multiline { - b = e.appendWhitespace(b, '0') - } - - if quote { - // Append the value to the output. - n0 := len(b) // offset before appending the number - b = append(b, '"') - switch bits { - case rawIntNumber: - b = strconv.AppendInt(b, int64(math.Float64bits(v)), 10) - case rawUintNumber: - b = strconv.AppendUint(b, uint64(math.Float64bits(v)), 10) - default: - b = appendNumber(b, v, bits) - } - b = append(b, '"') - - // Escape the string if necessary. - if e.options.EscapeRune != nil { - b2 := append(e.unusedCache, b[n0+len(`"`):len(b)-len(`"`)]...) - b, _ = appendString(b[:n0], string(b2), false, e.options.EscapeRune) - e.unusedCache = b2[:0] - } - - // Update the state machine. - if !e.options.AllowDuplicateNames && e.tokens.last.needObjectName() { - if !e.tokens.last.isValidNamespace() { - return errInvalidNamespace - } - if e.tokens.last.isActiveNamespace() && !e.namespaces.last().insertQuoted(b[n0:], false) { - return &SyntacticError{str: "duplicate name " + string(b[n0:]) + " in object"} - } - e.names.replaceLastQuotedOffset(n0) // only replace if insertQuoted succeeds - } - if err := e.tokens.appendString(); err != nil { - return err - } - } else { - switch bits { - case rawIntNumber: - b = strconv.AppendInt(b, int64(math.Float64bits(v)), 10) - case rawUintNumber: - b = strconv.AppendUint(b, uint64(math.Float64bits(v)), 10) - default: - b = appendNumber(b, v, bits) - } - if err := e.tokens.appendNumber(); err != nil { - return err - } - } - - // Finish off the buffer and store it back into e. - e.buf = b - if e.needFlush() { - return e.flush() - } - return nil -} - -// WriteValue writes the next raw value and advances the internal write offset. -// The Encoder does not simply copy the provided value verbatim, but -// parses it to ensure that it is syntactically valid and reformats it -// according to how the Encoder is configured to format whitespace and strings. -// -// The provided value kind must be consistent with the JSON grammar -// (see examples on Encoder.WriteToken). If the provided value is invalid, -// then it reports a SyntacticError and the internal state remains unchanged. -func (e *Encoder) WriteValue(v RawValue) error { - e.maxValue |= len(v) // bitwise OR is a fast approximation of max - - k := v.Kind() - b := e.buf // use local variable to avoid mutating e in case of error - - // Append any delimiters or optional whitespace. - b = e.tokens.mayAppendDelim(b, k) - if e.options.multiline { - b = e.appendWhitespace(b, k) - } - - // Append the value the output. - var err error - v = v[consumeWhitespace(v):] - n0 := len(b) // offset before calling e.reformatValue - b, v, err = e.reformatValue(b, v, e.tokens.depth()) - if err != nil { - return err - } - v = v[consumeWhitespace(v):] - if len(v) > 0 { - return newInvalidCharacterError(v[0:], "after top-level value") - } - - // Append the kind to the state machine. - switch k { - case 'n', 'f', 't': - err = e.tokens.appendLiteral() - case '"': - if !e.options.AllowDuplicateNames && e.tokens.last.needObjectName() { - if !e.tokens.last.isValidNamespace() { - err = errInvalidNamespace - break - } - if e.tokens.last.isActiveNamespace() && !e.namespaces.last().insertQuoted(b[n0:], false) { - err = &SyntacticError{str: "duplicate name " + string(b[n0:]) + " in object"} - break - } - e.names.replaceLastQuotedOffset(n0) // only replace if insertQuoted succeeds - } - err = e.tokens.appendString() - case '0': - err = e.tokens.appendNumber() - case '{': - if err = e.tokens.pushObject(); err != nil { - break - } - if err = e.tokens.popObject(); err != nil { - panic("BUG: popObject should never fail immediately after pushObject: " + err.Error()) - } - case '[': - if err = e.tokens.pushArray(); err != nil { - break - } - if err = e.tokens.popArray(); err != nil { - panic("BUG: popArray should never fail immediately after pushArray: " + err.Error()) - } - } - if err != nil { - return err - } - - // Finish off the buffer and store it back into e. - e.buf = b - if e.needFlush() { - return e.flush() - } - return nil -} - -// appendWhitespace appends whitespace that immediately precedes the next token. -func (e *Encoder) appendWhitespace(b []byte, next Kind) []byte { - if e.tokens.needDelim(next) == ':' { - return append(b, ' ') - } else { - return e.appendIndent(b, e.tokens.needIndent(next)) - } -} - -// appendIndent appends the appropriate number of indentation characters -// for the current nested level, n. -func (e *Encoder) appendIndent(b []byte, n int) []byte { - if n == 0 { - return b - } - b = append(b, '\n') - b = append(b, e.options.IndentPrefix...) - for ; n > 1; n-- { - b = append(b, e.options.Indent...) - } - return b -} - -// reformatValue parses a JSON value from the start of src and -// appends it to the end of dst, reformatting whitespace and strings as needed. -// It returns the updated versions of dst and src. -func (e *Encoder) reformatValue(dst []byte, src RawValue, depth int) ([]byte, RawValue, error) { - // TODO: Should this update valueFlags as input? - if len(src) == 0 { - return dst, src, io.ErrUnexpectedEOF - } - var n int - var err error - switch k := Kind(src[0]).normalize(); k { - case 'n': - if n = consumeNull(src); n == 0 { - n, err = consumeLiteral(src, "null") - } - case 'f': - if n = consumeFalse(src); n == 0 { - n, err = consumeLiteral(src, "false") - } - case 't': - if n = consumeTrue(src); n == 0 { - n, err = consumeLiteral(src, "true") - } - case '"': - if n := consumeSimpleString(src); n > 0 && e.options.EscapeRune == nil { - dst, src = append(dst, src[:n]...), src[n:] // copy simple strings verbatim - return dst, src, nil - } - return reformatString(dst, src, !e.options.AllowInvalidUTF8, e.options.preserveRawStrings, e.options.EscapeRune) - case '0': - if n := consumeSimpleNumber(src); n > 0 && !e.options.canonicalizeNumbers { - dst, src = append(dst, src[:n]...), src[n:] // copy simple numbers verbatim - return dst, src, nil - } - return reformatNumber(dst, src, e.options.canonicalizeNumbers) - case '{': - return e.reformatObject(dst, src, depth) - case '[': - return e.reformatArray(dst, src, depth) - default: - return dst, src, newInvalidCharacterError(src, "at start of value") - } - if err != nil { - return dst, src, err - } - dst, src = append(dst, src[:n]...), src[n:] - return dst, src, nil -} - -// reformatObject parses a JSON object from the start of src and -// appends it to the end of src, reformatting whitespace and strings as needed. -// It returns the updated versions of dst and src. -func (e *Encoder) reformatObject(dst []byte, src RawValue, depth int) ([]byte, RawValue, error) { - // Append object start. - if src[0] != '{' { - panic("BUG: reformatObject must be called with a buffer that starts with '{'") - } - dst, src = append(dst, '{'), src[1:] - - // Append (possible) object end. - src = src[consumeWhitespace(src):] - if len(src) == 0 { - return dst, src, io.ErrUnexpectedEOF - } - if src[0] == '}' { - dst, src = append(dst, '}'), src[1:] - return dst, src, nil - } - - var err error - var names *objectNamespace - if !e.options.AllowDuplicateNames { - e.namespaces.push() - defer e.namespaces.pop() - names = e.namespaces.last() - } - depth++ - for { - // Append optional newline and indentation. - if e.options.multiline { - dst = e.appendIndent(dst, depth) - } - - // Append object name. - src = src[consumeWhitespace(src):] - if len(src) == 0 { - return dst, src, io.ErrUnexpectedEOF - } - n0 := len(dst) // offset before calling reformatString - n := consumeSimpleString(src) - if n > 0 && e.options.EscapeRune == nil { - dst, src = append(dst, src[:n]...), src[n:] // copy simple strings verbatim - } else { - dst, src, err = reformatString(dst, src, !e.options.AllowInvalidUTF8, e.options.preserveRawStrings, e.options.EscapeRune) - } - if err != nil { - return dst, src, err - } - if !e.options.AllowDuplicateNames && !names.insertQuoted(dst[n0:], false) { - return dst, src, &SyntacticError{str: "duplicate name " + string(dst[n0:]) + " in object"} - } - - // Append colon. - src = src[consumeWhitespace(src):] - if len(src) == 0 { - return dst, src, io.ErrUnexpectedEOF - } - if src[0] != ':' { - return dst, src, newInvalidCharacterError(src, "after object name (expecting ':')") - } - dst, src = append(dst, ':'), src[1:] - if e.options.multiline { - dst = append(dst, ' ') - } - - // Append object value. - src = src[consumeWhitespace(src):] - if len(src) == 0 { - return dst, src, io.ErrUnexpectedEOF - } - dst, src, err = e.reformatValue(dst, src, depth) - if err != nil { - return dst, src, err - } - - // Append comma or object end. - src = src[consumeWhitespace(src):] - if len(src) == 0 { - return dst, src, io.ErrUnexpectedEOF - } - switch src[0] { - case ',': - dst, src = append(dst, ','), src[1:] - continue - case '}': - if e.options.multiline { - dst = e.appendIndent(dst, depth-1) - } - dst, src = append(dst, '}'), src[1:] - return dst, src, nil - default: - return dst, src, newInvalidCharacterError(src, "after object value (expecting ',' or '}')") - } - } -} - -// reformatArray parses a JSON array from the start of src and -// appends it to the end of dst, reformatting whitespace and strings as needed. -// It returns the updated versions of dst and src. -func (e *Encoder) reformatArray(dst []byte, src RawValue, depth int) ([]byte, RawValue, error) { - // Append array start. - if src[0] != '[' { - panic("BUG: reformatArray must be called with a buffer that starts with '['") - } - dst, src = append(dst, '['), src[1:] - - // Append (possible) array end. - src = src[consumeWhitespace(src):] - if len(src) == 0 { - return dst, src, io.ErrUnexpectedEOF - } - if src[0] == ']' { - dst, src = append(dst, ']'), src[1:] - return dst, src, nil - } - - var err error - depth++ - for { - // Append optional newline and indentation. - if e.options.multiline { - dst = e.appendIndent(dst, depth) - } - - // Append array value. - src = src[consumeWhitespace(src):] - if len(src) == 0 { - return dst, src, io.ErrUnexpectedEOF - } - dst, src, err = e.reformatValue(dst, src, depth) - if err != nil { - return dst, src, err - } - - // Append comma or array end. - src = src[consumeWhitespace(src):] - if len(src) == 0 { - return dst, src, io.ErrUnexpectedEOF - } - switch src[0] { - case ',': - dst, src = append(dst, ','), src[1:] - continue - case ']': - if e.options.multiline { - dst = e.appendIndent(dst, depth-1) - } - dst, src = append(dst, ']'), src[1:] - return dst, src, nil - default: - return dst, src, newInvalidCharacterError(src, "after array value (expecting ',' or ']')") - } - } -} - -// OutputOffset returns the current output byte offset. It gives the location -// of the next byte immediately after the most recently written token or value. -// The number of bytes actually written to the underlying io.Writer may be less -// than this offset due to internal buffering effects. -func (e *Encoder) OutputOffset() int64 { - return e.previousOffsetEnd() -} - -// UnusedBuffer returns a zero-length buffer with a possible non-zero capacity. -// This buffer is intended to be used to populate a RawValue -// being passed to an immediately succeeding WriteValue call. -// -// Example usage: -// -// b := d.UnusedBuffer() -// b = append(b, '"') -// b = appendString(b, v) // append the string formatting of v -// b = append(b, '"') -// ... := d.WriteValue(b) -// -// It is the user's responsibility to ensure that the value is valid JSON. -func (e *Encoder) UnusedBuffer() []byte { - // NOTE: We don't return e.buf[len(e.buf):cap(e.buf)] since WriteValue would - // need to take special care to avoid mangling the data while reformatting. - // WriteValue can't easily identify whether the input RawValue aliases e.buf - // without using unsafe.Pointer. Thus, we just return a different buffer. - // Should this ever alias e.buf, we need to consider how it operates with - // the specialized performance optimization for bytes.Buffer. - n := 1 << bits.Len(uint(e.maxValue|63)) // fast approximation for max length - if cap(e.unusedCache) < n { - e.unusedCache = make([]byte, 0, n) - } - return e.unusedCache -} - -// StackDepth returns the depth of the state machine for written JSON data. -// Each level on the stack represents a nested JSON object or array. -// It is incremented whenever an ObjectStart or ArrayStart token is encountered -// and decremented whenever an ObjectEnd or ArrayEnd token is encountered. -// The depth is zero-indexed, where zero represents the top-level JSON value. -func (e *Encoder) StackDepth() int { - // NOTE: Keep in sync with Decoder.StackDepth. - return e.tokens.depth() - 1 -} - -// StackIndex returns information about the specified stack level. -// It must be a number between 0 and StackDepth, inclusive. -// For each level, it reports the kind: -// -// - 0 for a level of zero, -// - '{' for a level representing a JSON object, and -// - '[' for a level representing a JSON array. -// -// It also reports the length of that JSON object or array. -// Each name and value in a JSON object is counted separately, -// so the effective number of members would be half the length. -// A complete JSON object must have an even length. -func (e *Encoder) StackIndex(i int) (Kind, int) { - // NOTE: Keep in sync with Decoder.StackIndex. - switch s := e.tokens.index(i); { - case i > 0 && s.isObject(): - return '{', s.length() - case i > 0 && s.isArray(): - return '[', s.length() - default: - return 0, s.length() - } -} - -// StackPointer returns a JSON Pointer (RFC 6901) to the most recently written value. -// Object names are only present if AllowDuplicateNames is false, otherwise -// object members are represented using their index within the object. -func (e *Encoder) StackPointer() string { - e.names.copyQuotedBuffer(e.buf) - return string(e.appendStackPointer(nil)) -} - -// appendString appends src to dst as a JSON string per RFC 7159, section 7. -// -// If validateUTF8 is specified, this rejects input that contains invalid UTF-8 -// otherwise invalid bytes are replaced with the Unicode replacement character. -// If escapeRune is provided, it specifies which runes to escape using -// hexadecimal sequences. If nil, the shortest representable form is used, -// which is also the canonical form for strings (RFC 8785, section 3.2.2.2). -// -// Note that this API allows full control over the formatting of strings -// except for whether a forward solidus '/' may be formatted as '\/' and -// the casing of hexadecimal Unicode escape sequences. -func appendString(dst []byte, src string, validateUTF8 bool, escapeRune func(rune) bool) ([]byte, error) { - appendEscapedASCII := func(dst []byte, c byte) []byte { - switch c { - case '"', '\\': - dst = append(dst, '\\', c) - case '\b': - dst = append(dst, "\\b"...) - case '\f': - dst = append(dst, "\\f"...) - case '\n': - dst = append(dst, "\\n"...) - case '\r': - dst = append(dst, "\\r"...) - case '\t': - dst = append(dst, "\\t"...) - default: - dst = append(dst, "\\u"...) - dst = appendHexUint16(dst, uint16(c)) - } - return dst - } - appendEscapedUnicode := func(dst []byte, r rune) []byte { - if r1, r2 := utf16.EncodeRune(r); r1 != '\ufffd' && r2 != '\ufffd' { - dst = append(dst, "\\u"...) - dst = appendHexUint16(dst, uint16(r1)) - dst = append(dst, "\\u"...) - dst = appendHexUint16(dst, uint16(r2)) - } else { - dst = append(dst, "\\u"...) - dst = appendHexUint16(dst, uint16(r)) - } - return dst - } - - // Optimize for when escapeRune is nil. - if escapeRune == nil { - var i, n int - dst = append(dst, '"') - for uint(len(src)) > uint(n) { - // Handle single-byte ASCII. - if c := src[n]; c < utf8.RuneSelf { - n++ - if c < ' ' || c == '"' || c == '\\' { - dst = append(dst, src[i:n-1]...) - dst = appendEscapedASCII(dst, c) - i = n - } - continue - } - - // Handle multi-byte Unicode. - _, rn := utf8.DecodeRuneInString(src[n:]) - n += rn - if rn == 1 { // must be utf8.RuneError since we already checked for single-byte ASCII - dst = append(dst, src[i:n-rn]...) - if validateUTF8 { - return dst, &SyntacticError{str: "invalid UTF-8 within string"} - } - dst = append(dst, "\ufffd"...) - i = n - } - } - dst = append(dst, src[i:n]...) - dst = append(dst, '"') - return dst, nil - } - - // Slower implementation for when escapeRune is non-nil. - var i, n int - dst = append(dst, '"') - for uint(len(src)) > uint(n) { - switch r, rn := utf8.DecodeRuneInString(src[n:]); { - case r == utf8.RuneError && rn == 1: - dst = append(dst, src[i:n]...) - if validateUTF8 { - return dst, &SyntacticError{str: "invalid UTF-8 within string"} - } - if escapeRune('\ufffd') { - dst = append(dst, `\ufffd`...) - } else { - dst = append(dst, "\ufffd"...) - } - n += rn - i = n - case escapeRune(r): - dst = append(dst, src[i:n]...) - dst = appendEscapedUnicode(dst, r) - n += rn - i = n - case r < ' ' || r == '"' || r == '\\': - dst = append(dst, src[i:n]...) - dst = appendEscapedASCII(dst, byte(r)) - n += rn - i = n - default: - n += rn - } - } - dst = append(dst, src[i:n]...) - dst = append(dst, '"') - return dst, nil -} - -// reformatString consumes a JSON string from src and appends it to dst, -// reformatting it if necessary for the given escapeRune parameter. -// It returns the appended output and the remainder of the input. -func reformatString(dst, src []byte, validateUTF8, preserveRaw bool, escapeRune func(rune) bool) ([]byte, []byte, error) { - // TODO: Should this update valueFlags as input? - var flags valueFlags - n, err := consumeString(&flags, src, validateUTF8) - if err != nil { - return dst, src[n:], err - } - if preserveRaw || (escapeRune == nil && flags.isCanonical()) { - dst = append(dst, src[:n]...) // copy the string verbatim - return dst, src[n:], nil - } - - // TODO: Implement a direct, raw-to-raw reformat for strings. - // If the escapeRune option would have resulted in no changes to the output, - // it would be faster to simply append src to dst without going through - // an intermediary representation in a separate buffer. - b, _ := unescapeString(make([]byte, 0, n), src[:n]) - dst, _ = appendString(dst, string(b), validateUTF8, escapeRune) - return dst, src[n:], nil -} - -// appendNumber appends src to dst as a JSON number per RFC 7159, section 6. -// It formats numbers similar to the ES6 number-to-string conversion. -// See https://go.dev/issue/14135. -// -// The output is identical to ECMA-262, 6th edition, section 7.1.12.1 and with -// RFC 8785, section 3.2.2.3 for 64-bit floating-point numbers except for -0, -// which is formatted as -0 instead of just 0. -// -// For 32-bit floating-point numbers, -// the output is a 32-bit equivalent of the algorithm. -// Note that ECMA-262 specifies no algorithm for 32-bit numbers. -func appendNumber(dst []byte, src float64, bits int) []byte { - if bits == 32 { - src = float64(float32(src)) - } - - abs := math.Abs(src) - fmt := byte('f') - if abs != 0 { - if bits == 64 && (float64(abs) < 1e-6 || float64(abs) >= 1e21) || - bits == 32 && (float32(abs) < 1e-6 || float32(abs) >= 1e21) { - fmt = 'e' - } - } - dst = strconv.AppendFloat(dst, src, fmt, -1, bits) - if fmt == 'e' { - // Clean up e-09 to e-9. - n := len(dst) - if n >= 4 && dst[n-4] == 'e' && dst[n-3] == '-' && dst[n-2] == '0' { - dst[n-2] = dst[n-1] - dst = dst[:n-1] - } - } - return dst -} - -// reformatNumber consumes a JSON string from src and appends it to dst, -// canonicalizing it if specified. -// It returns the appended output and the remainder of the input. -func reformatNumber(dst, src []byte, canonicalize bool) ([]byte, []byte, error) { - n, err := consumeNumber(src) - if err != nil { - return dst, src[n:], err - } - if !canonicalize { - dst = append(dst, src[:n]...) // copy the number verbatim - return dst, src[n:], nil - } - - // Canonicalize the number per RFC 8785, section 3.2.2.3. - // As an optimization, we can copy integer numbers below 2⁵³ verbatim. - const maxExactIntegerDigits = 16 // len(strconv.AppendUint(nil, 1<<53, 10)) - if n < maxExactIntegerDigits && consumeSimpleNumber(src[:n]) == n { - dst = append(dst, src[:n]...) // copy the number verbatim - return dst, src[n:], nil - } - fv, _ := strconv.ParseFloat(string(src[:n]), 64) - switch { - case fv == 0: - fv = 0 // normalize negative zero as just zero - case math.IsInf(fv, +1): - fv = +math.MaxFloat64 - case math.IsInf(fv, -1): - fv = -math.MaxFloat64 - } - return appendNumber(dst, fv, 64), src[n:], nil -} - -// appendHexUint16 appends src to dst as a 4-byte hexadecimal number. -func appendHexUint16(dst []byte, src uint16) []byte { - dst = append(dst, "0000"[1+(bits.Len16(src)-1)/4:]...) - dst = strconv.AppendUint(dst, uint64(src), 16) - return dst -} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/errors.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/errors.go index 35be8601e..5b5d5f93a 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/errors.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/errors.go @@ -2,43 +2,61 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json import ( + "cmp" "errors" + "fmt" "reflect" "strconv" "strings" - "unicode/utf8" -) + "sync" -const errorPrefix = "json: " + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" +) -// Error matches errors returned by this package according to errors.Is. -const Error = jsonError("json error") +// ErrUnknownName indicates that a JSON object member could not be +// unmarshaled because the name is not known to the target Go struct. +// This error is directly wrapped within a [SemanticError] when produced. +// +// The name of an unknown JSON object member can be extracted as: +// +// err := ... +// var serr json.SemanticError +// if errors.As(err, &serr) && serr.Err == json.ErrUnknownName { +// ptr := serr.JSONPointer // JSON pointer to unknown name +// name := ptr.LastToken() // unknown name itself +// ... +// } +// +// This error is only returned if [RejectUnknownMembers] is true. +var ErrUnknownName = errors.New("unknown object member name") -type jsonError string +const errorPrefix = "json: " -func (e jsonError) Error() string { - return string(e) -} -func (e jsonError) Is(target error) bool { - return e == target || target == Error +func isSemanticError(err error) bool { + _, ok := err.(*SemanticError) + return ok } -type ioError struct { - action string // either "read" or "write" - err error +func isSyntacticError(err error) bool { + _, ok := err.(*jsontext.SyntacticError) + return ok } -func (e *ioError) Error() string { - return errorPrefix + e.action + " error: " + e.err.Error() -} -func (e *ioError) Unwrap() error { - return e.err -} -func (e *ioError) Is(target error) bool { - return e == target || target == Error || errors.Is(e.err, target) +// isFatalError reports whether this error must terminate asharling. +// All errors are considered fatal unless operating under +// [jsonflags.ReportErrorsWithLegacySemantics] in which case only +// syntactic errors and I/O errors are considered fatal. +func isFatalError(err error, flags jsonflags.Flags) bool { + return !flags.Get(jsonflags.ReportErrorsWithLegacySemantics) || + isSyntacticError(err) || export.IsIOError(err) } // SemanticError describes an error determining the meaning @@ -55,10 +73,13 @@ type SemanticError struct { ByteOffset int64 // JSONPointer indicates that an error occurred within this JSON value // as indicated using the JSON Pointer notation (see RFC 6901). - JSONPointer string + JSONPointer jsontext.Pointer // JSONKind is the JSON kind that could not be handled. - JSONKind Kind // may be zero if unknown + JSONKind jsontext.Kind // may be zero if unknown + // JSONValue is the JSON number or string that could not be unmarshaled. + // It is not populated during marshaling. + JSONValue jsontext.Value // may be nil if irrelevant or unknown // GoType is the Go type that could not be handled. GoType reflect.Type // may be nil if unknown @@ -66,18 +87,228 @@ type SemanticError struct { Err error // may be nil } -func (e *SemanticError) Error() string { - var sb strings.Builder - sb.WriteString(errorPrefix) +// coder is implemented by [jsontext.Encoder] or [jsontext.Decoder]. +type coder interface { + StackPointer() jsontext.Pointer + Options() Options +} + +// newInvalidFormatError wraps err in a SemanticError because +// the current type t cannot handle the provided options format. +// This error must be called before producing or consuming the next value. +// +// If [jsonflags.ReportErrorsWithLegacySemantics] is specified, +// then this automatically skips the next value when unmarshaling +// to ensure that the value is fully consumed. +func newInvalidFormatError(c coder, t reflect.Type) error { + err := fmt.Errorf("invalid format flag %q", c.Options().(*jsonopts.Struct).Format) + switch c := c.(type) { + case *jsontext.Encoder: + err = newMarshalErrorBefore(c, t, err) + case *jsontext.Decoder: + err = newUnmarshalErrorBeforeWithSkipping(c, t, err) + } + return err +} + +// newMarshalErrorBefore wraps err in a SemanticError assuming that e +// is positioned right before the next token or value, which causes an error. +func newMarshalErrorBefore(e *jsontext.Encoder, t reflect.Type, err error) error { + return &SemanticError{action: "marshal", GoType: t, Err: err, + ByteOffset: e.OutputOffset() + int64(export.Encoder(e).CountNextDelimWhitespace()), + JSONPointer: jsontext.Pointer(export.Encoder(e).AppendStackPointer(nil, +1))} +} + +// newUnmarshalErrorBefore wraps err in a SemanticError assuming that d +// is positioned right before the next token or value, which causes an error. +// It does not record the next JSON kind as this error is used to indicate +// the receiving Go value is invalid to unmarshal into (and not a JSON error). +// However, if [jsonflags.ReportErrorsWithLegacySemantics] is specified, +// then it does record the next JSON kind for historical reporting reasons. +func newUnmarshalErrorBefore(d *jsontext.Decoder, t reflect.Type, err error) error { + var k jsontext.Kind + if export.Decoder(d).Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + k = d.PeekKind() + } + return &SemanticError{action: "unmarshal", GoType: t, Err: err, + ByteOffset: d.InputOffset() + int64(export.Decoder(d).CountNextDelimWhitespace()), + JSONPointer: jsontext.Pointer(export.Decoder(d).AppendStackPointer(nil, +1)), + JSONKind: k} +} + +// newUnmarshalErrorBeforeWithSkipping is like [newUnmarshalErrorBefore], +// but automatically skips the next value if +// [jsonflags.ReportErrorsWithLegacySemantics] is specified. +func newUnmarshalErrorBeforeWithSkipping(d *jsontext.Decoder, t reflect.Type, err error) error { + err = newUnmarshalErrorBefore(d, t, err) + if export.Decoder(d).Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + if err2 := export.Decoder(d).SkipValue(); err2 != nil { + return err2 + } + } + return err +} + +// newUnmarshalErrorAfter wraps err in a SemanticError assuming that d +// is positioned right after the previous token or value, which caused an error. +func newUnmarshalErrorAfter(d *jsontext.Decoder, t reflect.Type, err error) error { + tokOrVal := export.Decoder(d).PreviousTokenOrValue() + return &SemanticError{action: "unmarshal", GoType: t, Err: err, + ByteOffset: d.InputOffset() - int64(len(tokOrVal)), + JSONPointer: jsontext.Pointer(export.Decoder(d).AppendStackPointer(nil, -1)), + JSONKind: jsontext.Value(tokOrVal).Kind()} +} + +// newUnmarshalErrorAfter wraps err in a SemanticError assuming that d +// is positioned right after the previous token or value, which caused an error. +// It also stores a copy of the last JSON value if it is a string or number. +func newUnmarshalErrorAfterWithValue(d *jsontext.Decoder, t reflect.Type, err error) error { + serr := newUnmarshalErrorAfter(d, t, err).(*SemanticError) + if serr.JSONKind == '"' || serr.JSONKind == '0' { + serr.JSONValue = jsontext.Value(export.Decoder(d).PreviousTokenOrValue()).Clone() + } + return serr +} + +// newUnmarshalErrorAfterWithSkipping is like [newUnmarshalErrorAfter], +// but automatically skips the remainder of the current value if +// [jsonflags.ReportErrorsWithLegacySemantics] is specified. +func newUnmarshalErrorAfterWithSkipping(d *jsontext.Decoder, t reflect.Type, err error) error { + err = newUnmarshalErrorAfter(d, t, err) + if export.Decoder(d).Flags.Get(jsonflags.ReportErrorsWithLegacySemantics) { + if err2 := export.Decoder(d).SkipValueRemainder(); err2 != nil { + return err2 + } + } + return err +} + +// newSemanticErrorWithPosition wraps err in a SemanticError assuming that +// the error occurred at the provided depth, and length. +// If err is already a SemanticError, then position information is only +// injected if it is currently unpopulated. +// +// If the position is unpopulated, it is ambiguous where the error occurred +// in the user code, whether it was before or after the current position. +// For the byte offset, we assume that the error occurred before the last read +// token or value when decoding, or before the next value when encoding. +// For the JSON pointer, we point to the parent object or array unless +// we can be certain that it happened with an object member. +// +// This is used to annotate errors returned by user-provided +// v2 MarshalJSON or UnmarshalJSON methods or functions. +func newSemanticErrorWithPosition(c coder, t reflect.Type, prevDepth int, prevLength int64, err error) error { + serr, _ := err.(*SemanticError) + if serr == nil { + serr = &SemanticError{Err: err} + } + var currDepth int + var currLength int64 + var coderState interface{ AppendStackPointer([]byte, int) []byte } + var offset int64 + switch c := c.(type) { + case *jsontext.Encoder: + e := export.Encoder(c) + serr.action = cmp.Or(serr.action, "marshal") + currDepth, currLength = e.Tokens.DepthLength() + offset = c.OutputOffset() + int64(export.Encoder(c).CountNextDelimWhitespace()) + coderState = e + case *jsontext.Decoder: + d := export.Decoder(c) + serr.action = cmp.Or(serr.action, "unmarshal") + currDepth, currLength = d.Tokens.DepthLength() + tokOrVal := d.PreviousTokenOrValue() + offset = c.InputOffset() - int64(len(tokOrVal)) + if (prevDepth == currDepth && prevLength == currLength) || len(tokOrVal) == 0 { + // If no Read method was called in the user-defined method or + // if the Peek method was called, then use the offset of the next value. + offset = c.InputOffset() + int64(export.Decoder(c).CountNextDelimWhitespace()) + } + coderState = d + } + serr.ByteOffset = cmp.Or(serr.ByteOffset, offset) + if serr.JSONPointer == "" { + where := 0 // default to ambiguous positioning + switch { + case prevDepth == currDepth && prevLength+0 == currLength: + where = +1 + case prevDepth == currDepth && prevLength+1 == currLength: + where = -1 + } + serr.JSONPointer = jsontext.Pointer(coderState.AppendStackPointer(nil, where)) + } + serr.GoType = cmp.Or(serr.GoType, t) + return serr +} + +// collapseSemanticErrors collapses double SemanticErrors at the outer levels +// into a single SemanticError by preserving the inner error, +// but prepending the ByteOffset and JSONPointer with the outer error. +// +// For example: +// +// collapseSemanticErrors(&SemanticError{ +// ByteOffset: len64(`[0,{"alpha":[0,1,`), +// JSONPointer: "/1/alpha/2", +// GoType: reflect.TypeFor[outerType](), +// Err: &SemanticError{ +// ByteOffset: len64(`{"foo":"bar","fizz":[0,`), +// JSONPointer: "/fizz/1", +// GoType: reflect.TypeFor[innerType](), +// Err: ..., +// }, +// }) +// +// results in: +// +// &SemanticError{ +// ByteOffset: len64(`[0,{"alpha":[0,1,`) + len64(`{"foo":"bar","fizz":[0,`), +// JSONPointer: "/1/alpha/2" + "/fizz/1", +// GoType: reflect.TypeFor[innerType](), +// Err: ..., +// } +// +// This is used to annotate errors returned by user-provided +// v1 MarshalJSON or UnmarshalJSON methods with precise position information +// if they themselves happened to return a SemanticError. +// Since MarshalJSON and UnmarshalJSON are not operating on the root JSON value, +// their positioning must be relative to the nested JSON value +// returned by UnmarshalJSON or passed to MarshalJSON. +// Therefore, we can construct an absolute position by concatenating +// the outer with the inner positions. +// +// Note that we do not use collapseSemanticErrors with user-provided functions +// that take in an [jsontext.Encoder] or [jsontext.Decoder] since they contain +// methods to report position relative to the root JSON value. +// We assume user-constructed errors are correctly precise about position. +func collapseSemanticErrors(err error) error { + if serr1, ok := err.(*SemanticError); ok { + if serr2, ok := serr1.Err.(*SemanticError); ok { + serr2.ByteOffset = serr1.ByteOffset + serr2.ByteOffset + serr2.JSONPointer = serr1.JSONPointer + serr2.JSONPointer + *serr1 = *serr2 + } + } + return err +} - // Hyrum-proof the error message by deliberately switching between - // two equivalent renderings of the same error message. - // The randomization is tied to the Hyrum-proofing already applied - // on map iteration in Go. +// errorModalVerb is a modal verb like "cannot" or "unable to". +// +// Once per process, Hyrum-proof the error message by deliberately +// switching between equivalent renderings of the same error message. +// The randomization is tied to the Hyrum-proofing already applied +// on map iteration in Go. +var errorModalVerb = sync.OnceValue(func() string { for phrase := range map[string]struct{}{"cannot": {}, "unable to": {}} { - sb.WriteString(phrase) - break // use whichever phrase we get in the first iteration + return phrase // use whichever phrase we get in the first iteration } + return "" +}) + +func (e *SemanticError) Error() string { + var sb strings.Builder + sb.WriteString(errorPrefix) + sb.WriteString(errorModalVerb()) // Format action. var preposition string @@ -94,7 +325,6 @@ func (e *SemanticError) Error() string { } // Format JSON kind. - var omitPreposition bool switch e.JSONKind { case 'n': sb.WriteString(" JSON null") @@ -109,75 +339,92 @@ func (e *SemanticError) Error() string { case '[', ']': sb.WriteString(" JSON array") default: - omitPreposition = true + if e.action == "" { + preposition = "" + } + } + if len(e.JSONValue) > 0 && len(e.JSONValue) < 100 { + sb.WriteByte(' ') + sb.Write(e.JSONValue) } // Format Go type. if e.GoType != nil { - if !omitPreposition { - sb.WriteString(preposition) + typeString := e.GoType.String() + if len(typeString) > 100 { + // An excessively long type string most likely occurs for + // an anonymous struct declaration with many fields. + // Reduce the noise by just printing the kind, + // and optionally prepending it with the package name + // if the struct happens to include an unexported field. + typeString = e.GoType.Kind().String() + if e.GoType.Kind() == reflect.Struct && e.GoType.Name() == "" { + for i := range e.GoType.NumField() { + if pkgPath := e.GoType.Field(i).PkgPath; pkgPath != "" { + typeString = pkgPath[strings.LastIndexByte(pkgPath, '/')+len("/"):] + ".struct" + break + } + } + } + } + sb.WriteString(preposition) + sb.WriteString(" Go ") + sb.WriteString(typeString) + } + + // Special handling for unknown names. + if e.Err == ErrUnknownName { + sb.WriteString(": ") + sb.WriteString(ErrUnknownName.Error()) + sb.WriteString(" ") + sb.WriteString(strconv.Quote(e.JSONPointer.LastToken())) + if parent := e.JSONPointer.Parent(); parent != "" { + sb.WriteString(" within ") + sb.WriteString(strconv.Quote(jsonwire.TruncatePointer(string(parent), 100))) } - sb.WriteString(" Go value of type ") - sb.WriteString(e.GoType.String()) + return sb.String() } // Format where. - switch { + // Avoid printing if it overlaps with a wrapped SyntacticError. + switch serr, _ := e.Err.(*jsontext.SyntacticError); { case e.JSONPointer != "": - sb.WriteString(" within JSON value at ") - sb.WriteString(strconv.Quote(e.JSONPointer)) + if serr == nil || !e.JSONPointer.Contains(serr.JSONPointer) { + sb.WriteString(" within ") + sb.WriteString(strconv.Quote(jsonwire.TruncatePointer(string(e.JSONPointer), 100))) + } case e.ByteOffset > 0: - sb.WriteString(" after byte offset ") - sb.WriteString(strconv.FormatInt(e.ByteOffset, 10)) + if serr == nil || !(e.ByteOffset <= serr.ByteOffset) { + sb.WriteString(" after offset ") + sb.WriteString(strconv.FormatInt(e.ByteOffset, 10)) + } } // Format underlying error. if e.Err != nil { + errString := e.Err.Error() + if isSyntacticError(e.Err) { + errString = strings.TrimPrefix(errString, "jsontext: ") + } sb.WriteString(": ") - sb.WriteString(e.Err.Error()) + sb.WriteString(errString) } return sb.String() } -func (e *SemanticError) Is(target error) bool { - return e == target || target == Error || errors.Is(e.Err, target) -} + func (e *SemanticError) Unwrap() error { return e.Err } -// SyntacticError is a description of a syntactic error that occurred when -// encoding or decoding JSON according to the grammar. -// -// The contents of this error as produced by this package may change over time. -type SyntacticError struct { - requireKeyedLiterals - nonComparable - - // ByteOffset indicates that an error occurred after this byte offset. - ByteOffset int64 - str string -} - -func (e *SyntacticError) Error() string { - return errorPrefix + e.str -} -func (e *SyntacticError) Is(target error) bool { - return e == target || target == Error -} -func (e *SyntacticError) withOffset(pos int64) error { - return &SyntacticError{ByteOffset: pos, str: e.str} -} - -func newInvalidCharacterError(prefix []byte, where string) *SyntacticError { - what := quoteRune(prefix) - return &SyntacticError{str: "invalid character " + what + " " + where} -} - -func quoteRune(b []byte) string { - r, n := utf8.DecodeRune(b) - if r == utf8.RuneError && n == 1 { - return `'\x` + strconv.FormatUint(uint64(b[0]), 16) + `'` +func newDuplicateNameError(ptr jsontext.Pointer, quotedName []byte, offset int64) error { + if quotedName != nil { + name, _ := jsonwire.AppendUnquote(nil, quotedName) + ptr = ptr.AppendToken(string(name)) + } + return &jsontext.SyntacticError{ + ByteOffset: offset, + JSONPointer: ptr, + Err: jsontext.ErrDuplicateName, } - return strconv.QuoteRune(r) } diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fields.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fields.go index c0ee36166..045c6988a 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fields.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fields.go @@ -2,27 +2,31 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json import ( + "cmp" "errors" "fmt" "io" "reflect" - "sort" + "slices" "strconv" "strings" "unicode" "unicode/utf8" -) -var errIgnoredField = errors.New("ignored field") + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" +) type isZeroer interface { IsZero() bool } -var isZeroerType = reflect.TypeOf((*isZeroer)(nil)).Elem() +var isZeroerType = reflect.TypeFor[isZeroer]() type structFields struct { flattened []structField // listed in depth-first ordering @@ -31,9 +35,37 @@ type structFields struct { inlinedFallback *structField } +// reindex recomputes index to avoid bounds check during runtime. +// +// During the construction of each [structField] in [makeStructFields], +// the index field is 0-indexed. However, before it returns, +// the 0th field is stored in index0 and index stores the remainder. +func (sf *structFields) reindex() { + reindex := func(f *structField) { + f.index0 = f.index[0] + f.index = f.index[1:] + if len(f.index) == 0 { + f.index = nil // avoid pinning the backing slice + } + } + for i := range sf.flattened { + reindex(&sf.flattened[i]) + } + if sf.inlinedFallback != nil { + reindex(sf.inlinedFallback) + } +} + +// lookupByFoldedName looks up name by a case-insensitive match +// that also ignores the presence of dashes and underscores. +func (fs *structFields) lookupByFoldedName(name []byte) []*structField { + return fs.byFoldedName[string(foldName(name))] +} + type structField struct { id int // unique numeric ID in breadth-first ordering - index []int // index into a struct according to reflect.Type.FieldByIndex + index0 int // 0th index into a struct according to [reflect.Type.FieldByIndex] + index []int // 1st index and remainder according to [reflect.Type.FieldByIndex] typ reflect.Type fncs *arshaler isZero func(addressableValue) bool @@ -41,18 +73,12 @@ type structField struct { fieldOptions } -func makeStructFields(root reflect.Type) (structFields, *SemanticError) { - var fs structFields - fs.byActualName = make(map[string]*structField, root.NumField()) - fs.byFoldedName = make(map[string][]*structField, root.NumField()) +var errNoExportedFields = errors.New("Go struct has no exported fields") - // ambiguous is a sentinel value to indicate that at least two fields - // at the same depth have the same name, and thus cancel each other out. - // This follows the same rules as selecting a field on embedded structs - // where the shallowest field takes precedence. If more than one field - // exists at the shallowest depth, then the selection is illegal. - // See https://go.dev/ref/spec#Selectors. - ambiguous := new(structField) +func makeStructFields(root reflect.Type) (fs structFields, serr *SemanticError) { + orErrorf := func(serr *SemanticError, t reflect.Type, f string, a ...any) *SemanticError { + return cmp.Or(serr, &SemanticError{GoType: t, Err: fmt.Errorf(f, a...)}) + } // Setup a queue for a breath-first search. var queueIndex int @@ -66,6 +92,7 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) { // Perform a breadth-first search over all reachable fields. // This ensures that len(f.index) will be monotonically increasing. + var allFields, inlinedFallbacks []structField for queueIndex < len(queue) { qe := queue[queueIndex] queueIndex++ @@ -75,16 +102,16 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) { namesIndex := make(map[string]int) // index of each field with a given JSON object name in current struct var hasAnyJSONTag bool // whether any Go struct field has a `json` tag var hasAnyJSONField bool // whether any JSON serializable fields exist in current struct - for i := 0; i < t.NumField(); i++ { + for i := range t.NumField() { sf := t.Field(i) _, hasTag := sf.Tag.Lookup("json") hasAnyJSONTag = hasAnyJSONTag || hasTag - options, err := parseFieldOptions(sf) + options, ignored, err := parseFieldOptions(sf) if err != nil { - if err == errIgnoredField { - continue - } - return structFields{}, &SemanticError{GoType: t, Err: err} + serr = cmp.Or(serr, &SemanticError{GoType: t, Err: err}) + } + if ignored { + continue } hasAnyJSONField = true f := structField{ @@ -96,84 +123,104 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) { fieldOptions: options, } if sf.Anonymous && !f.hasName { - f.inline = true // implied by use of Go embedding without an explicit name + if indirectType(f.typ).Kind() != reflect.Struct { + serr = orErrorf(serr, t, "embedded Go struct field %s of non-struct type must be explicitly given a JSON name", sf.Name) + } else { + f.inline = true // implied by use of Go embedding without an explicit name + } } if f.inline || f.unknown { // Handle an inlined field that serializes to/from // zero or more JSON object members. - if f.inline && f.unknown { - err := fmt.Errorf("Go struct field %s cannot have both `inline` and `unknown` specified", sf.Name) - return structFields{}, &SemanticError{GoType: t, Err: err} - } switch f.fieldOptions { case fieldOptions{name: f.name, quotedName: f.quotedName, inline: true}: case fieldOptions{name: f.name, quotedName: f.quotedName, unknown: true}: + case fieldOptions{name: f.name, quotedName: f.quotedName, inline: true, unknown: true}: + serr = orErrorf(serr, t, "Go struct field %s cannot have both `inline` and `unknown` specified", sf.Name) + f.inline = false // let `unknown` take precedence default: - err := fmt.Errorf("Go struct field %s cannot have any options other than `inline` or `unknown` specified", sf.Name) - return structFields{}, &SemanticError{GoType: t, Err: err} + serr = orErrorf(serr, t, "Go struct field %s cannot have any options other than `inline` or `unknown` specified", sf.Name) + if f.hasName { + continue // invalid inlined field; treat as ignored + } + f.fieldOptions = fieldOptions{name: f.name, quotedName: f.quotedName, inline: f.inline, unknown: f.unknown} + if f.inline && f.unknown { + f.inline = false // let `unknown` take precedence + } } - // Unwrap one level of pointer indirection similar to how Go - // only allows embedding either T or *T, but not **T. - tf := f.typ - if tf.Kind() == reflect.Pointer && tf.Name() == "" { - tf = tf.Elem() - } // Reject any types with custom serialization otherwise // it becomes impossible to know what sub-fields to inline. - if which, _ := implementsWhich(tf, - jsonMarshalerV2Type, jsonMarshalerV1Type, textMarshalerType, - jsonUnmarshalerV2Type, jsonUnmarshalerV1Type, textUnmarshalerType, - ); which != nil && tf != rawValueType { - err := fmt.Errorf("inlined Go struct field %s of type %s must not implement JSON marshal or unmarshal methods", sf.Name, tf) - return structFields{}, &SemanticError{GoType: t, Err: err} + tf := indirectType(f.typ) + if implementsAny(tf, allMethodTypes...) && tf != jsontextValueType { + serr = orErrorf(serr, t, "inlined Go struct field %s of type %s must not implement marshal or unmarshal methods", sf.Name, tf) } // Handle an inlined field that serializes to/from // a finite number of JSON object members backed by a Go struct. if tf.Kind() == reflect.Struct { if f.unknown { - err := fmt.Errorf("inlined Go struct field %s of type %s with `unknown` tag must be a Go map of string key or a json.RawValue", sf.Name, tf) - return structFields{}, &SemanticError{GoType: t, Err: err} + serr = orErrorf(serr, t, "inlined Go struct field %s of type %s with `unknown` tag must be a Go map of string key or a jsontext.Value", sf.Name, tf) + continue // invalid inlined field; treat as ignored } if qe.visitChildren { queue = append(queue, queueEntry{tf, f.index, !seen[tf]}) } seen[tf] = true continue + } else if !sf.IsExported() { + serr = orErrorf(serr, t, "inlined Go struct field %s is not exported", sf.Name) + continue // invalid inlined field; treat as ignored } // Handle an inlined field that serializes to/from any number of - // JSON object members back by a Go map or RawValue. + // JSON object members back by a Go map or jsontext.Value. switch { - case tf == rawValueType: + case tf == jsontextValueType: f.fncs = nil // specially handled in arshal_inlined.go - case tf.Kind() == reflect.Map && tf.Key() == stringType: + case tf.Kind() == reflect.Map && tf.Key().Kind() == reflect.String: + if implementsAny(tf.Key(), allMethodTypes...) { + serr = orErrorf(serr, t, "inlined map field %s of type %s must have a string key that does not implement marshal or unmarshal methods", sf.Name, tf) + continue // invalid inlined field; treat as ignored + } f.fncs = lookupArshaler(tf.Elem()) default: - err := fmt.Errorf("inlined Go struct field %s of type %s must be a Go struct, Go map of string key, or json.RawValue", sf.Name, tf) - return structFields{}, &SemanticError{GoType: t, Err: err} + serr = orErrorf(serr, t, "inlined Go struct field %s of type %s must be a Go struct, Go map of string key, or jsontext.Value", sf.Name, tf) + continue // invalid inlined field; treat as ignored } // Reject multiple inlined fallback fields within the same struct. if inlinedFallbackIndex >= 0 { - err := fmt.Errorf("inlined Go struct fields %s and %s cannot both be a Go map or json.RawValue", t.Field(inlinedFallbackIndex).Name, sf.Name) - return structFields{}, &SemanticError{GoType: t, Err: err} + serr = orErrorf(serr, t, "inlined Go struct fields %s and %s cannot both be a Go map or jsontext.Value", t.Field(inlinedFallbackIndex).Name, sf.Name) + // Still append f to inlinedFallbacks as there is still a + // check for a dominant inlined fallback before returning. } inlinedFallbackIndex = i - // Multiple inlined fallback fields across different structs - // follow the same precedence rules as Go struct embedding. - if fs.inlinedFallback == nil { - fs.inlinedFallback = &f // store first occurrence at lowest depth - } else if len(fs.inlinedFallback.index) == len(f.index) { - fs.inlinedFallback = ambiguous // at least two occurrences at same depth - } + inlinedFallbacks = append(inlinedFallbacks, f) } else { // Handle normal Go struct field that serializes to/from // a single JSON object member. + // Unexported fields cannot be serialized except for + // embedded fields of a struct type, + // which might promote exported fields of their own. + if !sf.IsExported() { + tf := indirectType(f.typ) + if !(sf.Anonymous && tf.Kind() == reflect.Struct) { + serr = orErrorf(serr, t, "Go struct field %s is not exported", sf.Name) + continue + } + // Unfortunately, methods on the unexported field + // still cannot be called. + if implementsAny(tf, allMethodTypes...) || + (f.omitzero && implementsAny(tf, isZeroerType)) { + serr = orErrorf(serr, t, "Go struct field %s is not exported for method calls", sf.Name) + continue + } + } + // Provide a function that uses a type's IsZero method. switch { case sf.Type.Kind() == reflect.Interface && sf.Type.Implements(isZeroerType): @@ -202,29 +249,17 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) { f.isEmpty = func(va addressableValue) bool { return va.IsNil() } } - f.id = len(fs.flattened) - f.fncs = lookupArshaler(sf.Type) - fs.flattened = append(fs.flattened, f) - - // Reject user-specified names with invalid UTF-8. - if !utf8.ValidString(f.name) { - err := fmt.Errorf("Go struct field %s has JSON object name %q with invalid UTF-8", sf.Name, f.name) - return structFields{}, &SemanticError{GoType: t, Err: err} - } // Reject multiple fields with same name within the same struct. if j, ok := namesIndex[f.name]; ok { - err := fmt.Errorf("Go struct fields %s and %s conflict over JSON object name %q", t.Field(j).Name, sf.Name, f.name) - return structFields{}, &SemanticError{GoType: t, Err: err} + serr = orErrorf(serr, t, "Go struct fields %s and %s conflict over JSON object name %q", t.Field(j).Name, sf.Name, f.name) + // Still append f to allFields as there is still a + // check for a dominant field before returning. } namesIndex[f.name] = i - // Multiple fields of the same name across different structs - // follow the same precedence rules as Go struct embedding. - if f2 := fs.byActualName[f.name]; f2 == nil { - fs.byActualName[f.name] = &fs.flattened[len(fs.flattened)-1] // store first occurrence at lowest depth - } else if len(f2.index) == len(f.index) { - fs.byActualName[f.name] = ambiguous // at least two occurrences at same depth - } + f.id = len(allFields) + f.fncs = lookupArshaler(sf.Type) + allFields = append(allFields, f) } } @@ -239,58 +274,58 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) { // errors returned by errors.New would fail to serialize. isEmptyStruct := t.NumField() == 0 if !isEmptyStruct && !hasAnyJSONTag && !hasAnyJSONField { - err := errors.New("Go struct has no exported fields") - return structFields{}, &SemanticError{GoType: t, Err: err} + serr = cmp.Or(serr, &SemanticError{GoType: t, Err: errNoExportedFields}) } } - // Remove all fields that are duplicates. - // This may move elements forward to fill the holes from removed fields. - var n int - for _, f := range fs.flattened { - switch f2 := fs.byActualName[f.name]; { - case f2 == ambiguous: - delete(fs.byActualName, f.name) - case f2 == nil: - continue // may be nil due to previous delete - // TODO(https://go.dev/issue/45955): Use slices.Equal. - case reflect.DeepEqual(f.index, f2.index): - f.id = n - fs.flattened[n] = f - fs.byActualName[f.name] = &fs.flattened[n] // fix pointer to new location + // Sort the fields by exact name (breaking ties by depth and + // then by presence of an explicitly provided JSON name). + // Select the dominant field from each set of fields with the same name. + // If multiple fields have the same name, then the dominant field + // is the one that exists alone at the shallowest depth, + // or the one that is uniquely tagged with a JSON name. + // Otherwise, no dominant field exists for the set. + flattened := allFields[:0] + slices.SortStableFunc(allFields, func(x, y structField) int { + return cmp.Or( + strings.Compare(x.name, y.name), + cmp.Compare(len(x.index), len(y.index)), + boolsCompare(!x.hasName, !y.hasName)) + }) + for len(allFields) > 0 { + n := 1 // number of fields with the same exact name + for n < len(allFields) && allFields[n-1].name == allFields[n].name { n++ } + if n == 1 || len(allFields[0].index) != len(allFields[1].index) || allFields[0].hasName != allFields[1].hasName { + flattened = append(flattened, allFields[0]) // only keep field if there is a dominant field + } + allFields = allFields[n:] } - fs.flattened = fs.flattened[:n] - if fs.inlinedFallback == ambiguous { - fs.inlinedFallback = nil - } - if len(fs.flattened) != len(fs.byActualName) { - panic(fmt.Sprintf("BUG: flattened list of fields mismatches fields mapped by name: %d != %d", len(fs.flattened), len(fs.byActualName))) + + // Sort the fields according to a breadth-first ordering + // so that we can re-number IDs with the smallest possible values. + // This optimizes use of uintSet such that it fits in the 64-entry bit set. + slices.SortFunc(flattened, func(x, y structField) int { + return cmp.Compare(x.id, y.id) + }) + for i := range flattened { + flattened[i].id = i } - // Sort the fields according to a depth-first ordering. - // This operation will cause pointers in byActualName to become incorrect, - // which we will correct in another loop shortly thereafter. - sort.Slice(fs.flattened, func(i, j int) bool { - si := fs.flattened[i].index - sj := fs.flattened[j].index - for len(si) > 0 && len(sj) > 0 { - switch { - case si[0] < sj[0]: - return true - case si[0] > sj[0]: - return false - default: - si = si[1:] - sj = sj[1:] - } - } - return len(si) < len(sj) + // Sort the fields according to a depth-first ordering + // as the typical order that fields are marshaled. + slices.SortFunc(flattened, func(x, y structField) int { + return slices.Compare(x.index, y.index) }) - // Recompute the mapping of fields in the byActualName map. + // Compute the mapping of fields in the byActualName map. // Pre-fold all names so that we can lookup folded names quickly. + fs = structFields{ + flattened: flattened, + byActualName: make(map[string]*structField, len(flattened)), + byFoldedName: make(map[string][]*structField, len(flattened)), + } for i, f := range fs.flattened { foldedName := string(foldName([]byte(f.name))) fs.byActualName[f.name] = &fs.flattened[i] @@ -298,58 +333,99 @@ func makeStructFields(root reflect.Type) (structFields, *SemanticError) { } for foldedName, fields := range fs.byFoldedName { if len(fields) > 1 { - // The precedence order for conflicting nocase names + // The precedence order for conflicting ignoreCase names // is by breadth-first order, rather than depth-first order. - sort.Slice(fields, func(i, j int) bool { - return fields[i].id < fields[j].id + slices.SortFunc(fields, func(x, y *structField) int { + return cmp.Compare(x.id, y.id) }) fs.byFoldedName[foldedName] = fields } } + if n := len(inlinedFallbacks); n == 1 || (n > 1 && len(inlinedFallbacks[0].index) != len(inlinedFallbacks[1].index)) { + fs.inlinedFallback = &inlinedFallbacks[0] // dominant inlined fallback field + } + fs.reindex() + return fs, serr +} + +// indirectType unwraps one level of pointer indirection +// similar to how Go only allows embedding either T or *T, +// but not **T or P (which is a named pointer). +func indirectType(t reflect.Type) reflect.Type { + if t.Kind() == reflect.Pointer && t.Name() == "" { + t = t.Elem() + } + return t +} - return fs, nil +// matchFoldedName matches a case-insensitive name depending on the options. +// It assumes that foldName(f.name) == foldName(name). +// +// Case-insensitive matching is used if the `case:ignore` tag option is specified +// or the MatchCaseInsensitiveNames call option is specified +// (and the `case:strict` tag option is not specified). +// Functionally, the `case:ignore` and `case:strict` tag options take precedence. +// +// The v1 definition of case-insensitivity operated under strings.EqualFold +// and would strictly compare dashes and underscores, +// while the v2 definition would ignore the presence of dashes and underscores. +// Thus, if the MatchCaseSensitiveDelimiter call option is specified, +// the match is further restricted to using strings.EqualFold. +func (f *structField) matchFoldedName(name []byte, flags *jsonflags.Flags) bool { + if f.casing == caseIgnore || (flags.Get(jsonflags.MatchCaseInsensitiveNames) && f.casing != caseStrict) { + if !flags.Get(jsonflags.MatchCaseSensitiveDelimiter) || strings.EqualFold(string(name), f.name) { + return true + } + } + return false } +const ( + caseIgnore = 1 + caseStrict = 2 +) + type fieldOptions struct { - name string - quotedName string // quoted name per RFC 8785, section 3.2.2.2. - hasName bool - nocase bool - inline bool - unknown bool - omitzero bool - omitempty bool - string bool - format string + name string + quotedName string // quoted name per RFC 8785, section 3.2.2.2. + hasName bool + nameNeedEscape bool + casing int8 // either 0, caseIgnore, or caseStrict + inline bool + unknown bool + omitzero bool + omitempty bool + string bool + format string } // parseFieldOptions parses the `json` tag in a Go struct field as // a structured set of options configuring parameters such as // the JSON member name and other features. -// As a special case, it returns errIgnoredField if the field is ignored. -func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) { +func parseFieldOptions(sf reflect.StructField) (out fieldOptions, ignored bool, err error) { tag, hasTag := sf.Tag.Lookup("json") + tagOrig := tag // Check whether this field is explicitly ignored. if tag == "-" { - return fieldOptions{}, errIgnoredField + return fieldOptions{}, true, nil } - // Check whether this field is unexported. - if !sf.IsExported() { - // In contrast to v1, v2 no longer forwards exported fields from - // embedded fields of unexported types since Go reflection does not - // allow the same set of operations that are available in normal cases - // of purely exported fields. - // See https://go.dev/issue/21357 and https://go.dev/issue/24153. - if sf.Anonymous { - return fieldOptions{}, fmt.Errorf("embedded Go struct field %s of an unexported type must be explicitly ignored with a `json:\"-\"` tag", sf.Type.Name()) - } + // Check whether this field is unexported and not embedded, + // which Go reflection cannot mutate for the sake of serialization. + // + // An embedded field of an unexported type is still capable of + // forwarding exported fields, which may be JSON serialized. + // This technically operates on the edge of what is permissible by + // the Go language, but the most recent decision is to permit this. + // + // See https://go.dev/issue/24153 and https://go.dev/issue/32772. + if !sf.IsExported() && !sf.Anonymous { // Tag options specified on an unexported field suggests user error. if hasTag { - return fieldOptions{}, fmt.Errorf("unexported Go struct field %s cannot have non-ignored `json:%q` tag", sf.Name, tag) + err = cmp.Or(err, fmt.Errorf("unexported Go struct field %s cannot have non-ignored `json:%q` tag", sf.Name, tag)) } - return fieldOptions{}, errIgnoredField + return fieldOptions{}, true, err } // Determine the JSON member name for this Go field. A user-specified name @@ -362,20 +438,38 @@ func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) { n := len(tag) - len(strings.TrimLeftFunc(tag, func(r rune) bool { return !strings.ContainsRune(",\\'\"`", r) // reserve comma, backslash, and quotes })) - opt := tag[:n] - if n == 0 { - // Allow a single quoted string for arbitrary names. - opt, n, err = consumeTagOption(tag) - if err != nil { - return fieldOptions{}, fmt.Errorf("Go struct field %s has malformed `json` tag: %v", sf.Name, err) + name := tag[:n] + + // If the next character is not a comma, then the name is either + // malformed (if n > 0) or a single-quoted name. + // In either case, call consumeTagOption to handle it further. + var err2 error + if !strings.HasPrefix(tag[n:], ",") && len(name) != len(tag) { + name, n, err2 = consumeTagOption(tag) + if err2 != nil { + err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed `json` tag: %v", sf.Name, err2)) } } - out.hasName = true - out.name = opt + if !utf8.ValidString(name) { + err = cmp.Or(err, fmt.Errorf("Go struct field %s has JSON object name %q with invalid UTF-8", sf.Name, name)) + name = string([]rune(name)) // replace invalid UTF-8 with utf8.RuneError + } + if name == "-" && tag[0] == '-' { + defer func() { // defer to let other errors take precedence + err = cmp.Or(err, fmt.Errorf("Go struct field %s has JSON object name %q; either "+ + "use `json:\"-\"` to ignore the field or "+ + "use `json:\"'-'%s` to specify %q as the name", sf.Name, out.name, strings.TrimPrefix(strconv.Quote(tagOrig), `"-`), name)) + }() + } + if err2 == nil { + out.hasName = true + out.name = name + } tag = tag[n:] } - b, _ := appendString(nil, out.name, false, nil) + b, _ := jsonwire.AppendQuote(nil, out.name, &jsonflags.Flags{}) out.quotedName = string(b) + out.nameNeedEscape = jsonwire.NeedEscape(out.name) // Handle any additional tag options (if any). var wasFormat bool @@ -383,29 +477,53 @@ func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) { for len(tag) > 0 { // Consume comma delimiter. if tag[0] != ',' { - return fieldOptions{}, fmt.Errorf("Go struct field %s has malformed `json` tag: invalid character %q before next option (expecting ',')", sf.Name, tag[0]) - } - tag = tag[len(","):] - if len(tag) == 0 { - return fieldOptions{}, fmt.Errorf("Go struct field %s has malformed `json` tag: invalid trailing ',' character", sf.Name) + err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed `json` tag: invalid character %q before next option (expecting ',')", sf.Name, tag[0])) + } else { + tag = tag[len(","):] + if len(tag) == 0 { + err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed `json` tag: invalid trailing ',' character", sf.Name)) + break + } } // Consume and process the tag option. - opt, n, err := consumeTagOption(tag) - if err != nil { - return fieldOptions{}, fmt.Errorf("Go struct field %s has malformed `json` tag: %v", sf.Name, err) + opt, n, err2 := consumeTagOption(tag) + if err2 != nil { + err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed `json` tag: %v", sf.Name, err2)) } rawOpt := tag[:n] tag = tag[n:] switch { case wasFormat: - return fieldOptions{}, fmt.Errorf("Go struct field %s has `format` tag option that was not specified last", sf.Name) + err = cmp.Or(err, fmt.Errorf("Go struct field %s has `format` tag option that was not specified last", sf.Name)) case strings.HasPrefix(rawOpt, "'") && strings.TrimFunc(opt, isLetterOrDigit) == "": - return fieldOptions{}, fmt.Errorf("Go struct field %s has unnecessarily quoted appearance of `%s` tag option; specify `%s` instead", sf.Name, rawOpt, opt) + err = cmp.Or(err, fmt.Errorf("Go struct field %s has unnecessarily quoted appearance of `%s` tag option; specify `%s` instead", sf.Name, rawOpt, opt)) } switch opt { - case "nocase": - out.nocase = true + case "case": + if !strings.HasPrefix(tag, ":") { + err = cmp.Or(err, fmt.Errorf("Go struct field %s is missing value for `case` tag option; specify `case:ignore` or `case:strict` instead", sf.Name)) + break + } + tag = tag[len(":"):] + opt, n, err2 := consumeTagOption(tag) + if err2 != nil { + err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed value for `case` tag option: %v", sf.Name, err2)) + break + } + rawOpt := tag[:n] + tag = tag[n:] + if strings.HasPrefix(rawOpt, "'") { + err = cmp.Or(err, fmt.Errorf("Go struct field %s has unnecessarily quoted appearance of `case:%s` tag option; specify `case:%s` instead", sf.Name, rawOpt, opt)) + } + switch opt { + case "ignore": + out.casing |= caseIgnore + case "strict": + out.casing |= caseStrict + default: + err = cmp.Or(err, fmt.Errorf("Go struct field %s has unknown `case:%s` tag value", sf.Name, rawOpt)) + } case "inline": out.inline = true case "unknown": @@ -418,12 +536,14 @@ func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) { out.string = true case "format": if !strings.HasPrefix(tag, ":") { - return fieldOptions{}, fmt.Errorf("Go struct field %s is missing value for `format` tag option", sf.Name) + err = cmp.Or(err, fmt.Errorf("Go struct field %s is missing value for `format` tag option", sf.Name)) + break } tag = tag[len(":"):] - opt, n, err := consumeTagOption(tag) - if err != nil { - return fieldOptions{}, fmt.Errorf("Go struct field %s has malformed value for `format` tag option: %v", sf.Name, err) + opt, n, err2 := consumeTagOption(tag) + if err2 != nil { + err = cmp.Or(err, fmt.Errorf("Go struct field %s has malformed value for `format` tag option: %v", sf.Name, err2)) + break } tag = tag[n:] out.format = opt @@ -433,8 +553,8 @@ func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) { // This catches invalid mutants such as "omitEmpty" or "omit_empty". normOpt := strings.ReplaceAll(strings.ToLower(opt), "_", "") switch normOpt { - case "nocase", "inline", "unknown", "omitzero", "omitempty", "string", "format": - return fieldOptions{}, fmt.Errorf("Go struct field %s has invalid appearance of `%s` tag option; specify `%s` instead", sf.Name, opt, normOpt) + case "case", "inline", "unknown", "omitzero", "omitempty", "string", "format": + err = cmp.Or(err, fmt.Errorf("Go struct field %s has invalid appearance of `%s` tag option; specify `%s` instead", sf.Name, opt, normOpt)) } // NOTE: Everything else is ignored. This does not mean it is @@ -443,15 +563,28 @@ func parseFieldOptions(sf reflect.StructField) (out fieldOptions, err error) { } // Reject duplicates. - if seenOpts[opt] { - return fieldOptions{}, fmt.Errorf("Go struct field %s has duplicate appearance of `%s` tag option", sf.Name, rawOpt) + switch { + case out.casing == caseIgnore|caseStrict: + err = cmp.Or(err, fmt.Errorf("Go struct field %s cannot have both `case:ignore` and `case:strict` tag options", sf.Name)) + case seenOpts[opt]: + err = cmp.Or(err, fmt.Errorf("Go struct field %s has duplicate appearance of `%s` tag option", sf.Name, rawOpt)) } seenOpts[opt] = true } - return out, nil + return out, false, err } +// consumeTagOption consumes the next option, +// which is either a Go identifier or a single-quoted string. +// If the next option is invalid, it returns all of in until the next comma, +// and reports an error. func consumeTagOption(in string) (string, int, error) { + // For legacy compatibility with v1, assume options are comma-separated. + i := strings.IndexByte(in, ',') + if i < 0 { + i = len(in) + } + switch r, _ := utf8.DecodeRuneInString(in); { // Option as a Go identifier. case r == '_' || unicode.IsLetter(r): @@ -486,7 +619,7 @@ func consumeTagOption(in string) (string, int, error) { n += len(`'`) out, err := strconv.Unquote(string(b)) if err != nil { - return "", 0, fmt.Errorf("invalid single-quoted string: %s", in[:n]) + return in[:i], i, fmt.Errorf("invalid single-quoted string: %s", in[:n]) } return out, n, nil } @@ -496,14 +629,26 @@ func consumeTagOption(in string) (string, int, error) { if n > 10 { n = 10 // limit the amount of context printed in the error } - return "", 0, fmt.Errorf("single-quoted string not terminated: %s...", in[:n]) + return in[:i], i, fmt.Errorf("single-quoted string not terminated: %s...", in[:n]) case len(in) == 0: - return "", 0, io.ErrUnexpectedEOF + return in[:i], i, io.ErrUnexpectedEOF default: - return "", 0, fmt.Errorf("invalid character %q at start of option (expecting Unicode letter or single quote)", r) + return in[:i], i, fmt.Errorf("invalid character %q at start of option (expecting Unicode letter or single quote)", r) } } func isLetterOrDigit(r rune) bool { return r == '_' || unicode.IsLetter(r) || unicode.IsNumber(r) } + +// boolsCompare compares x and y, ordering false before true. +func boolsCompare(x, y bool) int { + switch { + case !x && y: + return -1 + default: + return 0 + case x && !y: + return +1 + } +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fold.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fold.go index 9ab735814..973f52e73 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fold.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/fold.go @@ -2,6 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json import ( diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/intern.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/intern.go index 700a56db0..1bfb8ca63 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/intern.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/intern.go @@ -2,6 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:build !goexperiment.jsonv2 || !go1.25 + package json import ( @@ -10,12 +12,12 @@ import ( ) // stringCache is a cache for strings converted from a []byte. -type stringCache [256]string // 256*unsafe.Sizeof(string("")) => 4KiB +type stringCache = [256]string // 256*unsafe.Sizeof(string("")) => 4KiB -// make returns the string form of b. +// makeString returns the string form of b. // It returns a pre-allocated string from c if present, otherwise // it allocates a new string, inserts it into the cache, and returns it. -func (c *stringCache) make(b []byte) string { +func makeString(c *stringCache, b []byte) string { const ( minCachedLen = 2 // single byte strings are already interned by the runtime maxCachedLen = 256 // large enough for UUIDs, IPv6 addresses, SHA-256 checksums, etc. diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/internal.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/internal.go new file mode 100644 index 000000000..00b43fa30 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/internal.go @@ -0,0 +1,42 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package internal + +import "errors" + +// NotForPublicUse is a marker type that an API is for internal use only. +// It does not perfectly prevent usage of that API, but helps to restrict usage. +// Anything with this marker is not covered by the Go compatibility agreement. +type NotForPublicUse struct{} + +// AllowInternalUse is passed from "json" to "jsontext" to authenticate +// that the caller can have access to internal functionality. +var AllowInternalUse NotForPublicUse + +// Sentinel error values internally shared between jsonv1 and jsonv2. +var ( + ErrCycle = errors.New("encountered a cycle") + ErrNonNilReference = errors.New("value must be passed as a non-nil pointer reference") + ErrNilInterface = errors.New("cannot derive concrete type for nil interface with finite type set") +) + +var ( + // TransformMarshalError converts a v2 error into a v1 error. + // It is called only at the top-level of a Marshal function. + TransformMarshalError func(any, error) error + // NewMarshalerError constructs a jsonv1.MarshalerError. + // It is called after a user-defined Marshal method/function fails. + NewMarshalerError func(any, error, string) error + // TransformUnmarshalError converts a v2 error into a v1 error. + // It is called only at the top-level of a Unmarshal function. + TransformUnmarshalError func(any, error) error + + // NewRawNumber returns new(jsonv1.Number). + NewRawNumber func() any + // RawNumberOf returns jsonv1.Number(b). + RawNumberOf func(b []byte) any +) diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags/flags.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags/flags.go new file mode 100644 index 000000000..36300011e --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags/flags.go @@ -0,0 +1,215 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +// jsonflags implements all the optional boolean flags. +// These flags are shared across both "json", "jsontext", and "jsonopts". +package jsonflags + +import "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal" + +// Bools represents zero or more boolean flags, all set to true or false. +// The least-significant bit is the boolean value of all flags in the set. +// The remaining bits identify which particular flags. +// +// In common usage, this is OR'd with 0 or 1. For example: +// - (AllowInvalidUTF8 | 0) means "AllowInvalidUTF8 is false" +// - (Multiline | Indent | 1) means "Multiline and Indent are true" +type Bools uint64 + +func (Bools) JSONOptions(internal.NotForPublicUse) {} + +const ( + // AllFlags is the set of all flags. + AllFlags = AllCoderFlags | AllArshalV2Flags | AllArshalV1Flags + + // AllCoderFlags is the set of all encoder/decoder flags. + AllCoderFlags = (maxCoderFlag - 1) - initFlag + + // AllArshalV2Flags is the set of all v2 marshal/unmarshal flags. + AllArshalV2Flags = (maxArshalV2Flag - 1) - (maxCoderFlag - 1) + + // AllArshalV1Flags is the set of all v1 marshal/unmarshal flags. + AllArshalV1Flags = (maxArshalV1Flag - 1) - (maxArshalV2Flag - 1) + + // NonBooleanFlags is the set of non-boolean flags, + // where the value is some other concrete Go type. + // The value of the flag is stored within jsonopts.Struct. + NonBooleanFlags = 0 | + Indent | + IndentPrefix | + ByteLimit | + DepthLimit | + Marshalers | + Unmarshalers + + // DefaultV1Flags is the set of booleans flags that default to true under + // v1 semantics. None of the non-boolean flags differ between v1 and v2. + DefaultV1Flags = 0 | + AllowDuplicateNames | + AllowInvalidUTF8 | + EscapeForHTML | + EscapeForJS | + PreserveRawStrings | + Deterministic | + FormatNilMapAsNull | + FormatNilSliceAsNull | + MatchCaseInsensitiveNames | + CallMethodsWithLegacySemantics | + FormatByteArrayAsArray | + FormatBytesWithLegacySemantics | + FormatDurationAsNano | + MatchCaseSensitiveDelimiter | + MergeWithLegacySemantics | + OmitEmptyWithLegacySemantics | + ParseBytesWithLooseRFC4648 | + ParseTimeWithLooseRFC3339 | + ReportErrorsWithLegacySemantics | + StringifyWithLegacySemantics | + UnmarshalArrayFromAnyLength + + // AnyWhitespace reports whether the encoded output might have any whitespace. + AnyWhitespace = Multiline | SpaceAfterColon | SpaceAfterComma + + // WhitespaceFlags is the set of flags related to whitespace formatting. + // In contrast to AnyWhitespace, this includes Indent and IndentPrefix + // as those settings take no effect if Multiline is false. + WhitespaceFlags = AnyWhitespace | Indent | IndentPrefix + + // AnyEscape is the set of flags related to escaping in a JSON string. + AnyEscape = EscapeForHTML | EscapeForJS + + // CanonicalizeNumbers is the set of flags related to raw number canonicalization. + CanonicalizeNumbers = CanonicalizeRawInts | CanonicalizeRawFloats +) + +// Encoder and decoder flags. +const ( + initFlag Bools = 1 << iota // reserved for the boolean value itself + + AllowDuplicateNames // encode or decode + AllowInvalidUTF8 // encode or decode + WithinArshalCall // encode or decode; for internal use by json.Marshal and json.Unmarshal + OmitTopLevelNewline // encode only; for internal use by json.Marshal and json.MarshalWrite + PreserveRawStrings // encode only + CanonicalizeRawInts // encode only + CanonicalizeRawFloats // encode only + ReorderRawObjects // encode only + EscapeForHTML // encode only + EscapeForJS // encode only + Multiline // encode only + SpaceAfterColon // encode only + SpaceAfterComma // encode only + Indent // encode only; non-boolean flag + IndentPrefix // encode only; non-boolean flag + ByteLimit // encode or decode; non-boolean flag + DepthLimit // encode or decode; non-boolean flag + + maxCoderFlag +) + +// Marshal and Unmarshal flags (for v2). +const ( + _ Bools = (maxCoderFlag >> 1) << iota + + StringifyNumbers // marshal or unmarshal + Deterministic // marshal only + FormatNilMapAsNull // marshal only + FormatNilSliceAsNull // marshal only + OmitZeroStructFields // marshal only + MatchCaseInsensitiveNames // marshal or unmarshal + DiscardUnknownMembers // marshal only + RejectUnknownMembers // unmarshal only + Marshalers // marshal only; non-boolean flag + Unmarshalers // unmarshal only; non-boolean flag + + maxArshalV2Flag +) + +// Marshal and Unmarshal flags (for v1). +const ( + _ Bools = (maxArshalV2Flag >> 1) << iota + + CallMethodsWithLegacySemantics // marshal or unmarshal + FormatByteArrayAsArray // marshal or unmarshal + FormatBytesWithLegacySemantics // marshal or unmarshal + FormatDurationAsNano // marshal or unmarshal + MatchCaseSensitiveDelimiter // marshal or unmarshal + MergeWithLegacySemantics // unmarshal + OmitEmptyWithLegacySemantics // marshal + ParseBytesWithLooseRFC4648 // unmarshal + ParseTimeWithLooseRFC3339 // unmarshal + ReportErrorsWithLegacySemantics // marshal or unmarshal + StringifyWithLegacySemantics // marshal or unmarshal + StringifyBoolsAndStrings // marshal or unmarshal; for internal use by jsonv2.makeStructArshaler + UnmarshalAnyWithRawNumber // unmarshal; for internal use by jsonv1.Decoder.UseNumber + UnmarshalArrayFromAnyLength // unmarshal + + maxArshalV1Flag +) + +// bitsUsed is the number of bits used in the 64-bit boolean flags +const bitsUsed = 42 + +// Static compile check that bitsUsed and maxArshalV1Flag are in sync. +const _ = uint64((1< 0b_110_11011 + dst.Values &= ^src.Presence // e.g., 0b_1000_0011 & 0b_1010_0101 -> 0b_100_00001 + dst.Values |= src.Values // e.g., 0b_1000_0001 | 0b_1001_0010 -> 0b_100_10011 +} + +// Set sets both the presence and value for the provided bool (or set of bools). +func (fs *Flags) Set(f Bools) { + // Select out the bits for the flag identifiers (everything except LSB), + // then set the presence for all the identifier bits (using OR), + // then invert the identifier bits to clear out the values (using AND-NOT), + // then copy over all the identifier bits to the value if LSB is 1. + // e.g., fs := Flags{Presence: 0b_0101_0010, Value: 0b_0001_0010} + // e.g., f := 0b_1001_0001 + id := uint64(f) &^ uint64(1) // e.g., 0b_1001_0001 & 0b_1111_1110 -> 0b_1001_0000 + fs.Presence |= id // e.g., 0b_0101_0010 | 0b_1001_0000 -> 0b_1101_0011 + fs.Values &= ^id // e.g., 0b_0001_0010 & 0b_0110_1111 -> 0b_0000_0010 + fs.Values |= uint64(f&1) * id // e.g., 0b_0000_0010 | 0b_1001_0000 -> 0b_1001_0010 +} + +// Get reports whether the bool (or any of the bools) is true. +// This is generally only used with a singular bool. +// The value bit of f (i.e., the LSB) is ignored. +func (fs Flags) Get(f Bools) bool { + return fs.Values&uint64(f) > 0 +} + +// Has reports whether the bool (or any of the bools) is set. +// The value bit of f (i.e., the LSB) is ignored. +func (fs Flags) Has(f Bools) bool { + return fs.Presence&uint64(f) > 0 +} + +// Clear clears both the presence and value for the provided bool or bools. +// The value bit of f (i.e., the LSB) is ignored. +func (fs *Flags) Clear(f Bools) { + // Invert f to produce a mask to clear all bits in f (using AND). + // e.g., fs := Flags{Presence: 0b_0101_0010, Value: 0b_0001_0010} + // e.g., f := 0b_0001_1000 + mask := uint64(^f) // e.g., 0b_0001_1000 -> 0b_1110_0111 + fs.Presence &= mask // e.g., 0b_0101_0010 & 0b_1110_0111 -> 0b_0100_0010 + fs.Values &= mask // e.g., 0b_0001_0010 & 0b_1110_0111 -> 0b_0000_0010 +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts/options.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts/options.go new file mode 100644 index 000000000..c4fc8dba8 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts/options.go @@ -0,0 +1,202 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsonopts + +import ( + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" +) + +// Options is the common options type shared across json packages. +type Options interface { + // JSONOptions is exported so related json packages can implement Options. + JSONOptions(internal.NotForPublicUse) +} + +// Struct is the combination of all options in struct form. +// This is efficient to pass down the call stack and to query. +type Struct struct { + Flags jsonflags.Flags + + CoderValues + ArshalValues +} + +type CoderValues struct { + Indent string // jsonflags.Indent + IndentPrefix string // jsonflags.IndentPrefix + ByteLimit int64 // jsonflags.ByteLimit + DepthLimit int // jsonflags.DepthLimit +} + +type ArshalValues struct { + // The Marshalers and Unmarshalers fields use the any type to avoid a + // concrete dependency on *json.Marshalers and *json.Unmarshalers, + // which would in turn create a dependency on the "reflect" package. + + Marshalers any // jsonflags.Marshalers + Unmarshalers any // jsonflags.Unmarshalers + + Format string + FormatDepth int +} + +// DefaultOptionsV2 is the set of all options that define default v2 behavior. +var DefaultOptionsV2 = Struct{ + Flags: jsonflags.Flags{ + Presence: uint64(jsonflags.AllFlags & ^jsonflags.WhitespaceFlags), + Values: uint64(0), + }, +} + +// DefaultOptionsV1 is the set of all options that define default v1 behavior. +var DefaultOptionsV1 = Struct{ + Flags: jsonflags.Flags{ + Presence: uint64(jsonflags.AllFlags & ^jsonflags.WhitespaceFlags), + Values: uint64(jsonflags.DefaultV1Flags), + }, +} + +func (*Struct) JSONOptions(internal.NotForPublicUse) {} + +// GetUnknownOption is injected by the "json" package to handle Options +// declared in that package so that "jsonopts" can handle them. +var GetUnknownOption = func(Struct, Options) (any, bool) { panic("unknown option") } + +func GetOption[T any](opts Options, setter func(T) Options) (T, bool) { + // Collapse the options to *Struct to simplify lookup. + structOpts, ok := opts.(*Struct) + if !ok { + var structOpts2 Struct + structOpts2.Join(opts) + structOpts = &structOpts2 + } + + // Lookup the option based on the return value of the setter. + var zero T + switch opt := setter(zero).(type) { + case jsonflags.Bools: + v := structOpts.Flags.Get(opt) + ok := structOpts.Flags.Has(opt) + return any(v).(T), ok + case Indent: + if !structOpts.Flags.Has(jsonflags.Indent) { + return zero, false + } + return any(structOpts.Indent).(T), true + case IndentPrefix: + if !structOpts.Flags.Has(jsonflags.IndentPrefix) { + return zero, false + } + return any(structOpts.IndentPrefix).(T), true + case ByteLimit: + if !structOpts.Flags.Has(jsonflags.ByteLimit) { + return zero, false + } + return any(structOpts.ByteLimit).(T), true + case DepthLimit: + if !structOpts.Flags.Has(jsonflags.DepthLimit) { + return zero, false + } + return any(structOpts.DepthLimit).(T), true + default: + v, ok := GetUnknownOption(*structOpts, opt) + return v.(T), ok + } +} + +// JoinUnknownOption is injected by the "json" package to handle Options +// declared in that package so that "jsonopts" can handle them. +var JoinUnknownOption = func(Struct, Options) Struct { panic("unknown option") } + +func (dst *Struct) Join(srcs ...Options) { + dst.join(false, srcs...) +} + +func (dst *Struct) JoinWithoutCoderOptions(srcs ...Options) { + dst.join(true, srcs...) +} + +func (dst *Struct) join(excludeCoderOptions bool, srcs ...Options) { + for _, src := range srcs { + switch src := src.(type) { + case nil: + continue + case jsonflags.Bools: + if excludeCoderOptions { + src &= ^jsonflags.AllCoderFlags + } + dst.Flags.Set(src) + case Indent: + if excludeCoderOptions { + continue + } + dst.Flags.Set(jsonflags.Multiline | jsonflags.Indent | 1) + dst.Indent = string(src) + case IndentPrefix: + if excludeCoderOptions { + continue + } + dst.Flags.Set(jsonflags.Multiline | jsonflags.IndentPrefix | 1) + dst.IndentPrefix = string(src) + case ByteLimit: + if excludeCoderOptions { + continue + } + dst.Flags.Set(jsonflags.ByteLimit | 1) + dst.ByteLimit = int64(src) + case DepthLimit: + if excludeCoderOptions { + continue + } + dst.Flags.Set(jsonflags.DepthLimit | 1) + dst.DepthLimit = int(src) + case *Struct: + srcFlags := src.Flags // shallow copy the flags + if excludeCoderOptions { + srcFlags.Clear(jsonflags.AllCoderFlags) + } + dst.Flags.Join(srcFlags) + if srcFlags.Has(jsonflags.NonBooleanFlags) { + if srcFlags.Has(jsonflags.Indent) { + dst.Indent = src.Indent + } + if srcFlags.Has(jsonflags.IndentPrefix) { + dst.IndentPrefix = src.IndentPrefix + } + if srcFlags.Has(jsonflags.ByteLimit) { + dst.ByteLimit = src.ByteLimit + } + if srcFlags.Has(jsonflags.DepthLimit) { + dst.DepthLimit = src.DepthLimit + } + if srcFlags.Has(jsonflags.Marshalers) { + dst.Marshalers = src.Marshalers + } + if srcFlags.Has(jsonflags.Unmarshalers) { + dst.Unmarshalers = src.Unmarshalers + } + } + default: + *dst = JoinUnknownOption(*dst, src) + } + } +} + +type ( + Indent string // jsontext.WithIndent + IndentPrefix string // jsontext.WithIndentPrefix + ByteLimit int64 // jsontext.WithByteLimit + DepthLimit int // jsontext.WithDepthLimit + // type for jsonflags.Marshalers declared in "json" package + // type for jsonflags.Unmarshalers declared in "json" package +) + +func (Indent) JSONOptions(internal.NotForPublicUse) {} +func (IndentPrefix) JSONOptions(internal.NotForPublicUse) {} +func (ByteLimit) JSONOptions(internal.NotForPublicUse) {} +func (DepthLimit) JSONOptions(internal.NotForPublicUse) {} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/decode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/decode.go new file mode 100644 index 000000000..6a5acb8ec --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/decode.go @@ -0,0 +1,629 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsonwire + +import ( + "io" + "math" + "slices" + "strconv" + "unicode/utf16" + "unicode/utf8" +) + +type ValueFlags uint + +const ( + _ ValueFlags = (1 << iota) / 2 // powers of two starting with zero + + stringNonVerbatim // string cannot be naively treated as valid UTF-8 + stringNonCanonical // string not formatted according to RFC 8785, section 3.2.2.2. + // TODO: Track whether a number is a non-integer? +) + +func (f *ValueFlags) Join(f2 ValueFlags) { *f |= f2 } +func (f ValueFlags) IsVerbatim() bool { return f&stringNonVerbatim == 0 } +func (f ValueFlags) IsCanonical() bool { return f&stringNonCanonical == 0 } + +// ConsumeWhitespace consumes leading JSON whitespace per RFC 7159, section 2. +func ConsumeWhitespace(b []byte) (n int) { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + for len(b) > n && (b[n] == ' ' || b[n] == '\t' || b[n] == '\r' || b[n] == '\n') { + n++ + } + return n +} + +// ConsumeNull consumes the next JSON null literal per RFC 7159, section 3. +// It returns 0 if it is invalid, in which case consumeLiteral should be used. +func ConsumeNull(b []byte) int { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + const literal = "null" + if len(b) >= len(literal) && string(b[:len(literal)]) == literal { + return len(literal) + } + return 0 +} + +// ConsumeFalse consumes the next JSON false literal per RFC 7159, section 3. +// It returns 0 if it is invalid, in which case consumeLiteral should be used. +func ConsumeFalse(b []byte) int { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + const literal = "false" + if len(b) >= len(literal) && string(b[:len(literal)]) == literal { + return len(literal) + } + return 0 +} + +// ConsumeTrue consumes the next JSON true literal per RFC 7159, section 3. +// It returns 0 if it is invalid, in which case consumeLiteral should be used. +func ConsumeTrue(b []byte) int { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + const literal = "true" + if len(b) >= len(literal) && string(b[:len(literal)]) == literal { + return len(literal) + } + return 0 +} + +// ConsumeLiteral consumes the next JSON literal per RFC 7159, section 3. +// If the input appears truncated, it returns io.ErrUnexpectedEOF. +func ConsumeLiteral(b []byte, lit string) (n int, err error) { + for i := 0; i < len(b) && i < len(lit); i++ { + if b[i] != lit[i] { + return i, NewInvalidCharacterError(b[i:], "in literal "+lit+" (expecting "+strconv.QuoteRune(rune(lit[i]))+")") + } + } + if len(b) < len(lit) { + return len(b), io.ErrUnexpectedEOF + } + return len(lit), nil +} + +// ConsumeSimpleString consumes the next JSON string per RFC 7159, section 7 +// but is limited to the grammar for an ASCII string without escape sequences. +// It returns 0 if it is invalid or more complicated than a simple string, +// in which case consumeString should be called. +// +// It rejects '<', '>', and '&' for compatibility reasons since these were +// always escaped in the v1 implementation. Thus, if this function reports +// non-zero then we know that the string would be encoded the same way +// under both v1 or v2 escape semantics. +func ConsumeSimpleString(b []byte) (n int) { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + if len(b) > 0 && b[0] == '"' { + n++ + for len(b) > n && b[n] < utf8.RuneSelf && escapeASCII[b[n]] == 0 { + n++ + } + if uint(len(b)) > uint(n) && b[n] == '"' { + n++ + return n + } + } + return 0 +} + +// ConsumeString consumes the next JSON string per RFC 7159, section 7. +// If validateUTF8 is false, then this allows the presence of invalid UTF-8 +// characters within the string itself. +// It reports the number of bytes consumed and whether an error was encountered. +// If the input appears truncated, it returns io.ErrUnexpectedEOF. +func ConsumeString(flags *ValueFlags, b []byte, validateUTF8 bool) (n int, err error) { + return ConsumeStringResumable(flags, b, 0, validateUTF8) +} + +// ConsumeStringResumable is identical to consumeString but supports resuming +// from a previous call that returned io.ErrUnexpectedEOF. +func ConsumeStringResumable(flags *ValueFlags, b []byte, resumeOffset int, validateUTF8 bool) (n int, err error) { + // Consume the leading double quote. + switch { + case resumeOffset > 0: + n = resumeOffset // already handled the leading quote + case uint(len(b)) == 0: + return n, io.ErrUnexpectedEOF + case b[0] == '"': + n++ + default: + return n, NewInvalidCharacterError(b[n:], `at start of string (expecting '"')`) + } + + // Consume every character in the string. + for uint(len(b)) > uint(n) { + // Optimize for long sequences of unescaped characters. + noEscape := func(c byte) bool { + return c < utf8.RuneSelf && ' ' <= c && c != '\\' && c != '"' + } + for uint(len(b)) > uint(n) && noEscape(b[n]) { + n++ + } + if uint(len(b)) <= uint(n) { + return n, io.ErrUnexpectedEOF + } + + // Check for terminating double quote. + if b[n] == '"' { + n++ + return n, nil + } + + switch r, rn := utf8.DecodeRune(b[n:]); { + // Handle UTF-8 encoded byte sequence. + // Due to specialized handling of ASCII above, we know that + // all normal sequences at this point must be 2 bytes or larger. + case rn > 1: + n += rn + // Handle escape sequence. + case r == '\\': + flags.Join(stringNonVerbatim) + resumeOffset = n + if uint(len(b)) < uint(n+2) { + return resumeOffset, io.ErrUnexpectedEOF + } + switch r := b[n+1]; r { + case '/': + // Forward slash is the only character with 3 representations. + // Per RFC 8785, section 3.2.2.2., this must not be escaped. + flags.Join(stringNonCanonical) + n += 2 + case '"', '\\', 'b', 'f', 'n', 'r', 't': + n += 2 + case 'u': + if uint(len(b)) < uint(n+6) { + if hasEscapedUTF16Prefix(b[n:], false) { + return resumeOffset, io.ErrUnexpectedEOF + } + flags.Join(stringNonCanonical) + return n, NewInvalidEscapeSequenceError(b[n:]) + } + v1, ok := parseHexUint16(b[n+2 : n+6]) + if !ok { + flags.Join(stringNonCanonical) + return n, NewInvalidEscapeSequenceError(b[n : n+6]) + } + // Only certain control characters can use the \uFFFF notation + // for canonical formatting (per RFC 8785, section 3.2.2.2.). + switch v1 { + // \uFFFF notation not permitted for these characters. + case '\b', '\f', '\n', '\r', '\t': + flags.Join(stringNonCanonical) + default: + // \uFFFF notation only permitted for control characters. + if v1 >= ' ' { + flags.Join(stringNonCanonical) + } else { + // \uFFFF notation must be lower case. + for _, c := range b[n+2 : n+6] { + if 'A' <= c && c <= 'F' { + flags.Join(stringNonCanonical) + } + } + } + } + n += 6 + + r := rune(v1) + if validateUTF8 && utf16.IsSurrogate(r) { + if uint(len(b)) < uint(n+6) { + if hasEscapedUTF16Prefix(b[n:], true) { + return resumeOffset, io.ErrUnexpectedEOF + } + flags.Join(stringNonCanonical) + return n - 6, NewInvalidEscapeSequenceError(b[n-6:]) + } else if v2, ok := parseHexUint16(b[n+2 : n+6]); b[n] != '\\' || b[n+1] != 'u' || !ok { + flags.Join(stringNonCanonical) + return n - 6, NewInvalidEscapeSequenceError(b[n-6 : n+6]) + } else if r = utf16.DecodeRune(rune(v1), rune(v2)); r == utf8.RuneError { + flags.Join(stringNonCanonical) + return n - 6, NewInvalidEscapeSequenceError(b[n-6 : n+6]) + } else { + n += 6 + } + } + default: + flags.Join(stringNonCanonical) + return n, NewInvalidEscapeSequenceError(b[n : n+2]) + } + // Handle invalid UTF-8. + case r == utf8.RuneError: + if !utf8.FullRune(b[n:]) { + return n, io.ErrUnexpectedEOF + } + flags.Join(stringNonVerbatim | stringNonCanonical) + if validateUTF8 { + return n, ErrInvalidUTF8 + } + n++ + // Handle invalid control characters. + case r < ' ': + flags.Join(stringNonVerbatim | stringNonCanonical) + return n, NewInvalidCharacterError(b[n:], "in string (expecting non-control character)") + default: + panic("BUG: unhandled character " + QuoteRune(b[n:])) + } + } + return n, io.ErrUnexpectedEOF +} + +// AppendUnquote appends the unescaped form of a JSON string in src to dst. +// Any invalid UTF-8 within the string will be replaced with utf8.RuneError, +// but the error will be specified as having encountered such an error. +// The input must be an entire JSON string with no surrounding whitespace. +func AppendUnquote[Bytes ~[]byte | ~string](dst []byte, src Bytes) (v []byte, err error) { + dst = slices.Grow(dst, len(src)) + + // Consume the leading double quote. + var i, n int + switch { + case uint(len(src)) == 0: + return dst, io.ErrUnexpectedEOF + case src[0] == '"': + i, n = 1, 1 + default: + return dst, NewInvalidCharacterError(src, `at start of string (expecting '"')`) + } + + // Consume every character in the string. + for uint(len(src)) > uint(n) { + // Optimize for long sequences of unescaped characters. + noEscape := func(c byte) bool { + return c < utf8.RuneSelf && ' ' <= c && c != '\\' && c != '"' + } + for uint(len(src)) > uint(n) && noEscape(src[n]) { + n++ + } + if uint(len(src)) <= uint(n) { + dst = append(dst, src[i:n]...) + return dst, io.ErrUnexpectedEOF + } + + // Check for terminating double quote. + if src[n] == '"' { + dst = append(dst, src[i:n]...) + n++ + if n < len(src) { + err = NewInvalidCharacterError(src[n:], "after string value") + } + return dst, err + } + + switch r, rn := utf8.DecodeRuneInString(string(truncateMaxUTF8(src[n:]))); { + // Handle UTF-8 encoded byte sequence. + // Due to specialized handling of ASCII above, we know that + // all normal sequences at this point must be 2 bytes or larger. + case rn > 1: + n += rn + // Handle escape sequence. + case r == '\\': + dst = append(dst, src[i:n]...) + + // Handle escape sequence. + if uint(len(src)) < uint(n+2) { + return dst, io.ErrUnexpectedEOF + } + switch r := src[n+1]; r { + case '"', '\\', '/': + dst = append(dst, r) + n += 2 + case 'b': + dst = append(dst, '\b') + n += 2 + case 'f': + dst = append(dst, '\f') + n += 2 + case 'n': + dst = append(dst, '\n') + n += 2 + case 'r': + dst = append(dst, '\r') + n += 2 + case 't': + dst = append(dst, '\t') + n += 2 + case 'u': + if uint(len(src)) < uint(n+6) { + if hasEscapedUTF16Prefix(src[n:], false) { + return dst, io.ErrUnexpectedEOF + } + return dst, NewInvalidEscapeSequenceError(src[n:]) + } + v1, ok := parseHexUint16(src[n+2 : n+6]) + if !ok { + return dst, NewInvalidEscapeSequenceError(src[n : n+6]) + } + n += 6 + + // Check whether this is a surrogate half. + r := rune(v1) + if utf16.IsSurrogate(r) { + r = utf8.RuneError // assume failure unless the following succeeds + if uint(len(src)) < uint(n+6) { + if hasEscapedUTF16Prefix(src[n:], true) { + return utf8.AppendRune(dst, r), io.ErrUnexpectedEOF + } + err = NewInvalidEscapeSequenceError(src[n-6:]) + } else if v2, ok := parseHexUint16(src[n+2 : n+6]); src[n] != '\\' || src[n+1] != 'u' || !ok { + err = NewInvalidEscapeSequenceError(src[n-6 : n+6]) + } else if r = utf16.DecodeRune(rune(v1), rune(v2)); r == utf8.RuneError { + err = NewInvalidEscapeSequenceError(src[n-6 : n+6]) + } else { + n += 6 + } + } + + dst = utf8.AppendRune(dst, r) + default: + return dst, NewInvalidEscapeSequenceError(src[n : n+2]) + } + i = n + // Handle invalid UTF-8. + case r == utf8.RuneError: + dst = append(dst, src[i:n]...) + if !utf8.FullRuneInString(string(truncateMaxUTF8(src[n:]))) { + return dst, io.ErrUnexpectedEOF + } + // NOTE: An unescaped string may be longer than the escaped string + // because invalid UTF-8 bytes are being replaced. + dst = append(dst, "\uFFFD"...) + n += rn + i = n + err = ErrInvalidUTF8 + // Handle invalid control characters. + case r < ' ': + dst = append(dst, src[i:n]...) + return dst, NewInvalidCharacterError(src[n:], "in string (expecting non-control character)") + default: + panic("BUG: unhandled character " + QuoteRune(src[n:])) + } + } + dst = append(dst, src[i:n]...) + return dst, io.ErrUnexpectedEOF +} + +// hasEscapedUTF16Prefix reports whether b is possibly +// the truncated prefix of a \uFFFF escape sequence. +func hasEscapedUTF16Prefix[Bytes ~[]byte | ~string](b Bytes, lowerSurrogateHalf bool) bool { + for i := range len(b) { + switch c := b[i]; { + case i == 0 && c != '\\': + return false + case i == 1 && c != 'u': + return false + case i == 2 && lowerSurrogateHalf && c != 'd' && c != 'D': + return false // not within ['\uDC00':'\uDFFF'] + case i == 3 && lowerSurrogateHalf && !('c' <= c && c <= 'f') && !('C' <= c && c <= 'F'): + return false // not within ['\uDC00':'\uDFFF'] + case i >= 2 && i < 6 && !('0' <= c && c <= '9') && !('a' <= c && c <= 'f') && !('A' <= c && c <= 'F'): + return false + } + } + return true +} + +// UnquoteMayCopy returns the unescaped form of b. +// If there are no escaped characters, the output is simply a subslice of +// the input with the surrounding quotes removed. +// Otherwise, a new buffer is allocated for the output. +// It assumes the input is valid. +func UnquoteMayCopy(b []byte, isVerbatim bool) []byte { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + if isVerbatim { + return b[len(`"`) : len(b)-len(`"`)] + } + b, _ = AppendUnquote(nil, b) + return b +} + +// ConsumeSimpleNumber consumes the next JSON number per RFC 7159, section 6 +// but is limited to the grammar for a positive integer. +// It returns 0 if it is invalid or more complicated than a simple integer, +// in which case consumeNumber should be called. +func ConsumeSimpleNumber(b []byte) (n int) { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + if len(b) > 0 { + if b[0] == '0' { + n++ + } else if '1' <= b[0] && b[0] <= '9' { + n++ + for len(b) > n && ('0' <= b[n] && b[n] <= '9') { + n++ + } + } else { + return 0 + } + if uint(len(b)) <= uint(n) || (b[n] != '.' && b[n] != 'e' && b[n] != 'E') { + return n + } + } + return 0 +} + +type ConsumeNumberState uint + +const ( + consumeNumberInit ConsumeNumberState = iota + beforeIntegerDigits + withinIntegerDigits + beforeFractionalDigits + withinFractionalDigits + beforeExponentDigits + withinExponentDigits +) + +// ConsumeNumber consumes the next JSON number per RFC 7159, section 6. +// It reports the number of bytes consumed and whether an error was encountered. +// If the input appears truncated, it returns io.ErrUnexpectedEOF. +// +// Note that JSON numbers are not self-terminating. +// If the entire input is consumed, then the caller needs to consider whether +// there may be subsequent unread data that may still be part of this number. +func ConsumeNumber(b []byte) (n int, err error) { + n, _, err = ConsumeNumberResumable(b, 0, consumeNumberInit) + return n, err +} + +// ConsumeNumberResumable is identical to consumeNumber but supports resuming +// from a previous call that returned io.ErrUnexpectedEOF. +func ConsumeNumberResumable(b []byte, resumeOffset int, state ConsumeNumberState) (n int, _ ConsumeNumberState, err error) { + // Jump to the right state when resuming from a partial consumption. + n = resumeOffset + if state > consumeNumberInit { + switch state { + case withinIntegerDigits, withinFractionalDigits, withinExponentDigits: + // Consume leading digits. + for uint(len(b)) > uint(n) && ('0' <= b[n] && b[n] <= '9') { + n++ + } + if uint(len(b)) <= uint(n) { + return n, state, nil // still within the same state + } + state++ // switches "withinX" to "beforeY" where Y is the state after X + } + switch state { + case beforeIntegerDigits: + goto beforeInteger + case beforeFractionalDigits: + goto beforeFractional + case beforeExponentDigits: + goto beforeExponent + default: + return n, state, nil + } + } + + // Consume required integer component (with optional minus sign). +beforeInteger: + resumeOffset = n + if uint(len(b)) > 0 && b[0] == '-' { + n++ + } + switch { + case uint(len(b)) <= uint(n): + return resumeOffset, beforeIntegerDigits, io.ErrUnexpectedEOF + case b[n] == '0': + n++ + state = beforeFractionalDigits + case '1' <= b[n] && b[n] <= '9': + n++ + for uint(len(b)) > uint(n) && ('0' <= b[n] && b[n] <= '9') { + n++ + } + state = withinIntegerDigits + default: + return n, state, NewInvalidCharacterError(b[n:], "in number (expecting digit)") + } + + // Consume optional fractional component. +beforeFractional: + if uint(len(b)) > uint(n) && b[n] == '.' { + resumeOffset = n + n++ + switch { + case uint(len(b)) <= uint(n): + return resumeOffset, beforeFractionalDigits, io.ErrUnexpectedEOF + case '0' <= b[n] && b[n] <= '9': + n++ + default: + return n, state, NewInvalidCharacterError(b[n:], "in number (expecting digit)") + } + for uint(len(b)) > uint(n) && ('0' <= b[n] && b[n] <= '9') { + n++ + } + state = withinFractionalDigits + } + + // Consume optional exponent component. +beforeExponent: + if uint(len(b)) > uint(n) && (b[n] == 'e' || b[n] == 'E') { + resumeOffset = n + n++ + if uint(len(b)) > uint(n) && (b[n] == '-' || b[n] == '+') { + n++ + } + switch { + case uint(len(b)) <= uint(n): + return resumeOffset, beforeExponentDigits, io.ErrUnexpectedEOF + case '0' <= b[n] && b[n] <= '9': + n++ + default: + return n, state, NewInvalidCharacterError(b[n:], "in number (expecting digit)") + } + for uint(len(b)) > uint(n) && ('0' <= b[n] && b[n] <= '9') { + n++ + } + state = withinExponentDigits + } + + return n, state, nil +} + +// parseHexUint16 is similar to strconv.ParseUint, +// but operates directly on []byte and is optimized for base-16. +// See https://go.dev/issue/42429. +func parseHexUint16[Bytes ~[]byte | ~string](b Bytes) (v uint16, ok bool) { + if len(b) != 4 { + return 0, false + } + for i := range 4 { + c := b[i] + switch { + case '0' <= c && c <= '9': + c = c - '0' + case 'a' <= c && c <= 'f': + c = 10 + c - 'a' + case 'A' <= c && c <= 'F': + c = 10 + c - 'A' + default: + return 0, false + } + v = v*16 + uint16(c) + } + return v, true +} + +// ParseUint parses b as a decimal unsigned integer according to +// a strict subset of the JSON number grammar, returning the value if valid. +// It returns (0, false) if there is a syntax error and +// returns (math.MaxUint64, false) if there is an overflow. +func ParseUint(b []byte) (v uint64, ok bool) { + const unsafeWidth = 20 // len(fmt.Sprint(uint64(math.MaxUint64))) + var n int + for ; len(b) > n && ('0' <= b[n] && b[n] <= '9'); n++ { + v = 10*v + uint64(b[n]-'0') + } + switch { + case n == 0 || len(b) != n || (b[0] == '0' && string(b) != "0"): + return 0, false + case n >= unsafeWidth && (b[0] != '1' || v < 1e19 || n > unsafeWidth): + return math.MaxUint64, false + } + return v, true +} + +// ParseFloat parses a floating point number according to the Go float grammar. +// Note that the JSON number grammar is a strict subset. +// +// If the number overflows the finite representation of a float, +// then we return MaxFloat since any finite value will always be infinitely +// more accurate at representing another finite value than an infinite value. +func ParseFloat(b []byte, bits int) (v float64, ok bool) { + fv, err := strconv.ParseFloat(string(b), bits) + if math.IsInf(fv, 0) { + switch { + case bits == 32 && math.IsInf(fv, +1): + fv = +math.MaxFloat32 + case bits == 64 && math.IsInf(fv, +1): + fv = +math.MaxFloat64 + case bits == 32 && math.IsInf(fv, -1): + fv = -math.MaxFloat32 + case bits == 64 && math.IsInf(fv, -1): + fv = -math.MaxFloat64 + } + } + return fv, err == nil +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/encode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/encode.go new file mode 100644 index 000000000..e74ed713e --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/encode.go @@ -0,0 +1,290 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsonwire + +import ( + "math" + "slices" + "strconv" + "unicode/utf16" + "unicode/utf8" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" +) + +// escapeASCII reports whether the ASCII character needs to be escaped. +// It conservatively assumes EscapeForHTML. +var escapeASCII = [...]uint8{ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // escape control characters + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // escape control characters + 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, // escape '"' and '&' + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, // escape '<' and '>' + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, // escape '\\' + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +} + +// NeedEscape reports whether src needs escaping of any characters. +// It conservatively assumes EscapeForHTML and EscapeForJS. +// It reports true for inputs with invalid UTF-8. +func NeedEscape[Bytes ~[]byte | ~string](src Bytes) bool { + var i int + for uint(len(src)) > uint(i) { + if c := src[i]; c < utf8.RuneSelf { + if escapeASCII[c] > 0 { + return true + } + i++ + } else { + r, rn := utf8.DecodeRuneInString(string(truncateMaxUTF8(src[i:]))) + if r == utf8.RuneError || r == '\u2028' || r == '\u2029' { + return true + } + i += rn + } + } + return false +} + +// AppendQuote appends src to dst as a JSON string per RFC 7159, section 7. +// +// It takes in flags and respects the following: +// - EscapeForHTML escapes '<', '>', and '&'. +// - EscapeForJS escapes '\u2028' and '\u2029'. +// - AllowInvalidUTF8 avoids reporting an error for invalid UTF-8. +// +// Regardless of whether AllowInvalidUTF8 is specified, +// invalid bytes are replaced with the Unicode replacement character ('\ufffd'). +// If no escape flags are set, then the shortest representable form is used, +// which is also the canonical form for strings (RFC 8785, section 3.2.2.2). +func AppendQuote[Bytes ~[]byte | ~string](dst []byte, src Bytes, flags *jsonflags.Flags) ([]byte, error) { + var i, n int + var hasInvalidUTF8 bool + dst = slices.Grow(dst, len(`"`)+len(src)+len(`"`)) + dst = append(dst, '"') + for uint(len(src)) > uint(n) { + if c := src[n]; c < utf8.RuneSelf { + // Handle single-byte ASCII. + n++ + if escapeASCII[c] == 0 { + continue // no escaping possibly needed + } + // Handle escaping of single-byte ASCII. + if !(c == '<' || c == '>' || c == '&') || flags.Get(jsonflags.EscapeForHTML) { + dst = append(dst, src[i:n-1]...) + dst = appendEscapedASCII(dst, c) + i = n + } + } else { + // Handle multi-byte Unicode. + r, rn := utf8.DecodeRuneInString(string(truncateMaxUTF8(src[n:]))) + n += rn + if r != utf8.RuneError && r != '\u2028' && r != '\u2029' { + continue // no escaping possibly needed + } + // Handle escaping of multi-byte Unicode. + switch { + case isInvalidUTF8(r, rn): + hasInvalidUTF8 = true + dst = append(dst, src[i:n-rn]...) + dst = append(dst, "\ufffd"...) + i = n + case (r == '\u2028' || r == '\u2029') && flags.Get(jsonflags.EscapeForJS): + dst = append(dst, src[i:n-rn]...) + dst = appendEscapedUnicode(dst, r) + i = n + } + } + } + dst = append(dst, src[i:n]...) + dst = append(dst, '"') + if hasInvalidUTF8 && !flags.Get(jsonflags.AllowInvalidUTF8) { + return dst, ErrInvalidUTF8 + } + return dst, nil +} + +func appendEscapedASCII(dst []byte, c byte) []byte { + switch c { + case '"', '\\': + dst = append(dst, '\\', c) + case '\b': + dst = append(dst, "\\b"...) + case '\f': + dst = append(dst, "\\f"...) + case '\n': + dst = append(dst, "\\n"...) + case '\r': + dst = append(dst, "\\r"...) + case '\t': + dst = append(dst, "\\t"...) + default: + dst = appendEscapedUTF16(dst, uint16(c)) + } + return dst +} + +func appendEscapedUnicode(dst []byte, r rune) []byte { + if r1, r2 := utf16.EncodeRune(r); r1 != '\ufffd' && r2 != '\ufffd' { + dst = appendEscapedUTF16(dst, uint16(r1)) + dst = appendEscapedUTF16(dst, uint16(r2)) + } else { + dst = appendEscapedUTF16(dst, uint16(r)) + } + return dst +} + +func appendEscapedUTF16(dst []byte, x uint16) []byte { + const hex = "0123456789abcdef" + return append(dst, '\\', 'u', hex[(x>>12)&0xf], hex[(x>>8)&0xf], hex[(x>>4)&0xf], hex[(x>>0)&0xf]) +} + +// ReformatString consumes a JSON string from src and appends it to dst, +// reformatting it if necessary according to the specified flags. +// It returns the appended output and the number of consumed input bytes. +func ReformatString(dst, src []byte, flags *jsonflags.Flags) ([]byte, int, error) { + // TODO: Should this update ValueFlags as input? + var valFlags ValueFlags + n, err := ConsumeString(&valFlags, src, !flags.Get(jsonflags.AllowInvalidUTF8)) + if err != nil { + return dst, n, err + } + + // If the output requires no special escapes, and the input + // is already in canonical form or should be preserved verbatim, + // then directly copy the input to the output. + if !flags.Get(jsonflags.AnyEscape) && + (valFlags.IsCanonical() || flags.Get(jsonflags.PreserveRawStrings)) { + dst = append(dst, src[:n]...) // copy the string verbatim + return dst, n, nil + } + + // Under [jsonflags.PreserveRawStrings], any pre-escaped sequences + // remain escaped, however we still need to respect the + // [jsonflags.EscapeForHTML] and [jsonflags.EscapeForJS] options. + if flags.Get(jsonflags.PreserveRawStrings) { + var i, lastAppendIndex int + for i < n { + if c := src[i]; c < utf8.RuneSelf { + if (c == '<' || c == '>' || c == '&') && flags.Get(jsonflags.EscapeForHTML) { + dst = append(dst, src[lastAppendIndex:i]...) + dst = appendEscapedASCII(dst, c) + lastAppendIndex = i + 1 + } + i++ + } else { + r, rn := utf8.DecodeRune(truncateMaxUTF8(src[i:])) + if (r == '\u2028' || r == '\u2029') && flags.Get(jsonflags.EscapeForJS) { + dst = append(dst, src[lastAppendIndex:i]...) + dst = appendEscapedUnicode(dst, r) + lastAppendIndex = i + rn + } + i += rn + } + } + return append(dst, src[lastAppendIndex:n]...), n, nil + } + + // The input contains characters that might need escaping, + // unnecessary escape sequences, or invalid UTF-8. + // Perform a round-trip unquote and quote to properly reformat + // these sequences according the current flags. + b, _ := AppendUnquote(nil, src[:n]) + dst, _ = AppendQuote(dst, b, flags) + return dst, n, nil +} + +// AppendFloat appends src to dst as a JSON number per RFC 7159, section 6. +// It formats numbers similar to the ES6 number-to-string conversion. +// See https://go.dev/issue/14135. +// +// The output is identical to ECMA-262, 6th edition, section 7.1.12.1 and with +// RFC 8785, section 3.2.2.3 for 64-bit floating-point numbers except for -0, +// which is formatted as -0 instead of just 0. +// +// For 32-bit floating-point numbers, +// the output is a 32-bit equivalent of the algorithm. +// Note that ECMA-262 specifies no algorithm for 32-bit numbers. +func AppendFloat(dst []byte, src float64, bits int) []byte { + if bits == 32 { + src = float64(float32(src)) + } + + abs := math.Abs(src) + fmt := byte('f') + if abs != 0 { + if bits == 64 && (float64(abs) < 1e-6 || float64(abs) >= 1e21) || + bits == 32 && (float32(abs) < 1e-6 || float32(abs) >= 1e21) { + fmt = 'e' + } + } + dst = strconv.AppendFloat(dst, src, fmt, -1, bits) + if fmt == 'e' { + // Clean up e-09 to e-9. + n := len(dst) + if n >= 4 && dst[n-4] == 'e' && dst[n-3] == '-' && dst[n-2] == '0' { + dst[n-2] = dst[n-1] + dst = dst[:n-1] + } + } + return dst +} + +// ReformatNumber consumes a JSON string from src and appends it to dst, +// canonicalizing it if specified. +// It returns the appended output and the number of consumed input bytes. +func ReformatNumber(dst, src []byte, flags *jsonflags.Flags) ([]byte, int, error) { + n, err := ConsumeNumber(src) + if err != nil { + return dst, n, err + } + if !flags.Get(jsonflags.CanonicalizeNumbers) { + dst = append(dst, src[:n]...) // copy the number verbatim + return dst, n, nil + } + + // Identify the kind of number. + var isFloat bool + for _, c := range src[:n] { + if c == '.' || c == 'e' || c == 'E' { + isFloat = true // has fraction or exponent + break + } + } + + // Check if need to canonicalize this kind of number. + switch { + case string(src[:n]) == "-0": + break // canonicalize -0 as 0 regardless of kind + case isFloat: + if !flags.Get(jsonflags.CanonicalizeRawFloats) { + dst = append(dst, src[:n]...) // copy the number verbatim + return dst, n, nil + } + default: + // As an optimization, we can copy integer numbers below 2⁵³ verbatim + // since the canonical form is always identical. + const maxExactIntegerDigits = 16 // len(strconv.AppendUint(nil, 1<<53, 10)) + if !flags.Get(jsonflags.CanonicalizeRawInts) || n < maxExactIntegerDigits { + dst = append(dst, src[:n]...) // copy the number verbatim + return dst, n, nil + } + } + + // Parse and reformat the number (which uses a canonical format). + fv, _ := strconv.ParseFloat(string(src[:n]), 64) + switch { + case fv == 0: + fv = 0 // normalize negative zero as just zero + case math.IsInf(fv, +1): + fv = +math.MaxFloat64 + case math.IsInf(fv, -1): + fv = -math.MaxFloat64 + } + return AppendFloat(dst, fv, 64), n, nil +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/wire.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/wire.go new file mode 100644 index 000000000..a0622c65b --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/wire.go @@ -0,0 +1,217 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +// Package jsonwire implements stateless functionality for handling JSON text. +package jsonwire + +import ( + "cmp" + "errors" + "strconv" + "strings" + "unicode" + "unicode/utf16" + "unicode/utf8" +) + +// TrimSuffixWhitespace trims JSON from the end of b. +func TrimSuffixWhitespace(b []byte) []byte { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + n := len(b) - 1 + for n >= 0 && (b[n] == ' ' || b[n] == '\t' || b[n] == '\r' || b[n] == '\n') { + n-- + } + return b[:n+1] +} + +// TrimSuffixString trims a valid JSON string at the end of b. +// The behavior is undefined if there is not a valid JSON string present. +func TrimSuffixString(b []byte) []byte { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + if len(b) > 0 && b[len(b)-1] == '"' { + b = b[:len(b)-1] + } + for len(b) >= 2 && !(b[len(b)-1] == '"' && b[len(b)-2] != '\\') { + b = b[:len(b)-1] // trim all characters except an unescaped quote + } + if len(b) > 0 && b[len(b)-1] == '"' { + b = b[:len(b)-1] + } + return b +} + +// HasSuffixByte reports whether b ends with c. +func HasSuffixByte(b []byte, c byte) bool { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + return len(b) > 0 && b[len(b)-1] == c +} + +// TrimSuffixByte removes c from the end of b if it is present. +func TrimSuffixByte(b []byte, c byte) []byte { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + if len(b) > 0 && b[len(b)-1] == c { + return b[:len(b)-1] + } + return b +} + +// QuoteRune quotes the first rune in the input. +func QuoteRune[Bytes ~[]byte | ~string](b Bytes) string { + r, n := utf8.DecodeRuneInString(string(truncateMaxUTF8(b))) + if r == utf8.RuneError && n == 1 { + return `'\x` + strconv.FormatUint(uint64(b[0]), 16) + `'` + } + return strconv.QuoteRune(r) +} + +// CompareUTF16 lexicographically compares x to y according +// to the UTF-16 codepoints of the UTF-8 encoded input strings. +// This implements the ordering specified in RFC 8785, section 3.2.3. +func CompareUTF16[Bytes ~[]byte | ~string](x, y Bytes) int { + // NOTE: This is an optimized, mostly allocation-free implementation + // of CompareUTF16Simple in wire_test.go. FuzzCompareUTF16 verifies that the + // two implementations agree on the result of comparing any two strings. + isUTF16Self := func(r rune) bool { + return ('\u0000' <= r && r <= '\uD7FF') || ('\uE000' <= r && r <= '\uFFFF') + } + + for { + if len(x) == 0 || len(y) == 0 { + return cmp.Compare(len(x), len(y)) + } + + // ASCII fast-path. + if x[0] < utf8.RuneSelf || y[0] < utf8.RuneSelf { + if x[0] != y[0] { + return cmp.Compare(x[0], y[0]) + } + x, y = x[1:], y[1:] + continue + } + + // Decode next pair of runes as UTF-8. + rx, nx := utf8.DecodeRuneInString(string(truncateMaxUTF8(x))) + ry, ny := utf8.DecodeRuneInString(string(truncateMaxUTF8(y))) + + selfx := isUTF16Self(rx) + selfy := isUTF16Self(ry) + switch { + // The x rune is a single UTF-16 codepoint, while + // the y rune is a surrogate pair of UTF-16 codepoints. + case selfx && !selfy: + ry, _ = utf16.EncodeRune(ry) + // The y rune is a single UTF-16 codepoint, while + // the x rune is a surrogate pair of UTF-16 codepoints. + case selfy && !selfx: + rx, _ = utf16.EncodeRune(rx) + } + if rx != ry { + return cmp.Compare(rx, ry) + } + + // Check for invalid UTF-8, in which case, + // we just perform a byte-for-byte comparison. + if isInvalidUTF8(rx, nx) || isInvalidUTF8(ry, ny) { + if x[0] != y[0] { + return cmp.Compare(x[0], y[0]) + } + } + x, y = x[nx:], y[ny:] + } +} + +// truncateMaxUTF8 truncates b such it contains at least one rune. +// +// The utf8 package currently lacks generic variants, which complicates +// generic functions that operates on either []byte or string. +// As a hack, we always call the utf8 function operating on strings, +// but always truncate the input such that the result is identical. +// +// Example usage: +// +// utf8.DecodeRuneInString(string(truncateMaxUTF8(b))) +// +// Converting a []byte to a string is stack allocated since +// truncateMaxUTF8 guarantees that the []byte is short. +func truncateMaxUTF8[Bytes ~[]byte | ~string](b Bytes) Bytes { + // TODO(https://go.dev/issue/56948): Remove this function and + // instead directly call generic utf8 functions wherever used. + if len(b) > utf8.UTFMax { + return b[:utf8.UTFMax] + } + return b +} + +// TODO(https://go.dev/issue/70547): Use utf8.ErrInvalid instead. +var ErrInvalidUTF8 = errors.New("invalid UTF-8") + +func NewInvalidCharacterError[Bytes ~[]byte | ~string](prefix Bytes, where string) error { + what := QuoteRune(prefix) + return errors.New("invalid character " + what + " " + where) +} + +func NewInvalidEscapeSequenceError[Bytes ~[]byte | ~string](what Bytes) error { + label := "escape sequence" + if len(what) > 6 { + label = "surrogate pair" + } + needEscape := strings.IndexFunc(string(what), func(r rune) bool { + return r == '`' || r == utf8.RuneError || unicode.IsSpace(r) || !unicode.IsPrint(r) + }) >= 0 + if needEscape { + return errors.New("invalid " + label + " " + strconv.Quote(string(what)) + " in string") + } else { + return errors.New("invalid " + label + " `" + string(what) + "` in string") + } +} + +// TruncatePointer optionally truncates the JSON pointer, +// enforcing that the length roughly does not exceed n. +func TruncatePointer(s string, n int) string { + if len(s) <= n { + return s + } + i := n / 2 + j := len(s) - n/2 + + // Avoid truncating a name if there are multiple names present. + if k := strings.LastIndexByte(s[:i], '/'); k > 0 { + i = k + } + if k := strings.IndexByte(s[j:], '/'); k >= 0 { + j += k + len("/") + } + + // Avoid truncation in the middle of a UTF-8 rune. + for i > 0 && isInvalidUTF8(utf8.DecodeLastRuneInString(s[:i])) { + i-- + } + for j < len(s) && isInvalidUTF8(utf8.DecodeRuneInString(s[j:])) { + j++ + } + + // Determine the right middle fragment to use. + var middle string + switch strings.Count(s[i:j], "/") { + case 0: + middle = "…" + case 1: + middle = "…/…" + default: + middle = "…/…/…" + } + if strings.HasPrefix(s[i:j], "/") && middle != "…" { + middle = strings.TrimPrefix(middle, "…") + } + if strings.HasSuffix(s[i:j], "/") && middle != "…" { + middle = strings.TrimSuffix(middle, "…") + } + return s[:i] + middle + s[j:] +} + +func isInvalidUTF8(r rune, rn int) bool { + return r == utf8.RuneError && rn == 1 +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/alias.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/alias.go new file mode 100644 index 000000000..dc18d5d55 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/alias.go @@ -0,0 +1,536 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Code generated by alias_gen.go; DO NOT EDIT. + +//go:build goexperiment.jsonv2 && go1.25 + +// Package jsontext implements syntactic processing of JSON +// as specified in RFC 4627, RFC 7159, RFC 7493, RFC 8259, and RFC 8785. +// JSON is a simple data interchange format that can represent +// primitive data types such as booleans, strings, and numbers, +// in addition to structured data types such as objects and arrays. +// +// The [Encoder] and [Decoder] types are used to encode or decode +// a stream of JSON tokens or values. +// +// # Tokens and Values +// +// A JSON token refers to the basic structural elements of JSON: +// +// - a JSON literal (i.e., null, true, or false) +// - a JSON string (e.g., "hello, world!") +// - a JSON number (e.g., 123.456) +// - a begin or end delimiter for a JSON object (i.e., '{' or '}') +// - a begin or end delimiter for a JSON array (i.e., '[' or ']') +// +// A JSON token is represented by the [Token] type in Go. Technically, +// there are two additional structural characters (i.e., ':' and ','), +// but there is no [Token] representation for them since their presence +// can be inferred by the structure of the JSON grammar itself. +// For example, there must always be an implicit colon between +// the name and value of a JSON object member. +// +// A JSON value refers to a complete unit of JSON data: +// +// - a JSON literal, string, or number +// - a JSON object (e.g., `{"name":"value"}`) +// - a JSON array (e.g., `[1,2,3,]`) +// +// A JSON value is represented by the [Value] type in Go and is a []byte +// containing the raw textual representation of the value. There is some overlap +// between tokens and values as both contain literals, strings, and numbers. +// However, only a value can represent the entirety of a JSON object or array. +// +// The [Encoder] and [Decoder] types contain methods to read or write the next +// [Token] or [Value] in a sequence. They maintain a state machine to validate +// whether the sequence of JSON tokens and/or values produces a valid JSON. +// [Options] may be passed to the [NewEncoder] or [NewDecoder] constructors +// to configure the syntactic behavior of encoding and decoding. +// +// # Terminology +// +// The terms "encode" and "decode" are used for syntactic functionality +// that is concerned with processing JSON based on its grammar, and +// the terms "marshal" and "unmarshal" are used for semantic functionality +// that determines the meaning of JSON values as Go values and vice-versa. +// This package (i.e., [jsontext]) deals with JSON at a syntactic layer, +// while [encoding/json/v2] deals with JSON at a semantic layer. +// The goal is to provide a clear distinction between functionality that +// is purely concerned with encoding versus that of marshaling. +// For example, one can directly encode a stream of JSON tokens without +// needing to marshal a concrete Go value representing them. +// Similarly, one can decode a stream of JSON tokens without +// needing to unmarshal them into a concrete Go value. +// +// This package uses JSON terminology when discussing JSON, which may differ +// from related concepts in Go or elsewhere in computing literature. +// +// - a JSON "object" refers to an unordered collection of name/value members. +// - a JSON "array" refers to an ordered sequence of elements. +// - a JSON "value" refers to either a literal (i.e., null, false, or true), +// string, number, object, or array. +// +// See RFC 8259 for more information. +// +// # Specifications +// +// Relevant specifications include RFC 4627, RFC 7159, RFC 7493, RFC 8259, +// and RFC 8785. Each RFC is generally a stricter subset of another RFC. +// In increasing order of strictness: +// +// - RFC 4627 and RFC 7159 do not require (but recommend) the use of UTF-8 +// and also do not require (but recommend) that object names be unique. +// - RFC 8259 requires the use of UTF-8, +// but does not require (but recommends) that object names be unique. +// - RFC 7493 requires the use of UTF-8 +// and also requires that object names be unique. +// - RFC 8785 defines a canonical representation. It requires the use of UTF-8 +// and also requires that object names be unique and in a specific ordering. +// It specifies exactly how strings and numbers must be formatted. +// +// The primary difference between RFC 4627 and RFC 7159 is that the former +// restricted top-level values to only JSON objects and arrays, while +// RFC 7159 and subsequent RFCs permit top-level values to additionally be +// JSON nulls, booleans, strings, or numbers. +// +// By default, this package operates on RFC 7493, but can be configured +// to operate according to the other RFC specifications. +// RFC 7493 is a stricter subset of RFC 8259 and fully compliant with it. +// In particular, it makes specific choices about behavior that RFC 8259 +// leaves as undefined in order to ensure greater interoperability. +// +// # Security Considerations +// +// See the "Security Considerations" section in [encoding/json/v2]. +package jsontext + +import ( + "encoding/json/jsontext" + "io" +) + +// Decoder is a streaming decoder for raw JSON tokens and values. +// It is used to read a stream of top-level JSON values, +// each separated by optional whitespace characters. +// +// [Decoder.ReadToken] and [Decoder.ReadValue] calls may be interleaved. +// For example, the following JSON value: +// +// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}} +// +// can be parsed with the following calls (ignoring errors for brevity): +// +// d.ReadToken() // { +// d.ReadToken() // "name" +// d.ReadToken() // "value" +// d.ReadValue() // "array" +// d.ReadToken() // [ +// d.ReadToken() // null +// d.ReadToken() // false +// d.ReadValue() // true +// d.ReadToken() // 3.14159 +// d.ReadToken() // ] +// d.ReadValue() // "object" +// d.ReadValue() // {"k":"v"} +// d.ReadToken() // } +// +// The above is one of many possible sequence of calls and +// may not represent the most sensible method to call for any given token/value. +// For example, it is probably more common to call [Decoder.ReadToken] to obtain a +// string token for object names. +type Decoder = jsontext.Decoder + +// NewDecoder constructs a new streaming decoder reading from r. +// +// If r is a [bytes.Buffer], then the decoder parses directly from the buffer +// without first copying the contents to an intermediate buffer. +// Additional writes to the buffer must not occur while the decoder is in use. +func NewDecoder(r io.Reader, opts ...Options) *Decoder { + return jsontext.NewDecoder(r, opts...) +} + +// Encoder is a streaming encoder from raw JSON tokens and values. +// It is used to write a stream of top-level JSON values, +// each terminated with a newline character. +// +// [Encoder.WriteToken] and [Encoder.WriteValue] calls may be interleaved. +// For example, the following JSON value: +// +// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}} +// +// can be composed with the following calls (ignoring errors for brevity): +// +// e.WriteToken(BeginObject) // { +// e.WriteToken(String("name")) // "name" +// e.WriteToken(String("value")) // "value" +// e.WriteValue(Value(`"array"`)) // "array" +// e.WriteToken(BeginArray) // [ +// e.WriteToken(Null) // null +// e.WriteToken(False) // false +// e.WriteValue(Value("true")) // true +// e.WriteToken(Float(3.14159)) // 3.14159 +// e.WriteToken(EndArray) // ] +// e.WriteValue(Value(`"object"`)) // "object" +// e.WriteValue(Value(`{"k":"v"}`)) // {"k":"v"} +// e.WriteToken(EndObject) // } +// +// The above is one of many possible sequence of calls and +// may not represent the most sensible method to call for any given token/value. +// For example, it is probably more common to call [Encoder.WriteToken] with a string +// for object names. +type Encoder = jsontext.Encoder + +// NewEncoder constructs a new streaming encoder writing to w +// configured with the provided options. +// It flushes the internal buffer when the buffer is sufficiently full or +// when a top-level value has been written. +// +// If w is a [bytes.Buffer], then the encoder appends directly into the buffer +// without copying the contents from an intermediate buffer. +func NewEncoder(w io.Writer, opts ...Options) *Encoder { + return jsontext.NewEncoder(w, opts...) +} + +// SyntacticError is a description of a syntactic error that occurred when +// encoding or decoding JSON according to the grammar. +// +// The contents of this error as produced by this package may change over time. +type SyntacticError = jsontext.SyntacticError + +// Options configures [NewEncoder], [Encoder.Reset], [NewDecoder], +// and [Decoder.Reset] with specific features. +// Each function takes in a variadic list of options, where properties +// set in latter options override the value of previously set properties. +// +// There is a single Options type, which is used with both encoding and decoding. +// Some options affect both operations, while others only affect one operation: +// +// - [AllowDuplicateNames] affects encoding and decoding +// - [AllowInvalidUTF8] affects encoding and decoding +// - [EscapeForHTML] affects encoding only +// - [EscapeForJS] affects encoding only +// - [PreserveRawStrings] affects encoding only +// - [CanonicalizeRawInts] affects encoding only +// - [CanonicalizeRawFloats] affects encoding only +// - [ReorderRawObjects] affects encoding only +// - [SpaceAfterColon] affects encoding only +// - [SpaceAfterComma] affects encoding only +// - [Multiline] affects encoding only +// - [WithIndent] affects encoding only +// - [WithIndentPrefix] affects encoding only +// +// Options that do not affect a particular operation are ignored. +// +// The Options type is identical to [encoding/json.Options] and +// [encoding/json/v2.Options]. Options from the other packages may +// be passed to functionality in this package, but are ignored. +// Options from this package may be used with the other packages. +type Options = jsontext.Options + +// AllowDuplicateNames specifies that JSON objects may contain +// duplicate member names. Disabling the duplicate name check may provide +// performance benefits, but breaks compliance with RFC 7493, section 2.3. +// The input or output will still be compliant with RFC 8259, +// which leaves the handling of duplicate names as unspecified behavior. +// +// This affects either encoding or decoding. +func AllowDuplicateNames(v bool) Options { + return jsontext.AllowDuplicateNames(v) +} + +// AllowInvalidUTF8 specifies that JSON strings may contain invalid UTF-8, +// which will be mangled as the Unicode replacement character, U+FFFD. +// This causes the encoder or decoder to break compliance with +// RFC 7493, section 2.1, and RFC 8259, section 8.1. +// +// This affects either encoding or decoding. +func AllowInvalidUTF8(v bool) Options { + return jsontext.AllowInvalidUTF8(v) +} + +// EscapeForHTML specifies that '<', '>', and '&' characters within JSON strings +// should be escaped as a hexadecimal Unicode codepoint (e.g., \u003c) so that +// the output is safe to embed within HTML. +// +// This only affects encoding and is ignored when decoding. +func EscapeForHTML(v bool) Options { + return jsontext.EscapeForHTML(v) +} + +// EscapeForJS specifies that U+2028 and U+2029 characters within JSON strings +// should be escaped as a hexadecimal Unicode codepoint (e.g., \u2028) so that +// the output is valid to embed within JavaScript. See RFC 8259, section 12. +// +// This only affects encoding and is ignored when decoding. +func EscapeForJS(v bool) Options { + return jsontext.EscapeForJS(v) +} + +// PreserveRawStrings specifies that when encoding a raw JSON string in a +// [Token] or [Value], pre-escaped sequences +// in a JSON string are preserved to the output. +// However, raw strings still respect [EscapeForHTML] and [EscapeForJS] +// such that the relevant characters are escaped. +// If [AllowInvalidUTF8] is enabled, bytes of invalid UTF-8 +// are preserved to the output. +// +// This only affects encoding and is ignored when decoding. +func PreserveRawStrings(v bool) Options { + return jsontext.PreserveRawStrings(v) +} + +// CanonicalizeRawInts specifies that when encoding a raw JSON +// integer number (i.e., a number without a fraction and exponent) in a +// [Token] or [Value], the number is canonicalized +// according to RFC 8785, section 3.2.2.3. As a special case, +// the number -0 is canonicalized as 0. +// +// JSON numbers are treated as IEEE 754 double precision numbers. +// Any numbers with precision beyond what is representable by that form +// will lose their precision when canonicalized. For example, +// integer values beyond ±2⁵³ will lose their precision. +// For example, 1234567890123456789 is formatted as 1234567890123456800. +// +// This only affects encoding and is ignored when decoding. +func CanonicalizeRawInts(v bool) Options { + return jsontext.CanonicalizeRawInts(v) +} + +// CanonicalizeRawFloats specifies that when encoding a raw JSON +// floating-point number (i.e., a number with a fraction or exponent) in a +// [Token] or [Value], the number is canonicalized +// according to RFC 8785, section 3.2.2.3. As a special case, +// the number -0 is canonicalized as 0. +// +// JSON numbers are treated as IEEE 754 double precision numbers. +// It is safe to canonicalize a serialized single precision number and +// parse it back as a single precision number and expect the same value. +// If a number exceeds ±1.7976931348623157e+308, which is the maximum +// finite number, then it saturated at that value and formatted as such. +// +// This only affects encoding and is ignored when decoding. +func CanonicalizeRawFloats(v bool) Options { + return jsontext.CanonicalizeRawFloats(v) +} + +// ReorderRawObjects specifies that when encoding a raw JSON object in a +// [Value], the object members are reordered according to +// RFC 8785, section 3.2.3. +// +// This only affects encoding and is ignored when decoding. +func ReorderRawObjects(v bool) Options { + return jsontext.ReorderRawObjects(v) +} + +// SpaceAfterColon specifies that the JSON output should emit a space character +// after each colon separator following a JSON object name. +// If false, then no space character appears after the colon separator. +// +// This only affects encoding and is ignored when decoding. +func SpaceAfterColon(v bool) Options { + return jsontext.SpaceAfterColon(v) +} + +// SpaceAfterComma specifies that the JSON output should emit a space character +// after each comma separator following a JSON object value or array element. +// If false, then no space character appears after the comma separator. +// +// This only affects encoding and is ignored when decoding. +func SpaceAfterComma(v bool) Options { + return jsontext.SpaceAfterComma(v) +} + +// Multiline specifies that the JSON output should expand to multiple lines, +// where every JSON object member or JSON array element appears on +// a new, indented line according to the nesting depth. +// +// If [SpaceAfterColon] is not specified, then the default is true. +// If [SpaceAfterComma] is not specified, then the default is false. +// If [WithIndent] is not specified, then the default is "\t". +// +// If set to false, then the output is a single-line, +// where the only whitespace emitted is determined by the current +// values of [SpaceAfterColon] and [SpaceAfterComma]. +// +// This only affects encoding and is ignored when decoding. +func Multiline(v bool) Options { + return jsontext.Multiline(v) +} + +// WithIndent specifies that the encoder should emit multiline output +// where each element in a JSON object or array begins on a new, indented line +// beginning with the indent prefix (see [WithIndentPrefix]) +// followed by one or more copies of indent according to the nesting depth. +// The indent must only be composed of space or tab characters. +// +// If the intent to emit indented output without a preference for +// the particular indent string, then use [Multiline] instead. +// +// This only affects encoding and is ignored when decoding. +// Use of this option implies [Multiline] being set to true. +func WithIndent(indent string) Options { + return jsontext.WithIndent(indent) +} + +// WithIndentPrefix specifies that the encoder should emit multiline output +// where each element in a JSON object or array begins on a new, indented line +// beginning with the indent prefix followed by one or more copies of indent +// (see [WithIndent]) according to the nesting depth. +// The prefix must only be composed of space or tab characters. +// +// This only affects encoding and is ignored when decoding. +// Use of this option implies [Multiline] being set to true. +func WithIndentPrefix(prefix string) Options { + return jsontext.WithIndentPrefix(prefix) +} + +// AppendQuote appends a double-quoted JSON string literal representing src +// to dst and returns the extended buffer. +// It uses the minimal string representation per RFC 8785, section 3.2.2.2. +// Invalid UTF-8 bytes are replaced with the Unicode replacement character +// and an error is returned at the end indicating the presence of invalid UTF-8. +// The dst must not overlap with the src. +func AppendQuote[Bytes ~[]byte | ~string](dst []byte, src Bytes) ([]byte, error) { + return jsontext.AppendQuote[Bytes](dst, src) +} + +// AppendUnquote appends the decoded interpretation of src as a +// double-quoted JSON string literal to dst and returns the extended buffer. +// The input src must be a JSON string without any surrounding whitespace. +// Invalid UTF-8 bytes are replaced with the Unicode replacement character +// and an error is returned at the end indicating the presence of invalid UTF-8. +// Any trailing bytes after the JSON string literal results in an error. +// The dst must not overlap with the src. +func AppendUnquote[Bytes ~[]byte | ~string](dst []byte, src Bytes) ([]byte, error) { + return jsontext.AppendUnquote[Bytes](dst, src) +} + +// ErrDuplicateName indicates that a JSON token could not be +// encoded or decoded because it results in a duplicate JSON object name. +// This error is directly wrapped within a [SyntacticError] when produced. +// +// The name of a duplicate JSON object member can be extracted as: +// +// err := ... +// var serr jsontext.SyntacticError +// if errors.As(err, &serr) && serr.Err == jsontext.ErrDuplicateName { +// ptr := serr.JSONPointer // JSON pointer to duplicate name +// name := ptr.LastToken() // duplicate name itself +// ... +// } +// +// This error is only returned if [AllowDuplicateNames] is false. +var ErrDuplicateName = jsontext.ErrDuplicateName + +// ErrNonStringName indicates that a JSON token could not be +// encoded or decoded because it is not a string, +// as required for JSON object names according to RFC 8259, section 4. +// This error is directly wrapped within a [SyntacticError] when produced. +var ErrNonStringName = jsontext.ErrNonStringName + +// Pointer is a JSON Pointer (RFC 6901) that references a particular JSON value +// relative to the root of the top-level JSON value. +// +// A Pointer is a slash-separated list of tokens, where each token is +// either a JSON object name or an index to a JSON array element +// encoded as a base-10 integer value. +// It is impossible to distinguish between an array index and an object name +// (that happens to be an base-10 encoded integer) without also knowing +// the structure of the top-level JSON value that the pointer refers to. +// +// There is exactly one representation of a pointer to a particular value, +// so comparability of Pointer values is equivalent to checking whether +// they both point to the exact same value. +type Pointer = jsontext.Pointer + +// Token represents a lexical JSON token, which may be one of the following: +// - a JSON literal (i.e., null, true, or false) +// - a JSON string (e.g., "hello, world!") +// - a JSON number (e.g., 123.456) +// - a begin or end delimiter for a JSON object (i.e., { or } ) +// - a begin or end delimiter for a JSON array (i.e., [ or ] ) +// +// A Token cannot represent entire array or object values, while a [Value] can. +// There is no Token to represent commas and colons since +// these structural tokens can be inferred from the surrounding context. +type Token = jsontext.Token + +var ( + Null = jsontext.Null + False = jsontext.False + True = jsontext.True + BeginObject = jsontext.BeginObject + EndObject = jsontext.EndObject + BeginArray = jsontext.BeginArray + EndArray = jsontext.EndArray +) + +// Bool constructs a Token representing a JSON boolean. +func Bool(b bool) Token { + return jsontext.Bool(b) +} + +// String constructs a Token representing a JSON string. +// The provided string should contain valid UTF-8, otherwise invalid characters +// may be mangled as the Unicode replacement character. +func String(s string) Token { + return jsontext.String(s) +} + +// Float constructs a Token representing a JSON number. +// The values NaN, +Inf, and -Inf will be represented +// as a JSON string with the values "NaN", "Infinity", and "-Infinity". +func Float(n float64) Token { + return jsontext.Float(n) +} + +// Int constructs a Token representing a JSON number from an int64. +func Int(n int64) Token { + return jsontext.Int(n) +} + +// Uint constructs a Token representing a JSON number from a uint64. +func Uint(n uint64) Token { + return jsontext.Uint(n) +} + +// Kind represents each possible JSON token kind with a single byte, +// which is conveniently the first byte of that kind's grammar +// with the restriction that numbers always be represented with '0': +// +// - 'n': null +// - 'f': false +// - 't': true +// - '"': string +// - '0': number +// - '{': object begin +// - '}': object end +// - '[': array begin +// - ']': array end +// +// An invalid kind is usually represented using 0, +// but may be non-zero due to invalid JSON data. +type Kind = jsontext.Kind + +// AppendFormat formats the JSON value in src and appends it to dst +// according to the specified options. +// See [Value.Format] for more details about the formatting behavior. +// +// The dst and src may overlap. +// If an error is reported, then the entirety of src is appended to dst. +func AppendFormat(dst, src []byte, opts ...Options) ([]byte, error) { + return jsontext.AppendFormat(dst, src, opts...) +} + +// Value represents a single raw JSON value, which may be one of the following: +// - a JSON literal (i.e., null, true, or false) +// - a JSON string (e.g., "hello, world!") +// - a JSON number (e.g., 123.456) +// - an entire JSON object (e.g., {"fizz":"buzz"} ) +// - an entire JSON array (e.g., [1,2,3] ) +// +// Value can represent entire array or object values, while [Token] cannot. +// Value may contain leading and/or trailing whitespace. +type Value = jsontext.Value diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/decode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/decode.go new file mode 100644 index 000000000..7e847de37 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/decode.go @@ -0,0 +1,1179 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsontext + +import ( + "bytes" + "errors" + "io" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" +) + +// NOTE: The logic for decoding is complicated by the fact that reading from +// an io.Reader into a temporary buffer means that the buffer may contain a +// truncated portion of some valid input, requiring the need to fetch more data. +// +// This file is structured in the following way: +// +// - consumeXXX functions parse an exact JSON token from a []byte. +// If the buffer appears truncated, then it returns io.ErrUnexpectedEOF. +// The consumeSimpleXXX functions are so named because they only handle +// a subset of the grammar for the JSON token being parsed. +// They do not handle the full grammar to keep these functions inlinable. +// +// - Decoder.consumeXXX methods parse the next JSON token from Decoder.buf, +// automatically fetching more input if necessary. These methods take +// a position relative to the start of Decoder.buf as an argument and +// return the end of the consumed JSON token as a position, +// also relative to the start of Decoder.buf. +// +// - In the event of an I/O errors or state machine violations, +// the implementation avoids mutating the state of Decoder +// (aside from the book-keeping needed to implement Decoder.fetch). +// For this reason, only Decoder.ReadToken and Decoder.ReadValue are +// responsible for updated Decoder.prevStart and Decoder.prevEnd. +// +// - For performance, much of the implementation uses the pattern of calling +// the inlinable consumeXXX functions first, and if more work is necessary, +// then it calls the slower Decoder.consumeXXX methods. +// TODO: Revisit this pattern if the Go compiler provides finer control +// over exactly which calls are inlined or not. + +// Decoder is a streaming decoder for raw JSON tokens and values. +// It is used to read a stream of top-level JSON values, +// each separated by optional whitespace characters. +// +// [Decoder.ReadToken] and [Decoder.ReadValue] calls may be interleaved. +// For example, the following JSON value: +// +// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}} +// +// can be parsed with the following calls (ignoring errors for brevity): +// +// d.ReadToken() // { +// d.ReadToken() // "name" +// d.ReadToken() // "value" +// d.ReadValue() // "array" +// d.ReadToken() // [ +// d.ReadToken() // null +// d.ReadToken() // false +// d.ReadValue() // true +// d.ReadToken() // 3.14159 +// d.ReadToken() // ] +// d.ReadValue() // "object" +// d.ReadValue() // {"k":"v"} +// d.ReadToken() // } +// +// The above is one of many possible sequence of calls and +// may not represent the most sensible method to call for any given token/value. +// For example, it is probably more common to call [Decoder.ReadToken] to obtain a +// string token for object names. +type Decoder struct { + s decoderState +} + +// decoderState is the low-level state of Decoder. +// It has exported fields and method for use by the "json" package. +type decoderState struct { + state + decodeBuffer + jsonopts.Struct + + StringCache *[256]string // only used when unmarshaling; identical to json.stringCache +} + +// decodeBuffer is a buffer split into 4 segments: +// +// - buf[0:prevEnd] // already read portion of the buffer +// - buf[prevStart:prevEnd] // previously read value +// - buf[prevEnd:len(buf)] // unread portion of the buffer +// - buf[len(buf):cap(buf)] // unused portion of the buffer +// +// Invariants: +// +// 0 ≤ prevStart ≤ prevEnd ≤ len(buf) ≤ cap(buf) +type decodeBuffer struct { + peekPos int // non-zero if valid offset into buf for start of next token + peekErr error // implies peekPos is -1 + + buf []byte // may alias rd if it is a bytes.Buffer + prevStart int + prevEnd int + + // baseOffset is added to prevStart and prevEnd to obtain + // the absolute offset relative to the start of io.Reader stream. + baseOffset int64 + + rd io.Reader +} + +// NewDecoder constructs a new streaming decoder reading from r. +// +// If r is a [bytes.Buffer], then the decoder parses directly from the buffer +// without first copying the contents to an intermediate buffer. +// Additional writes to the buffer must not occur while the decoder is in use. +func NewDecoder(r io.Reader, opts ...Options) *Decoder { + d := new(Decoder) + d.Reset(r, opts...) + return d +} + +// Reset resets a decoder such that it is reading afresh from r and +// configured with the provided options. Reset must not be called on an +// a Decoder passed to the [encoding/json/v2.UnmarshalerFrom.UnmarshalJSONFrom] method +// or the [encoding/json/v2.UnmarshalFromFunc] function. +func (d *Decoder) Reset(r io.Reader, opts ...Options) { + switch { + case d == nil: + panic("jsontext: invalid nil Decoder") + case r == nil: + panic("jsontext: invalid nil io.Reader") + case d.s.Flags.Get(jsonflags.WithinArshalCall): + panic("jsontext: cannot reset Decoder passed to json.UnmarshalerFrom") + } + // Reuse the buffer if it does not alias a previous [bytes.Buffer]. + b := d.s.buf[:0] + if _, ok := d.s.rd.(*bytes.Buffer); ok { + b = nil + } + d.s.reset(b, r, opts...) +} + +func (d *decoderState) reset(b []byte, r io.Reader, opts ...Options) { + d.state.reset() + d.decodeBuffer = decodeBuffer{buf: b, rd: r} + opts2 := jsonopts.Struct{} // avoid mutating d.Struct in case it is part of opts + opts2.Join(opts...) + d.Struct = opts2 +} + +// Options returns the options used to construct the encoder and +// may additionally contain semantic options passed to a +// [encoding/json/v2.UnmarshalDecode] call. +// +// If operating within +// a [encoding/json/v2.UnmarshalerFrom.UnmarshalJSONFrom] method call or +// a [encoding/json/v2.UnmarshalFromFunc] function call, +// then the returned options are only valid within the call. +func (d *Decoder) Options() Options { + return &d.s.Struct +} + +var errBufferWriteAfterNext = errors.New("invalid bytes.Buffer.Write call after calling bytes.Buffer.Next") + +// fetch reads at least 1 byte from the underlying io.Reader. +// It returns io.ErrUnexpectedEOF if zero bytes were read and io.EOF was seen. +func (d *decoderState) fetch() error { + if d.rd == nil { + return io.ErrUnexpectedEOF + } + + // Inform objectNameStack that we are about to fetch new buffer content. + d.Names.copyQuotedBuffer(d.buf) + + // Specialize bytes.Buffer for better performance. + if bb, ok := d.rd.(*bytes.Buffer); ok { + switch { + case bb.Len() == 0: + return io.ErrUnexpectedEOF + case len(d.buf) == 0: + d.buf = bb.Next(bb.Len()) // "read" all data in the buffer + return nil + default: + // This only occurs if a partially filled bytes.Buffer was provided + // and more data is written to it while Decoder is reading from it. + // This practice will lead to data corruption since future writes + // may overwrite the contents of the current buffer. + // + // The user is trying to use a bytes.Buffer as a pipe, + // but a bytes.Buffer is poor implementation of a pipe, + // the purpose-built io.Pipe should be used instead. + return &ioError{action: "read", err: errBufferWriteAfterNext} + } + } + + // Allocate initial buffer if empty. + if cap(d.buf) == 0 { + d.buf = make([]byte, 0, 64) + } + + // Check whether to grow the buffer. + const maxBufferSize = 4 << 10 + const growthSizeFactor = 2 // higher value is faster + const growthRateFactor = 2 // higher value is slower + // By default, grow if below the maximum buffer size. + grow := cap(d.buf) <= maxBufferSize/growthSizeFactor + // Growing can be expensive, so only grow + // if a sufficient number of bytes have been processed. + grow = grow && int64(cap(d.buf)) < d.previousOffsetEnd()/growthRateFactor + // If prevStart==0, then fetch was called in order to fetch more data + // to finish consuming a large JSON value contiguously. + // Grow if less than 25% of the remaining capacity is available. + // Note that this may cause the input buffer to exceed maxBufferSize. + grow = grow || (d.prevStart == 0 && len(d.buf) >= 3*cap(d.buf)/4) + + if grow { + // Allocate a new buffer and copy the contents of the old buffer over. + // TODO: Provide a hard limit on the maximum internal buffer size? + buf := make([]byte, 0, cap(d.buf)*growthSizeFactor) + d.buf = append(buf, d.buf[d.prevStart:]...) + } else { + // Move unread portion of the data to the front. + n := copy(d.buf[:cap(d.buf)], d.buf[d.prevStart:]) + d.buf = d.buf[:n] + } + d.baseOffset += int64(d.prevStart) + d.prevEnd -= d.prevStart + d.prevStart = 0 + + // Read more data into the internal buffer. + for { + n, err := d.rd.Read(d.buf[len(d.buf):cap(d.buf)]) + switch { + case n > 0: + d.buf = d.buf[:len(d.buf)+n] + return nil // ignore errors if any bytes are read + case err == io.EOF: + return io.ErrUnexpectedEOF + case err != nil: + return &ioError{action: "read", err: err} + default: + continue // Read returned (0, nil) + } + } +} + +const invalidateBufferByte = '#' // invalid starting character for JSON grammar + +// invalidatePreviousRead invalidates buffers returned by Peek and Read calls +// so that the first byte is an invalid character. +// This Hyrum-proofs the API against faulty application code that assumes +// values returned by ReadValue remain valid past subsequent Read calls. +func (d *decodeBuffer) invalidatePreviousRead() { + // Avoid mutating the buffer if d.rd is nil which implies that d.buf + // is provided by the user code and may not expect mutations. + isBytesBuffer := func(r io.Reader) bool { + _, ok := r.(*bytes.Buffer) + return ok + } + if d.rd != nil && !isBytesBuffer(d.rd) && d.prevStart < d.prevEnd && uint(d.prevStart) < uint(len(d.buf)) { + d.buf[d.prevStart] = invalidateBufferByte + d.prevStart = d.prevEnd + } +} + +// needMore reports whether there are no more unread bytes. +func (d *decodeBuffer) needMore(pos int) bool { + // NOTE: The arguments and logic are kept simple to keep this inlinable. + return pos == len(d.buf) +} + +func (d *decodeBuffer) offsetAt(pos int) int64 { return d.baseOffset + int64(pos) } +func (d *decodeBuffer) previousOffsetStart() int64 { return d.baseOffset + int64(d.prevStart) } +func (d *decodeBuffer) previousOffsetEnd() int64 { return d.baseOffset + int64(d.prevEnd) } +func (d *decodeBuffer) previousBuffer() []byte { return d.buf[d.prevStart:d.prevEnd] } +func (d *decodeBuffer) unreadBuffer() []byte { return d.buf[d.prevEnd:len(d.buf)] } + +// PreviousTokenOrValue returns the previously read token or value +// unless it has been invalidated by a call to PeekKind. +// If a token is just a delimiter, then this returns a 1-byte buffer. +// This method is used for error reporting at the semantic layer. +func (d *decodeBuffer) PreviousTokenOrValue() []byte { + b := d.previousBuffer() + // If peek was called, then the previous token or buffer is invalidated. + if d.peekPos > 0 || len(b) > 0 && b[0] == invalidateBufferByte { + return nil + } + // ReadToken does not preserve the buffer for null, bools, or delimiters. + // Manually re-construct that buffer. + if len(b) == 0 { + b = d.buf[:d.prevEnd] // entirety of the previous buffer + for _, tok := range []string{"null", "false", "true", "{", "}", "[", "]"} { + if len(b) >= len(tok) && string(b[len(b)-len(tok):]) == tok { + return b[len(b)-len(tok):] + } + } + } + return b +} + +// PeekKind retrieves the next token kind, but does not advance the read offset. +// +// It returns 0 if an error occurs. Any such error is cached until +// the next read call and it is the caller's responsibility to eventually +// follow up a PeekKind call with a read call. +func (d *Decoder) PeekKind() Kind { + return d.s.PeekKind() +} +func (d *decoderState) PeekKind() Kind { + // Check whether we have a cached peek result. + if d.peekPos > 0 { + return Kind(d.buf[d.peekPos]).normalize() + } + + var err error + d.invalidatePreviousRead() + pos := d.prevEnd + + // Consume leading whitespace. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + if err == io.ErrUnexpectedEOF && d.Tokens.Depth() == 1 { + err = io.EOF // EOF possibly if no Tokens present after top-level value + } + d.peekPos, d.peekErr = -1, wrapSyntacticError(d, err, pos, 0) + return invalidKind + } + } + + // Consume colon or comma. + var delim byte + if c := d.buf[pos]; c == ':' || c == ',' { + delim = c + pos += 1 + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + err = wrapSyntacticError(d, err, pos, 0) + d.peekPos, d.peekErr = -1, d.checkDelimBeforeIOError(delim, err) + return invalidKind + } + } + } + next := Kind(d.buf[pos]).normalize() + if d.Tokens.needDelim(next) != delim { + d.peekPos, d.peekErr = -1, d.checkDelim(delim, next) + return invalidKind + } + + // This may set peekPos to zero, which is indistinguishable from + // the uninitialized state. While a small hit to performance, it is correct + // since ReadValue and ReadToken will disregard the cached result and + // recompute the next kind. + d.peekPos, d.peekErr = pos, nil + return next +} + +// checkDelimBeforeIOError checks whether the delim is even valid +// before returning an IO error, which occurs after the delim. +func (d *decoderState) checkDelimBeforeIOError(delim byte, err error) error { + // Since an IO error occurred, we do not know what the next kind is. + // However, knowing the next kind is necessary to validate + // whether the current delim is at least potentially valid. + // Since a JSON string is always valid as the next token, + // conservatively assume that is the next kind for validation. + const next = Kind('"') + if d.Tokens.needDelim(next) != delim { + err = d.checkDelim(delim, next) + } + return err +} + +// CountNextDelimWhitespace counts the number of upcoming bytes of +// delimiter or whitespace characters. +// This method is used for error reporting at the semantic layer. +func (d *decoderState) CountNextDelimWhitespace() int { + d.PeekKind() // populate unreadBuffer + return len(d.unreadBuffer()) - len(bytes.TrimLeft(d.unreadBuffer(), ",: \n\r\t")) +} + +// checkDelim checks whether delim is valid for the given next kind. +func (d *decoderState) checkDelim(delim byte, next Kind) error { + where := "at start of value" + switch d.Tokens.needDelim(next) { + case delim: + return nil + case ':': + where = "after object name (expecting ':')" + case ',': + if d.Tokens.Last.isObject() { + where = "after object value (expecting ',' or '}')" + } else { + where = "after array element (expecting ',' or ']')" + } + } + pos := d.prevEnd // restore position to right after leading whitespace + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + err := jsonwire.NewInvalidCharacterError(d.buf[pos:], where) + return wrapSyntacticError(d, err, pos, 0) +} + +// SkipValue is semantically equivalent to calling [Decoder.ReadValue] and discarding +// the result except that memory is not wasted trying to hold the entire result. +func (d *Decoder) SkipValue() error { + return d.s.SkipValue() +} +func (d *decoderState) SkipValue() error { + switch d.PeekKind() { + case '{', '[': + // For JSON objects and arrays, keep skipping all tokens + // until the depth matches the starting depth. + depth := d.Tokens.Depth() + for { + if _, err := d.ReadToken(); err != nil { + return err + } + if depth >= d.Tokens.Depth() { + return nil + } + } + default: + // Trying to skip a value when the next token is a '}' or ']' + // will result in an error being returned here. + var flags jsonwire.ValueFlags + if _, err := d.ReadValue(&flags); err != nil { + return err + } + return nil + } +} + +// SkipValueRemainder skips the remainder of a value +// after reading a '{' or '[' token. +func (d *decoderState) SkipValueRemainder() error { + if d.Tokens.Depth()-1 > 0 && d.Tokens.Last.Length() == 0 { + for n := d.Tokens.Depth(); d.Tokens.Depth() >= n; { + if _, err := d.ReadToken(); err != nil { + return err + } + } + } + return nil +} + +// SkipUntil skips all tokens until the state machine +// is at or past the specified depth and length. +func (d *decoderState) SkipUntil(depth int, length int64) error { + for d.Tokens.Depth() > depth || (d.Tokens.Depth() == depth && d.Tokens.Last.Length() < length) { + if _, err := d.ReadToken(); err != nil { + return err + } + } + return nil +} + +// ReadToken reads the next [Token], advancing the read offset. +// The returned token is only valid until the next Peek, Read, or Skip call. +// It returns [io.EOF] if there are no more tokens. +func (d *Decoder) ReadToken() (Token, error) { + return d.s.ReadToken() +} +func (d *decoderState) ReadToken() (Token, error) { + // Determine the next kind. + var err error + var next Kind + pos := d.peekPos + if pos != 0 { + // Use cached peek result. + if d.peekErr != nil { + err := d.peekErr + d.peekPos, d.peekErr = 0, nil // possibly a transient I/O error + return Token{}, err + } + next = Kind(d.buf[pos]).normalize() + d.peekPos = 0 // reset cache + } else { + d.invalidatePreviousRead() + pos = d.prevEnd + + // Consume leading whitespace. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + if err == io.ErrUnexpectedEOF && d.Tokens.Depth() == 1 { + err = io.EOF // EOF possibly if no Tokens present after top-level value + } + return Token{}, wrapSyntacticError(d, err, pos, 0) + } + } + + // Consume colon or comma. + var delim byte + if c := d.buf[pos]; c == ':' || c == ',' { + delim = c + pos += 1 + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + err = wrapSyntacticError(d, err, pos, 0) + return Token{}, d.checkDelimBeforeIOError(delim, err) + } + } + } + next = Kind(d.buf[pos]).normalize() + if d.Tokens.needDelim(next) != delim { + return Token{}, d.checkDelim(delim, next) + } + } + + // Handle the next token. + var n int + switch next { + case 'n': + if jsonwire.ConsumeNull(d.buf[pos:]) == 0 { + pos, err = d.consumeLiteral(pos, "null") + if err != nil { + return Token{}, wrapSyntacticError(d, err, pos, +1) + } + } else { + pos += len("null") + } + if err = d.Tokens.appendLiteral(); err != nil { + return Token{}, wrapSyntacticError(d, err, pos-len("null"), +1) // report position at start of literal + } + d.prevStart, d.prevEnd = pos, pos + return Null, nil + + case 'f': + if jsonwire.ConsumeFalse(d.buf[pos:]) == 0 { + pos, err = d.consumeLiteral(pos, "false") + if err != nil { + return Token{}, wrapSyntacticError(d, err, pos, +1) + } + } else { + pos += len("false") + } + if err = d.Tokens.appendLiteral(); err != nil { + return Token{}, wrapSyntacticError(d, err, pos-len("false"), +1) // report position at start of literal + } + d.prevStart, d.prevEnd = pos, pos + return False, nil + + case 't': + if jsonwire.ConsumeTrue(d.buf[pos:]) == 0 { + pos, err = d.consumeLiteral(pos, "true") + if err != nil { + return Token{}, wrapSyntacticError(d, err, pos, +1) + } + } else { + pos += len("true") + } + if err = d.Tokens.appendLiteral(); err != nil { + return Token{}, wrapSyntacticError(d, err, pos-len("true"), +1) // report position at start of literal + } + d.prevStart, d.prevEnd = pos, pos + return True, nil + + case '"': + var flags jsonwire.ValueFlags // TODO: Preserve this in Token? + if n = jsonwire.ConsumeSimpleString(d.buf[pos:]); n == 0 { + oldAbsPos := d.baseOffset + int64(pos) + pos, err = d.consumeString(&flags, pos) + newAbsPos := d.baseOffset + int64(pos) + n = int(newAbsPos - oldAbsPos) + if err != nil { + return Token{}, wrapSyntacticError(d, err, pos, +1) + } + } else { + pos += n + } + if d.Tokens.Last.NeedObjectName() { + if !d.Flags.Get(jsonflags.AllowDuplicateNames) { + if !d.Tokens.Last.isValidNamespace() { + return Token{}, wrapSyntacticError(d, errInvalidNamespace, pos-n, +1) + } + if d.Tokens.Last.isActiveNamespace() && !d.Namespaces.Last().insertQuoted(d.buf[pos-n:pos], flags.IsVerbatim()) { + err = wrapWithObjectName(ErrDuplicateName, d.buf[pos-n:pos]) + return Token{}, wrapSyntacticError(d, err, pos-n, +1) // report position at start of string + } + } + d.Names.ReplaceLastQuotedOffset(pos - n) // only replace if insertQuoted succeeds + } + if err = d.Tokens.appendString(); err != nil { + return Token{}, wrapSyntacticError(d, err, pos-n, +1) // report position at start of string + } + d.prevStart, d.prevEnd = pos-n, pos + return Token{raw: &d.decodeBuffer, num: uint64(d.previousOffsetStart())}, nil + + case '0': + // NOTE: Since JSON numbers are not self-terminating, + // we need to make sure that the next byte is not part of a number. + if n = jsonwire.ConsumeSimpleNumber(d.buf[pos:]); n == 0 || d.needMore(pos+n) { + oldAbsPos := d.baseOffset + int64(pos) + pos, err = d.consumeNumber(pos) + newAbsPos := d.baseOffset + int64(pos) + n = int(newAbsPos - oldAbsPos) + if err != nil { + return Token{}, wrapSyntacticError(d, err, pos, +1) + } + } else { + pos += n + } + if err = d.Tokens.appendNumber(); err != nil { + return Token{}, wrapSyntacticError(d, err, pos-n, +1) // report position at start of number + } + d.prevStart, d.prevEnd = pos-n, pos + return Token{raw: &d.decodeBuffer, num: uint64(d.previousOffsetStart())}, nil + + case '{': + if err = d.Tokens.pushObject(); err != nil { + return Token{}, wrapSyntacticError(d, err, pos, +1) + } + d.Names.push() + if !d.Flags.Get(jsonflags.AllowDuplicateNames) { + d.Namespaces.push() + } + pos += 1 + d.prevStart, d.prevEnd = pos, pos + return BeginObject, nil + + case '}': + if err = d.Tokens.popObject(); err != nil { + return Token{}, wrapSyntacticError(d, err, pos, +1) + } + d.Names.pop() + if !d.Flags.Get(jsonflags.AllowDuplicateNames) { + d.Namespaces.pop() + } + pos += 1 + d.prevStart, d.prevEnd = pos, pos + return EndObject, nil + + case '[': + if err = d.Tokens.pushArray(); err != nil { + return Token{}, wrapSyntacticError(d, err, pos, +1) + } + pos += 1 + d.prevStart, d.prevEnd = pos, pos + return BeginArray, nil + + case ']': + if err = d.Tokens.popArray(); err != nil { + return Token{}, wrapSyntacticError(d, err, pos, +1) + } + pos += 1 + d.prevStart, d.prevEnd = pos, pos + return EndArray, nil + + default: + err = jsonwire.NewInvalidCharacterError(d.buf[pos:], "at start of value") + return Token{}, wrapSyntacticError(d, err, pos, +1) + } +} + +// ReadValue returns the next raw JSON value, advancing the read offset. +// The value is stripped of any leading or trailing whitespace and +// contains the exact bytes of the input, which may contain invalid UTF-8 +// if [AllowInvalidUTF8] is specified. +// +// The returned value is only valid until the next Peek, Read, or Skip call and +// may not be mutated while the Decoder remains in use. +// If the decoder is currently at the end token for an object or array, +// then it reports a [SyntacticError] and the internal state remains unchanged. +// It returns [io.EOF] if there are no more values. +func (d *Decoder) ReadValue() (Value, error) { + var flags jsonwire.ValueFlags + return d.s.ReadValue(&flags) +} +func (d *decoderState) ReadValue(flags *jsonwire.ValueFlags) (Value, error) { + // Determine the next kind. + var err error + var next Kind + pos := d.peekPos + if pos != 0 { + // Use cached peek result. + if d.peekErr != nil { + err := d.peekErr + d.peekPos, d.peekErr = 0, nil // possibly a transient I/O error + return nil, err + } + next = Kind(d.buf[pos]).normalize() + d.peekPos = 0 // reset cache + } else { + d.invalidatePreviousRead() + pos = d.prevEnd + + // Consume leading whitespace. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + if err == io.ErrUnexpectedEOF && d.Tokens.Depth() == 1 { + err = io.EOF // EOF possibly if no Tokens present after top-level value + } + return nil, wrapSyntacticError(d, err, pos, 0) + } + } + + // Consume colon or comma. + var delim byte + if c := d.buf[pos]; c == ':' || c == ',' { + delim = c + pos += 1 + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + err = wrapSyntacticError(d, err, pos, 0) + return nil, d.checkDelimBeforeIOError(delim, err) + } + } + } + next = Kind(d.buf[pos]).normalize() + if d.Tokens.needDelim(next) != delim { + return nil, d.checkDelim(delim, next) + } + } + + // Handle the next value. + oldAbsPos := d.baseOffset + int64(pos) + pos, err = d.consumeValue(flags, pos, d.Tokens.Depth()) + newAbsPos := d.baseOffset + int64(pos) + n := int(newAbsPos - oldAbsPos) + if err != nil { + return nil, wrapSyntacticError(d, err, pos, +1) + } + switch next { + case 'n', 't', 'f': + err = d.Tokens.appendLiteral() + case '"': + if d.Tokens.Last.NeedObjectName() { + if !d.Flags.Get(jsonflags.AllowDuplicateNames) { + if !d.Tokens.Last.isValidNamespace() { + err = errInvalidNamespace + break + } + if d.Tokens.Last.isActiveNamespace() && !d.Namespaces.Last().insertQuoted(d.buf[pos-n:pos], flags.IsVerbatim()) { + err = wrapWithObjectName(ErrDuplicateName, d.buf[pos-n:pos]) + break + } + } + d.Names.ReplaceLastQuotedOffset(pos - n) // only replace if insertQuoted succeeds + } + err = d.Tokens.appendString() + case '0': + err = d.Tokens.appendNumber() + case '{': + if err = d.Tokens.pushObject(); err != nil { + break + } + if err = d.Tokens.popObject(); err != nil { + panic("BUG: popObject should never fail immediately after pushObject: " + err.Error()) + } + case '[': + if err = d.Tokens.pushArray(); err != nil { + break + } + if err = d.Tokens.popArray(); err != nil { + panic("BUG: popArray should never fail immediately after pushArray: " + err.Error()) + } + } + if err != nil { + return nil, wrapSyntacticError(d, err, pos-n, +1) // report position at start of value + } + d.prevEnd = pos + d.prevStart = pos - n + return d.buf[pos-n : pos : pos], nil +} + +// CheckNextValue checks whether the next value is syntactically valid, +// but does not advance the read offset. +// If last, it verifies that the stream cleanly terminates with [io.EOF]. +func (d *decoderState) CheckNextValue(last bool) error { + d.PeekKind() // populates d.peekPos and d.peekErr + pos, err := d.peekPos, d.peekErr + d.peekPos, d.peekErr = 0, nil + if err != nil { + return err + } + + var flags jsonwire.ValueFlags + if pos, err := d.consumeValue(&flags, pos, d.Tokens.Depth()); err != nil { + return wrapSyntacticError(d, err, pos, +1) + } else if last { + return d.checkEOF(pos) + } + return nil +} + +// CheckEOF verifies that the input has no more data. +func (d *decoderState) CheckEOF() error { + return d.checkEOF(d.prevEnd) +} +func (d *decoderState) checkEOF(pos int) error { + switch pos, err := d.consumeWhitespace(pos); err { + case nil: + err := jsonwire.NewInvalidCharacterError(d.buf[pos:], "after top-level value") + return wrapSyntacticError(d, err, pos, 0) + case io.ErrUnexpectedEOF: + return nil + default: + return err + } +} + +// consumeWhitespace consumes all whitespace starting at d.buf[pos:]. +// It returns the new position in d.buf immediately after the last whitespace. +// If it returns nil, there is guaranteed to at least be one unread byte. +// +// The following pattern is common in this implementation: +// +// pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) +// if d.needMore(pos) { +// if pos, err = d.consumeWhitespace(pos); err != nil { +// return ... +// } +// } +// +// It is difficult to simplify this without sacrificing performance since +// consumeWhitespace must be inlined. The body of the if statement is +// executed only in rare situations where we need to fetch more data. +// Since fetching may return an error, we also need to check the error. +func (d *decoderState) consumeWhitespace(pos int) (newPos int, err error) { + for { + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + absPos := d.baseOffset + int64(pos) + err = d.fetch() // will mutate d.buf and invalidate pos + pos = int(absPos - d.baseOffset) + if err != nil { + return pos, err + } + continue + } + return pos, nil + } +} + +// consumeValue consumes a single JSON value starting at d.buf[pos:]. +// It returns the new position in d.buf immediately after the value. +func (d *decoderState) consumeValue(flags *jsonwire.ValueFlags, pos, depth int) (newPos int, err error) { + for { + var n int + var err error + switch next := Kind(d.buf[pos]).normalize(); next { + case 'n': + if n = jsonwire.ConsumeNull(d.buf[pos:]); n == 0 { + n, err = jsonwire.ConsumeLiteral(d.buf[pos:], "null") + } + case 'f': + if n = jsonwire.ConsumeFalse(d.buf[pos:]); n == 0 { + n, err = jsonwire.ConsumeLiteral(d.buf[pos:], "false") + } + case 't': + if n = jsonwire.ConsumeTrue(d.buf[pos:]); n == 0 { + n, err = jsonwire.ConsumeLiteral(d.buf[pos:], "true") + } + case '"': + if n = jsonwire.ConsumeSimpleString(d.buf[pos:]); n == 0 { + return d.consumeString(flags, pos) + } + case '0': + // NOTE: Since JSON numbers are not self-terminating, + // we need to make sure that the next byte is not part of a number. + if n = jsonwire.ConsumeSimpleNumber(d.buf[pos:]); n == 0 || d.needMore(pos+n) { + return d.consumeNumber(pos) + } + case '{': + return d.consumeObject(flags, pos, depth) + case '[': + return d.consumeArray(flags, pos, depth) + default: + if (d.Tokens.Last.isObject() && next == ']') || (d.Tokens.Last.isArray() && next == '}') { + return pos, errMismatchDelim + } + return pos, jsonwire.NewInvalidCharacterError(d.buf[pos:], "at start of value") + } + if err == io.ErrUnexpectedEOF { + absPos := d.baseOffset + int64(pos) + err = d.fetch() // will mutate d.buf and invalidate pos + pos = int(absPos - d.baseOffset) + if err != nil { + return pos + n, err + } + continue + } + return pos + n, err + } +} + +// consumeLiteral consumes a single JSON literal starting at d.buf[pos:]. +// It returns the new position in d.buf immediately after the literal. +func (d *decoderState) consumeLiteral(pos int, lit string) (newPos int, err error) { + for { + n, err := jsonwire.ConsumeLiteral(d.buf[pos:], lit) + if err == io.ErrUnexpectedEOF { + absPos := d.baseOffset + int64(pos) + err = d.fetch() // will mutate d.buf and invalidate pos + pos = int(absPos - d.baseOffset) + if err != nil { + return pos + n, err + } + continue + } + return pos + n, err + } +} + +// consumeString consumes a single JSON string starting at d.buf[pos:]. +// It returns the new position in d.buf immediately after the string. +func (d *decoderState) consumeString(flags *jsonwire.ValueFlags, pos int) (newPos int, err error) { + var n int + for { + n, err = jsonwire.ConsumeStringResumable(flags, d.buf[pos:], n, !d.Flags.Get(jsonflags.AllowInvalidUTF8)) + if err == io.ErrUnexpectedEOF { + absPos := d.baseOffset + int64(pos) + err = d.fetch() // will mutate d.buf and invalidate pos + pos = int(absPos - d.baseOffset) + if err != nil { + return pos + n, err + } + continue + } + return pos + n, err + } +} + +// consumeNumber consumes a single JSON number starting at d.buf[pos:]. +// It returns the new position in d.buf immediately after the number. +func (d *decoderState) consumeNumber(pos int) (newPos int, err error) { + var n int + var state jsonwire.ConsumeNumberState + for { + n, state, err = jsonwire.ConsumeNumberResumable(d.buf[pos:], n, state) + // NOTE: Since JSON numbers are not self-terminating, + // we need to make sure that the next byte is not part of a number. + if err == io.ErrUnexpectedEOF || d.needMore(pos+n) { + mayTerminate := err == nil + absPos := d.baseOffset + int64(pos) + err = d.fetch() // will mutate d.buf and invalidate pos + pos = int(absPos - d.baseOffset) + if err != nil { + if mayTerminate && err == io.ErrUnexpectedEOF { + return pos + n, nil + } + return pos, err + } + continue + } + return pos + n, err + } +} + +// consumeObject consumes a single JSON object starting at d.buf[pos:]. +// It returns the new position in d.buf immediately after the object. +func (d *decoderState) consumeObject(flags *jsonwire.ValueFlags, pos, depth int) (newPos int, err error) { + var n int + var names *objectNamespace + if !d.Flags.Get(jsonflags.AllowDuplicateNames) { + d.Namespaces.push() + defer d.Namespaces.pop() + names = d.Namespaces.Last() + } + + // Handle before start. + if uint(pos) >= uint(len(d.buf)) || d.buf[pos] != '{' { + panic("BUG: consumeObject must be called with a buffer that starts with '{'") + } else if depth == maxNestingDepth+1 { + return pos, errMaxDepth + } + pos++ + + // Handle after start. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + return pos, err + } + } + if d.buf[pos] == '}' { + pos++ + return pos, nil + } + + depth++ + for { + // Handle before name. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + return pos, err + } + } + var flags2 jsonwire.ValueFlags + if n = jsonwire.ConsumeSimpleString(d.buf[pos:]); n == 0 { + oldAbsPos := d.baseOffset + int64(pos) + pos, err = d.consumeString(&flags2, pos) + newAbsPos := d.baseOffset + int64(pos) + n = int(newAbsPos - oldAbsPos) + flags.Join(flags2) + if err != nil { + return pos, err + } + } else { + pos += n + } + quotedName := d.buf[pos-n : pos] + if !d.Flags.Get(jsonflags.AllowDuplicateNames) && !names.insertQuoted(quotedName, flags2.IsVerbatim()) { + return pos - n, wrapWithObjectName(ErrDuplicateName, quotedName) + } + + // Handle after name. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + return pos, wrapWithObjectName(err, quotedName) + } + } + if d.buf[pos] != ':' { + err := jsonwire.NewInvalidCharacterError(d.buf[pos:], "after object name (expecting ':')") + return pos, wrapWithObjectName(err, quotedName) + } + pos++ + + // Handle before value. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + return pos, wrapWithObjectName(err, quotedName) + } + } + pos, err = d.consumeValue(flags, pos, depth) + if err != nil { + return pos, wrapWithObjectName(err, quotedName) + } + + // Handle after value. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + return pos, err + } + } + switch d.buf[pos] { + case ',': + pos++ + continue + case '}': + pos++ + return pos, nil + default: + return pos, jsonwire.NewInvalidCharacterError(d.buf[pos:], "after object value (expecting ',' or '}')") + } + } +} + +// consumeArray consumes a single JSON array starting at d.buf[pos:]. +// It returns the new position in d.buf immediately after the array. +func (d *decoderState) consumeArray(flags *jsonwire.ValueFlags, pos, depth int) (newPos int, err error) { + // Handle before start. + if uint(pos) >= uint(len(d.buf)) || d.buf[pos] != '[' { + panic("BUG: consumeArray must be called with a buffer that starts with '['") + } else if depth == maxNestingDepth+1 { + return pos, errMaxDepth + } + pos++ + + // Handle after start. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + return pos, err + } + } + if d.buf[pos] == ']' { + pos++ + return pos, nil + } + + var idx int64 + depth++ + for { + // Handle before value. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + return pos, err + } + } + pos, err = d.consumeValue(flags, pos, depth) + if err != nil { + return pos, wrapWithArrayIndex(err, idx) + } + + // Handle after value. + pos += jsonwire.ConsumeWhitespace(d.buf[pos:]) + if d.needMore(pos) { + if pos, err = d.consumeWhitespace(pos); err != nil { + return pos, err + } + } + switch d.buf[pos] { + case ',': + pos++ + idx++ + continue + case ']': + pos++ + return pos, nil + default: + return pos, jsonwire.NewInvalidCharacterError(d.buf[pos:], "after array element (expecting ',' or ']')") + } + } +} + +// InputOffset returns the current input byte offset. It gives the location +// of the next byte immediately after the most recently returned token or value. +// The number of bytes actually read from the underlying [io.Reader] may be more +// than this offset due to internal buffering effects. +func (d *Decoder) InputOffset() int64 { + return d.s.previousOffsetEnd() +} + +// UnreadBuffer returns the data remaining in the unread buffer, +// which may contain zero or more bytes. +// The returned buffer must not be mutated while Decoder continues to be used. +// The buffer contents are valid until the next Peek, Read, or Skip call. +func (d *Decoder) UnreadBuffer() []byte { + return d.s.unreadBuffer() +} + +// StackDepth returns the depth of the state machine for read JSON data. +// Each level on the stack represents a nested JSON object or array. +// It is incremented whenever an [BeginObject] or [BeginArray] token is encountered +// and decremented whenever an [EndObject] or [EndArray] token is encountered. +// The depth is zero-indexed, where zero represents the top-level JSON value. +func (d *Decoder) StackDepth() int { + // NOTE: Keep in sync with Encoder.StackDepth. + return d.s.Tokens.Depth() - 1 +} + +// StackIndex returns information about the specified stack level. +// It must be a number between 0 and [Decoder.StackDepth], inclusive. +// For each level, it reports the kind: +// +// - 0 for a level of zero, +// - '{' for a level representing a JSON object, and +// - '[' for a level representing a JSON array. +// +// It also reports the length of that JSON object or array. +// Each name and value in a JSON object is counted separately, +// so the effective number of members would be half the length. +// A complete JSON object must have an even length. +func (d *Decoder) StackIndex(i int) (Kind, int64) { + // NOTE: Keep in sync with Encoder.StackIndex. + switch s := d.s.Tokens.index(i); { + case i > 0 && s.isObject(): + return '{', s.Length() + case i > 0 && s.isArray(): + return '[', s.Length() + default: + return 0, s.Length() + } +} + +// StackPointer returns a JSON Pointer (RFC 6901) to the most recently read value. +func (d *Decoder) StackPointer() Pointer { + return Pointer(d.s.AppendStackPointer(nil, -1)) +} + +func (d *decoderState) AppendStackPointer(b []byte, where int) []byte { + d.Names.copyQuotedBuffer(d.buf) + return d.state.appendStackPointer(b, where) +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/doc.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/doc.go new file mode 100644 index 000000000..22081df05 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/doc.go @@ -0,0 +1,111 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +// Package jsontext implements syntactic processing of JSON +// as specified in RFC 4627, RFC 7159, RFC 7493, RFC 8259, and RFC 8785. +// JSON is a simple data interchange format that can represent +// primitive data types such as booleans, strings, and numbers, +// in addition to structured data types such as objects and arrays. +// +// The [Encoder] and [Decoder] types are used to encode or decode +// a stream of JSON tokens or values. +// +// # Tokens and Values +// +// A JSON token refers to the basic structural elements of JSON: +// +// - a JSON literal (i.e., null, true, or false) +// - a JSON string (e.g., "hello, world!") +// - a JSON number (e.g., 123.456) +// - a begin or end delimiter for a JSON object (i.e., '{' or '}') +// - a begin or end delimiter for a JSON array (i.e., '[' or ']') +// +// A JSON token is represented by the [Token] type in Go. Technically, +// there are two additional structural characters (i.e., ':' and ','), +// but there is no [Token] representation for them since their presence +// can be inferred by the structure of the JSON grammar itself. +// For example, there must always be an implicit colon between +// the name and value of a JSON object member. +// +// A JSON value refers to a complete unit of JSON data: +// +// - a JSON literal, string, or number +// - a JSON object (e.g., `{"name":"value"}`) +// - a JSON array (e.g., `[1,2,3,]`) +// +// A JSON value is represented by the [Value] type in Go and is a []byte +// containing the raw textual representation of the value. There is some overlap +// between tokens and values as both contain literals, strings, and numbers. +// However, only a value can represent the entirety of a JSON object or array. +// +// The [Encoder] and [Decoder] types contain methods to read or write the next +// [Token] or [Value] in a sequence. They maintain a state machine to validate +// whether the sequence of JSON tokens and/or values produces a valid JSON. +// [Options] may be passed to the [NewEncoder] or [NewDecoder] constructors +// to configure the syntactic behavior of encoding and decoding. +// +// # Terminology +// +// The terms "encode" and "decode" are used for syntactic functionality +// that is concerned with processing JSON based on its grammar, and +// the terms "marshal" and "unmarshal" are used for semantic functionality +// that determines the meaning of JSON values as Go values and vice-versa. +// This package (i.e., [jsontext]) deals with JSON at a syntactic layer, +// while [encoding/json/v2] deals with JSON at a semantic layer. +// The goal is to provide a clear distinction between functionality that +// is purely concerned with encoding versus that of marshaling. +// For example, one can directly encode a stream of JSON tokens without +// needing to marshal a concrete Go value representing them. +// Similarly, one can decode a stream of JSON tokens without +// needing to unmarshal them into a concrete Go value. +// +// This package uses JSON terminology when discussing JSON, which may differ +// from related concepts in Go or elsewhere in computing literature. +// +// - a JSON "object" refers to an unordered collection of name/value members. +// - a JSON "array" refers to an ordered sequence of elements. +// - a JSON "value" refers to either a literal (i.e., null, false, or true), +// string, number, object, or array. +// +// See RFC 8259 for more information. +// +// # Specifications +// +// Relevant specifications include RFC 4627, RFC 7159, RFC 7493, RFC 8259, +// and RFC 8785. Each RFC is generally a stricter subset of another RFC. +// In increasing order of strictness: +// +// - RFC 4627 and RFC 7159 do not require (but recommend) the use of UTF-8 +// and also do not require (but recommend) that object names be unique. +// - RFC 8259 requires the use of UTF-8, +// but does not require (but recommends) that object names be unique. +// - RFC 7493 requires the use of UTF-8 +// and also requires that object names be unique. +// - RFC 8785 defines a canonical representation. It requires the use of UTF-8 +// and also requires that object names be unique and in a specific ordering. +// It specifies exactly how strings and numbers must be formatted. +// +// The primary difference between RFC 4627 and RFC 7159 is that the former +// restricted top-level values to only JSON objects and arrays, while +// RFC 7159 and subsequent RFCs permit top-level values to additionally be +// JSON nulls, booleans, strings, or numbers. +// +// By default, this package operates on RFC 7493, but can be configured +// to operate according to the other RFC specifications. +// RFC 7493 is a stricter subset of RFC 8259 and fully compliant with it. +// In particular, it makes specific choices about behavior that RFC 8259 +// leaves as undefined in order to ensure greater interoperability. +// +// # Security Considerations +// +// See the "Security Considerations" section in [encoding/json/v2]. +package jsontext + +// requireKeyedLiterals can be embedded in a struct to require keyed literals. +type requireKeyedLiterals struct{} + +// nonComparable can be embedded in a struct to prevent comparability. +type nonComparable [0]func() diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/encode.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/encode.go new file mode 100644 index 000000000..c2e88045a --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/encode.go @@ -0,0 +1,977 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsontext + +import ( + "bytes" + "io" + "math/bits" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" +) + +// Encoder is a streaming encoder from raw JSON tokens and values. +// It is used to write a stream of top-level JSON values, +// each terminated with a newline character. +// +// [Encoder.WriteToken] and [Encoder.WriteValue] calls may be interleaved. +// For example, the following JSON value: +// +// {"name":"value","array":[null,false,true,3.14159],"object":{"k":"v"}} +// +// can be composed with the following calls (ignoring errors for brevity): +// +// e.WriteToken(BeginObject) // { +// e.WriteToken(String("name")) // "name" +// e.WriteToken(String("value")) // "value" +// e.WriteValue(Value(`"array"`)) // "array" +// e.WriteToken(BeginArray) // [ +// e.WriteToken(Null) // null +// e.WriteToken(False) // false +// e.WriteValue(Value("true")) // true +// e.WriteToken(Float(3.14159)) // 3.14159 +// e.WriteToken(EndArray) // ] +// e.WriteValue(Value(`"object"`)) // "object" +// e.WriteValue(Value(`{"k":"v"}`)) // {"k":"v"} +// e.WriteToken(EndObject) // } +// +// The above is one of many possible sequence of calls and +// may not represent the most sensible method to call for any given token/value. +// For example, it is probably more common to call [Encoder.WriteToken] with a string +// for object names. +type Encoder struct { + s encoderState +} + +// encoderState is the low-level state of Encoder. +// It has exported fields and method for use by the "json" package. +type encoderState struct { + state + encodeBuffer + jsonopts.Struct + + SeenPointers map[any]struct{} // only used when marshaling; identical to json.seenPointers +} + +// encodeBuffer is a buffer split into 2 segments: +// +// - buf[0:len(buf)] // written (but unflushed) portion of the buffer +// - buf[len(buf):cap(buf)] // unused portion of the buffer +type encodeBuffer struct { + Buf []byte // may alias wr if it is a bytes.Buffer + + // baseOffset is added to len(buf) to obtain the absolute offset + // relative to the start of io.Writer stream. + baseOffset int64 + + wr io.Writer + + // maxValue is the approximate maximum Value size passed to WriteValue. + maxValue int + // availBuffer is the buffer returned by the AvailableBuffer method. + availBuffer []byte // always has zero length + // bufStats is statistics about buffer utilization. + // It is only used with pooled encoders in pools.go. + bufStats bufferStatistics +} + +// NewEncoder constructs a new streaming encoder writing to w +// configured with the provided options. +// It flushes the internal buffer when the buffer is sufficiently full or +// when a top-level value has been written. +// +// If w is a [bytes.Buffer], then the encoder appends directly into the buffer +// without copying the contents from an intermediate buffer. +func NewEncoder(w io.Writer, opts ...Options) *Encoder { + e := new(Encoder) + e.Reset(w, opts...) + return e +} + +// Reset resets an encoder such that it is writing afresh to w and +// configured with the provided options. Reset must not be called on +// a Encoder passed to the [encoding/json/v2.MarshalerTo.MarshalJSONTo] method +// or the [encoding/json/v2.MarshalToFunc] function. +func (e *Encoder) Reset(w io.Writer, opts ...Options) { + switch { + case e == nil: + panic("jsontext: invalid nil Encoder") + case w == nil: + panic("jsontext: invalid nil io.Writer") + case e.s.Flags.Get(jsonflags.WithinArshalCall): + panic("jsontext: cannot reset Encoder passed to json.MarshalerTo") + } + // Reuse the buffer if it does not alias a previous [bytes.Buffer]. + b := e.s.Buf[:0] + if _, ok := e.s.wr.(*bytes.Buffer); ok { + b = nil + } + e.s.reset(b, w, opts...) +} + +func (e *encoderState) reset(b []byte, w io.Writer, opts ...Options) { + e.state.reset() + e.encodeBuffer = encodeBuffer{Buf: b, wr: w, availBuffer: e.availBuffer, bufStats: e.bufStats} + if bb, ok := w.(*bytes.Buffer); ok && bb != nil { + e.Buf = bb.AvailableBuffer() // alias the unused buffer of bb + } + opts2 := jsonopts.Struct{} // avoid mutating e.Struct in case it is part of opts + opts2.Join(opts...) + e.Struct = opts2 + if e.Flags.Get(jsonflags.Multiline) { + if !e.Flags.Has(jsonflags.SpaceAfterColon) { + e.Flags.Set(jsonflags.SpaceAfterColon | 1) + } + if !e.Flags.Has(jsonflags.SpaceAfterComma) { + e.Flags.Set(jsonflags.SpaceAfterComma | 0) + } + if !e.Flags.Has(jsonflags.Indent) { + e.Flags.Set(jsonflags.Indent | 1) + e.Indent = "\t" + } + } +} + +// Options returns the options used to construct the decoder and +// may additionally contain semantic options passed to a +// [encoding/json/v2.MarshalEncode] call. +// +// If operating within +// a [encoding/json/v2.MarshalerTo.MarshalJSONTo] method call or +// a [encoding/json/v2.MarshalToFunc] function call, +// then the returned options are only valid within the call. +func (e *Encoder) Options() Options { + return &e.s.Struct +} + +// NeedFlush determines whether to flush at this point. +func (e *encoderState) NeedFlush() bool { + // NOTE: This function is carefully written to be inlinable. + + // Avoid flushing if e.wr is nil since there is no underlying writer. + // Flush if less than 25% of the capacity remains. + // Flushing at some constant fraction ensures that the buffer stops growing + // so long as the largest Token or Value fits within that unused capacity. + return e.wr != nil && (e.Tokens.Depth() == 1 || len(e.Buf) > 3*cap(e.Buf)/4) +} + +// Flush flushes the buffer to the underlying io.Writer. +// It may append a trailing newline after the top-level value. +func (e *encoderState) Flush() error { + if e.wr == nil || e.avoidFlush() { + return nil + } + + // In streaming mode, always emit a newline after the top-level value. + if e.Tokens.Depth() == 1 && !e.Flags.Get(jsonflags.OmitTopLevelNewline) { + e.Buf = append(e.Buf, '\n') + } + + // Inform objectNameStack that we are about to flush the buffer content. + e.Names.copyQuotedBuffer(e.Buf) + + // Specialize bytes.Buffer for better performance. + if bb, ok := e.wr.(*bytes.Buffer); ok { + // If e.buf already aliases the internal buffer of bb, + // then the Write call simply increments the internal offset, + // otherwise Write operates as expected. + // See https://go.dev/issue/42986. + n, _ := bb.Write(e.Buf) // never fails unless bb is nil + e.baseOffset += int64(n) + + // If the internal buffer of bytes.Buffer is too small, + // append operations elsewhere in the Encoder may grow the buffer. + // This would be semantically correct, but hurts performance. + // As such, ensure 25% of the current length is always available + // to reduce the probability that other appends must allocate. + if avail := bb.Available(); avail < bb.Len()/4 { + bb.Grow(avail + 1) + } + + e.Buf = bb.AvailableBuffer() + return nil + } + + // Flush the internal buffer to the underlying io.Writer. + n, err := e.wr.Write(e.Buf) + e.baseOffset += int64(n) + if err != nil { + // In the event of an error, preserve the unflushed portion. + // Thus, write errors aren't fatal so long as the io.Writer + // maintains consistent state after errors. + if n > 0 { + e.Buf = e.Buf[:copy(e.Buf, e.Buf[n:])] + } + return &ioError{action: "write", err: err} + } + e.Buf = e.Buf[:0] + + // Check whether to grow the buffer. + // Note that cap(e.buf) may already exceed maxBufferSize since + // an append elsewhere already grew it to store a large token. + const maxBufferSize = 4 << 10 + const growthSizeFactor = 2 // higher value is faster + const growthRateFactor = 2 // higher value is slower + // By default, grow if below the maximum buffer size. + grow := cap(e.Buf) <= maxBufferSize/growthSizeFactor + // Growing can be expensive, so only grow + // if a sufficient number of bytes have been processed. + grow = grow && int64(cap(e.Buf)) < e.previousOffsetEnd()/growthRateFactor + if grow { + e.Buf = make([]byte, 0, cap(e.Buf)*growthSizeFactor) + } + + return nil +} +func (d *encodeBuffer) offsetAt(pos int) int64 { return d.baseOffset + int64(pos) } +func (e *encodeBuffer) previousOffsetEnd() int64 { return e.baseOffset + int64(len(e.Buf)) } +func (e *encodeBuffer) unflushedBuffer() []byte { return e.Buf } + +// avoidFlush indicates whether to avoid flushing to ensure there is always +// enough in the buffer to unwrite the last object member if it were empty. +func (e *encoderState) avoidFlush() bool { + switch { + case e.Tokens.Last.Length() == 0: + // Never flush after BeginObject or BeginArray since we don't know yet + // if the object or array will end up being empty. + return true + case e.Tokens.Last.needObjectValue(): + // Never flush before the object value since we don't know yet + // if the object value will end up being empty. + return true + case e.Tokens.Last.NeedObjectName() && len(e.Buf) >= 2: + // Never flush after the object value if it does turn out to be empty. + switch string(e.Buf[len(e.Buf)-2:]) { + case `ll`, `""`, `{}`, `[]`: // last two bytes of every empty value + return true + } + } + return false +} + +// UnwriteEmptyObjectMember unwrites the last object member if it is empty +// and reports whether it performed an unwrite operation. +func (e *encoderState) UnwriteEmptyObjectMember(prevName *string) bool { + if last := e.Tokens.Last; !last.isObject() || !last.NeedObjectName() || last.Length() == 0 { + panic("BUG: must be called on an object after writing a value") + } + + // The flushing logic is modified to never flush a trailing empty value. + // The encoder never writes trailing whitespace eagerly. + b := e.unflushedBuffer() + + // Detect whether the last value was empty. + var n int + if len(b) >= 3 { + switch string(b[len(b)-2:]) { + case "ll": // last two bytes of `null` + n = len(`null`) + case `""`: + // It is possible for a non-empty string to have `""` as a suffix + // if the second to the last quote was escaped. + if b[len(b)-3] == '\\' { + return false // e.g., `"\""` is not empty + } + n = len(`""`) + case `{}`: + n = len(`{}`) + case `[]`: + n = len(`[]`) + } + } + if n == 0 { + return false + } + + // Unwrite the value, whitespace, colon, name, whitespace, and comma. + b = b[:len(b)-n] + b = jsonwire.TrimSuffixWhitespace(b) + b = jsonwire.TrimSuffixByte(b, ':') + b = jsonwire.TrimSuffixString(b) + b = jsonwire.TrimSuffixWhitespace(b) + b = jsonwire.TrimSuffixByte(b, ',') + e.Buf = b // store back truncated unflushed buffer + + // Undo state changes. + e.Tokens.Last.decrement() // for object member value + e.Tokens.Last.decrement() // for object member name + if !e.Flags.Get(jsonflags.AllowDuplicateNames) { + if e.Tokens.Last.isActiveNamespace() { + e.Namespaces.Last().removeLast() + } + } + e.Names.clearLast() + if prevName != nil { + e.Names.copyQuotedBuffer(e.Buf) // required by objectNameStack.replaceLastUnquotedName + e.Names.replaceLastUnquotedName(*prevName) + } + return true +} + +// UnwriteOnlyObjectMemberName unwrites the only object member name +// and returns the unquoted name. +func (e *encoderState) UnwriteOnlyObjectMemberName() string { + if last := e.Tokens.Last; !last.isObject() || last.Length() != 1 { + panic("BUG: must be called on an object after writing first name") + } + + // Unwrite the name and whitespace. + b := jsonwire.TrimSuffixString(e.Buf) + isVerbatim := bytes.IndexByte(e.Buf[len(b):], '\\') < 0 + name := string(jsonwire.UnquoteMayCopy(e.Buf[len(b):], isVerbatim)) + e.Buf = jsonwire.TrimSuffixWhitespace(b) + + // Undo state changes. + e.Tokens.Last.decrement() + if !e.Flags.Get(jsonflags.AllowDuplicateNames) { + if e.Tokens.Last.isActiveNamespace() { + e.Namespaces.Last().removeLast() + } + } + e.Names.clearLast() + return name +} + +// WriteToken writes the next token and advances the internal write offset. +// +// The provided token kind must be consistent with the JSON grammar. +// For example, it is an error to provide a number when the encoder +// is expecting an object name (which is always a string), or +// to provide an end object delimiter when the encoder is finishing an array. +// If the provided token is invalid, then it reports a [SyntacticError] and +// the internal state remains unchanged. The offset reported +// in [SyntacticError] will be relative to the [Encoder.OutputOffset]. +func (e *Encoder) WriteToken(t Token) error { + return e.s.WriteToken(t) +} +func (e *encoderState) WriteToken(t Token) error { + k := t.Kind() + b := e.Buf // use local variable to avoid mutating e in case of error + + // Append any delimiters or optional whitespace. + b = e.Tokens.MayAppendDelim(b, k) + if e.Flags.Get(jsonflags.AnyWhitespace) { + b = e.appendWhitespace(b, k) + } + pos := len(b) // offset before the token + + // Append the token to the output and to the state machine. + var err error + switch k { + case 'n': + b = append(b, "null"...) + err = e.Tokens.appendLiteral() + case 'f': + b = append(b, "false"...) + err = e.Tokens.appendLiteral() + case 't': + b = append(b, "true"...) + err = e.Tokens.appendLiteral() + case '"': + if b, err = t.appendString(b, &e.Flags); err != nil { + break + } + if e.Tokens.Last.NeedObjectName() { + if !e.Flags.Get(jsonflags.AllowDuplicateNames) { + if !e.Tokens.Last.isValidNamespace() { + err = errInvalidNamespace + break + } + if e.Tokens.Last.isActiveNamespace() && !e.Namespaces.Last().insertQuoted(b[pos:], false) { + err = wrapWithObjectName(ErrDuplicateName, b[pos:]) + break + } + } + e.Names.ReplaceLastQuotedOffset(pos) // only replace if insertQuoted succeeds + } + err = e.Tokens.appendString() + case '0': + if b, err = t.appendNumber(b, &e.Flags); err != nil { + break + } + err = e.Tokens.appendNumber() + case '{': + b = append(b, '{') + if err = e.Tokens.pushObject(); err != nil { + break + } + e.Names.push() + if !e.Flags.Get(jsonflags.AllowDuplicateNames) { + e.Namespaces.push() + } + case '}': + b = append(b, '}') + if err = e.Tokens.popObject(); err != nil { + break + } + e.Names.pop() + if !e.Flags.Get(jsonflags.AllowDuplicateNames) { + e.Namespaces.pop() + } + case '[': + b = append(b, '[') + err = e.Tokens.pushArray() + case ']': + b = append(b, ']') + err = e.Tokens.popArray() + default: + err = errInvalidToken + } + if err != nil { + return wrapSyntacticError(e, err, pos, +1) + } + + // Finish off the buffer and store it back into e. + e.Buf = b + if e.NeedFlush() { + return e.Flush() + } + return nil +} + +// AppendRaw appends either a raw string (without double quotes) or number. +// Specify safeASCII if the string output is guaranteed to be ASCII +// without any characters (including '<', '>', and '&') that need escaping, +// otherwise this will validate whether the string needs escaping. +// The appended bytes for a JSON number must be valid. +// +// This is a specialized implementation of Encoder.WriteValue +// that allows appending directly into the buffer. +// It is only called from marshal logic in the "json" package. +func (e *encoderState) AppendRaw(k Kind, safeASCII bool, appendFn func([]byte) ([]byte, error)) error { + b := e.Buf // use local variable to avoid mutating e in case of error + + // Append any delimiters or optional whitespace. + b = e.Tokens.MayAppendDelim(b, k) + if e.Flags.Get(jsonflags.AnyWhitespace) { + b = e.appendWhitespace(b, k) + } + pos := len(b) // offset before the token + + var err error + switch k { + case '"': + // Append directly into the encoder buffer by assuming that + // most of the time none of the characters need escaping. + b = append(b, '"') + if b, err = appendFn(b); err != nil { + return err + } + b = append(b, '"') + + // Check whether we need to escape the string and if necessary + // copy it to a scratch buffer and then escape it back. + isVerbatim := safeASCII || !jsonwire.NeedEscape(b[pos+len(`"`):len(b)-len(`"`)]) + if !isVerbatim { + var err error + b2 := append(e.availBuffer, b[pos+len(`"`):len(b)-len(`"`)]...) + b, err = jsonwire.AppendQuote(b[:pos], string(b2), &e.Flags) + e.availBuffer = b2[:0] + if err != nil { + return wrapSyntacticError(e, err, pos, +1) + } + } + + // Update the state machine. + if e.Tokens.Last.NeedObjectName() { + if !e.Flags.Get(jsonflags.AllowDuplicateNames) { + if !e.Tokens.Last.isValidNamespace() { + return wrapSyntacticError(e, err, pos, +1) + } + if e.Tokens.Last.isActiveNamespace() && !e.Namespaces.Last().insertQuoted(b[pos:], isVerbatim) { + err = wrapWithObjectName(ErrDuplicateName, b[pos:]) + return wrapSyntacticError(e, err, pos, +1) + } + } + e.Names.ReplaceLastQuotedOffset(pos) // only replace if insertQuoted succeeds + } + if err := e.Tokens.appendString(); err != nil { + return wrapSyntacticError(e, err, pos, +1) + } + case '0': + if b, err = appendFn(b); err != nil { + return err + } + if err := e.Tokens.appendNumber(); err != nil { + return wrapSyntacticError(e, err, pos, +1) + } + default: + panic("BUG: invalid kind") + } + + // Finish off the buffer and store it back into e. + e.Buf = b + if e.NeedFlush() { + return e.Flush() + } + return nil +} + +// WriteValue writes the next raw value and advances the internal write offset. +// The Encoder does not simply copy the provided value verbatim, but +// parses it to ensure that it is syntactically valid and reformats it +// according to how the Encoder is configured to format whitespace and strings. +// If [AllowInvalidUTF8] is specified, then any invalid UTF-8 is mangled +// as the Unicode replacement character, U+FFFD. +// +// The provided value kind must be consistent with the JSON grammar +// (see examples on [Encoder.WriteToken]). If the provided value is invalid, +// then it reports a [SyntacticError] and the internal state remains unchanged. +// The offset reported in [SyntacticError] will be relative to the +// [Encoder.OutputOffset] plus the offset into v of any encountered syntax error. +func (e *Encoder) WriteValue(v Value) error { + return e.s.WriteValue(v) +} +func (e *encoderState) WriteValue(v Value) error { + e.maxValue |= len(v) // bitwise OR is a fast approximation of max + + k := v.Kind() + b := e.Buf // use local variable to avoid mutating e in case of error + + // Append any delimiters or optional whitespace. + b = e.Tokens.MayAppendDelim(b, k) + if e.Flags.Get(jsonflags.AnyWhitespace) { + b = e.appendWhitespace(b, k) + } + pos := len(b) // offset before the value + + // Append the value the output. + var n int + n += jsonwire.ConsumeWhitespace(v[n:]) + b, m, err := e.reformatValue(b, v[n:], e.Tokens.Depth()) + if err != nil { + return wrapSyntacticError(e, err, pos+n+m, +1) + } + n += m + n += jsonwire.ConsumeWhitespace(v[n:]) + if len(v) > n { + err = jsonwire.NewInvalidCharacterError(v[n:], "after top-level value") + return wrapSyntacticError(e, err, pos+n, 0) + } + + // Append the kind to the state machine. + switch k { + case 'n', 'f', 't': + err = e.Tokens.appendLiteral() + case '"': + if e.Tokens.Last.NeedObjectName() { + if !e.Flags.Get(jsonflags.AllowDuplicateNames) { + if !e.Tokens.Last.isValidNamespace() { + err = errInvalidNamespace + break + } + if e.Tokens.Last.isActiveNamespace() && !e.Namespaces.Last().insertQuoted(b[pos:], false) { + err = wrapWithObjectName(ErrDuplicateName, b[pos:]) + break + } + } + e.Names.ReplaceLastQuotedOffset(pos) // only replace if insertQuoted succeeds + } + err = e.Tokens.appendString() + case '0': + err = e.Tokens.appendNumber() + case '{': + if err = e.Tokens.pushObject(); err != nil { + break + } + if err = e.Tokens.popObject(); err != nil { + panic("BUG: popObject should never fail immediately after pushObject: " + err.Error()) + } + if e.Flags.Get(jsonflags.ReorderRawObjects) { + mustReorderObjects(b[pos:]) + } + case '[': + if err = e.Tokens.pushArray(); err != nil { + break + } + if err = e.Tokens.popArray(); err != nil { + panic("BUG: popArray should never fail immediately after pushArray: " + err.Error()) + } + if e.Flags.Get(jsonflags.ReorderRawObjects) { + mustReorderObjects(b[pos:]) + } + } + if err != nil { + return wrapSyntacticError(e, err, pos, +1) + } + + // Finish off the buffer and store it back into e. + e.Buf = b + if e.NeedFlush() { + return e.Flush() + } + return nil +} + +// CountNextDelimWhitespace counts the number of bytes of delimiter and +// whitespace bytes assuming the upcoming token is a JSON value. +// This method is used for error reporting at the semantic layer. +func (e *encoderState) CountNextDelimWhitespace() (n int) { + const next = Kind('"') // arbitrary kind as next JSON value + delim := e.Tokens.needDelim(next) + if delim > 0 { + n += len(",") | len(":") + } + if delim == ':' { + if e.Flags.Get(jsonflags.SpaceAfterColon) { + n += len(" ") + } + } else { + if delim == ',' && e.Flags.Get(jsonflags.SpaceAfterComma) { + n += len(" ") + } + if e.Flags.Get(jsonflags.Multiline) { + if m := e.Tokens.NeedIndent(next); m > 0 { + n += len("\n") + len(e.IndentPrefix) + (m-1)*len(e.Indent) + } + } + } + return n +} + +// appendWhitespace appends whitespace that immediately precedes the next token. +func (e *encoderState) appendWhitespace(b []byte, next Kind) []byte { + if delim := e.Tokens.needDelim(next); delim == ':' { + if e.Flags.Get(jsonflags.SpaceAfterColon) { + b = append(b, ' ') + } + } else { + if delim == ',' && e.Flags.Get(jsonflags.SpaceAfterComma) { + b = append(b, ' ') + } + if e.Flags.Get(jsonflags.Multiline) { + b = e.AppendIndent(b, e.Tokens.NeedIndent(next)) + } + } + return b +} + +// AppendIndent appends the appropriate number of indentation characters +// for the current nested level, n. +func (e *encoderState) AppendIndent(b []byte, n int) []byte { + if n == 0 { + return b + } + b = append(b, '\n') + b = append(b, e.IndentPrefix...) + for ; n > 1; n-- { + b = append(b, e.Indent...) + } + return b +} + +// reformatValue parses a JSON value from the start of src and +// appends it to the end of dst, reformatting whitespace and strings as needed. +// It returns the extended dst buffer and the number of consumed input bytes. +func (e *encoderState) reformatValue(dst []byte, src Value, depth int) ([]byte, int, error) { + // TODO: Should this update ValueFlags as input? + if len(src) == 0 { + return dst, 0, io.ErrUnexpectedEOF + } + switch k := Kind(src[0]).normalize(); k { + case 'n': + if jsonwire.ConsumeNull(src) == 0 { + n, err := jsonwire.ConsumeLiteral(src, "null") + return dst, n, err + } + return append(dst, "null"...), len("null"), nil + case 'f': + if jsonwire.ConsumeFalse(src) == 0 { + n, err := jsonwire.ConsumeLiteral(src, "false") + return dst, n, err + } + return append(dst, "false"...), len("false"), nil + case 't': + if jsonwire.ConsumeTrue(src) == 0 { + n, err := jsonwire.ConsumeLiteral(src, "true") + return dst, n, err + } + return append(dst, "true"...), len("true"), nil + case '"': + if n := jsonwire.ConsumeSimpleString(src); n > 0 { + dst = append(dst, src[:n]...) // copy simple strings verbatim + return dst, n, nil + } + return jsonwire.ReformatString(dst, src, &e.Flags) + case '0': + if n := jsonwire.ConsumeSimpleNumber(src); n > 0 && !e.Flags.Get(jsonflags.CanonicalizeNumbers) { + dst = append(dst, src[:n]...) // copy simple numbers verbatim + return dst, n, nil + } + return jsonwire.ReformatNumber(dst, src, &e.Flags) + case '{': + return e.reformatObject(dst, src, depth) + case '[': + return e.reformatArray(dst, src, depth) + default: + return dst, 0, jsonwire.NewInvalidCharacterError(src, "at start of value") + } +} + +// reformatObject parses a JSON object from the start of src and +// appends it to the end of src, reformatting whitespace and strings as needed. +// It returns the extended dst buffer and the number of consumed input bytes. +func (e *encoderState) reformatObject(dst []byte, src Value, depth int) ([]byte, int, error) { + // Append object begin. + if len(src) == 0 || src[0] != '{' { + panic("BUG: reformatObject must be called with a buffer that starts with '{'") + } else if depth == maxNestingDepth+1 { + return dst, 0, errMaxDepth + } + dst = append(dst, '{') + n := len("{") + + // Append (possible) object end. + n += jsonwire.ConsumeWhitespace(src[n:]) + if uint(len(src)) <= uint(n) { + return dst, n, io.ErrUnexpectedEOF + } + if src[n] == '}' { + dst = append(dst, '}') + n += len("}") + return dst, n, nil + } + + var err error + var names *objectNamespace + if !e.Flags.Get(jsonflags.AllowDuplicateNames) { + e.Namespaces.push() + defer e.Namespaces.pop() + names = e.Namespaces.Last() + } + depth++ + for { + // Append optional newline and indentation. + if e.Flags.Get(jsonflags.Multiline) { + dst = e.AppendIndent(dst, depth) + } + + // Append object name. + n += jsonwire.ConsumeWhitespace(src[n:]) + if uint(len(src)) <= uint(n) { + return dst, n, io.ErrUnexpectedEOF + } + m := jsonwire.ConsumeSimpleString(src[n:]) + isVerbatim := m > 0 + if isVerbatim { + dst = append(dst, src[n:n+m]...) + } else { + dst, m, err = jsonwire.ReformatString(dst, src[n:], &e.Flags) + if err != nil { + return dst, n + m, err + } + } + quotedName := src[n : n+m] + if !e.Flags.Get(jsonflags.AllowDuplicateNames) && !names.insertQuoted(quotedName, isVerbatim) { + return dst, n, wrapWithObjectName(ErrDuplicateName, quotedName) + } + n += m + + // Append colon. + n += jsonwire.ConsumeWhitespace(src[n:]) + if uint(len(src)) <= uint(n) { + return dst, n, wrapWithObjectName(io.ErrUnexpectedEOF, quotedName) + } + if src[n] != ':' { + err = jsonwire.NewInvalidCharacterError(src[n:], "after object name (expecting ':')") + return dst, n, wrapWithObjectName(err, quotedName) + } + dst = append(dst, ':') + n += len(":") + if e.Flags.Get(jsonflags.SpaceAfterColon) { + dst = append(dst, ' ') + } + + // Append object value. + n += jsonwire.ConsumeWhitespace(src[n:]) + if uint(len(src)) <= uint(n) { + return dst, n, wrapWithObjectName(io.ErrUnexpectedEOF, quotedName) + } + dst, m, err = e.reformatValue(dst, src[n:], depth) + if err != nil { + return dst, n + m, wrapWithObjectName(err, quotedName) + } + n += m + + // Append comma or object end. + n += jsonwire.ConsumeWhitespace(src[n:]) + if uint(len(src)) <= uint(n) { + return dst, n, io.ErrUnexpectedEOF + } + switch src[n] { + case ',': + dst = append(dst, ',') + if e.Flags.Get(jsonflags.SpaceAfterComma) { + dst = append(dst, ' ') + } + n += len(",") + continue + case '}': + if e.Flags.Get(jsonflags.Multiline) { + dst = e.AppendIndent(dst, depth-1) + } + dst = append(dst, '}') + n += len("}") + return dst, n, nil + default: + return dst, n, jsonwire.NewInvalidCharacterError(src[n:], "after object value (expecting ',' or '}')") + } + } +} + +// reformatArray parses a JSON array from the start of src and +// appends it to the end of dst, reformatting whitespace and strings as needed. +// It returns the extended dst buffer and the number of consumed input bytes. +func (e *encoderState) reformatArray(dst []byte, src Value, depth int) ([]byte, int, error) { + // Append array begin. + if len(src) == 0 || src[0] != '[' { + panic("BUG: reformatArray must be called with a buffer that starts with '['") + } else if depth == maxNestingDepth+1 { + return dst, 0, errMaxDepth + } + dst = append(dst, '[') + n := len("[") + + // Append (possible) array end. + n += jsonwire.ConsumeWhitespace(src[n:]) + if uint(len(src)) <= uint(n) { + return dst, n, io.ErrUnexpectedEOF + } + if src[n] == ']' { + dst = append(dst, ']') + n += len("]") + return dst, n, nil + } + + var idx int64 + var err error + depth++ + for { + // Append optional newline and indentation. + if e.Flags.Get(jsonflags.Multiline) { + dst = e.AppendIndent(dst, depth) + } + + // Append array value. + n += jsonwire.ConsumeWhitespace(src[n:]) + if uint(len(src)) <= uint(n) { + return dst, n, io.ErrUnexpectedEOF + } + var m int + dst, m, err = e.reformatValue(dst, src[n:], depth) + if err != nil { + return dst, n + m, wrapWithArrayIndex(err, idx) + } + n += m + + // Append comma or array end. + n += jsonwire.ConsumeWhitespace(src[n:]) + if uint(len(src)) <= uint(n) { + return dst, n, io.ErrUnexpectedEOF + } + switch src[n] { + case ',': + dst = append(dst, ',') + if e.Flags.Get(jsonflags.SpaceAfterComma) { + dst = append(dst, ' ') + } + n += len(",") + idx++ + continue + case ']': + if e.Flags.Get(jsonflags.Multiline) { + dst = e.AppendIndent(dst, depth-1) + } + dst = append(dst, ']') + n += len("]") + return dst, n, nil + default: + return dst, n, jsonwire.NewInvalidCharacterError(src[n:], "after array value (expecting ',' or ']')") + } + } +} + +// OutputOffset returns the current output byte offset. It gives the location +// of the next byte immediately after the most recently written token or value. +// The number of bytes actually written to the underlying [io.Writer] may be less +// than this offset due to internal buffering effects. +func (e *Encoder) OutputOffset() int64 { + return e.s.previousOffsetEnd() +} + +// AvailableBuffer returns a zero-length buffer with a possible non-zero capacity. +// This buffer is intended to be used to populate a [Value] +// being passed to an immediately succeeding [Encoder.WriteValue] call. +// +// Example usage: +// +// b := d.AvailableBuffer() +// b = append(b, '"') +// b = appendString(b, v) // append the string formatting of v +// b = append(b, '"') +// ... := d.WriteValue(b) +// +// It is the user's responsibility to ensure that the value is valid JSON. +func (e *Encoder) AvailableBuffer() []byte { + // NOTE: We don't return e.buf[len(e.buf):cap(e.buf)] since WriteValue would + // need to take special care to avoid mangling the data while reformatting. + // WriteValue can't easily identify whether the input Value aliases e.buf + // without using unsafe.Pointer. Thus, we just return a different buffer. + // Should this ever alias e.buf, we need to consider how it operates with + // the specialized performance optimization for bytes.Buffer. + n := 1 << bits.Len(uint(e.s.maxValue|63)) // fast approximation for max length + if cap(e.s.availBuffer) < n { + e.s.availBuffer = make([]byte, 0, n) + } + return e.s.availBuffer +} + +// StackDepth returns the depth of the state machine for written JSON data. +// Each level on the stack represents a nested JSON object or array. +// It is incremented whenever an [BeginObject] or [BeginArray] token is encountered +// and decremented whenever an [EndObject] or [EndArray] token is encountered. +// The depth is zero-indexed, where zero represents the top-level JSON value. +func (e *Encoder) StackDepth() int { + // NOTE: Keep in sync with Decoder.StackDepth. + return e.s.Tokens.Depth() - 1 +} + +// StackIndex returns information about the specified stack level. +// It must be a number between 0 and [Encoder.StackDepth], inclusive. +// For each level, it reports the kind: +// +// - 0 for a level of zero, +// - '{' for a level representing a JSON object, and +// - '[' for a level representing a JSON array. +// +// It also reports the length of that JSON object or array. +// Each name and value in a JSON object is counted separately, +// so the effective number of members would be half the length. +// A complete JSON object must have an even length. +func (e *Encoder) StackIndex(i int) (Kind, int64) { + // NOTE: Keep in sync with Decoder.StackIndex. + switch s := e.s.Tokens.index(i); { + case i > 0 && s.isObject(): + return '{', s.Length() + case i > 0 && s.isArray(): + return '[', s.Length() + default: + return 0, s.Length() + } +} + +// StackPointer returns a JSON Pointer (RFC 6901) to the most recently written value. +func (e *Encoder) StackPointer() Pointer { + return Pointer(e.s.AppendStackPointer(nil, -1)) +} + +func (e *encoderState) AppendStackPointer(b []byte, where int) []byte { + e.Names.copyQuotedBuffer(e.Buf) + return e.state.appendStackPointer(b, where) +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/errors.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/errors.go new file mode 100644 index 000000000..3c53151b3 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/errors.go @@ -0,0 +1,182 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsontext + +import ( + "bytes" + "io" + "strconv" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" +) + +const errorPrefix = "jsontext: " + +type ioError struct { + action string // either "read" or "write" + err error +} + +func (e *ioError) Error() string { + return errorPrefix + e.action + " error: " + e.err.Error() +} +func (e *ioError) Unwrap() error { + return e.err +} + +// SyntacticError is a description of a syntactic error that occurred when +// encoding or decoding JSON according to the grammar. +// +// The contents of this error as produced by this package may change over time. +type SyntacticError struct { + requireKeyedLiterals + nonComparable + + // ByteOffset indicates that an error occurred after this byte offset. + ByteOffset int64 + // JSONPointer indicates that an error occurred within this JSON value + // as indicated using the JSON Pointer notation (see RFC 6901). + JSONPointer Pointer + + // Err is the underlying error. + Err error +} + +// wrapSyntacticError wraps an error and annotates it with a precise location +// using the provided [encoderState] or [decoderState]. +// If err is an [ioError] or [io.EOF], then it is not wrapped. +// +// It takes a relative offset pos that can be resolved into +// an absolute offset using state.offsetAt. +// +// It takes a where that specify how the JSON pointer is derived. +// If the underlying error is a [pointerSuffixError], +// then the suffix is appended to the derived pointer. +func wrapSyntacticError(state interface { + offsetAt(pos int) int64 + AppendStackPointer(b []byte, where int) []byte +}, err error, pos, where int) error { + if _, ok := err.(*ioError); err == io.EOF || ok { + return err + } + offset := state.offsetAt(pos) + ptr := state.AppendStackPointer(nil, where) + if serr, ok := err.(*pointerSuffixError); ok { + ptr = serr.appendPointer(ptr) + err = serr.error + } + if d, ok := state.(*decoderState); ok && err == errMismatchDelim { + where := "at start of value" + if len(d.Tokens.Stack) > 0 && d.Tokens.Last.Length() > 0 { + switch { + case d.Tokens.Last.isArray(): + where = "after array element (expecting ',' or ']')" + ptr = []byte(Pointer(ptr).Parent()) // problem is with parent array + case d.Tokens.Last.isObject(): + where = "after object value (expecting ',' or '}')" + ptr = []byte(Pointer(ptr).Parent()) // problem is with parent object + } + } + err = jsonwire.NewInvalidCharacterError(d.buf[pos:], where) + } + return &SyntacticError{ByteOffset: offset, JSONPointer: Pointer(ptr), Err: err} +} + +func (e *SyntacticError) Error() string { + pointer := e.JSONPointer + offset := e.ByteOffset + b := []byte(errorPrefix) + if e.Err != nil { + b = append(b, e.Err.Error()...) + if e.Err == ErrDuplicateName { + b = strconv.AppendQuote(append(b, ' '), pointer.LastToken()) + pointer = pointer.Parent() + offset = 0 // not useful to print offset for duplicate names + } + } else { + b = append(b, "syntactic error"...) + } + if pointer != "" { + b = strconv.AppendQuote(append(b, " within "...), jsonwire.TruncatePointer(string(pointer), 100)) + } + if offset > 0 { + b = strconv.AppendInt(append(b, " after offset "...), offset, 10) + } + return string(b) +} + +func (e *SyntacticError) Unwrap() error { + return e.Err +} + +// pointerSuffixError represents a JSON pointer suffix to be appended +// to [SyntacticError.JSONPointer]. It is an internal error type +// used within this package and does not appear in the public API. +// +// This type is primarily used to annotate errors in Encoder.WriteValue +// and Decoder.ReadValue with precise positions. +// At the time WriteValue or ReadValue is called, a JSON pointer to the +// upcoming value can be constructed using the Encoder/Decoder state. +// However, tracking pointers within values during normal operation +// would incur a performance penalty in the error-free case. +// +// To provide precise error locations without this overhead, +// the error is wrapped with object names or array indices +// as the call stack is popped when an error occurs. +// Since this happens in reverse order, pointerSuffixError holds +// the pointer in reverse and is only later reversed when appending to +// the pointer prefix. +// +// For example, if the encoder is at "/alpha/bravo/charlie" +// and an error occurs in WriteValue at "/xray/yankee/zulu", then +// the final pointer should be "/alpha/bravo/charlie/xray/yankee/zulu". +// +// As pointerSuffixError is populated during the error return path, +// it first contains "/zulu", then "/zulu/yankee", +// and finally "/zulu/yankee/xray". +// These tokens are reversed and concatenated to "/alpha/bravo/charlie" +// to form the full pointer. +type pointerSuffixError struct { + error + + // reversePointer is a JSON pointer, but with each token in reverse order. + reversePointer []byte +} + +// wrapWithObjectName wraps err with a JSON object name access, +// which must be a valid quoted JSON string. +func wrapWithObjectName(err error, quotedName []byte) error { + serr, _ := err.(*pointerSuffixError) + if serr == nil { + serr = &pointerSuffixError{error: err} + } + name := jsonwire.UnquoteMayCopy(quotedName, false) + serr.reversePointer = appendEscapePointerName(append(serr.reversePointer, '/'), name) + return serr +} + +// wrapWithArrayIndex wraps err with a JSON array index access. +func wrapWithArrayIndex(err error, index int64) error { + serr, _ := err.(*pointerSuffixError) + if serr == nil { + serr = &pointerSuffixError{error: err} + } + serr.reversePointer = strconv.AppendUint(append(serr.reversePointer, '/'), uint64(index), 10) + return serr +} + +// appendPointer appends the path encoded in e to the end of pointer. +func (e *pointerSuffixError) appendPointer(pointer []byte) []byte { + // Copy each token in reversePointer to the end of pointer in reverse order. + // Double reversal means that the appended suffix is now in forward order. + bi, bo := e.reversePointer, pointer + for len(bi) > 0 { + i := bytes.LastIndexByte(bi, '/') + bi, bo = bi[:i], append(bo, bi[i:]...) + } + return bo +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/export.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/export.go new file mode 100644 index 000000000..0d6dc58c0 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/export.go @@ -0,0 +1,77 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsontext + +import ( + "io" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal" +) + +// Internal is for internal use only. +// This is exempt from the Go compatibility agreement. +var Internal exporter + +type exporter struct{} + +// Export exposes internal functionality from "jsontext" to "json". +// This cannot be dynamically called by other packages since +// they cannot obtain a reference to the internal.AllowInternalUse value. +func (exporter) Export(p *internal.NotForPublicUse) export { + if p != &internal.AllowInternalUse { + panic("unauthorized call to Export") + } + return export{} +} + +// The export type exposes functionality to packages with visibility to +// the internal.AllowInternalUse variable. The "json" package uses this +// to modify low-level state in the Encoder and Decoder types. +// It mutates the state directly instead of calling ReadToken or WriteToken +// since this is more performant. The public APIs need to track state to ensure +// that users are constructing a valid JSON value, but the "json" implementation +// guarantees that it emits valid JSON by the structure of the code itself. +type export struct{} + +// Encoder returns a pointer to the underlying encoderState. +func (export) Encoder(e *Encoder) *encoderState { return &e.s } + +// Decoder returns a pointer to the underlying decoderState. +func (export) Decoder(d *Decoder) *decoderState { return &d.s } + +func (export) GetBufferedEncoder(o ...Options) *Encoder { + return getBufferedEncoder(o...) +} +func (export) PutBufferedEncoder(e *Encoder) { + putBufferedEncoder(e) +} + +func (export) GetStreamingEncoder(w io.Writer, o ...Options) *Encoder { + return getStreamingEncoder(w, o...) +} +func (export) PutStreamingEncoder(e *Encoder) { + putStreamingEncoder(e) +} + +func (export) GetBufferedDecoder(b []byte, o ...Options) *Decoder { + return getBufferedDecoder(b, o...) +} +func (export) PutBufferedDecoder(d *Decoder) { + putBufferedDecoder(d) +} + +func (export) GetStreamingDecoder(r io.Reader, o ...Options) *Decoder { + return getStreamingDecoder(r, o...) +} +func (export) PutStreamingDecoder(d *Decoder) { + putStreamingDecoder(d) +} + +func (export) IsIOError(err error) bool { + _, ok := err.(*ioError) + return ok +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/options.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/options.go new file mode 100644 index 000000000..d22d0635d --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/options.go @@ -0,0 +1,304 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsontext + +import ( + "strings" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" +) + +// Options configures [NewEncoder], [Encoder.Reset], [NewDecoder], +// and [Decoder.Reset] with specific features. +// Each function takes in a variadic list of options, where properties +// set in latter options override the value of previously set properties. +// +// There is a single Options type, which is used with both encoding and decoding. +// Some options affect both operations, while others only affect one operation: +// +// - [AllowDuplicateNames] affects encoding and decoding +// - [AllowInvalidUTF8] affects encoding and decoding +// - [EscapeForHTML] affects encoding only +// - [EscapeForJS] affects encoding only +// - [PreserveRawStrings] affects encoding only +// - [CanonicalizeRawInts] affects encoding only +// - [CanonicalizeRawFloats] affects encoding only +// - [ReorderRawObjects] affects encoding only +// - [SpaceAfterColon] affects encoding only +// - [SpaceAfterComma] affects encoding only +// - [Multiline] affects encoding only +// - [WithIndent] affects encoding only +// - [WithIndentPrefix] affects encoding only +// +// Options that do not affect a particular operation are ignored. +// +// The Options type is identical to [encoding/json.Options] and +// [encoding/json/v2.Options]. Options from the other packages may +// be passed to functionality in this package, but are ignored. +// Options from this package may be used with the other packages. +type Options = jsonopts.Options + +// AllowDuplicateNames specifies that JSON objects may contain +// duplicate member names. Disabling the duplicate name check may provide +// performance benefits, but breaks compliance with RFC 7493, section 2.3. +// The input or output will still be compliant with RFC 8259, +// which leaves the handling of duplicate names as unspecified behavior. +// +// This affects either encoding or decoding. +func AllowDuplicateNames(v bool) Options { + if v { + return jsonflags.AllowDuplicateNames | 1 + } else { + return jsonflags.AllowDuplicateNames | 0 + } +} + +// AllowInvalidUTF8 specifies that JSON strings may contain invalid UTF-8, +// which will be mangled as the Unicode replacement character, U+FFFD. +// This causes the encoder or decoder to break compliance with +// RFC 7493, section 2.1, and RFC 8259, section 8.1. +// +// This affects either encoding or decoding. +func AllowInvalidUTF8(v bool) Options { + if v { + return jsonflags.AllowInvalidUTF8 | 1 + } else { + return jsonflags.AllowInvalidUTF8 | 0 + } +} + +// EscapeForHTML specifies that '<', '>', and '&' characters within JSON strings +// should be escaped as a hexadecimal Unicode codepoint (e.g., \u003c) so that +// the output is safe to embed within HTML. +// +// This only affects encoding and is ignored when decoding. +func EscapeForHTML(v bool) Options { + if v { + return jsonflags.EscapeForHTML | 1 + } else { + return jsonflags.EscapeForHTML | 0 + } +} + +// EscapeForJS specifies that U+2028 and U+2029 characters within JSON strings +// should be escaped as a hexadecimal Unicode codepoint (e.g., \u2028) so that +// the output is valid to embed within JavaScript. See RFC 8259, section 12. +// +// This only affects encoding and is ignored when decoding. +func EscapeForJS(v bool) Options { + if v { + return jsonflags.EscapeForJS | 1 + } else { + return jsonflags.EscapeForJS | 0 + } +} + +// PreserveRawStrings specifies that when encoding a raw JSON string in a +// [Token] or [Value], pre-escaped sequences +// in a JSON string are preserved to the output. +// However, raw strings still respect [EscapeForHTML] and [EscapeForJS] +// such that the relevant characters are escaped. +// If [AllowInvalidUTF8] is enabled, bytes of invalid UTF-8 +// are preserved to the output. +// +// This only affects encoding and is ignored when decoding. +func PreserveRawStrings(v bool) Options { + if v { + return jsonflags.PreserveRawStrings | 1 + } else { + return jsonflags.PreserveRawStrings | 0 + } +} + +// CanonicalizeRawInts specifies that when encoding a raw JSON +// integer number (i.e., a number without a fraction and exponent) in a +// [Token] or [Value], the number is canonicalized +// according to RFC 8785, section 3.2.2.3. As a special case, +// the number -0 is canonicalized as 0. +// +// JSON numbers are treated as IEEE 754 double precision numbers. +// Any numbers with precision beyond what is representable by that form +// will lose their precision when canonicalized. For example, +// integer values beyond ±2⁵³ will lose their precision. +// For example, 1234567890123456789 is formatted as 1234567890123456800. +// +// This only affects encoding and is ignored when decoding. +func CanonicalizeRawInts(v bool) Options { + if v { + return jsonflags.CanonicalizeRawInts | 1 + } else { + return jsonflags.CanonicalizeRawInts | 0 + } +} + +// CanonicalizeRawFloats specifies that when encoding a raw JSON +// floating-point number (i.e., a number with a fraction or exponent) in a +// [Token] or [Value], the number is canonicalized +// according to RFC 8785, section 3.2.2.3. As a special case, +// the number -0 is canonicalized as 0. +// +// JSON numbers are treated as IEEE 754 double precision numbers. +// It is safe to canonicalize a serialized single precision number and +// parse it back as a single precision number and expect the same value. +// If a number exceeds ±1.7976931348623157e+308, which is the maximum +// finite number, then it saturated at that value and formatted as such. +// +// This only affects encoding and is ignored when decoding. +func CanonicalizeRawFloats(v bool) Options { + if v { + return jsonflags.CanonicalizeRawFloats | 1 + } else { + return jsonflags.CanonicalizeRawFloats | 0 + } +} + +// ReorderRawObjects specifies that when encoding a raw JSON object in a +// [Value], the object members are reordered according to +// RFC 8785, section 3.2.3. +// +// This only affects encoding and is ignored when decoding. +func ReorderRawObjects(v bool) Options { + if v { + return jsonflags.ReorderRawObjects | 1 + } else { + return jsonflags.ReorderRawObjects | 0 + } +} + +// SpaceAfterColon specifies that the JSON output should emit a space character +// after each colon separator following a JSON object name. +// If false, then no space character appears after the colon separator. +// +// This only affects encoding and is ignored when decoding. +func SpaceAfterColon(v bool) Options { + if v { + return jsonflags.SpaceAfterColon | 1 + } else { + return jsonflags.SpaceAfterColon | 0 + } +} + +// SpaceAfterComma specifies that the JSON output should emit a space character +// after each comma separator following a JSON object value or array element. +// If false, then no space character appears after the comma separator. +// +// This only affects encoding and is ignored when decoding. +func SpaceAfterComma(v bool) Options { + if v { + return jsonflags.SpaceAfterComma | 1 + } else { + return jsonflags.SpaceAfterComma | 0 + } +} + +// Multiline specifies that the JSON output should expand to multiple lines, +// where every JSON object member or JSON array element appears on +// a new, indented line according to the nesting depth. +// +// If [SpaceAfterColon] is not specified, then the default is true. +// If [SpaceAfterComma] is not specified, then the default is false. +// If [WithIndent] is not specified, then the default is "\t". +// +// If set to false, then the output is a single-line, +// where the only whitespace emitted is determined by the current +// values of [SpaceAfterColon] and [SpaceAfterComma]. +// +// This only affects encoding and is ignored when decoding. +func Multiline(v bool) Options { + if v { + return jsonflags.Multiline | 1 + } else { + return jsonflags.Multiline | 0 + } +} + +// WithIndent specifies that the encoder should emit multiline output +// where each element in a JSON object or array begins on a new, indented line +// beginning with the indent prefix (see [WithIndentPrefix]) +// followed by one or more copies of indent according to the nesting depth. +// The indent must only be composed of space or tab characters. +// +// If the intent to emit indented output without a preference for +// the particular indent string, then use [Multiline] instead. +// +// This only affects encoding and is ignored when decoding. +// Use of this option implies [Multiline] being set to true. +func WithIndent(indent string) Options { + // Fast-path: Return a constant for common indents, which avoids allocating. + // These are derived from analyzing the Go module proxy on 2023-07-01. + switch indent { + case "\t": + return jsonopts.Indent("\t") // ~14k usages + case " ": + return jsonopts.Indent(" ") // ~18k usages + case " ": + return jsonopts.Indent(" ") // ~1.7k usages + case " ": + return jsonopts.Indent(" ") // ~52k usages + case " ": + return jsonopts.Indent(" ") // ~12k usages + case "": + return jsonopts.Indent("") // ~1.5k usages + } + + // Otherwise, allocate for this unique value. + if s := strings.Trim(indent, " \t"); len(s) > 0 { + panic("json: invalid character " + jsonwire.QuoteRune(s) + " in indent") + } + return jsonopts.Indent(indent) +} + +// WithIndentPrefix specifies that the encoder should emit multiline output +// where each element in a JSON object or array begins on a new, indented line +// beginning with the indent prefix followed by one or more copies of indent +// (see [WithIndent]) according to the nesting depth. +// The prefix must only be composed of space or tab characters. +// +// This only affects encoding and is ignored when decoding. +// Use of this option implies [Multiline] being set to true. +func WithIndentPrefix(prefix string) Options { + if s := strings.Trim(prefix, " \t"); len(s) > 0 { + panic("json: invalid character " + jsonwire.QuoteRune(s) + " in indent prefix") + } + return jsonopts.IndentPrefix(prefix) +} + +/* +// TODO(https://go.dev/issue/56733): Implement WithByteLimit and WithDepthLimit. +// Remember to also update the "Security Considerations" section. + +// WithByteLimit sets a limit on the number of bytes of input or output bytes +// that may be consumed or produced for each top-level JSON value. +// If a [Decoder] or [Encoder] method call would need to consume/produce +// more than a total of n bytes to make progress on the top-level JSON value, +// then the call will report an error. +// Whitespace before and within the top-level value are counted against the limit. +// Whitespace after a top-level value are counted against the limit +// for the next top-level value. +// +// A non-positive limit is equivalent to no limit at all. +// If unspecified, the default limit is no limit at all. +// This affects either encoding or decoding. +func WithByteLimit(n int64) Options { + return jsonopts.ByteLimit(max(n, 0)) +} + +// WithDepthLimit sets a limit on the maximum depth of JSON nesting +// that may be consumed or produced for each top-level JSON value. +// If a [Decoder] or [Encoder] method call would need to consume or produce +// a depth greater than n to make progress on the top-level JSON value, +// then the call will report an error. +// +// A non-positive limit is equivalent to no limit at all. +// If unspecified, the default limit is 10000. +// This affects either encoding or decoding. +func WithDepthLimit(n int) Options { + return jsonopts.DepthLimit(max(n, 0)) +} +*/ diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/pools.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/pools.go similarity index 64% rename from vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/pools.go rename to vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/pools.go index 60e93270f..cf59d99b9 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/pools.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/pools.go @@ -2,13 +2,14 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package json +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsontext import ( "bytes" "io" "math/bits" - "sort" "sync" ) @@ -40,16 +41,16 @@ type bufferStatistics struct { prevLen int // length of previous buffer } -func getBufferedEncoder(o EncodeOptions) *Encoder { +func getBufferedEncoder(opts ...Options) *Encoder { e := bufferedEncoderPool.Get().(*Encoder) - if e.buf == nil { + if e.s.Buf == nil { // Round up to nearest 2ⁿ to make best use of malloc size classes. // See runtime/sizeclasses.go on Go1.15. // Logical OR with 63 to ensure 64 as the minimum buffer size. - n := 1 << bits.Len(uint(e.bufStats.prevLen|63)) - e.buf = make([]byte, 0, n) + n := 1 << bits.Len(uint(e.s.bufStats.prevLen|63)) + e.s.Buf = make([]byte, 0, n) } - e.reset(e.buf[:0], nil, o) + e.s.reset(e.s.Buf[:0], nil, opts...) return e } func putBufferedEncoder(e *Encoder) { @@ -68,37 +69,37 @@ func putBufferedEncoder(e *Encoder) { // // See https://go.dev/issue/27735. switch { - case cap(e.buf) <= 4<<10: // always recycle buffers smaller than 4KiB - e.bufStats.strikes = 0 - case cap(e.buf)/4 <= len(e.buf): // at least 25% utilization - e.bufStats.strikes = 0 - case e.bufStats.strikes < 4: // at most 4 strikes - e.bufStats.strikes++ + case cap(e.s.Buf) <= 4<<10: // always recycle buffers smaller than 4KiB + e.s.bufStats.strikes = 0 + case cap(e.s.Buf)/4 <= len(e.s.Buf): // at least 25% utilization + e.s.bufStats.strikes = 0 + case e.s.bufStats.strikes < 4: // at most 4 strikes + e.s.bufStats.strikes++ default: // discard the buffer; too large and too often under-utilized - e.bufStats.strikes = 0 - e.bufStats.prevLen = len(e.buf) // heuristic for size to allocate next time - e.buf = nil + e.s.bufStats.strikes = 0 + e.s.bufStats.prevLen = len(e.s.Buf) // heuristic for size to allocate next time + e.s.Buf = nil } bufferedEncoderPool.Put(e) } -func getStreamingEncoder(w io.Writer, o EncodeOptions) *Encoder { +func getStreamingEncoder(w io.Writer, opts ...Options) *Encoder { if _, ok := w.(*bytes.Buffer); ok { e := bytesBufferEncoderPool.Get().(*Encoder) - e.reset(nil, w, o) // buffer taken from bytes.Buffer + e.s.reset(nil, w, opts...) // buffer taken from bytes.Buffer return e } else { e := streamingEncoderPool.Get().(*Encoder) - e.reset(e.buf[:0], w, o) // preserve existing buffer + e.s.reset(e.s.Buf[:0], w, opts...) // preserve existing buffer return e } } func putStreamingEncoder(e *Encoder) { - if _, ok := e.wr.(*bytes.Buffer); ok { + if _, ok := e.s.wr.(*bytes.Buffer); ok { bytesBufferEncoderPool.Put(e) } else { - if cap(e.buf) > 64<<10 { - e.buf = nil // avoid pinning arbitrarily large amounts of memory + if cap(e.s.Buf) > 64<<10 { + e.s.Buf = nil // avoid pinning arbitrarily large amounts of memory } streamingEncoderPool.Put(e) } @@ -119,64 +120,33 @@ var ( bytesBufferDecoderPool = bufferedDecoderPool ) -func getBufferedDecoder(b []byte, o DecodeOptions) *Decoder { +func getBufferedDecoder(b []byte, opts ...Options) *Decoder { d := bufferedDecoderPool.Get().(*Decoder) - d.reset(b, nil, o) + d.s.reset(b, nil, opts...) return d } func putBufferedDecoder(d *Decoder) { bufferedDecoderPool.Put(d) } -func getStreamingDecoder(r io.Reader, o DecodeOptions) *Decoder { +func getStreamingDecoder(r io.Reader, opts ...Options) *Decoder { if _, ok := r.(*bytes.Buffer); ok { d := bytesBufferDecoderPool.Get().(*Decoder) - d.reset(nil, r, o) // buffer taken from bytes.Buffer + d.s.reset(nil, r, opts...) // buffer taken from bytes.Buffer return d } else { d := streamingDecoderPool.Get().(*Decoder) - d.reset(d.buf[:0], r, o) // preserve existing buffer + d.s.reset(d.s.buf[:0], r, opts...) // preserve existing buffer return d } } func putStreamingDecoder(d *Decoder) { - if _, ok := d.rd.(*bytes.Buffer); ok { + if _, ok := d.s.rd.(*bytes.Buffer); ok { bytesBufferDecoderPool.Put(d) } else { - if cap(d.buf) > 64<<10 { - d.buf = nil // avoid pinning arbitrarily large amounts of memory + if cap(d.s.buf) > 64<<10 { + d.s.buf = nil // avoid pinning arbitrarily large amounts of memory } streamingDecoderPool.Put(d) } } - -var stringsPools = &sync.Pool{New: func() any { return new(stringSlice) }} - -type stringSlice []string - -// getStrings returns a non-nil pointer to a slice with length n. -func getStrings(n int) *stringSlice { - s := stringsPools.Get().(*stringSlice) - if cap(*s) < n { - *s = make([]string, n) - } - *s = (*s)[:n] - return s -} - -func putStrings(s *stringSlice) { - if cap(*s) > 1<<10 { - *s = nil // avoid pinning arbitrarily large amounts of memory - } - stringsPools.Put(s) -} - -// Sort sorts the string slice according to RFC 8785, section 3.2.3. -func (ss *stringSlice) Sort() { - // TODO(https://go.dev/issue/47619): Use slices.SortFunc instead. - sort.Sort(ss) -} - -func (ss *stringSlice) Len() int { return len(*ss) } -func (ss *stringSlice) Less(i, j int) bool { return lessUTF16((*ss)[i], (*ss)[j]) } -func (ss *stringSlice) Swap(i, j int) { (*ss)[i], (*ss)[j] = (*ss)[j], (*ss)[i] } diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/quote.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/quote.go new file mode 100644 index 000000000..a4353be3a --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/quote.go @@ -0,0 +1,41 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsontext + +import ( + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" +) + +// AppendQuote appends a double-quoted JSON string literal representing src +// to dst and returns the extended buffer. +// It uses the minimal string representation per RFC 8785, section 3.2.2.2. +// Invalid UTF-8 bytes are replaced with the Unicode replacement character +// and an error is returned at the end indicating the presence of invalid UTF-8. +// The dst must not overlap with the src. +func AppendQuote[Bytes ~[]byte | ~string](dst []byte, src Bytes) ([]byte, error) { + dst, err := jsonwire.AppendQuote(dst, src, &jsonflags.Flags{}) + if err != nil { + err = &SyntacticError{Err: err} + } + return dst, err +} + +// AppendUnquote appends the decoded interpretation of src as a +// double-quoted JSON string literal to dst and returns the extended buffer. +// The input src must be a JSON string without any surrounding whitespace. +// Invalid UTF-8 bytes are replaced with the Unicode replacement character +// and an error is returned at the end indicating the presence of invalid UTF-8. +// Any trailing bytes after the JSON string literal results in an error. +// The dst must not overlap with the src. +func AppendUnquote[Bytes ~[]byte | ~string](dst []byte, src Bytes) ([]byte, error) { + dst, err := jsonwire.AppendUnquote(dst, src) + if err != nil { + err = &SyntacticError{Err: err} + } + return dst, err +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/state.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/state.go similarity index 63% rename from vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/state.go rename to vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/state.go index ee14c753f..6f1aa8e21 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/state.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/state.go @@ -2,81 +2,216 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package json +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsontext import ( + "errors" + "iter" "math" "strconv" + "strings" + "unicode/utf8" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" ) +// ErrDuplicateName indicates that a JSON token could not be +// encoded or decoded because it results in a duplicate JSON object name. +// This error is directly wrapped within a [SyntacticError] when produced. +// +// The name of a duplicate JSON object member can be extracted as: +// +// err := ... +// var serr jsontext.SyntacticError +// if errors.As(err, &serr) && serr.Err == jsontext.ErrDuplicateName { +// ptr := serr.JSONPointer // JSON pointer to duplicate name +// name := ptr.LastToken() // duplicate name itself +// ... +// } +// +// This error is only returned if [AllowDuplicateNames] is false. +var ErrDuplicateName = errors.New("duplicate object member name") + +// ErrNonStringName indicates that a JSON token could not be +// encoded or decoded because it is not a string, +// as required for JSON object names according to RFC 8259, section 4. +// This error is directly wrapped within a [SyntacticError] when produced. +var ErrNonStringName = errors.New("object member name must be a string") + var ( - errMissingName = &SyntacticError{str: "missing string for object name"} - errMissingColon = &SyntacticError{str: "missing character ':' after object name"} - errMissingValue = &SyntacticError{str: "missing value after object name"} - errMissingComma = &SyntacticError{str: "missing character ',' after object or array value"} - errMismatchDelim = &SyntacticError{str: "mismatching structural token for object or array"} + errMissingValue = errors.New("missing value after object name") + errMismatchDelim = errors.New("mismatching structural token for object or array") + errMaxDepth = errors.New("exceeded max depth") + + errInvalidNamespace = errors.New("object namespace is in an invalid state") ) -const errInvalidNamespace = jsonError("object namespace is in an invalid state") +// Per RFC 8259, section 9, implementations may enforce a maximum depth. +// Such a limit is necessary to prevent stack overflows. +const maxNestingDepth = 10000 type state struct { - // tokens validates whether the next token kind is valid. - tokens stateMachine + // Tokens validates whether the next token kind is valid. + Tokens stateMachine - // names is a stack of object names. - // Not used if AllowDuplicateNames is true. - names objectNameStack + // Names is a stack of object names. + Names objectNameStack - // namespaces is a stack of object namespaces. + // Namespaces is a stack of object namespaces. // For performance reasons, Encoder or Decoder may not update this // if Marshal or Unmarshal is able to track names in a more efficient way. // See makeMapArshaler and makeStructArshaler. // Not used if AllowDuplicateNames is true. - namespaces objectNamespaceStack + Namespaces objectNamespaceStack +} + +// needObjectValue reports whether the next token should be an object value. +// This method is used by [wrapSyntacticError]. +func (s *state) needObjectValue() bool { + return s.Tokens.Last.needObjectValue() } func (s *state) reset() { - s.tokens.reset() - s.names.reset() - s.namespaces.reset() + s.Tokens.reset() + s.Names.reset() + s.Namespaces.reset() +} + +// Pointer is a JSON Pointer (RFC 6901) that references a particular JSON value +// relative to the root of the top-level JSON value. +// +// A Pointer is a slash-separated list of tokens, where each token is +// either a JSON object name or an index to a JSON array element +// encoded as a base-10 integer value. +// It is impossible to distinguish between an array index and an object name +// (that happens to be an base-10 encoded integer) without also knowing +// the structure of the top-level JSON value that the pointer refers to. +// +// There is exactly one representation of a pointer to a particular value, +// so comparability of Pointer values is equivalent to checking whether +// they both point to the exact same value. +type Pointer string + +// IsValid reports whether p is a valid JSON Pointer according to RFC 6901. +// Note that the concatenation of two valid pointers produces a valid pointer. +func (p Pointer) IsValid() bool { + for i, r := range p { + switch { + case r == '~' && (i+1 == len(p) || (p[i+1] != '0' && p[i+1] != '1')): + return false // invalid escape + case r == '\ufffd' && !strings.HasPrefix(string(p[i:]), "\ufffd"): + return false // invalid UTF-8 + } + } + return len(p) == 0 || p[0] == '/' +} + +// Contains reports whether the JSON value that p points to +// is equal to or contains the JSON value that pc points to. +func (p Pointer) Contains(pc Pointer) bool { + // Invariant: len(p) <= len(pc) if p.Contains(pc) + suffix, ok := strings.CutPrefix(string(pc), string(p)) + return ok && (suffix == "" || suffix[0] == '/') +} + +// Parent strips off the last token and returns the remaining pointer. +// The parent of an empty p is an empty string. +func (p Pointer) Parent() Pointer { + return p[:max(strings.LastIndexByte(string(p), '/'), 0)] +} + +// LastToken returns the last token in the pointer. +// The last token of an empty p is an empty string. +func (p Pointer) LastToken() string { + last := p[max(strings.LastIndexByte(string(p), '/'), 0):] + return unescapePointerToken(strings.TrimPrefix(string(last), "/")) +} + +// AppendToken appends a token to the end of p and returns the full pointer. +func (p Pointer) AppendToken(tok string) Pointer { + return Pointer(appendEscapePointerName([]byte(p+"/"), tok)) +} + +// TODO: Add Pointer.AppendTokens, +// but should this take in a ...string or an iter.Seq[string]? + +// Tokens returns an iterator over the reference tokens in the JSON pointer, +// starting from the first token until the last token (unless stopped early). +func (p Pointer) Tokens() iter.Seq[string] { + return func(yield func(string) bool) { + for len(p) > 0 { + p = Pointer(strings.TrimPrefix(string(p), "/")) + i := min(uint(strings.IndexByte(string(p), '/')), uint(len(p))) + if !yield(unescapePointerToken(string(p)[:i])) { + return + } + p = p[i:] + } + } +} + +func unescapePointerToken(token string) string { + if strings.Contains(token, "~") { + // Per RFC 6901, section 3, unescape '~' and '/' characters. + token = strings.ReplaceAll(token, "~1", "/") + token = strings.ReplaceAll(token, "~0", "~") + } + return token } // appendStackPointer appends a JSON Pointer (RFC 6901) to the current value. -// The returned pointer is only accurate if s.names is populated, -// otherwise it uses the numeric index as the object member name. +// +// - If where is -1, then it points to the previously processed token. +// +// - If where is 0, then it points to the parent JSON object or array, +// or an object member if in-between an object member key and value. +// This is useful when the position is ambiguous whether +// we are interested in the previous or next token, or +// when we are uncertain whether the next token +// continues or terminates the current object or array. +// +// - If where is +1, then it points to the next expected value, +// assuming that it continues the current JSON object or array. +// As a special case, if the next token is a JSON object name, +// then it points to the parent JSON object. // // Invariant: Must call s.names.copyQuotedBuffer beforehand. -func (s state) appendStackPointer(b []byte) []byte { +func (s state) appendStackPointer(b []byte, where int) []byte { var objectDepth int - for i := 1; i < s.tokens.depth(); i++ { - e := s.tokens.index(i) - if e.length() == 0 { - break // empty object or array + for i := 1; i < s.Tokens.Depth(); i++ { + e := s.Tokens.index(i) + arrayDelta := -1 // by default point to previous array element + if isLast := i == s.Tokens.Depth()-1; isLast { + switch { + case where < 0 && e.Length() == 0 || where == 0 && !e.needObjectValue() || where > 0 && e.NeedObjectName(): + return b + case where > 0 && e.isArray(): + arrayDelta = 0 // point to next array element + } } - b = append(b, '/') switch { case e.isObject(): - if objectDepth < s.names.length() { - for _, c := range s.names.getUnquoted(objectDepth) { - // Per RFC 6901, section 3, escape '~' and '/' characters. - switch c { - case '~': - b = append(b, "~0"...) - case '/': - b = append(b, "~1"...) - default: - b = append(b, c) - } - } - } else { - // Since the names stack is unpopulated, the name is unknown. - // As a best-effort replacement, use the numeric member index. - // While inaccurate, it produces a syntactically valid pointer. - b = strconv.AppendUint(b, uint64((e.length()-1)/2), 10) - } + b = appendEscapePointerName(append(b, '/'), s.Names.getUnquoted(objectDepth)) objectDepth++ case e.isArray(): - b = strconv.AppendUint(b, uint64(e.length()-1), 10) + b = strconv.AppendUint(append(b, '/'), uint64(e.Length()+int64(arrayDelta)), 10) + } + } + return b +} + +func appendEscapePointerName[Bytes ~[]byte | ~string](b []byte, name Bytes) []byte { + for _, r := range string(name) { + // Per RFC 6901, section 3, escape '~' and '/' characters. + switch r { + case '~': + b = append(b, "~0"...) + case '/': + b = append(b, "~1"...) + default: + b = utf8.AppendRune(b, r) } } return b @@ -92,54 +227,54 @@ func (s state) appendStackPointer(b []byte) []byte { // The top-level virtual JSON array is special in that it doesn't require commas // between each JSON value. // -// For performance, most methods are carefully written to be inlineable. +// For performance, most methods are carefully written to be inlinable. // The zero value is a valid state machine ready for use. type stateMachine struct { - stack []stateEntry - last stateEntry + Stack []stateEntry + Last stateEntry } // reset resets the state machine. // The machine always starts with a minimum depth of 1. func (m *stateMachine) reset() { - m.stack = m.stack[:0] - if cap(m.stack) > 1<<10 { - m.stack = nil + m.Stack = m.Stack[:0] + if cap(m.Stack) > 1<<10 { + m.Stack = nil } - m.last = stateTypeArray + m.Last = stateTypeArray } -// depth is the current nested depth of JSON objects and arrays. +// Depth is the current nested depth of JSON objects and arrays. // It is one-indexed (i.e., top-level values have a depth of 1). -func (m stateMachine) depth() int { - return len(m.stack) + 1 +func (m stateMachine) Depth() int { + return len(m.Stack) + 1 } // index returns a reference to the ith entry. // It is only valid until the next push method call. func (m *stateMachine) index(i int) *stateEntry { - if i == len(m.stack) { - return &m.last + if i == len(m.Stack) { + return &m.Last } - return &m.stack[i] + return &m.Stack[i] } -// depthLength reports the current nested depth and +// DepthLength reports the current nested depth and // the length of the last JSON object or array. -func (m stateMachine) depthLength() (int, int) { - return m.depth(), m.last.length() +func (m stateMachine) DepthLength() (int, int64) { + return m.Depth(), m.Last.Length() } // appendLiteral appends a JSON literal as the next token in the sequence. // If an error is returned, the state is not mutated. func (m *stateMachine) appendLiteral() error { switch { - case m.last.needObjectName(): - return errMissingName - case !m.last.isValidNamespace(): + case m.Last.NeedObjectName(): + return ErrNonStringName + case !m.Last.isValidNamespace(): return errInvalidNamespace default: - m.last.increment() + m.Last.Increment() return nil } } @@ -148,10 +283,10 @@ func (m *stateMachine) appendLiteral() error { // If an error is returned, the state is not mutated. func (m *stateMachine) appendString() error { switch { - case !m.last.isValidNamespace(): + case !m.Last.isValidNamespace(): return errInvalidNamespace default: - m.last.increment() + m.Last.Increment() return nil } } @@ -162,18 +297,20 @@ func (m *stateMachine) appendNumber() error { return m.appendLiteral() } -// pushObject appends a JSON start object token as next in the sequence. +// pushObject appends a JSON begin object token as next in the sequence. // If an error is returned, the state is not mutated. func (m *stateMachine) pushObject() error { switch { - case m.last.needObjectName(): - return errMissingName - case !m.last.isValidNamespace(): + case m.Last.NeedObjectName(): + return ErrNonStringName + case !m.Last.isValidNamespace(): return errInvalidNamespace + case len(m.Stack) == maxNestingDepth: + return errMaxDepth default: - m.last.increment() - m.stack = append(m.stack, m.last) - m.last = stateTypeObject + m.Last.Increment() + m.Stack = append(m.Stack, m.Last) + m.Last = stateTypeObject return nil } } @@ -182,31 +319,33 @@ func (m *stateMachine) pushObject() error { // If an error is returned, the state is not mutated. func (m *stateMachine) popObject() error { switch { - case !m.last.isObject(): + case !m.Last.isObject(): return errMismatchDelim - case m.last.needObjectValue(): + case m.Last.needObjectValue(): return errMissingValue - case !m.last.isValidNamespace(): + case !m.Last.isValidNamespace(): return errInvalidNamespace default: - m.last = m.stack[len(m.stack)-1] - m.stack = m.stack[:len(m.stack)-1] + m.Last = m.Stack[len(m.Stack)-1] + m.Stack = m.Stack[:len(m.Stack)-1] return nil } } -// pushArray appends a JSON start array token as next in the sequence. +// pushArray appends a JSON begin array token as next in the sequence. // If an error is returned, the state is not mutated. func (m *stateMachine) pushArray() error { switch { - case m.last.needObjectName(): - return errMissingName - case !m.last.isValidNamespace(): + case m.Last.NeedObjectName(): + return ErrNonStringName + case !m.Last.isValidNamespace(): return errInvalidNamespace + case len(m.Stack) == maxNestingDepth: + return errMaxDepth default: - m.last.increment() - m.stack = append(m.stack, m.last) - m.last = stateTypeArray + m.Last.Increment() + m.Stack = append(m.Stack, m.Last) + m.Last = stateTypeArray return nil } } @@ -215,43 +354,43 @@ func (m *stateMachine) pushArray() error { // If an error is returned, the state is not mutated. func (m *stateMachine) popArray() error { switch { - case !m.last.isArray() || len(m.stack) == 0: // forbid popping top-level virtual JSON array + case !m.Last.isArray() || len(m.Stack) == 0: // forbid popping top-level virtual JSON array return errMismatchDelim - case !m.last.isValidNamespace(): + case !m.Last.isValidNamespace(): return errInvalidNamespace default: - m.last = m.stack[len(m.stack)-1] - m.stack = m.stack[:len(m.stack)-1] + m.Last = m.Stack[len(m.Stack)-1] + m.Stack = m.Stack[:len(m.Stack)-1] return nil } } -// needIndent reports whether indent whitespace should be injected. +// NeedIndent reports whether indent whitespace should be injected. // A zero value means that no whitespace should be injected. // A positive value means '\n', indentPrefix, and (n-1) copies of indentBody // should be appended to the output immediately before the next token. -func (m stateMachine) needIndent(next Kind) (n int) { +func (m stateMachine) NeedIndent(next Kind) (n int) { willEnd := next == '}' || next == ']' switch { - case m.depth() == 1: + case m.Depth() == 1: return 0 // top-level values are never indented - case m.last.length() == 0 && willEnd: + case m.Last.Length() == 0 && willEnd: return 0 // an empty object or array is never indented - case m.last.length() == 0 || m.last.needImplicitComma(next): - return m.depth() + case m.Last.Length() == 0 || m.Last.needImplicitComma(next): + return m.Depth() case willEnd: - return m.depth() - 1 + return m.Depth() - 1 default: return 0 } } -// mayAppendDelim appends a colon or comma that may precede the next token. -func (m stateMachine) mayAppendDelim(b []byte, next Kind) []byte { +// MayAppendDelim appends a colon or comma that may precede the next token. +func (m stateMachine) MayAppendDelim(b []byte, next Kind) []byte { switch { - case m.last.needImplicitColon(): + case m.Last.needImplicitColon(): return append(b, ':') - case m.last.needImplicitComma(next) && len(m.stack) != 0: // comma not needed for top-level values + case m.Last.needImplicitComma(next) && len(m.Stack) != 0: // comma not needed for top-level values return append(b, ',') default: return b @@ -263,39 +402,24 @@ func (m stateMachine) mayAppendDelim(b []byte, next Kind) []byte { // A zero value means no delimiter should be emitted. func (m stateMachine) needDelim(next Kind) (delim byte) { switch { - case m.last.needImplicitColon(): + case m.Last.needImplicitColon(): return ':' - case m.last.needImplicitComma(next) && len(m.stack) != 0: // comma not needed for top-level values + case m.Last.needImplicitComma(next) && len(m.Stack) != 0: // comma not needed for top-level values return ',' default: return 0 } } -// checkDelim reports whether the specified delimiter should be there given -// the kind of the next token that appears immediately afterwards. -func (m stateMachine) checkDelim(delim byte, next Kind) error { - switch needDelim := m.needDelim(next); { - case needDelim == delim: - return nil - case needDelim == ':': - return errMissingColon - case needDelim == ',': - return errMissingComma - default: - return newInvalidCharacterError([]byte{delim}, "before next token") - } -} - -// invalidateDisabledNamespaces marks all disabled namespaces as invalid. +// InvalidateDisabledNamespaces marks all disabled namespaces as invalid. // // For efficiency, Marshal and Unmarshal may disable namespaces since there are // more efficient ways to track duplicate names. However, if an error occurs, // the namespaces in Encoder or Decoder will be left in an inconsistent state. // Mark the namespaces as invalid so that future method calls on // Encoder or Decoder will return an error. -func (m *stateMachine) invalidateDisabledNamespaces() { - for i := 0; i < m.depth(); i++ { +func (m *stateMachine) InvalidateDisabledNamespaces() { + for i := range m.Depth() { e := m.index(i) if !e.isActiveNamespace() { e.invalidateNamespace() @@ -329,10 +453,10 @@ const ( stateCountEven stateEntry = 0x0000_0000_0000_0000 ) -// length reports the number of elements in the JSON object or array. +// Length reports the number of elements in the JSON object or array. // Each name and value in an object entry is treated as a separate element. -func (e stateEntry) length() int { - return int(e & stateCountMask) +func (e stateEntry) Length() int64 { + return int64(e & stateCountMask) } // isObject reports whether this is a JSON object. @@ -345,9 +469,9 @@ func (e stateEntry) isArray() bool { return e&stateTypeMask == stateTypeArray } -// needObjectName reports whether the next token must be a JSON string, +// NeedObjectName reports whether the next token must be a JSON string, // which is necessary for JSON object names. -func (e stateEntry) needObjectName() bool { +func (e stateEntry) NeedObjectName() bool { return e&(stateTypeMask|stateCountLSBMask) == stateTypeObject|stateCountEven } @@ -367,13 +491,13 @@ func (e stateEntry) needObjectValue() bool { // which always occurs after a value in a JSON object or array // before the next value (or name). func (e stateEntry) needImplicitComma(next Kind) bool { - return !e.needObjectValue() && e.length() > 0 && next != '}' && next != ']' + return !e.needObjectValue() && e.Length() > 0 && next != '}' && next != ']' } -// increment increments the number of elements for the current object or array. +// Increment increments the number of elements for the current object or array. // This assumes that overflow won't practically be an issue since // 1< 0 { startOffset = ns.offsets[i-1] } - if n := consumeSimpleString(quotedName); n > 0 { + if n := jsonwire.ConsumeSimpleString(quotedName); n > 0 { ns.unquotedNames = append(ns.unquotedNames[:startOffset], quotedName[len(`"`):n-len(`"`)]...) } else { - ns.unquotedNames, _ = unescapeString(ns.unquotedNames[:startOffset], quotedName) + ns.unquotedNames, _ = jsonwire.AppendUnquote(ns.unquotedNames[:startOffset], quotedName) } ns.offsets[i] = len(ns.unquotedNames) } @@ -565,14 +689,14 @@ func (nss *objectNamespaceStack) reset() { func (nss *objectNamespaceStack) push() { if cap(*nss) > len(*nss) { *nss = (*nss)[:len(*nss)+1] - nss.last().reset() + nss.Last().reset() } else { *nss = append(*nss, objectNamespace{}) } } -// last returns a pointer to the last JSON object namespace. -func (nss objectNamespaceStack) last() *objectNamespace { +// Last returns a pointer to the last JSON object namespace. +func (nss objectNamespaceStack) Last() *objectNamespace { return &nss[len(nss)-1] } @@ -641,13 +765,13 @@ func (ns *objectNamespace) insertQuoted(name []byte, isVerbatim bool) bool { } return ns.insert(name, !isVerbatim) } -func (ns *objectNamespace) insertUnquoted(name []byte) bool { +func (ns *objectNamespace) InsertUnquoted(name []byte) bool { return ns.insert(name, false) } func (ns *objectNamespace) insert(name []byte, quoted bool) bool { var allNames []byte if quoted { - allNames, _ = unescapeString(ns.allUnquotedNames, name) + allNames, _ = jsonwire.AppendUnquote(ns.allUnquotedNames, name) } else { allNames = append(ns.allUnquotedNames, name...) } @@ -702,46 +826,3 @@ func (ns *objectNamespace) removeLast() { ns.allUnquotedNames = ns.allUnquotedNames[:ns.endOffsets[ns.length()-1]] } } - -type uintSet64 uint64 - -func (s uintSet64) has(i uint) bool { return s&(1< 0 } -func (s *uintSet64) set(i uint) { *s |= 1 << i } - -// uintSet is a set of unsigned integers. -// It is optimized for most integers being close to zero. -type uintSet struct { - lo uintSet64 - hi []uintSet64 -} - -// has reports whether i is in the set. -func (s *uintSet) has(i uint) bool { - if i < 64 { - return s.lo.has(i) - } else { - i -= 64 - iHi, iLo := int(i/64), i%64 - return iHi < len(s.hi) && s.hi[iHi].has(iLo) - } -} - -// insert inserts i into the set and reports whether it was the first insertion. -func (s *uintSet) insert(i uint) bool { - // TODO: Make this inlineable at least for the lower 64-bit case. - if i < 64 { - has := s.lo.has(i) - s.lo.set(i) - return !has - } else { - i -= 64 - iHi, iLo := int(i/64), i%64 - if iHi >= len(s.hi) { - s.hi = append(s.hi, make([]uintSet64, iHi+1-len(s.hi))...) - s.hi = s.hi[:cap(s.hi)] - } - has := s.hi[iHi].has(iLo) - s.hi[iHi].set(iLo) - return !has - } -} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/token.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/token.go similarity index 87% rename from vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/token.go rename to vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/token.go index 9acba7dad..3e87c9140 100644 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/token.go +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/token.go @@ -2,11 +2,18 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package json +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsontext import ( + "bytes" + "errors" "math" "strconv" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" ) // NOTE: Token is analogous to v1 json.Token. @@ -17,17 +24,19 @@ const ( maxUint64 = math.MaxUint64 minUint64 = 0 // for consistency and readability purposes - invalidTokenPanic = "invalid json.Token; it has been voided by a subsequent json.Decoder call" + invalidTokenPanic = "invalid jsontext.Token; it has been voided by a subsequent json.Decoder call" ) +var errInvalidToken = errors.New("invalid jsontext.Token") + // Token represents a lexical JSON token, which may be one of the following: // - a JSON literal (i.e., null, true, or false) // - a JSON string (e.g., "hello, world!") // - a JSON number (e.g., 123.456) -// - a start or end delimiter for a JSON object (i.e., { or } ) -// - a start or end delimiter for a JSON array (i.e., [ or ] ) +// - a begin or end delimiter for a JSON object (i.e., { or } ) +// - a begin or end delimiter for a JSON array (i.e., [ or ] ) // -// A Token cannot represent entire array or object values, while a RawValue can. +// A Token cannot represent entire array or object values, while a [Value] can. // There is no Token to represent commas and colons since // these structural tokens can be inferred from the surrounding context. type Token struct { @@ -87,10 +96,10 @@ var ( False Token = rawToken("false") True Token = rawToken("true") - ObjectStart Token = rawToken("{") - ObjectEnd Token = rawToken("}") - ArrayStart Token = rawToken("[") - ArrayEnd Token = rawToken("]") + BeginObject Token = rawToken("{") + EndObject Token = rawToken("}") + BeginArray Token = rawToken("[") + EndArray Token = rawToken("]") zeroString Token = rawToken(`""`) zeroNumber Token = rawToken(`0`) @@ -156,7 +165,7 @@ func Uint(n uint64) Token { } // Clone makes a copy of the Token such that its value remains valid -// even after a subsequent Decoder.Read call. +// even after a subsequent [Decoder.Read] call. func (t Token) Clone() Token { // TODO: Allow caller to avoid any allocations? if raw := t.raw; raw != nil { @@ -169,22 +178,21 @@ func (t Token) Clone() Token { return False case True.raw: return True - case ObjectStart.raw: - return ObjectStart - case ObjectEnd.raw: - return ObjectEnd - case ArrayStart.raw: - return ArrayStart - case ArrayEnd.raw: - return ArrayEnd + case BeginObject.raw: + return BeginObject + case EndObject.raw: + return EndObject + case BeginArray.raw: + return BeginArray + case EndArray.raw: + return EndArray } } if uint64(raw.previousOffsetStart()) != t.num { panic(invalidTokenPanic) } - // TODO(https://go.dev/issue/45038): Use bytes.Clone. - buf := append([]byte(nil), raw.previousBuffer()...) + buf := bytes.Clone(raw.previousBuffer()) return Token{raw: &decodeBuffer{buf: buf, prevStart: 0, prevEnd: len(buf)}} } return t @@ -205,20 +213,20 @@ func (t Token) Bool() bool { // appendString appends a JSON string to dst and returns it. // It panics if t is not a JSON string. -func (t Token) appendString(dst []byte, validateUTF8, preserveRaw bool, escapeRune func(rune) bool) ([]byte, error) { +func (t Token) appendString(dst []byte, flags *jsonflags.Flags) ([]byte, error) { if raw := t.raw; raw != nil { // Handle raw string value. buf := raw.previousBuffer() if Kind(buf[0]) == '"' { - if escapeRune == nil && consumeSimpleString(buf) == len(buf) { + if jsonwire.ConsumeSimpleString(buf) == len(buf) { return append(dst, buf...), nil } - dst, _, err := reformatString(dst, buf, validateUTF8, preserveRaw, escapeRune) + dst, _, err := jsonwire.ReformatString(dst, buf, flags) return dst, err } } else if len(t.str) != 0 && t.num == 0 { // Handle exact string value. - return appendString(dst, t.str, validateUTF8, escapeRune) + return jsonwire.AppendQuote(dst, t.str, flags) } panic("invalid JSON token kind: " + t.Kind().String()) @@ -244,9 +252,9 @@ func (t Token) string() (string, []byte) { } buf := raw.previousBuffer() if buf[0] == '"' { - // TODO: Preserve valueFlags in Token? - isVerbatim := consumeSimpleString(buf) == len(buf) - return "", unescapeStringMayCopy(buf, isVerbatim) + // TODO: Preserve ValueFlags in Token? + isVerbatim := jsonwire.ConsumeSimpleString(buf) == len(buf) + return "", jsonwire.UnquoteMayCopy(buf, isVerbatim) } // Handle tokens that are not JSON strings for fmt.Stringer. return "", buf @@ -258,34 +266,31 @@ func (t Token) string() (string, []byte) { if t.num > 0 { switch t.str[0] { case 'f': - return string(appendNumber(nil, math.Float64frombits(t.num), 64)), nil + return string(jsonwire.AppendFloat(nil, math.Float64frombits(t.num), 64)), nil case 'i': return strconv.FormatInt(int64(t.num), 10), nil case 'u': return strconv.FormatUint(uint64(t.num), 10), nil } } - return "", nil + return "", nil } // appendNumber appends a JSON number to dst and returns it. // It panics if t is not a JSON number. -func (t Token) appendNumber(dst []byte, canonicalize bool) ([]byte, error) { +func (t Token) appendNumber(dst []byte, flags *jsonflags.Flags) ([]byte, error) { if raw := t.raw; raw != nil { // Handle raw number value. buf := raw.previousBuffer() if Kind(buf[0]).normalize() == '0' { - if !canonicalize { - return append(dst, buf...), nil - } - dst, _, err := reformatNumber(dst, buf, canonicalize) + dst, _, err := jsonwire.ReformatNumber(dst, buf, flags) return dst, err } } else if t.num != 0 { // Handle exact number value. switch t.str[0] { case 'f': - return appendNumber(dst, math.Float64frombits(t.num), 64), nil + return jsonwire.AppendFloat(dst, math.Float64frombits(t.num), 64), nil case 'i': return strconv.AppendInt(dst, int64(t.num), 10), nil case 'u': @@ -308,7 +313,7 @@ func (t Token) Float() float64 { } buf := raw.previousBuffer() if Kind(buf[0]).normalize() == '0' { - fv, _ := parseFloat(buf, 64) + fv, _ := jsonwire.ParseFloat(buf, 64) return fv } } else if t.num != 0 { @@ -354,7 +359,7 @@ func (t Token) Int() int64 { if len(buf) > 0 && buf[0] == '-' { neg, buf = true, buf[1:] } - if numAbs, ok := parseDecUint(buf); ok { + if numAbs, ok := jsonwire.ParseUint(buf); ok { if neg { if numAbs > -minInt64 { return minInt64 @@ -415,7 +420,7 @@ func (t Token) Uint() uint64 { if len(buf) > 0 && buf[0] == '-' { neg, buf = true, buf[1:] } - if num, ok := parseDecUint(buf); ok { + if num, ok := jsonwire.ParseUint(buf); ok { if neg { return minUint64 } @@ -476,9 +481,9 @@ func (t Token) Kind() Kind { // - 't': true // - '"': string // - '0': number -// - '{': object start +// - '{': object begin // - '}': object end -// - '[': array start +// - '[': array begin // - ']': array end // // An invalid kind is usually represented using 0, @@ -509,7 +514,7 @@ func (k Kind) String() string { case ']': return "]" default: - return "" + return "" } } diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/value.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/value.go new file mode 100644 index 000000000..f29f32356 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/value.go @@ -0,0 +1,395 @@ +// Copyright 2020 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package jsontext + +import ( + "bytes" + "errors" + "io" + "slices" + "sync" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire" +) + +// NOTE: Value is analogous to v1 json.RawMessage. + +// AppendFormat formats the JSON value in src and appends it to dst +// according to the specified options. +// See [Value.Format] for more details about the formatting behavior. +// +// The dst and src may overlap. +// If an error is reported, then the entirety of src is appended to dst. +func AppendFormat(dst, src []byte, opts ...Options) ([]byte, error) { + e := getBufferedEncoder(opts...) + defer putBufferedEncoder(e) + e.s.Flags.Set(jsonflags.OmitTopLevelNewline | 1) + if err := e.s.WriteValue(src); err != nil { + return append(dst, src...), err + } + return append(dst, e.s.Buf...), nil +} + +// Value represents a single raw JSON value, which may be one of the following: +// - a JSON literal (i.e., null, true, or false) +// - a JSON string (e.g., "hello, world!") +// - a JSON number (e.g., 123.456) +// - an entire JSON object (e.g., {"fizz":"buzz"} ) +// - an entire JSON array (e.g., [1,2,3] ) +// +// Value can represent entire array or object values, while [Token] cannot. +// Value may contain leading and/or trailing whitespace. +type Value []byte + +// Clone returns a copy of v. +func (v Value) Clone() Value { + return bytes.Clone(v) +} + +// String returns the string formatting of v. +func (v Value) String() string { + if v == nil { + return "null" + } + return string(v) +} + +// IsValid reports whether the raw JSON value is syntactically valid +// according to the specified options. +// +// By default (if no options are specified), it validates according to RFC 7493. +// It verifies whether the input is properly encoded as UTF-8, +// that escape sequences within strings decode to valid Unicode codepoints, and +// that all names in each object are unique. +// It does not verify whether numbers are representable within the limits +// of any common numeric type (e.g., float64, int64, or uint64). +// +// Relevant options include: +// - [AllowDuplicateNames] +// - [AllowInvalidUTF8] +// +// All other options are ignored. +func (v Value) IsValid(opts ...Options) bool { + // TODO: Document support for [WithByteLimit] and [WithDepthLimit]. + d := getBufferedDecoder(v, opts...) + defer putBufferedDecoder(d) + _, errVal := d.ReadValue() + _, errEOF := d.ReadToken() + return errVal == nil && errEOF == io.EOF +} + +// Format formats the raw JSON value in place. +// +// By default (if no options are specified), it validates according to RFC 7493 +// and produces the minimal JSON representation, where +// all whitespace is elided and JSON strings use the shortest encoding. +// +// Relevant options include: +// - [AllowDuplicateNames] +// - [AllowInvalidUTF8] +// - [EscapeForHTML] +// - [EscapeForJS] +// - [PreserveRawStrings] +// - [CanonicalizeRawInts] +// - [CanonicalizeRawFloats] +// - [ReorderRawObjects] +// - [SpaceAfterColon] +// - [SpaceAfterComma] +// - [Multiline] +// - [WithIndent] +// - [WithIndentPrefix] +// +// All other options are ignored. +// +// It is guaranteed to succeed if the value is valid according to the same options. +// If the value is already formatted, then the buffer is not mutated. +func (v *Value) Format(opts ...Options) error { + // TODO: Document support for [WithByteLimit] and [WithDepthLimit]. + return v.format(opts, nil) +} + +// format accepts two []Options to avoid the allocation appending them together. +// It is equivalent to v.Format(append(opts1, opts2...)...). +func (v *Value) format(opts1, opts2 []Options) error { + e := getBufferedEncoder(opts1...) + defer putBufferedEncoder(e) + e.s.Join(opts2...) + e.s.Flags.Set(jsonflags.OmitTopLevelNewline | 1) + if err := e.s.WriteValue(*v); err != nil { + return err + } + if !bytes.Equal(*v, e.s.Buf) { + *v = append((*v)[:0], e.s.Buf...) + } + return nil +} + +// Compact removes all whitespace from the raw JSON value. +// +// It does not reformat JSON strings or numbers to use any other representation. +// To maximize the set of JSON values that can be formatted, +// this permits values with duplicate names and invalid UTF-8. +// +// Compact is equivalent to calling [Value.Format] with the following options: +// - [AllowDuplicateNames](true) +// - [AllowInvalidUTF8](true) +// - [PreserveRawStrings](true) +// +// Any options specified by the caller are applied after the initial set +// and may deliberately override prior options. +func (v *Value) Compact(opts ...Options) error { + return v.format([]Options{ + AllowDuplicateNames(true), + AllowInvalidUTF8(true), + PreserveRawStrings(true), + }, opts) +} + +// Indent reformats the whitespace in the raw JSON value so that each element +// in a JSON object or array begins on a indented line according to the nesting. +// +// It does not reformat JSON strings or numbers to use any other representation. +// To maximize the set of JSON values that can be formatted, +// this permits values with duplicate names and invalid UTF-8. +// +// Indent is equivalent to calling [Value.Format] with the following options: +// - [AllowDuplicateNames](true) +// - [AllowInvalidUTF8](true) +// - [PreserveRawStrings](true) +// - [Multiline](true) +// +// Any options specified by the caller are applied after the initial set +// and may deliberately override prior options. +func (v *Value) Indent(opts ...Options) error { + return v.format([]Options{ + AllowDuplicateNames(true), + AllowInvalidUTF8(true), + PreserveRawStrings(true), + Multiline(true), + }, opts) +} + +// Canonicalize canonicalizes the raw JSON value according to the +// JSON Canonicalization Scheme (JCS) as defined by RFC 8785 +// where it produces a stable representation of a JSON value. +// +// JSON strings are formatted to use their minimal representation, +// JSON numbers are formatted as double precision numbers according +// to some stable serialization algorithm. +// JSON object members are sorted in ascending order by name. +// All whitespace is removed. +// +// The output stability is dependent on the stability of the application data +// (see RFC 8785, Appendix E). It cannot produce stable output from +// fundamentally unstable input. For example, if the JSON value +// contains ephemeral data (e.g., a frequently changing timestamp), +// then the value is still unstable regardless of whether this is called. +// +// Canonicalize is equivalent to calling [Value.Format] with the following options: +// - [CanonicalizeRawInts](true) +// - [CanonicalizeRawFloats](true) +// - [ReorderRawObjects](true) +// +// Any options specified by the caller are applied after the initial set +// and may deliberately override prior options. +// +// Note that JCS treats all JSON numbers as IEEE 754 double precision numbers. +// Any numbers with precision beyond what is representable by that form +// will lose their precision when canonicalized. For example, integer values +// beyond ±2⁵³ will lose their precision. To preserve the original representation +// of JSON integers, additionally set [CanonicalizeRawInts] to false: +// +// v.Canonicalize(jsontext.CanonicalizeRawInts(false)) +func (v *Value) Canonicalize(opts ...Options) error { + return v.format([]Options{ + CanonicalizeRawInts(true), + CanonicalizeRawFloats(true), + ReorderRawObjects(true), + }, opts) +} + +// MarshalJSON returns v as the JSON encoding of v. +// It returns the stored value as the raw JSON output without any validation. +// If v is nil, then this returns a JSON null. +func (v Value) MarshalJSON() ([]byte, error) { + // NOTE: This matches the behavior of v1 json.RawMessage.MarshalJSON. + if v == nil { + return []byte("null"), nil + } + return v, nil +} + +// UnmarshalJSON sets v as the JSON encoding of b. +// It stores a copy of the provided raw JSON input without any validation. +func (v *Value) UnmarshalJSON(b []byte) error { + // NOTE: This matches the behavior of v1 json.RawMessage.UnmarshalJSON. + if v == nil { + return errors.New("jsontext.Value: UnmarshalJSON on nil pointer") + } + *v = append((*v)[:0], b...) + return nil +} + +// Kind returns the starting token kind. +// For a valid value, this will never include '}' or ']'. +func (v Value) Kind() Kind { + if v := v[jsonwire.ConsumeWhitespace(v):]; len(v) > 0 { + return Kind(v[0]).normalize() + } + return invalidKind +} + +const commaAndWhitespace = ", \n\r\t" + +type objectMember struct { + // name is the unquoted name. + name []byte // e.g., "name" + // buffer is the entirety of the raw JSON object member + // starting from right after the previous member (or opening '{') + // until right after the member value. + buffer []byte // e.g., `, \n\r\t"name": "value"` +} + +func (x objectMember) Compare(y objectMember) int { + if c := jsonwire.CompareUTF16(x.name, y.name); c != 0 { + return c + } + // With [AllowDuplicateNames] or [AllowInvalidUTF8], + // names could be identical, so also sort using the member value. + return jsonwire.CompareUTF16( + bytes.TrimLeft(x.buffer, commaAndWhitespace), + bytes.TrimLeft(y.buffer, commaAndWhitespace)) +} + +var objectMemberPool = sync.Pool{New: func() any { return new([]objectMember) }} + +func getObjectMembers() *[]objectMember { + ns := objectMemberPool.Get().(*[]objectMember) + *ns = (*ns)[:0] + return ns +} +func putObjectMembers(ns *[]objectMember) { + if cap(*ns) < 1<<10 { + clear(*ns) // avoid pinning name and buffer + objectMemberPool.Put(ns) + } +} + +// mustReorderObjects reorders in-place all object members in a JSON value, +// which must be valid otherwise it panics. +func mustReorderObjects(b []byte) { + // Obtain a buffered encoder just to use its internal buffer as + // a scratch buffer for reordering object members. + e2 := getBufferedEncoder() + defer putBufferedEncoder(e2) + + // Disable unnecessary checks to syntactically parse the JSON value. + d := getBufferedDecoder(b) + defer putBufferedDecoder(d) + d.s.Flags.Set(jsonflags.AllowDuplicateNames | jsonflags.AllowInvalidUTF8 | 1) + mustReorderObjectsFromDecoder(d, &e2.s.Buf) // per RFC 8785, section 3.2.3 +} + +// mustReorderObjectsFromDecoder recursively reorders all object members in place +// according to the ordering specified in RFC 8785, section 3.2.3. +// +// Pre-conditions: +// - The value is valid (i.e., no decoder errors should ever occur). +// - Initial call is provided a Decoder reading from the start of v. +// +// Post-conditions: +// - Exactly one JSON value is read from the Decoder. +// - All fully-parsed JSON objects are reordered by directly moving +// the members in the value buffer. +// +// The runtime is approximately O(n·log(n)) + O(m·log(m)), +// where n is len(v) and m is the total number of object members. +func mustReorderObjectsFromDecoder(d *Decoder, scratch *[]byte) { + switch tok, err := d.ReadToken(); tok.Kind() { + case '{': + // Iterate and collect the name and offsets for every object member. + members := getObjectMembers() + defer putObjectMembers(members) + var prevMember objectMember + isSorted := true + + beforeBody := d.InputOffset() // offset after '{' + for d.PeekKind() != '}' { + beforeName := d.InputOffset() + var flags jsonwire.ValueFlags + name, _ := d.s.ReadValue(&flags) + name = jsonwire.UnquoteMayCopy(name, flags.IsVerbatim()) + mustReorderObjectsFromDecoder(d, scratch) + afterValue := d.InputOffset() + + currMember := objectMember{name, d.s.buf[beforeName:afterValue]} + if isSorted && len(*members) > 0 { + isSorted = objectMember.Compare(prevMember, currMember) < 0 + } + *members = append(*members, currMember) + prevMember = currMember + } + afterBody := d.InputOffset() // offset before '}' + d.ReadToken() + + // Sort the members; return early if it's already sorted. + if isSorted { + return + } + firstBufferBeforeSorting := (*members)[0].buffer + slices.SortFunc(*members, objectMember.Compare) + firstBufferAfterSorting := (*members)[0].buffer + + // Append the reordered members to a new buffer, + // then copy the reordered members back over the original members. + // Avoid swapping in place since each member may be a different size + // where moving a member over a smaller member may corrupt the data + // for subsequent members before they have been moved. + // + // The following invariant must hold: + // sum([m.after-m.before for m in members]) == afterBody-beforeBody + commaAndWhitespacePrefix := func(b []byte) []byte { + return b[:len(b)-len(bytes.TrimLeft(b, commaAndWhitespace))] + } + sorted := (*scratch)[:0] + for i, member := range *members { + switch { + case i == 0 && &member.buffer[0] != &firstBufferBeforeSorting[0]: + // First member after sorting is not the first member before sorting, + // so use the prefix of the first member before sorting. + sorted = append(sorted, commaAndWhitespacePrefix(firstBufferBeforeSorting)...) + sorted = append(sorted, bytes.TrimLeft(member.buffer, commaAndWhitespace)...) + case i != 0 && &member.buffer[0] == &firstBufferBeforeSorting[0]: + // Later member after sorting is the first member before sorting, + // so use the prefix of the first member after sorting. + sorted = append(sorted, commaAndWhitespacePrefix(firstBufferAfterSorting)...) + sorted = append(sorted, bytes.TrimLeft(member.buffer, commaAndWhitespace)...) + default: + sorted = append(sorted, member.buffer...) + } + } + if int(afterBody-beforeBody) != len(sorted) { + panic("BUG: length invariant violated") + } + copy(d.s.buf[beforeBody:afterBody], sorted) + + // Update scratch buffer to the largest amount ever used. + if len(sorted) > len(*scratch) { + *scratch = sorted + } + case '[': + for d.PeekKind() != ']' { + mustReorderObjectsFromDecoder(d, scratch) + } + d.ReadToken() + default: + if err != nil { + panic("BUG: " + err.Error()) + } + } +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/migrate.sh b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/migrate.sh new file mode 100644 index 000000000..9c34f26eb --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/migrate.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env bash + +GOROOT=${1:-../go} +JSONROOT="." + +cp $JSONROOT/alias_gen.go $JSONROOT/alias_gen.go.bak +rm -r $JSONROOT/*.go $JSONROOT/internal $JSONROOT/jsontext $JSONROOT/v1 +mv $JSONROOT/alias_gen.go.bak $JSONROOT/alias_gen.go +cp -r $GOROOT/src/encoding/json/v2/*.go $JSONROOT/ +cp -r $GOROOT/src/encoding/json/internal/ $JSONROOT/internal/ +cp -r $GOROOT/src/encoding/json/jsontext/ $JSONROOT/jsontext/ +mkdir $JSONROOT/v1 +for X in $GOROOT/src/encoding/json/v2_*.go; do + cp $X $JSONROOT/v1/$(basename $X | sed "s/v2_//") +done +cd $JSONROOT +for X in $(git ls-files --cached --others --exclude-standard | grep ".*[.]go$"); do + if [ ! -e "$X" ]; then + continue + fi + sed -i 's/go:build goexperiment.jsonv2$/go:build !goexperiment.jsonv2 || !go1.25/' $X + sed -i 's|"encoding/json/v2"|"github.com/go-json-experiment/json"|' $X + sed -i 's|"encoding/json/internal"|"github.com/go-json-experiment/json/internal"|' $X + sed -i 's|"encoding/json/internal/jsonflags"|"github.com/go-json-experiment/json/internal/jsonflags"|' $X + sed -i 's|"encoding/json/internal/jsonopts"|"github.com/go-json-experiment/json/internal/jsonopts"|' $X + sed -i 's|"encoding/json/internal/jsontest"|"github.com/go-json-experiment/json/internal/jsontest"|' $X + sed -i 's|"encoding/json/internal/jsonwire"|"github.com/go-json-experiment/json/internal/jsonwire"|' $X + sed -i 's|"encoding/json/jsontext"|"github.com/go-json-experiment/json/jsontext"|' $X + sed -i 's|"encoding/json"|"github.com/go-json-experiment/json/v1"|' $X + sed -i 's|"internal/zstd"|"github.com/go-json-experiment/json/internal/zstd"|' $X + goimports -w $X +done +sed -i 's/v2[.]struct/json.struct/' $JSONROOT/errors_test.go +sed -i 's|jsonv1 "github.com/go-json-experiment/json/v1"|jsonv1 "encoding/json"|' $JSONROOT/bench_test.go + +# TODO(go1.25): Remove test that relies on "synctest" that is not available yet. +sed -i '/Issue #73733/,+17d' $JSONROOT/v1/encode_test.go +goimports -w $JSONROOT/v1/encode_test.go + +# Remove documentation that only makes sense within the stdlib. +sed -i '/This package .* is experimental/,+4d' $JSONROOT/doc.go +sed -i '/This package .* is experimental/,+4d' $JSONROOT/jsontext/doc.go + +git checkout internal/zstd # we still need local copy of zstd for testing + +go run alias_gen.go "encoding/json" $JSONROOT/v1 +go run alias_gen.go "encoding/json/v2" $JSONROOT +go run alias_gen.go "encoding/json/jsontext" $JSONROOT/jsontext diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/options.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/options.go new file mode 100644 index 000000000..de401b0de --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/options.go @@ -0,0 +1,289 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !goexperiment.jsonv2 || !go1.25 + +package json + +import ( + "fmt" + + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts" +) + +// Options configure [Marshal], [MarshalWrite], [MarshalEncode], +// [Unmarshal], [UnmarshalRead], and [UnmarshalDecode] with specific features. +// Each function takes in a variadic list of options, where properties +// set in later options override the value of previously set properties. +// +// The Options type is identical to [encoding/json.Options] and +// [encoding/json/jsontext.Options]. Options from the other packages can +// be used interchangeably with functionality in this package. +// +// Options represent either a singular option or a set of options. +// It can be functionally thought of as a Go map of option properties +// (even though the underlying implementation avoids Go maps for performance). +// +// The constructors (e.g., [Deterministic]) return a singular option value: +// +// opt := Deterministic(true) +// +// which is analogous to creating a single entry map: +// +// opt := Options{"Deterministic": true} +// +// [JoinOptions] composes multiple options values to together: +// +// out := JoinOptions(opts...) +// +// which is analogous to making a new map and copying the options over: +// +// out := make(Options) +// for _, m := range opts { +// for k, v := range m { +// out[k] = v +// } +// } +// +// [GetOption] looks up the value of options parameter: +// +// v, ok := GetOption(opts, Deterministic) +// +// which is analogous to a Go map lookup: +// +// v, ok := Options["Deterministic"] +// +// There is a single Options type, which is used with both marshal and unmarshal. +// Some options affect both operations, while others only affect one operation: +// +// - [StringifyNumbers] affects marshaling and unmarshaling +// - [Deterministic] affects marshaling only +// - [FormatNilSliceAsNull] affects marshaling only +// - [FormatNilMapAsNull] affects marshaling only +// - [OmitZeroStructFields] affects marshaling only +// - [MatchCaseInsensitiveNames] affects marshaling and unmarshaling +// - [DiscardUnknownMembers] affects marshaling only +// - [RejectUnknownMembers] affects unmarshaling only +// - [WithMarshalers] affects marshaling only +// - [WithUnmarshalers] affects unmarshaling only +// +// Options that do not affect a particular operation are ignored. +type Options = jsonopts.Options + +// JoinOptions coalesces the provided list of options into a single Options. +// Properties set in later options override the value of previously set properties. +func JoinOptions(srcs ...Options) Options { + var dst jsonopts.Struct + dst.Join(srcs...) + return &dst +} + +// GetOption returns the value stored in opts with the provided setter, +// reporting whether the value is present. +// +// Example usage: +// +// v, ok := json.GetOption(opts, json.Deterministic) +// +// Options are most commonly introspected to alter the JSON representation of +// [MarshalerTo.MarshalJSONTo] and [UnmarshalerFrom.UnmarshalJSONFrom] methods, and +// [MarshalToFunc] and [UnmarshalFromFunc] functions. +// In such cases, the presence bit should generally be ignored. +func GetOption[T any](opts Options, setter func(T) Options) (T, bool) { + return jsonopts.GetOption(opts, setter) +} + +// DefaultOptionsV2 is the full set of all options that define v2 semantics. +// It is equivalent to all options under [Options], [encoding/json.Options], +// and [encoding/json/jsontext.Options] being set to false or the zero value, +// except for the options related to whitespace formatting. +func DefaultOptionsV2() Options { + return &jsonopts.DefaultOptionsV2 +} + +// StringifyNumbers specifies that numeric Go types should be marshaled +// as a JSON string containing the equivalent JSON number value. +// When unmarshaling, numeric Go types are parsed from a JSON string +// containing the JSON number without any surrounding whitespace. +// +// According to RFC 8259, section 6, a JSON implementation may choose to +// limit the representation of a JSON number to an IEEE 754 binary64 value. +// This may cause decoders to lose precision for int64 and uint64 types. +// Quoting JSON numbers as a JSON string preserves the exact precision. +// +// This affects either marshaling or unmarshaling. +func StringifyNumbers(v bool) Options { + if v { + return jsonflags.StringifyNumbers | 1 + } else { + return jsonflags.StringifyNumbers | 0 + } +} + +// Deterministic specifies that the same input value will be serialized +// as the exact same output bytes. Different processes of +// the same program will serialize equal values to the same bytes, +// but different versions of the same program are not guaranteed +// to produce the exact same sequence of bytes. +// +// This only affects marshaling and is ignored when unmarshaling. +func Deterministic(v bool) Options { + if v { + return jsonflags.Deterministic | 1 + } else { + return jsonflags.Deterministic | 0 + } +} + +// FormatNilSliceAsNull specifies that a nil Go slice should marshal as a +// JSON null instead of the default representation as an empty JSON array +// (or an empty JSON string in the case of ~[]byte). +// Slice fields explicitly marked with `format:emitempty` still marshal +// as an empty JSON array. +// +// This only affects marshaling and is ignored when unmarshaling. +func FormatNilSliceAsNull(v bool) Options { + if v { + return jsonflags.FormatNilSliceAsNull | 1 + } else { + return jsonflags.FormatNilSliceAsNull | 0 + } +} + +// FormatNilMapAsNull specifies that a nil Go map should marshal as a +// JSON null instead of the default representation as an empty JSON object. +// Map fields explicitly marked with `format:emitempty` still marshal +// as an empty JSON object. +// +// This only affects marshaling and is ignored when unmarshaling. +func FormatNilMapAsNull(v bool) Options { + if v { + return jsonflags.FormatNilMapAsNull | 1 + } else { + return jsonflags.FormatNilMapAsNull | 0 + } +} + +// OmitZeroStructFields specifies that a Go struct should marshal in such a way +// that all struct fields that are zero are omitted from the marshaled output +// if the value is zero as determined by the "IsZero() bool" method if present, +// otherwise based on whether the field is the zero Go value. +// This is semantically equivalent to specifying the `omitzero` tag option +// on every field in a Go struct. +// +// This only affects marshaling and is ignored when unmarshaling. +func OmitZeroStructFields(v bool) Options { + if v { + return jsonflags.OmitZeroStructFields | 1 + } else { + return jsonflags.OmitZeroStructFields | 0 + } +} + +// MatchCaseInsensitiveNames specifies that JSON object members are matched +// against Go struct fields using a case-insensitive match of the name. +// Go struct fields explicitly marked with `case:strict` or `case:ignore` +// always use case-sensitive (or case-insensitive) name matching, +// regardless of the value of this option. +// +// This affects either marshaling or unmarshaling. +// For marshaling, this option may alter the detection of duplicate names +// (assuming [jsontext.AllowDuplicateNames] is false) from inlined fields +// if it matches one of the declared fields in the Go struct. +func MatchCaseInsensitiveNames(v bool) Options { + if v { + return jsonflags.MatchCaseInsensitiveNames | 1 + } else { + return jsonflags.MatchCaseInsensitiveNames | 0 + } +} + +// DiscardUnknownMembers specifies that marshaling should ignore any +// JSON object members stored in Go struct fields dedicated to storing +// unknown JSON object members. +// +// This only affects marshaling and is ignored when unmarshaling. +func DiscardUnknownMembers(v bool) Options { + if v { + return jsonflags.DiscardUnknownMembers | 1 + } else { + return jsonflags.DiscardUnknownMembers | 0 + } +} + +// RejectUnknownMembers specifies that unknown members should be rejected +// when unmarshaling a JSON object, regardless of whether there is a field +// to store unknown members. +// +// This only affects unmarshaling and is ignored when marshaling. +func RejectUnknownMembers(v bool) Options { + if v { + return jsonflags.RejectUnknownMembers | 1 + } else { + return jsonflags.RejectUnknownMembers | 0 + } +} + +// WithMarshalers specifies a list of type-specific marshalers to use, +// which can be used to override the default marshal behavior for values +// of particular types. +// +// This only affects marshaling and is ignored when unmarshaling. +func WithMarshalers(v *Marshalers) Options { + return (*marshalersOption)(v) +} + +// WithUnmarshalers specifies a list of type-specific unmarshalers to use, +// which can be used to override the default unmarshal behavior for values +// of particular types. +// +// This only affects unmarshaling and is ignored when marshaling. +func WithUnmarshalers(v *Unmarshalers) Options { + return (*unmarshalersOption)(v) +} + +// These option types are declared here instead of "jsonopts" +// to avoid a dependency on "reflect" from "jsonopts". +type ( + marshalersOption Marshalers + unmarshalersOption Unmarshalers +) + +func (*marshalersOption) JSONOptions(internal.NotForPublicUse) {} +func (*unmarshalersOption) JSONOptions(internal.NotForPublicUse) {} + +// Inject support into "jsonopts" to handle these types. +func init() { + jsonopts.GetUnknownOption = func(src jsonopts.Struct, zero jsonopts.Options) (any, bool) { + switch zero.(type) { + case *marshalersOption: + if !src.Flags.Has(jsonflags.Marshalers) { + return (*Marshalers)(nil), false + } + return src.Marshalers.(*Marshalers), true + case *unmarshalersOption: + if !src.Flags.Has(jsonflags.Unmarshalers) { + return (*Unmarshalers)(nil), false + } + return src.Unmarshalers.(*Unmarshalers), true + default: + panic(fmt.Sprintf("unknown option %T", zero)) + } + } + jsonopts.JoinUnknownOption = func(dst jsonopts.Struct, src jsonopts.Options) jsonopts.Struct { + switch src := src.(type) { + case *marshalersOption: + dst.Flags.Set(jsonflags.Marshalers | 1) + dst.Marshalers = (*Marshalers)(src) + case *unmarshalersOption: + dst.Flags.Set(jsonflags.Unmarshalers | 1) + dst.Unmarshalers = (*Unmarshalers)(src) + default: + panic(fmt.Sprintf("unknown option %T", src)) + } + return dst + } +} diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/value.go b/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/value.go deleted file mode 100644 index e0bd1b31d..000000000 --- a/vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/value.go +++ /dev/null @@ -1,381 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package json - -import ( - "bytes" - "errors" - "io" - "sort" - "sync" - "unicode/utf16" - "unicode/utf8" -) - -// NOTE: RawValue is analogous to v1 json.RawMessage. - -// RawValue represents a single raw JSON value, which may be one of the following: -// - a JSON literal (i.e., null, true, or false) -// - a JSON string (e.g., "hello, world!") -// - a JSON number (e.g., 123.456) -// - an entire JSON object (e.g., {"fizz":"buzz"} ) -// - an entire JSON array (e.g., [1,2,3] ) -// -// RawValue can represent entire array or object values, while Token cannot. -// RawValue may contain leading and/or trailing whitespace. -type RawValue []byte - -// Clone returns a copy of v. -func (v RawValue) Clone() RawValue { - if v == nil { - return nil - } - return append(RawValue{}, v...) -} - -// String returns the string formatting of v. -func (v RawValue) String() string { - if v == nil { - return "null" - } - return string(v) -} - -// IsValid reports whether the raw JSON value is syntactically valid -// according to RFC 7493. -// -// It verifies whether the input is properly encoded as UTF-8, -// that escape sequences within strings decode to valid Unicode codepoints, and -// that all names in each object are unique. -// It does not verify whether numbers are representable within the limits -// of any common numeric type (e.g., float64, int64, or uint64). -func (v RawValue) IsValid() bool { - d := getBufferedDecoder(v, DecodeOptions{}) - defer putBufferedDecoder(d) - _, errVal := d.ReadValue() - _, errEOF := d.ReadToken() - return errVal == nil && errEOF == io.EOF -} - -// Compact removes all whitespace from the raw JSON value. -// -// It does not reformat JSON strings to use any other representation. -// It is guaranteed to succeed if the input is valid. -// If the value is already compacted, then the buffer is not mutated. -func (v *RawValue) Compact() error { - return v.reformat(false, false, "", "") -} - -// Indent reformats the whitespace in the raw JSON value so that each element -// in a JSON object or array begins on a new, indented line beginning with -// prefix followed by one or more copies of indent according to the nesting. -// The value does not begin with the prefix nor any indention, -// to make it easier to embed inside other formatted JSON data. -// -// It does not reformat JSON strings to use any other representation. -// It is guaranteed to succeed if the input is valid. -// If the value is already indented properly, then the buffer is not mutated. -func (v *RawValue) Indent(prefix, indent string) error { - return v.reformat(false, true, prefix, indent) -} - -// Canonicalize canonicalizes the raw JSON value according to the -// JSON Canonicalization Scheme (JCS) as defined by RFC 8785 -// where it produces a stable representation of a JSON value. -// -// The output stability is dependent on the stability of the application data -// (see RFC 8785, Appendix E). It cannot produce stable output from -// fundamentally unstable input. For example, if the JSON value -// contains ephemeral data (e.g., a frequently changing timestamp), -// then the value is still unstable regardless of whether this is called. -// -// Note that JCS treats all JSON numbers as IEEE 754 double precision numbers. -// Any numbers with precision beyond what is representable by that form -// will lose their precision when canonicalized. For example, integer values -// beyond ±2⁵³ will lose their precision. It is recommended that -// int64 and uint64 data types be represented as a JSON string. -// -// It is guaranteed to succeed if the input is valid. -// If the value is already canonicalized, then the buffer is not mutated. -func (v *RawValue) Canonicalize() error { - return v.reformat(true, false, "", "") -} - -// TODO: Instead of implementing the v1 Marshaler/Unmarshaler, -// consider implementing the v2 versions instead. - -// MarshalJSON returns v as the JSON encoding of v. -// It returns the stored value as the raw JSON output without any validation. -// If v is nil, then this returns a JSON null. -func (v RawValue) MarshalJSON() ([]byte, error) { - // NOTE: This matches the behavior of v1 json.RawMessage.MarshalJSON. - if v == nil { - return []byte("null"), nil - } - return v, nil -} - -// UnmarshalJSON sets v as the JSON encoding of b. -// It stores a copy of the provided raw JSON input without any validation. -func (v *RawValue) UnmarshalJSON(b []byte) error { - // NOTE: This matches the behavior of v1 json.RawMessage.UnmarshalJSON. - if v == nil { - return errors.New("json.RawValue: UnmarshalJSON on nil pointer") - } - *v = append((*v)[:0], b...) - return nil -} - -// Kind returns the starting token kind. -// For a valid value, this will never include '}' or ']'. -func (v RawValue) Kind() Kind { - if v := v[consumeWhitespace(v):]; len(v) > 0 { - return Kind(v[0]).normalize() - } - return invalidKind -} - -func (v *RawValue) reformat(canonical, multiline bool, prefix, indent string) error { - var eo EncodeOptions - if canonical { - eo.AllowInvalidUTF8 = false // per RFC 8785, section 3.2.4 - eo.AllowDuplicateNames = false // per RFC 8785, section 3.1 - eo.canonicalizeNumbers = true // per RFC 8785, section 3.2.2.3 - eo.EscapeRune = nil // per RFC 8785, section 3.2.2.2 - eo.multiline = false // per RFC 8785, section 3.2.1 - } else { - if s := trimLeftSpaceTab(prefix); len(s) > 0 { - panic("json: invalid character " + quoteRune([]byte(s)) + " in indent prefix") - } - if s := trimLeftSpaceTab(indent); len(s) > 0 { - panic("json: invalid character " + quoteRune([]byte(s)) + " in indent") - } - eo.AllowInvalidUTF8 = true - eo.AllowDuplicateNames = true - eo.preserveRawStrings = true - eo.multiline = multiline // in case indent is empty - eo.IndentPrefix = prefix - eo.Indent = indent - } - eo.omitTopLevelNewline = true - - // Write the entire value to reformat all tokens and whitespace. - e := getBufferedEncoder(eo) - defer putBufferedEncoder(e) - if err := e.WriteValue(*v); err != nil { - return err - } - - // For canonical output, we may need to reorder object members. - if canonical { - // Obtain a buffered encoder just to use its internal buffer as - // a scratch buffer in reorderObjects for reordering object members. - e2 := getBufferedEncoder(EncodeOptions{}) - defer putBufferedEncoder(e2) - - // Disable redundant checks performed earlier during encoding. - d := getBufferedDecoder(e.buf, DecodeOptions{AllowInvalidUTF8: true, AllowDuplicateNames: true}) - defer putBufferedDecoder(d) - reorderObjects(d, &e2.buf) // per RFC 8785, section 3.2.3 - } - - // Store the result back into the value if different. - if !bytes.Equal(*v, e.buf) { - *v = append((*v)[:0], e.buf...) - } - return nil -} - -func trimLeftSpaceTab(s string) string { - for i, r := range s { - switch r { - case ' ', '\t': - default: - return s[i:] - } - } - return "" -} - -type memberName struct { - // name is the unescaped name. - name []byte - // before and after are byte offsets into Decoder.buf that represents - // the entire name/value pair. It may contain leading commas. - before, after int64 -} - -var memberNamePool = sync.Pool{New: func() any { return new(memberNames) }} - -func getMemberNames() *memberNames { - ns := memberNamePool.Get().(*memberNames) - *ns = (*ns)[:0] - return ns -} -func putMemberNames(ns *memberNames) { - if cap(*ns) < 1<<10 { - for i := range *ns { - (*ns)[i] = memberName{} // avoid pinning name - } - memberNamePool.Put(ns) - } -} - -type memberNames []memberName - -func (m *memberNames) Len() int { return len(*m) } -func (m *memberNames) Less(i, j int) bool { return lessUTF16((*m)[i].name, (*m)[j].name) } -func (m *memberNames) Swap(i, j int) { (*m)[i], (*m)[j] = (*m)[j], (*m)[i] } - -// reorderObjects recursively reorders all object members in place -// according to the ordering specified in RFC 8785, section 3.2.3. -// -// Pre-conditions: -// - The value is valid (i.e., no decoder errors should ever occur). -// - The value is compact (i.e., no whitespace is present). -// - Initial call is provided a Decoder reading from the start of v. -// -// Post-conditions: -// - Exactly one JSON value is read from the Decoder. -// - All fully-parsed JSON objects are reordered by directly moving -// the members in the value buffer. -// -// The runtime is approximately O(n·log(n)) + O(m·log(m)), -// where n is len(v) and m is the total number of object members. -func reorderObjects(d *Decoder, scratch *[]byte) { - switch tok, _ := d.ReadToken(); tok.Kind() { - case '{': - // Iterate and collect the name and offsets for every object member. - members := getMemberNames() - defer putMemberNames(members) - var prevName []byte - isSorted := true - - beforeBody := d.InputOffset() // offset after '{' - for d.PeekKind() != '}' { - beforeName := d.InputOffset() - var flags valueFlags - name, _ := d.readValue(&flags) - name = unescapeStringMayCopy(name, flags.isVerbatim()) - reorderObjects(d, scratch) - afterValue := d.InputOffset() - - if isSorted && len(*members) > 0 { - isSorted = lessUTF16(prevName, []byte(name)) - } - *members = append(*members, memberName{name, beforeName, afterValue}) - prevName = name - } - afterBody := d.InputOffset() // offset before '}' - d.ReadToken() - - // Sort the members; return early if it's already sorted. - if isSorted { - return - } - // TODO(https://go.dev/issue/47619): Use slices.Sort. - sort.Sort(members) - - // Append the reordered members to a new buffer, - // then copy the reordered members back over the original members. - // Avoid swapping in place since each member may be a different size - // where moving a member over a smaller member may corrupt the data - // for subsequent members before they have been moved. - // - // The following invariant must hold: - // sum([m.after-m.before for m in members]) == afterBody-beforeBody - sorted := (*scratch)[:0] - for i, member := range *members { - if d.buf[member.before] == ',' { - member.before++ // trim leading comma - } - sorted = append(sorted, d.buf[member.before:member.after]...) - if i < len(*members)-1 { - sorted = append(sorted, ',') // append trailing comma - } - } - if int(afterBody-beforeBody) != len(sorted) { - panic("BUG: length invariant violated") - } - copy(d.buf[beforeBody:afterBody], sorted) - - // Update scratch buffer to the largest amount ever used. - if len(sorted) > len(*scratch) { - *scratch = sorted - } - case '[': - for d.PeekKind() != ']' { - reorderObjects(d, scratch) - } - d.ReadToken() - } -} - -// lessUTF16 reports whether x is lexicographically less than y according -// to the UTF-16 codepoints of the UTF-8 encoded input strings. -// This implements the ordering specified in RFC 8785, section 3.2.3. -// The inputs must be valid UTF-8, otherwise this may panic. -func lessUTF16[Bytes []byte | string](x, y Bytes) bool { - // NOTE: This is an optimized, allocation-free implementation - // of lessUTF16Simple in fuzz_test.go. FuzzLessUTF16 verifies that the - // two implementations agree on the result of comparing any two strings. - - isUTF16Self := func(r rune) bool { - return ('\u0000' <= r && r <= '\uD7FF') || ('\uE000' <= r && r <= '\uFFFF') - } - - var invalidUTF8 bool - x0, y0 := x, y - for { - if len(x) == 0 || len(y) == 0 { - if len(x) == len(y) && invalidUTF8 { - return string(x0) < string(y0) - } - return len(x) < len(y) - } - - // ASCII fast-path. - if x[0] < utf8.RuneSelf || y[0] < utf8.RuneSelf { - if x[0] != y[0] { - return x[0] < y[0] - } - x, y = x[1:], y[1:] - continue - } - - // Decode next pair of runes as UTF-8. - // TODO(https://go.dev/issue/56948): Use a generic implementation - // of utf8.DecodeRune, or rely on a compiler optimization to statically - // hide the cost of a type switch (https://go.dev/issue/57072). - var rx, ry rune - var nx, ny int - switch any(x).(type) { - case string: - rx, nx = utf8.DecodeRuneInString(string(x)) - ry, ny = utf8.DecodeRuneInString(string(y)) - case []byte: - rx, nx = utf8.DecodeRune([]byte(x)) - ry, ny = utf8.DecodeRune([]byte(y)) - } - - selfx := isUTF16Self(rx) - selfy := isUTF16Self(ry) - switch { - // The x rune is a single UTF-16 codepoint, while - // the y rune is a surrogate pair of UTF-16 codepoints. - case selfx && !selfy: - ry, _ = utf16.EncodeRune(ry) - // The y rune is a single UTF-16 codepoint, while - // the x rune is a surrogate pair of UTF-16 codepoints. - case selfy && !selfx: - rx, _ = utf16.EncodeRune(rx) - } - if rx != ry { - return rx < ry - } - invalidUTF8 = invalidUTF8 || (rx == utf8.RuneError && nx == 1) || (ry == utf8.RuneError && ny == 1) - x, y = x[nx:], y[ny:] - } -} diff --git a/vendor/k8s.io/kube-openapi/pkg/schemaconv/openapi.go b/vendor/k8s.io/kube-openapi/pkg/schemaconv/openapi.go index 81280aae6..6067ee03d 100644 --- a/vendor/k8s.io/kube-openapi/pkg/schemaconv/openapi.go +++ b/vendor/k8s.io/kube-openapi/pkg/schemaconv/openapi.go @@ -140,7 +140,7 @@ func (c *convert) makeOpenAPIRef(specSchema *spec.Schema) schema.TypeRef { // to deduplicate) mapRelationship, err := getMapElementRelationship(specSchema.Extensions) if err != nil { - c.reportError(err.Error()) + c.reportError("%v", err) } if len(mapRelationship) > 0 { @@ -212,7 +212,7 @@ func (c *convert) parseObject(s *spec.Schema) *schema.Map { relationship, err := getMapElementRelationship(s.Extensions) if err != nil { - c.reportError(err.Error()) + c.reportError("%v", err) } return &schema.Map{ @@ -225,7 +225,7 @@ func (c *convert) parseObject(s *spec.Schema) *schema.Map { func (c *convert) parseList(s *spec.Schema) *schema.List { relationship, mapKeys, err := getListElementRelationship(s.Extensions) if err != nil { - c.reportError(err.Error()) + c.reportError("%v", err) } elementType := func() schema.TypeRef { if s.Items != nil { diff --git a/vendor/k8s.io/kube-openapi/pkg/schemaconv/proto_models.go b/vendor/k8s.io/kube-openapi/pkg/schemaconv/proto_models.go index e40f6056e..6a8b9f44a 100644 --- a/vendor/k8s.io/kube-openapi/pkg/schemaconv/proto_models.go +++ b/vendor/k8s.io/kube-openapi/pkg/schemaconv/proto_models.go @@ -72,7 +72,7 @@ func (c *convert) makeRef(model proto.Schema, preserveUnknownFields bool) schema mapRelationship, err := getMapElementRelationship(model.GetExtensions()) if err != nil { - c.reportError(err.Error()) + c.reportError("%v", err) } // empty string means unset. @@ -114,7 +114,7 @@ func (c *convert) VisitKind(k *proto.Kind) { unions, err := makeUnions(k.GetExtensions()) if err != nil { - c.reportError(err.Error()) + c.reportError("%v", err) return } // TODO: We should check that the fields and discriminator @@ -129,14 +129,14 @@ func (c *convert) VisitKind(k *proto.Kind) { a.Map.ElementRelationship, err = getMapElementRelationship(k.GetExtensions()) if err != nil { - c.reportError(err.Error()) + c.reportError("%v", err) } } func (c *convert) VisitArray(a *proto.Array) { relationship, mapKeys, err := getListElementRelationship(a.GetExtensions()) if err != nil { - c.reportError(err.Error()) + c.reportError("%v", err) } atom := c.top() @@ -150,7 +150,7 @@ func (c *convert) VisitArray(a *proto.Array) { func (c *convert) VisitMap(m *proto.Map) { relationship, err := getMapElementRelationship(m.GetExtensions()) if err != nil { - c.reportError(err.Error()) + c.reportError("%v", err) } a := c.top() diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go b/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go index 1f62c6e77..1b3dfff1d 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -46,14 +47,14 @@ func (e *Encoding) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2), nil } -func (e *Encoding) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (e *Encoding) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { EncodingProps encodingPropsOmitZero `json:",inline"` - spec.Extensions + Extensions spec.Extensions `json:",inline"` } x.Extensions = internal.SanitizeExtensions(e.Extensions) x.EncodingProps = encodingPropsOmitZero(e.EncodingProps) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (e *Encoding) UnmarshalJSON(data []byte) error { @@ -69,12 +70,12 @@ func (e *Encoding) UnmarshalJSON(data []byte) error { return nil } -func (e *Encoding) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (e *Encoding) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` EncodingProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/example.go b/vendor/k8s.io/kube-openapi/pkg/spec3/example.go index 8834a92e6..3edb10492 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/example.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/example.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -53,16 +54,16 @@ func (e *Example) MarshalJSON() ([]byte, error) { } return swag.ConcatJSON(b1, b2, b3), nil } -func (e *Example) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (e *Example) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { Ref string `json:"$ref,omitempty"` ExampleProps `json:",inline"` - spec.Extensions + Extensions spec.Extensions `json:",inline"` } x.Ref = e.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(e.Extensions) x.ExampleProps = e.ExampleProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (e *Example) UnmarshalJSON(data []byte) error { @@ -81,12 +82,12 @@ func (e *Example) UnmarshalJSON(data []byte) error { return nil } -func (e *Example) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (e *Example) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` ExampleProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } if err := internal.JSONRefFromMap(&e.Ref.Ref, x.Extensions); err != nil { diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go b/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go index f0515496e..7a83c53c0 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -53,14 +54,14 @@ func (e *ExternalDocumentation) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2), nil } -func (e *ExternalDocumentation) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (e *ExternalDocumentation) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { ExternalDocumentationProps `json:",inline"` - spec.Extensions + Extensions spec.Extensions `json:",inline"` } x.Extensions = internal.SanitizeExtensions(e.Extensions) x.ExternalDocumentationProps = e.ExternalDocumentationProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (e *ExternalDocumentation) UnmarshalJSON(data []byte) error { @@ -76,12 +77,12 @@ func (e *ExternalDocumentation) UnmarshalJSON(data []byte) error { return nil } -func (e *ExternalDocumentation) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (e *ExternalDocumentation) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` ExternalDocumentationProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } e.Extensions = internal.SanitizeExtensions(x.Extensions) diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/header.go b/vendor/k8s.io/kube-openapi/pkg/spec3/header.go index 9ea30628c..475817f66 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/header.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/header.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -54,16 +55,16 @@ func (h *Header) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2, b3), nil } -func (h *Header) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (h *Header) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { Ref string `json:"$ref,omitempty"` HeaderProps headerPropsOmitZero `json:",inline"` - spec.Extensions + Extensions spec.Extensions `json:",inline"` } x.Ref = h.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(h.Extensions) x.HeaderProps = headerPropsOmitZero(h.HeaderProps) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (h *Header) UnmarshalJSON(data []byte) error { @@ -83,12 +84,12 @@ func (h *Header) UnmarshalJSON(data []byte) error { return nil } -func (h *Header) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (h *Header) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` HeaderProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } if err := internal.JSONRefFromMap(&h.Ref.Ref, x.Extensions); err != nil { diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go b/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go index 47eef1edb..c9062b238 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -49,14 +50,14 @@ func (m *MediaType) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2), nil } -func (e *MediaType) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (e *MediaType) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { MediaTypeProps mediaTypePropsOmitZero `json:",inline"` - spec.Extensions + Extensions spec.Extensions `json:",inline"` } x.Extensions = internal.SanitizeExtensions(e.Extensions) x.MediaTypeProps = mediaTypePropsOmitZero(e.MediaTypeProps) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (m *MediaType) UnmarshalJSON(data []byte) error { @@ -72,12 +73,12 @@ func (m *MediaType) UnmarshalJSON(data []byte) error { return nil } -func (m *MediaType) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (m *MediaType) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` MediaTypeProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } m.Extensions = internal.SanitizeExtensions(x.Extensions) diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go b/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go index f1e102547..8219b29d0 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -49,14 +50,14 @@ func (o *Operation) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2), nil } -func (o *Operation) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (o *Operation) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` OperationProps operationPropsOmitZero `json:",inline"` } x.Extensions = internal.SanitizeExtensions(o.Extensions) x.OperationProps = operationPropsOmitZero(o.OperationProps) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } // UnmarshalJSON hydrates this items instance with the data from JSON @@ -70,12 +71,12 @@ func (o *Operation) UnmarshalJSON(data []byte) error { return json.Unmarshal(data, &o.VendorExtensible) } -func (o *Operation) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (o *Operation) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` OperationProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } o.Extensions = internal.SanitizeExtensions(x.Extensions) diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go b/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go index ada7edb63..a5e7d46c4 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -54,16 +55,16 @@ func (p *Parameter) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2, b3), nil } -func (p *Parameter) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (p *Parameter) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { Ref string `json:"$ref,omitempty"` ParameterProps parameterPropsOmitZero `json:",inline"` - spec.Extensions + Extensions spec.Extensions `json:",inline"` } x.Ref = p.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(p.Extensions) x.ParameterProps = parameterPropsOmitZero(p.ParameterProps) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (p *Parameter) UnmarshalJSON(data []byte) error { @@ -84,12 +85,12 @@ func (p *Parameter) UnmarshalJSON(data []byte) error { return nil } -func (p *Parameter) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (p *Parameter) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` ParameterProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } if err := internal.JSONRefFromMap(&p.Ref.Ref, x.Extensions); err != nil { diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/path.go b/vendor/k8s.io/kube-openapi/pkg/spec3/path.go index 16fbbb4dd..cb04cf0f9 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/path.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/path.go @@ -24,6 +24,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -57,7 +58,7 @@ func (p *Paths) MarshalJSON() ([]byte, error) { return concated, nil } -func (p *Paths) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (p *Paths) MarshalJSONTo(enc *jsontext.Encoder) error { m := make(map[string]any, len(p.Extensions)+len(p.Paths)) for k, v := range p.Extensions { if internal.IsExtensionKey(k) { @@ -69,7 +70,7 @@ func (p *Paths) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) m[k] = v } } - return opts.MarshalNext(enc, m) + return jsonv2.MarshalEncode(enc, m) } // UnmarshalJSON hydrates this items instance with the data from JSON @@ -106,7 +107,7 @@ func (p *Paths) UnmarshalJSON(data []byte) error { return nil } -func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (p *Paths) UnmarshalJSONFrom(dec *jsontext.Decoder) error { tok, err := dec.ReadToken() if err != nil { return err @@ -129,7 +130,7 @@ func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Deco switch k := tok.String(); { case internal.IsExtensionKey(k): var ext any - if err := opts.UnmarshalNext(dec, &ext); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &ext); err != nil { return err } @@ -139,7 +140,7 @@ func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Deco p.Extensions[k] = ext case len(k) > 0 && k[0] == '/': pi := Path{} - if err := opts.UnmarshalNext(dec, &pi); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &pi); err != nil { return err } @@ -188,16 +189,16 @@ func (p *Path) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2, b3), nil } -func (p *Path) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (p *Path) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - Ref string `json:"$ref,omitempty"` - spec.Extensions + Ref string `json:"$ref,omitempty"` + Extensions spec.Extensions `json:",inline"` PathProps } x.Ref = p.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(p.Extensions) x.PathProps = p.PathProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (p *Path) UnmarshalJSON(data []byte) error { @@ -216,13 +217,13 @@ func (p *Path) UnmarshalJSON(data []byte) error { return nil } -func (p *Path) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (p *Path) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` PathProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } if err := internal.JSONRefFromMap(&p.Ref.Ref, x.Extensions); err != nil { diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go b/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go index 6f8607e40..b39c0d4fe 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -54,16 +55,16 @@ func (r *RequestBody) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2, b3), nil } -func (r *RequestBody) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (r *RequestBody) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { Ref string `json:"$ref,omitempty"` RequestBodyProps requestBodyPropsOmitZero `json:",inline"` - spec.Extensions + Extensions spec.Extensions `json:",inline"` } x.Ref = r.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(r.Extensions) x.RequestBodyProps = requestBodyPropsOmitZero(r.RequestBodyProps) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (r *RequestBody) UnmarshalJSON(data []byte) error { @@ -98,12 +99,12 @@ type requestBodyPropsOmitZero struct { Required bool `json:"required,omitzero"` } -func (r *RequestBody) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (r *RequestBody) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` RequestBodyProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } if err := internal.JSONRefFromMap(&r.Ref.Ref, x.Extensions); err != nil { diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/response.go b/vendor/k8s.io/kube-openapi/pkg/spec3/response.go index 73e241fdc..72ad9882d 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/response.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/response.go @@ -24,6 +24,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -51,11 +52,11 @@ func (r *Responses) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2), nil } -func (r Responses) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (r Responses) MarshalJSONTo(enc *jsontext.Encoder) error { type ArbitraryKeys map[string]interface{} var x struct { - ArbitraryKeys - Default *Response `json:"default,omitzero"` + ArbitraryKeys ArbitraryKeys `json:",inline"` + Default *Response `json:"default,omitzero"` } x.ArbitraryKeys = make(map[string]any, len(r.Extensions)+len(r.StatusCodeResponses)) for k, v := range r.Extensions { @@ -67,7 +68,7 @@ func (r Responses) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encod x.ArbitraryKeys[strconv.Itoa(k)] = v } x.Default = r.Default - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (r *Responses) UnmarshalJSON(data []byte) error { @@ -136,7 +137,7 @@ func (r *ResponsesProps) UnmarshalJSON(data []byte) error { return nil } -func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) (err error) { +func (r *Responses) UnmarshalJSONFrom(dec *jsontext.Decoder) (err error) { tok, err := dec.ReadToken() if err != nil { return err @@ -157,7 +158,7 @@ func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2. switch k := tok.String(); { case internal.IsExtensionKey(k): var ext any - if err := opts.UnmarshalNext(dec, &ext); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &ext); err != nil { return err } @@ -167,14 +168,14 @@ func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2. r.Extensions[k] = ext case k == "default": resp := Response{} - if err := opts.UnmarshalNext(dec, &resp); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &resp); err != nil { return err } r.ResponsesProps.Default = &resp default: if nk, err := strconv.Atoi(k); err == nil { resp := Response{} - if err := opts.UnmarshalNext(dec, &resp); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &resp); err != nil { return err } @@ -219,16 +220,16 @@ func (r *Response) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2, b3), nil } -func (r Response) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (r Response) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - Ref string `json:"$ref,omitempty"` - spec.Extensions + Ref string `json:"$ref,omitempty"` + Extensions spec.Extensions `json:",inline"` ResponseProps `json:",inline"` } x.Ref = r.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(r.Extensions) x.ResponseProps = r.ResponseProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (r *Response) UnmarshalJSON(data []byte) error { @@ -247,12 +248,12 @@ func (r *Response) UnmarshalJSON(data []byte) error { return nil } -func (r *Response) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (r *Response) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` ResponseProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } if err := internal.JSONRefFromMap(&r.Ref.Ref, x.Extensions); err != nil { @@ -302,16 +303,16 @@ func (r *Link) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2, b3), nil } -func (r *Link) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (r *Link) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - Ref string `json:"$ref,omitempty"` - spec.Extensions - LinkProps `json:",inline"` + Ref string `json:"$ref,omitempty"` + Extensions spec.Extensions `json:",inline"` + LinkProps `json:",inline"` } x.Ref = r.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(r.Extensions) x.LinkProps = r.LinkProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (r *Link) UnmarshalJSON(data []byte) error { @@ -331,12 +332,12 @@ func (r *Link) UnmarshalJSON(data []byte) error { return nil } -func (l *Link) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (l *Link) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` LinkProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } if err := internal.JSONRefFromMap(&l.Ref.Ref, x.Extensions); err != nil { diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go b/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go index dd1e98ed8..9bc180eaf 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -52,16 +53,16 @@ func (s *SecurityScheme) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2, b3), nil } -func (s *SecurityScheme) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (s *SecurityScheme) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { Ref string `json:"$ref,omitempty"` SecuritySchemeProps `json:",inline"` - spec.Extensions + Extensions spec.Extensions `json:",inline"` } x.Ref = s.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(s.Extensions) x.SecuritySchemeProps = s.SecuritySchemeProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } // UnmarshalJSON hydrates this items instance with the data from JSON diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/server.go b/vendor/k8s.io/kube-openapi/pkg/spec3/server.go index 654a42c06..3037fbce4 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/server.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/server.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -55,14 +56,14 @@ func (s *Server) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2), nil } -func (s *Server) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (s *Server) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { ServerProps `json:",inline"` - spec.Extensions + Extensions spec.Extensions `json:",inline"` } x.Extensions = internal.SanitizeExtensions(s.Extensions) x.ServerProps = s.ServerProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (s *Server) UnmarshalJSON(data []byte) error { @@ -79,12 +80,12 @@ func (s *Server) UnmarshalJSON(data []byte) error { return nil } -func (s *Server) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (s *Server) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` ServerProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } s.Extensions = internal.SanitizeExtensions(x.Extensions) @@ -123,14 +124,14 @@ func (s *ServerVariable) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2), nil } -func (s *ServerVariable) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (s *ServerVariable) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { ServerVariableProps `json:",inline"` - spec.Extensions + Extensions spec.Extensions `json:",inline"` } x.Extensions = internal.SanitizeExtensions(s.Extensions) x.ServerVariableProps = s.ServerVariableProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } func (s *ServerVariable) UnmarshalJSON(data []byte) error { @@ -146,12 +147,12 @@ func (s *ServerVariable) UnmarshalJSON(data []byte) error { return nil } -func (s *ServerVariable) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (s *ServerVariable) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - spec.Extensions + Extensions spec.Extensions `json:",inline"` ServerVariableProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } s.Extensions = internal.SanitizeExtensions(x.Extensions) diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go b/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go index 5db819c7f..91b1ae333 100644 --- a/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go +++ b/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go @@ -21,6 +21,7 @@ import ( "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" "k8s.io/kube-openapi/pkg/validation/spec" ) @@ -60,7 +61,7 @@ func (o *OpenAPI) MarshalJSON() ([]byte, error) { return json.Marshal(&p) } -func (o *OpenAPI) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (o *OpenAPI) MarshalJSONTo(enc *jsontext.Encoder) error { type OpenAPIOmitZero struct { Version string `json:"openapi"` Info *spec.Info `json:"info"` @@ -71,5 +72,5 @@ func (o *OpenAPI) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encode ExternalDocs *ExternalDocumentation `json:"externalDocs,omitzero"` } x := (*OpenAPIOmitZero)(o) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/header.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/header.go index 05310c46b..5aa66ae25 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/header.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/header.go @@ -20,6 +20,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) const ( @@ -65,18 +66,18 @@ func (h Header) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2, b3, b4), nil } -func (h Header) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (h Header) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { CommonValidations commonValidationsOmitZero `json:",inline"` SimpleSchema simpleSchemaOmitZero `json:",inline"` - Extensions + Extensions Extensions `json:",inline"` HeaderProps } x.CommonValidations = commonValidationsOmitZero(h.CommonValidations) x.SimpleSchema = simpleSchemaOmitZero(h.SimpleSchema) x.Extensions = internal.SanitizeExtensions(h.Extensions) x.HeaderProps = h.HeaderProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } // UnmarshalJSON unmarshals this header from JSON @@ -97,15 +98,15 @@ func (h *Header) UnmarshalJSON(data []byte) error { return json.Unmarshal(data, &h.HeaderProps) } -func (h *Header) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (h *Header) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { CommonValidations SimpleSchema - Extensions + Extensions Extensions `json:",inline"` HeaderProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/info.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/info.go index d667b705b..8d002a1c5 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/info.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/info.go @@ -21,6 +21,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // Extensions vendor specific extensions @@ -183,14 +184,14 @@ func (i Info) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2), nil } -func (i Info) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (i Info) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - Extensions + Extensions Extensions `json:",inline"` InfoProps } x.Extensions = i.Extensions x.InfoProps = i.InfoProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } // UnmarshalJSON marshal this from JSON @@ -205,12 +206,12 @@ func (i *Info) UnmarshalJSON(data []byte) error { return json.Unmarshal(data, &i.VendorExtensible) } -func (i *Info) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (i *Info) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - Extensions + Extensions Extensions `json:",inline"` InfoProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } i.Extensions = internal.SanitizeExtensions(x.Extensions) diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/items.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/items.go index 4132467d2..6fbb19a46 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/items.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/items.go @@ -20,6 +20,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) const ( @@ -122,13 +123,13 @@ func (i *Items) UnmarshalJSON(data []byte) error { return nil } -func (i *Items) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (i *Items) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { CommonValidations SimpleSchema - Extensions + Extensions Extensions `json:",inline"` } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } if err := i.Refable.Ref.fromMap(x.Extensions); err != nil { @@ -165,16 +166,16 @@ func (i Items) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b4, b3, b1, b2), nil } -func (i Items) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (i Items) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { CommonValidations commonValidationsOmitZero `json:",inline"` SimpleSchema simpleSchemaOmitZero `json:",inline"` Ref string `json:"$ref,omitempty"` - Extensions + Extensions Extensions `json:",inline"` } x.CommonValidations = commonValidationsOmitZero(i.CommonValidations) x.SimpleSchema = simpleSchemaOmitZero(i.SimpleSchema) x.Ref = i.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(i.Extensions) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/operation.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/operation.go index 63eed3460..99b620f94 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/operation.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/operation.go @@ -20,6 +20,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // OperationProps describes an operation @@ -104,13 +105,13 @@ func (o *Operation) UnmarshalJSON(data []byte) error { return json.Unmarshal(data, &o.VendorExtensible) } -func (o *Operation) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (o *Operation) UnmarshalJSONFrom(dec *jsontext.Decoder) error { type OperationPropsNoMethods OperationProps // strip MarshalJSON method var x struct { - Extensions + Extensions Extensions `json:",inline"` OperationPropsNoMethods } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } o.Extensions = internal.SanitizeExtensions(x.Extensions) @@ -135,12 +136,12 @@ func (o Operation) MarshalJSON() ([]byte, error) { return concated, nil } -func (o Operation) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (o Operation) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - Extensions + Extensions Extensions `json:",inline"` OperationProps operationPropsOmitZero `json:",inline"` } x.Extensions = internal.SanitizeExtensions(o.Extensions) x.OperationProps = operationPropsOmitZero(o.OperationProps) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/parameter.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/parameter.go index 53d1e0aa9..f2e61a721 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/parameter.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/parameter.go @@ -20,6 +20,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // ParamProps describes the specific attributes of an operation parameter @@ -107,14 +108,14 @@ func (p *Parameter) UnmarshalJSON(data []byte) error { return json.Unmarshal(data, &p.ParamProps) } -func (p *Parameter) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (p *Parameter) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { CommonValidations SimpleSchema - Extensions + Extensions Extensions `json:",inline"` ParamProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } if err := p.Refable.Ref.fromMap(x.Extensions); err != nil { @@ -155,18 +156,18 @@ func (p Parameter) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b3, b1, b2, b4, b5), nil } -func (p Parameter) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (p Parameter) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { CommonValidations commonValidationsOmitZero `json:",inline"` SimpleSchema simpleSchemaOmitZero `json:",inline"` ParamProps paramPropsOmitZero `json:",inline"` Ref string `json:"$ref,omitempty"` - Extensions + Extensions Extensions `json:",inline"` } x.CommonValidations = commonValidationsOmitZero(p.CommonValidations) x.SimpleSchema = simpleSchemaOmitZero(p.SimpleSchema) x.Extensions = internal.SanitizeExtensions(p.Extensions) x.ParamProps = paramPropsOmitZero(p.ParamProps) x.Ref = p.Refable.Ref.String() - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/path_item.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/path_item.go index 1d1588cb9..f2a0d9542 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/path_item.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/path_item.go @@ -20,6 +20,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // PathItemProps the path item specific properties @@ -61,13 +62,13 @@ func (p *PathItem) UnmarshalJSON(data []byte) error { return json.Unmarshal(data, &p.PathItemProps) } -func (p *PathItem) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (p *PathItem) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - Extensions + Extensions Extensions `json:",inline"` PathItemProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } if err := p.Refable.Ref.fromMap(x.Extensions); err != nil { @@ -100,14 +101,14 @@ func (p PathItem) MarshalJSON() ([]byte, error) { return concated, nil } -func (p PathItem) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (p PathItem) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - Ref string `json:"$ref,omitempty"` - Extensions + Ref string `json:"$ref,omitempty"` + Extensions Extensions `json:",inline"` PathItemProps } x.Ref = p.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(p.Extensions) x.PathItemProps = p.PathItemProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/paths.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/paths.go index 18f6a9f42..23b72ccce 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/paths.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/paths.go @@ -22,6 +22,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // Paths holds the relative paths to the individual endpoints. @@ -70,7 +71,7 @@ func (p *Paths) UnmarshalJSON(data []byte) error { return nil } -func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (p *Paths) UnmarshalJSONFrom(dec *jsontext.Decoder) error { tok, err := dec.ReadToken() if err != nil { return err @@ -94,7 +95,7 @@ func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Deco switch k := tok.String(); { case internal.IsExtensionKey(k): ext = nil - if err := opts.UnmarshalNext(dec, &ext); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &ext); err != nil { return err } @@ -104,7 +105,7 @@ func (p *Paths) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Deco p.Extensions[k] = ext case len(k) > 0 && k[0] == '/': pi = PathItem{} - if err := opts.UnmarshalNext(dec, &pi); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &pi); err != nil { return err } @@ -148,7 +149,7 @@ func (p Paths) MarshalJSON() ([]byte, error) { return concated, nil } -func (p Paths) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (p Paths) MarshalJSONTo(enc *jsontext.Encoder) error { m := make(map[string]any, len(p.Extensions)+len(p.Paths)) for k, v := range p.Extensions { if internal.IsExtensionKey(k) { @@ -160,5 +161,5 @@ func (p Paths) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) m[k] = v } } - return opts.MarshalNext(enc, m) + return jsonv2.MarshalEncode(enc, m) } diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/ref.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/ref.go index 775b3b0c3..29cec6193 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/ref.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/ref.go @@ -16,10 +16,6 @@ package spec import ( "encoding/json" - "net/http" - "os" - "path/filepath" - "github.com/go-openapi/jsonreference" "k8s.io/kube-openapi/pkg/internal" @@ -56,52 +52,6 @@ func (r *Ref) RemoteURI() string { return u.String() } -// IsValidURI returns true when the url the ref points to can be found -func (r *Ref) IsValidURI(basepaths ...string) bool { - if r.String() == "" { - return true - } - - v := r.RemoteURI() - if v == "" { - return true - } - - if r.HasFullURL { - rr, err := http.Get(v) - if err != nil { - return false - } - - return rr.StatusCode/100 == 2 - } - - if !(r.HasFileScheme || r.HasFullFilePath || r.HasURLPathOnly) { - return false - } - - // check for local file - pth := v - if r.HasURLPathOnly { - base := "." - if len(basepaths) > 0 { - base = filepath.Dir(filepath.Join(basepaths...)) - } - p, e := filepath.Abs(filepath.ToSlash(filepath.Join(base, pth))) - if e != nil { - return false - } - pth = p - } - - fi, err := os.Stat(filepath.ToSlash(pth)) - if err != nil { - return false - } - - return !fi.IsDir() -} - // Inherits creates a new reference from a parent and a child // If the child cannot inherit from the parent, an error is returned func (r *Ref) Inherits(child Ref) (*Ref, error) { diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/response.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/response.go index 3ff1fe132..585a93acc 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/response.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/response.go @@ -20,6 +20,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // ResponseProps properties specific to a response @@ -67,13 +68,13 @@ func (r *Response) UnmarshalJSON(data []byte) error { return nil } -func (r *Response) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (r *Response) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { ResponseProps - Extensions + Extensions Extensions `json:",inline"` } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } @@ -106,16 +107,16 @@ func (r Response) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2, b3), nil } -func (r Response) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (r Response) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - Ref string `json:"$ref,omitempty"` - Extensions + Ref string `json:"$ref,omitempty"` + Extensions Extensions `json:",inline"` ResponseProps responsePropsOmitZero `json:",inline"` } x.Ref = r.Refable.Ref.String() x.Extensions = internal.SanitizeExtensions(r.Extensions) x.ResponseProps = responsePropsOmitZero(r.ResponseProps) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } // NewResponse creates a new response instance diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/responses.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/responses.go index d9ad760a4..a1a3d0fd5 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/responses.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/responses.go @@ -23,6 +23,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // Responses is a container for the expected responses of an operation. @@ -78,11 +79,11 @@ func (r Responses) MarshalJSON() ([]byte, error) { return concated, nil } -func (r Responses) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (r Responses) MarshalJSONTo(enc *jsontext.Encoder) error { type ArbitraryKeys map[string]interface{} var x struct { - ArbitraryKeys - Default *Response `json:"default,omitempty"` + ArbitraryKeys ArbitraryKeys `json:",inline"` + Default *Response `json:"default,omitempty"` } x.ArbitraryKeys = make(map[string]any, len(r.Extensions)+len(r.StatusCodeResponses)) for k, v := range r.Extensions { @@ -94,7 +95,7 @@ func (r Responses) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encod x.ArbitraryKeys[strconv.Itoa(k)] = v } x.Default = r.Default - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } // ResponsesProps describes all responses for an operation. @@ -150,7 +151,7 @@ func (r *ResponsesProps) UnmarshalJSON(data []byte) error { return nil } -func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) (err error) { +func (r *Responses) UnmarshalJSONFrom(dec *jsontext.Decoder) (err error) { tok, err := dec.ReadToken() if err != nil { return err @@ -172,7 +173,7 @@ func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2. switch k := tok.String(); { case internal.IsExtensionKey(k): ext = nil - if err := opts.UnmarshalNext(dec, &ext); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &ext); err != nil { return err } @@ -182,7 +183,7 @@ func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2. r.Extensions[k] = ext case k == "default": resp = Response{} - if err := opts.UnmarshalNext(dec, &resp); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &resp); err != nil { return err } @@ -191,7 +192,7 @@ func (r *Responses) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2. default: if nk, err := strconv.Atoi(k); err == nil { resp = Response{} - if err := opts.UnmarshalNext(dec, &resp); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &resp); err != nil { return err } diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/schema.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/schema.go index dfbb2e05c..6c0c6fc14 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/schema.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/schema.go @@ -23,6 +23,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // BooleanProperty creates a boolean property @@ -517,10 +518,10 @@ func (s Schema) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2, b3, b4, b5, b6), nil } -func (s Schema) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (s Schema) MarshalJSONTo(enc *jsontext.Encoder) error { type ArbitraryKeys map[string]interface{} var x struct { - ArbitraryKeys + ArbitraryKeys ArbitraryKeys `json:",inline"` SchemaProps schemaPropsOmitZero `json:",inline"` SwaggerSchemaProps swaggerSchemaPropsOmitZero `json:",inline"` Schema string `json:"$schema,omitempty"` @@ -539,7 +540,7 @@ func (s Schema) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) x.SwaggerSchemaProps = swaggerSchemaPropsOmitZero(s.SwaggerSchemaProps) x.Ref = s.Ref.String() x.Schema = string(s.Schema) - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } // UnmarshalJSON marshal this from JSON @@ -595,13 +596,13 @@ func (s *Schema) UnmarshalJSON(data []byte) error { return nil } -func (s *Schema) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (s *Schema) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - Extensions + Extensions Extensions `json:",inline"` SchemaProps SwaggerSchemaProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/security_scheme.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/security_scheme.go index e2b7da14c..7c7b6bdd8 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/security_scheme.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/security_scheme.go @@ -20,6 +20,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // SecuritySchemeProps describes a swagger security scheme in the securityDefinitions section @@ -60,14 +61,14 @@ func (s SecurityScheme) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2), nil } -func (s SecurityScheme) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (s SecurityScheme) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - Extensions + Extensions Extensions `json:",inline"` SecuritySchemeProps } x.Extensions = internal.SanitizeExtensions(s.Extensions) x.SecuritySchemeProps = s.SecuritySchemeProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } // UnmarshalJSON marshal this from JSON @@ -78,12 +79,12 @@ func (s *SecurityScheme) UnmarshalJSON(data []byte) error { return json.Unmarshal(data, &s.VendorExtensible) } -func (s *SecurityScheme) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (s *SecurityScheme) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - Extensions + Extensions Extensions `json:",inline"` SecuritySchemeProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } s.Extensions = internal.SanitizeExtensions(x.Extensions) diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/swagger.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/swagger.go index c8f3beaa3..533b7cc83 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/swagger.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/swagger.go @@ -21,6 +21,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // Swagger this is the root document object for the API specification. @@ -50,14 +51,14 @@ func (s Swagger) MarshalJSON() ([]byte, error) { } // MarshalJSON marshals this swagger structure to json -func (s Swagger) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (s Swagger) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - Extensions + Extensions Extensions `json:",inline"` SwaggerProps } x.Extensions = internal.SanitizeExtensions(s.Extensions) x.SwaggerProps = s.SwaggerProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } // UnmarshalJSON unmarshals a swagger spec from json @@ -76,16 +77,16 @@ func (s *Swagger) UnmarshalJSON(data []byte) error { return nil } -func (s *Swagger) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (s *Swagger) UnmarshalJSONFrom(dec *jsontext.Decoder) error { // Note: If you're willing to make breaking changes, it is possible to // optimize this and other usages of this pattern: // https://github.com/kubernetes/kube-openapi/pull/319#discussion_r983165948 var x struct { - Extensions + Extensions Extensions `json:",inline"` SwaggerProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } s.Extensions = internal.SanitizeExtensions(x.Extensions) @@ -146,15 +147,15 @@ func (s SchemaOrBool) MarshalJSON() ([]byte, error) { } // MarshalJSON convert this object to JSON -func (s SchemaOrBool) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (s SchemaOrBool) MarshalJSONTo(enc *jsontext.Encoder) error { if s.Schema != nil { - return opts.MarshalNext(enc, s.Schema) + return jsonv2.MarshalEncode(enc, s.Schema) } if s.Schema == nil && !s.Allows { - return enc.WriteToken(jsonv2.False) + return enc.WriteToken(jsontext.False) } - return enc.WriteToken(jsonv2.True) + return enc.WriteToken(jsontext.True) } // UnmarshalJSON converts this bool or schema object from a JSON structure @@ -178,17 +179,17 @@ func (s *SchemaOrBool) UnmarshalJSON(data []byte) error { return nil } -func (s *SchemaOrBool) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (s *SchemaOrBool) UnmarshalJSONFrom(dec *jsontext.Decoder) error { switch k := dec.PeekKind(); k { case '{': - err := opts.UnmarshalNext(dec, &s.Schema) + err := jsonv2.UnmarshalDecode(dec, &s.Schema) if err != nil { return err } s.Allows = true return nil case 't', 'f': - err := opts.UnmarshalNext(dec, &s.Allows) + err := jsonv2.UnmarshalDecode(dec, &s.Allows) if err != nil { return err } @@ -219,14 +220,14 @@ func (s SchemaOrStringArray) MarshalJSON() ([]byte, error) { } // MarshalJSON converts this schema object or array into JSON structure -func (s SchemaOrStringArray) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (s SchemaOrStringArray) MarshalJSONTo(enc *jsontext.Encoder) error { if len(s.Property) > 0 { - return opts.MarshalNext(enc, s.Property) + return jsonv2.MarshalEncode(enc, s.Property) } if s.Schema != nil { - return opts.MarshalNext(enc, s.Schema) + return jsonv2.MarshalEncode(enc, s.Schema) } - return enc.WriteToken(jsonv2.Null) + return enc.WriteToken(jsontext.Null) } // UnmarshalJSON converts this schema object or array from a JSON structure @@ -256,12 +257,12 @@ func (s *SchemaOrStringArray) UnmarshalJSON(data []byte) error { return nil } -func (s *SchemaOrStringArray) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (s *SchemaOrStringArray) UnmarshalJSONFrom(dec *jsontext.Decoder) error { switch dec.PeekKind() { case '{': - return opts.UnmarshalNext(dec, &s.Schema) + return jsonv2.UnmarshalDecode(dec, &s.Schema) case '[': - return opts.UnmarshalNext(dec, &s.Property) + return jsonv2.UnmarshalDecode(dec, &s.Property) default: _, err := dec.ReadValue() return err @@ -332,14 +333,14 @@ func (s *StringOrArray) UnmarshalJSON(data []byte) error { } } -func (s *StringOrArray) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (s *StringOrArray) UnmarshalJSONFrom(dec *jsontext.Decoder) error { switch k := dec.PeekKind(); k { case '[': *s = StringOrArray{} - return opts.UnmarshalNext(dec, (*[]string)(s)) + return jsonv2.UnmarshalDecode(dec, (*[]string)(s)) case '"': *s = StringOrArray{""} - return opts.UnmarshalNext(dec, &(*s)[0]) + return jsonv2.UnmarshalDecode(dec, &(*s)[0]) case 'n': // Throw out null token _, _ = dec.ReadToken() @@ -392,11 +393,11 @@ func (s SchemaOrArray) MarshalJSON() ([]byte, error) { } // MarshalJSON converts this schema object or array into JSON structure -func (s SchemaOrArray) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (s SchemaOrArray) MarshalJSONTo(enc *jsontext.Encoder) error { if s.Schemas != nil { - return opts.MarshalNext(enc, s.Schemas) + return jsonv2.MarshalEncode(enc, s.Schemas) } - return opts.MarshalNext(enc, s.Schema) + return jsonv2.MarshalEncode(enc, s.Schema) } // UnmarshalJSON converts this schema object or array from a JSON structure @@ -426,12 +427,12 @@ func (s *SchemaOrArray) UnmarshalJSON(data []byte) error { return nil } -func (s *SchemaOrArray) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (s *SchemaOrArray) UnmarshalJSONFrom(dec *jsontext.Decoder) error { switch dec.PeekKind() { case '{': - return opts.UnmarshalNext(dec, &s.Schema) + return jsonv2.UnmarshalDecode(dec, &s.Schema) case '[': - return opts.UnmarshalNext(dec, &s.Schemas) + return jsonv2.UnmarshalDecode(dec, &s.Schemas) default: _, err := dec.ReadValue() return err diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/tag.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/tag.go index d105d52ca..89c3d0d82 100644 --- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/tag.go +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/tag.go @@ -20,6 +20,7 @@ import ( "github.com/go-openapi/swag" "k8s.io/kube-openapi/pkg/internal" jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json" + "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext" ) // TagProps describe a tag entry in the top level tags section of a swagger spec @@ -55,14 +56,14 @@ func (t Tag) MarshalJSON() ([]byte, error) { return swag.ConcatJSON(b1, b2), nil } -func (t Tag) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error { +func (t Tag) MarshalJSONTo(enc *jsontext.Encoder) error { var x struct { - Extensions + Extensions Extensions `json:",inline"` TagProps } x.Extensions = internal.SanitizeExtensions(t.Extensions) x.TagProps = t.TagProps - return opts.MarshalNext(enc, x) + return jsonv2.MarshalEncode(enc, x) } // UnmarshalJSON marshal this from JSON @@ -77,12 +78,12 @@ func (t *Tag) UnmarshalJSON(data []byte) error { return json.Unmarshal(data, &t.VendorExtensible) } -func (t *Tag) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error { +func (t *Tag) UnmarshalJSONFrom(dec *jsontext.Decoder) error { var x struct { - Extensions + Extensions Extensions `json:",inline"` TagProps } - if err := opts.UnmarshalNext(dec, &x); err != nil { + if err := jsonv2.UnmarshalDecode(dec, &x); err != nil { return err } t.Extensions = internal.SanitizeExtensions(x.Extensions) diff --git a/vendor/k8s.io/utils/buffer/ring_fixed.go b/vendor/k8s.io/utils/buffer/ring_fixed.go new file mode 100644 index 000000000..a104e12a3 --- /dev/null +++ b/vendor/k8s.io/utils/buffer/ring_fixed.go @@ -0,0 +1,120 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package buffer + +import ( + "errors" + "io" +) + +// Compile-time check that *TypedRingFixed[byte] implements io.Writer. +var _ io.Writer = (*TypedRingFixed[byte])(nil) + +// ErrInvalidSize indicates size must be > 0 +var ErrInvalidSize = errors.New("size must be positive") + +// TypedRingFixed is a fixed-size circular buffer for elements of type T. +// Writes overwrite older data, keeping only the last N elements. +// Not thread safe. +type TypedRingFixed[T any] struct { + data []T + size int + writeCursor int + written int64 +} + +// NewTypedRingFixed creates a circular buffer with the given capacity (must be > 0). +func NewTypedRingFixed[T any](size int) (*TypedRingFixed[T], error) { + if size <= 0 { + return nil, ErrInvalidSize + } + return &TypedRingFixed[T]{ + data: make([]T, size), + size: size, + }, nil +} + +// Write writes p to the buffer, overwriting old data if needed. +func (r *TypedRingFixed[T]) Write(p []T) (int, error) { + originalLen := len(p) + r.written += int64(originalLen) + + // If the input is larger than our buffer, only keep the last 'size' elements + if originalLen > r.size { + p = p[originalLen-r.size:] + } + + // Copy data, handling wrap-around + n := len(p) + remain := r.size - r.writeCursor + if n <= remain { + copy(r.data[r.writeCursor:], p) + } else { + copy(r.data[r.writeCursor:], p[:remain]) + copy(r.data, p[remain:]) + } + + r.writeCursor = (r.writeCursor + n) % r.size + return originalLen, nil +} + +// Slice returns buffer contents in write order. Don't modify the returned slice. +func (r *TypedRingFixed[T]) Slice() []T { + if r.written == 0 { + return nil + } + + // Buffer hasn't wrapped yet + if r.written < int64(r.size) { + return r.data[:r.writeCursor] + } + + // Buffer has wrapped - need to return data in correct order + // Data from writeCursor to end is oldest, data from 0 to writeCursor is newest + if r.writeCursor == 0 { + return r.data + } + + out := make([]T, r.size) + copy(out, r.data[r.writeCursor:]) + copy(out[r.size-r.writeCursor:], r.data[:r.writeCursor]) + return out +} + +// Size returns the buffer capacity. +func (r *TypedRingFixed[T]) Size() int { + return r.size +} + +// Len returns how many elements are currently in the buffer. +func (r *TypedRingFixed[T]) Len() int { + if r.written < int64(r.size) { + return int(r.written) + } + return r.size +} + +// TotalWritten returns total elements ever written (including overwritten ones). +func (r *TypedRingFixed[T]) TotalWritten() int64 { + return r.written +} + +// Reset clears the buffer. +func (r *TypedRingFixed[T]) Reset() { + r.writeCursor = 0 + r.written = 0 +} diff --git a/vendor/k8s.io/utils/exec/exec.go b/vendor/k8s.io/utils/exec/exec.go index d9c91e3ca..b7cde7fd8 100644 --- a/vendor/k8s.io/utils/exec/exec.go +++ b/vendor/k8s.io/utils/exec/exec.go @@ -18,6 +18,7 @@ package exec import ( "context" + "errors" "io" "io/fs" osexec "os/exec" @@ -97,6 +98,21 @@ func New() Interface { return &executor{} } +// maskErrDotCmd reverts the behavior of osexec.Cmd to what it was before go1.19 +// specifically set the Err field to nil (LookPath returns a new error when the file +// is resolved to the current directory. +func maskErrDotCmd(cmd *osexec.Cmd) *osexec.Cmd { + cmd.Err = maskErrDot(cmd.Err) + return cmd +} + +func maskErrDot(err error) error { + if err != nil && errors.Is(err, osexec.ErrDot) { + return nil + } + return err +} + // Command is part of the Interface interface. func (executor *executor) Command(cmd string, args ...string) Cmd { return (*cmdWrapper)(maskErrDotCmd(osexec.Command(cmd, args...))) diff --git a/vendor/k8s.io/utils/exec/fixup_go118.go b/vendor/k8s.io/utils/exec/fixup_go118.go deleted file mode 100644 index acf45f1cd..000000000 --- a/vendor/k8s.io/utils/exec/fixup_go118.go +++ /dev/null @@ -1,32 +0,0 @@ -//go:build !go1.19 -// +build !go1.19 - -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package exec - -import ( - osexec "os/exec" -) - -func maskErrDotCmd(cmd *osexec.Cmd) *osexec.Cmd { - return cmd -} - -func maskErrDot(err error) error { - return err -} diff --git a/vendor/k8s.io/utils/exec/fixup_go119.go b/vendor/k8s.io/utils/exec/fixup_go119.go deleted file mode 100644 index 55874c929..000000000 --- a/vendor/k8s.io/utils/exec/fixup_go119.go +++ /dev/null @@ -1,40 +0,0 @@ -//go:build go1.19 -// +build go1.19 - -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package exec - -import ( - "errors" - osexec "os/exec" -) - -// maskErrDotCmd reverts the behavior of osexec.Cmd to what it was before go1.19 -// specifically set the Err field to nil (LookPath returns a new error when the file -// is resolved to the current directory. -func maskErrDotCmd(cmd *osexec.Cmd) *osexec.Cmd { - cmd.Err = maskErrDot(cmd.Err) - return cmd -} - -func maskErrDot(err error) error { - if err != nil && errors.Is(err, osexec.ErrDot) { - return nil - } - return err -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 78d21eef9..98eb7a2b0 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -398,43 +398,43 @@ github.com/go-openapi/jsonpointer ## explicit; go 1.24.0 github.com/go-openapi/jsonreference github.com/go-openapi/jsonreference/internal -# github.com/go-openapi/swag v0.25.1 +# github.com/go-openapi/swag v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag -# github.com/go-openapi/swag/cmdutils v0.25.1 +# github.com/go-openapi/swag/cmdutils v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/cmdutils -# github.com/go-openapi/swag/conv v0.25.1 +# github.com/go-openapi/swag/conv v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/conv -# github.com/go-openapi/swag/fileutils v0.25.1 +# github.com/go-openapi/swag/fileutils v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/fileutils -# github.com/go-openapi/swag/jsonname v0.25.1 +# github.com/go-openapi/swag/jsonname v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/jsonname -# github.com/go-openapi/swag/jsonutils v0.25.1 +# github.com/go-openapi/swag/jsonutils v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/jsonutils github.com/go-openapi/swag/jsonutils/adapters github.com/go-openapi/swag/jsonutils/adapters/ifaces github.com/go-openapi/swag/jsonutils/adapters/stdlib/json -# github.com/go-openapi/swag/loading v0.25.1 +# github.com/go-openapi/swag/loading v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/loading -# github.com/go-openapi/swag/mangling v0.25.1 +# github.com/go-openapi/swag/mangling v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/mangling -# github.com/go-openapi/swag/netutils v0.25.1 +# github.com/go-openapi/swag/netutils v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/netutils -# github.com/go-openapi/swag/stringutils v0.25.1 +# github.com/go-openapi/swag/stringutils v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/stringutils -# github.com/go-openapi/swag/typeutils v0.25.1 +# github.com/go-openapi/swag/typeutils v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/typeutils -# github.com/go-openapi/swag/yamlutils v0.25.1 +# github.com/go-openapi/swag/yamlutils v0.25.4 ## explicit; go 1.24.0 github.com/go-openapi/swag/yamlutils # github.com/go-redis/cache/v9 v9.0.0 @@ -628,8 +628,8 @@ github.com/opencontainers/go-digest ## explicit; go 1.18 github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 -# github.com/openshift/api v3.9.0+incompatible => github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a -## explicit; go 1.24.0 +# github.com/openshift/api v3.9.0+incompatible => github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 +## explicit; go 1.25.0 github.com/openshift/api/config/v1 github.com/openshift/api/config/v1alpha1 github.com/openshift/api/config/v1alpha2 @@ -1581,8 +1581,8 @@ k8s.io/component-helpers/resource # k8s.io/controller-manager v0.34.0 => k8s.io/controller-manager v0.34.2 ## explicit; go 1.24.0 k8s.io/controller-manager/pkg/features -# k8s.io/klog/v2 v2.130.1 -## explicit; go 1.18 +# k8s.io/klog/v2 v2.140.0 +## explicit; go 1.21 k8s.io/klog/v2 k8s.io/klog/v2/internal/buffer k8s.io/klog/v2/internal/clock @@ -1597,13 +1597,18 @@ k8s.io/klog/v2/textlogger k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1 -# k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 -## explicit; go 1.23.0 +# k8s.io/kube-openapi v0.0.0-20260519202549-bbf5c5577288 +## explicit; go 1.24.0 k8s.io/kube-openapi/pkg/cached k8s.io/kube-openapi/pkg/common k8s.io/kube-openapi/pkg/handler3 k8s.io/kube-openapi/pkg/internal k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext k8s.io/kube-openapi/pkg/schemaconv k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto @@ -1751,8 +1756,8 @@ k8s.io/kubernetes/pkg/apis/storage/v1alpha1 k8s.io/kubernetes/pkg/apis/storage/v1beta1 k8s.io/kubernetes/pkg/features k8s.io/kubernetes/pkg/util/parsers -# k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 -## explicit; go 1.18 +# k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 +## explicit; go 1.23 k8s.io/utils/buffer k8s.io/utils/clock k8s.io/utils/exec @@ -1962,7 +1967,7 @@ sigs.k8s.io/kustomize/kyaml/yaml/walk ## explicit; go 1.18 sigs.k8s.io/randfill sigs.k8s.io/randfill/bytesource -# sigs.k8s.io/structured-merge-diff/v6 v6.3.1-0.20251003215857-446d8398e19c +# sigs.k8s.io/structured-merge-diff/v6 v6.3.2 ## explicit; go 1.23 sigs.k8s.io/structured-merge-diff/v6/fieldpath sigs.k8s.io/structured-merge-diff/v6/merge @@ -1974,7 +1979,7 @@ sigs.k8s.io/structured-merge-diff/v6/value sigs.k8s.io/yaml sigs.k8s.io/yaml/goyaml.v3 sigs.k8s.io/yaml/kyaml -# github.com/openshift/api => github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a +# github.com/openshift/api => github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 # github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20251205093018-96a6cbc1420c # k8s.io/api => k8s.io/api v0.34.2 # k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.34.2 diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v6/schema/elements.go b/vendor/sigs.k8s.io/structured-merge-diff/v6/schema/elements.go index 5d3707a5b..c8138a654 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v6/schema/elements.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v6/schema/elements.go @@ -18,6 +18,7 @@ package schema import ( "sync" + "sync/atomic" ) // Schema is a list of named types. @@ -28,7 +29,7 @@ type Schema struct { Types []TypeDef `yaml:"types,omitempty"` once sync.Once - m map[string]TypeDef + m atomic.Pointer[map[string]TypeDef] lock sync.Mutex // Cached results of resolving type references to atoms. Only stores @@ -144,26 +145,28 @@ type Map struct { ElementRelationship ElementRelationship `yaml:"elementRelationship,omitempty"` once sync.Once - m map[string]StructField + m atomic.Pointer[map[string]StructField] } // FindField is a convenience function that returns the referenced StructField, // if it exists, or (nil, false) if it doesn't. func (m *Map) FindField(name string) (StructField, bool) { m.once.Do(func() { - m.m = make(map[string]StructField, len(m.Fields)) + mm := make(map[string]StructField, len(m.Fields)) for _, field := range m.Fields { - m.m[field.Name] = field + mm[field.Name] = field } + m.m.Store(&mm) }) - sf, ok := m.m[name] + sf, ok := (*m.m.Load())[name] return sf, ok } -// CopyInto this instance of Map into the other -// If other is nil this method does nothing. -// If other is already initialized, overwrites it with this instance -// Warning: Not thread safe +// CopyInto clones this instance of Map into dst +// +// If dst is nil this method does nothing. +// If dst is already initialized, overwrites it with this instance. +// Warning: Not thread safe. Only use dst after this function returns. func (m *Map) CopyInto(dst *Map) { if dst == nil { return @@ -175,12 +178,13 @@ func (m *Map) CopyInto(dst *Map) { dst.Unions = m.Unions dst.ElementRelationship = m.ElementRelationship - if m.m != nil { + mm := m.m.Load() + if mm != nil { // If cache is non-nil then the once token had been consumed. // Must reset token and use it again to ensure same semantics. dst.once = sync.Once{} dst.once.Do(func() { - dst.m = m.m + dst.m.Store(mm) }) } } @@ -274,12 +278,13 @@ type List struct { // if it exists, or (nil, false) if it doesn't. func (s *Schema) FindNamedType(name string) (TypeDef, bool) { s.once.Do(func() { - s.m = make(map[string]TypeDef, len(s.Types)) + sm := make(map[string]TypeDef, len(s.Types)) for _, t := range s.Types { - s.m[t.Name] = t + sm[t.Name] = t } + s.m.Store(&sm) }) - t, ok := s.m[name] + t, ok := (*s.m.Load())[name] return t, ok } @@ -352,10 +357,11 @@ func (s *Schema) Resolve(tr TypeRef) (Atom, bool) { return result, true } -// Clones this instance of Schema into the other -// If other is nil this method does nothing. -// If other is already initialized, overwrites it with this instance -// Warning: Not thread safe +// CopyInto clones this instance of Schema into dst +// +// If dst is nil this method does nothing. +// If dst is already initialized, overwrites it with this instance. +// Warning: Not thread safe. Only use dst after this function returns. func (s *Schema) CopyInto(dst *Schema) { if dst == nil { return @@ -364,12 +370,13 @@ func (s *Schema) CopyInto(dst *Schema) { // Schema type is considered immutable so sharing references dst.Types = s.Types - if s.m != nil { + sm := s.m.Load() + if sm != nil { // If cache is non-nil then the once token had been consumed. // Must reset token and use it again to ensure same semantics. dst.once = sync.Once{} dst.once.Do(func() { - dst.m = s.m + dst.m.Store(sm) }) } } diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v6/value/reflectcache.go b/vendor/sigs.k8s.io/structured-merge-diff/v6/value/reflectcache.go index 3b4a402ee..75b7085c3 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v6/value/reflectcache.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v6/value/reflectcache.go @@ -84,6 +84,10 @@ func (f *FieldCacheEntry) CanOmit(fieldVal reflect.Value) bool { func (f *FieldCacheEntry) GetFrom(structVal reflect.Value) reflect.Value { // field might be nested within 'inline' structs for _, elem := range f.fieldPath { + if safeIsNil(structVal) { + // if any part of the path is nil, return the zero value for the field type + return reflect.Zero(f.fieldType) + } structVal = dereference(structVal).FieldByIndex(elem) } return structVal