diff --git a/.ci-operator.yaml b/.ci-operator.yaml index 559bdf388..188626d79 100644 --- a/.ci-operator.yaml +++ b/.ci-operator.yaml @@ -1,4 +1,4 @@ build_root_image: name: boilerplate namespace: openshift - tag: image-v8.3.4 + tag: image-v8.3.6 diff --git a/.claude/commands/pre-commit.md b/.claude/commands/pre-commit.md new file mode 100644 index 000000000..56c2d4811 --- /dev/null +++ b/.claude/commands/pre-commit.md @@ -0,0 +1,94 @@ +Run pre-commit hooks on this repository following the agentic SDLC golden rules (SREP-4450). + +## Usage +- `/pre-commit` — run on staged files (default, fastest) +- `/pre-commit --all-files` — run on all files (first-time setup, CI equivalent) +- `/pre-commit ` — run a single hook by ID (targeted debugging) + +## What you must do + +### Step 1 — Preflight checks + +1. Confirm `.pre-commit-config.yaml` exists in the repo root. If not, tell the user and stop. +2. Confirm `pre-commit` is installed: run `which pre-commit`. If not found, run `pip install pre-commit` or `pip3 install pre-commit`. +3. Confirm hooks are installed: check if `.git/hooks/pre-commit` exists. If not, run `pre-commit install`. + +### Step 2 — Run hooks + +Determine the run mode from `$ARGUMENTS`: +- `--all-files` → run `pre-commit run --all-files` +- `` (a word that is not a flag) → run `pre-commit run ` +- empty or default → run `pre-commit run` (staged files only) + +Capture the full stdout and stderr output. + +### Step 3 — Parse and categorise results + +For each hook in the output, classify it as one of: +- **Passed** — hook exited 0, no changes +- **Auto-fixed** — hook exited non-zero but modified files (trailing-whitespace, end-of-file-fixer) +- **Failed** — hook exited non-zero, no auto-fix + +Extract for each failure: +- Hook ID and name +- Affected files and line numbers if present +- The error message +- Whether it is a security hook (gitleaks, rbac-wildcard-check) + +### Step 4 — Handle auto-fixes (idempotency loop, golden rule 9) + +If any hooks auto-fixed files: +1. Stage the modified files: `git add ` +2. Re-run the hooks on staged files +3. Report what was fixed + +### Step 5 — Retry on failure (golden rule 19, max 2 iterations) + +Track `attempt_count` starting at 1. + +For each non-security failure with an identifiable fix: +1. Apply the fix (edit the file, run the suggested command) +2. Stage the changes +3. Re-run `pre-commit run` +4. Increment `attempt_count` + +**Stop retrying when:** +- All hooks pass → report success +- `attempt_count` reaches 3 → stop, escalate to human (see Step 6) +- A security hook fails → stop immediately, escalate to human (see Step 6) + +### Step 6 — Escalate to human when required + +Escalate (do not retry further) when: +- A **security hook** fires (gitleaks, rbac-wildcard-check) — these require human judgment +- Hooks still fail after **2 fix-and-retry attempts** +- A hook **timed out** — this indicates a systemic issue, not a fixable code problem + +When escalating, report: +- Which hook is failing +- The exact error output +- What was already attempted +- The recommended next action for the human + +### Step 7 — Final report + +Always end with a structured summary: + +``` +PRE-COMMIT SUMMARY +================== +Passed: +Auto-fixed: → files staged +Fixed: → changes applied +Failed: → escalated to human +Attempts: of 2 maximum +``` + +## Rules you must never break + +- **Never run `git commit --no-verify`** — bypassing all hooks is not permitted +- **Never modify `.pre-commit-config.yaml`** to suppress a failing hook +- **Never retry more than twice** — escalate on the third failure +- **Never auto-fix a security hook failure** — always escalate to human +- **Always stage auto-fixed files** before re-running — do not leave unstaged modifications +- **Always report what changed** — the human must be able to review every fix you applied diff --git a/.codecov.yml b/.codecov.yml index ba05647ad..20cbf543c 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -8,8 +8,14 @@ coverage: range: "20...100" status: - project: no - patch: no + project: + default: + target: 35% + threshold: 1% + patch: + default: + target: 50% + threshold: 1% changes: no parsers: diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index e0e91ef22..e5b08a0d8 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -4,8 +4,8 @@ # ============================================================================= aliases: srep-functional-team-aurora: - - abyrne55 - AlexSmithGH + - BATMAN-JD - dakotalongRH - eth1030 - joshbranham @@ -73,7 +73,6 @@ aliases: - yiqinzhang - varunraokadaparthi srep-functional-leads: - - abyrne55 - clcollins - bergmannf - theautoroboto @@ -91,5 +90,4 @@ aliases: - maorfr - rogbas srep-architects: - - jharrington22 - cblecker diff --git a/boilerplate/_data/backing-image-tag b/boilerplate/_data/backing-image-tag index 77a6bbe44..ca21d244a 100644 --- a/boilerplate/_data/backing-image-tag +++ b/boilerplate/_data/backing-image-tag @@ -1 +1 @@ -image-v8.3.4 +image-v8.3.6 diff --git a/boilerplate/_data/last-boilerplate-commit b/boilerplate/_data/last-boilerplate-commit index 4235f5c1c..35f019033 100644 --- a/boilerplate/_data/last-boilerplate-commit +++ b/boilerplate/_data/last-boilerplate-commit @@ -1 +1 @@ -28f0d527a87f963961e218687f8e481acf62e47d +c2342f1bcec55d87fd028e5c1d7f105c745eb32e diff --git a/boilerplate/openshift/golang-osd-operator/.codecov.yml b/boilerplate/openshift/golang-osd-operator/.codecov.yml index ba05647ad..20cbf543c 100644 --- a/boilerplate/openshift/golang-osd-operator/.codecov.yml +++ b/boilerplate/openshift/golang-osd-operator/.codecov.yml @@ -8,8 +8,14 @@ coverage: range: "20...100" status: - project: no - patch: no + project: + default: + target: 35% + threshold: 1% + patch: + default: + target: 50% + threshold: 1% changes: no parsers: diff --git a/boilerplate/openshift/golang-osd-operator/OWNERS_ALIASES b/boilerplate/openshift/golang-osd-operator/OWNERS_ALIASES index e0e91ef22..e5b08a0d8 100644 --- a/boilerplate/openshift/golang-osd-operator/OWNERS_ALIASES +++ b/boilerplate/openshift/golang-osd-operator/OWNERS_ALIASES @@ -4,8 +4,8 @@ # ============================================================================= aliases: srep-functional-team-aurora: - - abyrne55 - AlexSmithGH + - BATMAN-JD - dakotalongRH - eth1030 - joshbranham @@ -73,7 +73,6 @@ aliases: - yiqinzhang - varunraokadaparthi srep-functional-leads: - - abyrne55 - clcollins - bergmannf - theautoroboto @@ -91,5 +90,4 @@ aliases: - maorfr - rogbas srep-architects: - - jharrington22 - cblecker diff --git a/boilerplate/openshift/golang-osd-operator/README.md b/boilerplate/openshift/golang-osd-operator/README.md index fea37f6af..81809a681 100644 --- a/boilerplate/openshift/golang-osd-operator/README.md +++ b/boilerplate/openshift/golang-osd-operator/README.md @@ -157,7 +157,7 @@ With `FIPS_ENABLED=true`, `ensure-fips` is always run before `make go-build` - If an additional deployment image has to be built and appended to the CSV as part of the build process, then the consumer needs to: - Specify `SupplementaryImage` which is the deployment name in the consuming repository's `config/config.go`. - Define the image to be built as `ADDITIONAL_IMAGE_SPECS` in the consuming repository's Makefile, Boilerplate later parses this image as part of the build process; [ref](https://github.com/openshift/boilerplate/blob/master/boilerplate/openshift/golang-osd-operator/standard.mk#L56). - + e.g. ```.mk diff --git a/boilerplate/openshift/golang-osd-operator/TEST_README.md b/boilerplate/openshift/golang-osd-operator/TEST_README.md index 271a1a9a3..1a2fab5b0 100644 --- a/boilerplate/openshift/golang-osd-operator/TEST_README.md +++ b/boilerplate/openshift/golang-osd-operator/TEST_README.md @@ -156,10 +156,10 @@ class TestManifestProcessing(unittest.TestCase): """Test description.""" # Arrange manifest_str = "..." - + # Act result = migration.some_function(manifest_str) - + # Assert self.assertEqual(result, expected_value) ``` diff --git a/boilerplate/openshift/golang-osd-operator/app-sre.md b/boilerplate/openshift/golang-osd-operator/app-sre.md index dfd9ede72..da373dcf1 100644 --- a/boilerplate/openshift/golang-osd-operator/app-sre.md +++ b/boilerplate/openshift/golang-osd-operator/app-sre.md @@ -28,8 +28,8 @@ An example of how to do this for the `staging` branch is below (`production` ste ``` git checkout staging git pull upstream staging -git reset --hard upstream/staging -git push origin staging --force +git reset --hard upstream/staging +git push origin staging --force ``` ## Set environment variables diff --git a/boilerplate/openshift/golang-osd-operator/csv-generate/csv-generate.sh b/boilerplate/openshift/golang-osd-operator/csv-generate/csv-generate.sh index 1b69bed4b..24f20bfa1 100755 --- a/boilerplate/openshift/golang-osd-operator/csv-generate/csv-generate.sh +++ b/boilerplate/openshift/golang-osd-operator/csv-generate/csv-generate.sh @@ -169,11 +169,11 @@ if [[ -z "$SKIP_SAAS_FILE_CHECKS" ]]; then if [[ "$delete" == false ]]; then short_hash=$(echo "$version" | cut -d- -f2) - + # before comparing the short_hash to the deployment hash, remove the leading g added in https://issues.redhat.com/browse/OSD-13681 - # short_hash should be 7 char long without the leading g. + # short_hash should be 7 char long without the leading g. [ ${#short_hash} -gt 7 ] && short_hash=${short_hash:1:7} - + if [[ "$DEPLOYED_HASH" == "${short_hash}"* ]]; then delete=true fi diff --git a/boilerplate/openshift/golang-osd-operator/golangci.yml b/boilerplate/openshift/golang-osd-operator/golangci.yml index 46fec0352..df1596ffc 100644 --- a/boilerplate/openshift/golang-osd-operator/golangci.yml +++ b/boilerplate/openshift/golang-osd-operator/golangci.yml @@ -1,39 +1,76 @@ version: "2" -run: - concurrency: 10 + linters: - default: none enable: + # Error Handling & Security - errcheck - - gosec - govet - - ineffassign - - misspell - staticcheck + - gosec + - bodyclose + - sqlclosecheck + - contextcheck + - noctx + + # Error Prevention + - errorlint + - nilerr + - nilnil + - revive + + # Code Quality + - ineffassign + - unconvert + - unparam - unused + - misspell + + # Maintainability + - prealloc + - nolintlint + - gocyclo + - exhaustive + - makezero + - containedctx + settings: + revive: + rules: + - name: package-comments + disabled: true + + errcheck: + check-type-assertions: true + check-blank: false + + exclusions: + presets: + - std-error-handling + + gocyclo: + min-complexity: 15 + + errorlint: + errorf: true + asserts: true + comparison: true + misspell: extra-words: - typo: openshit correction: OpenShift - exclusions: - generated: lax - presets: - - comments - - common-false-positives - - legacy - - std-error-handling - paths: - - third_party/ - - builtin/ - - examples/ + +run: + timeout: 5m + # Incremental linting (new-from-rev) is passed via the Makefile's + # go-check target. In CI it uses PULL_BASE_SHA (guaranteed to exist + # even in shallow clones); locally it falls back to origin/HEAD. + +formatters: + enable: + - gofmt + - goimports + issues: max-issues-per-linter: 0 max-same-issues: 0 -formatters: - exclusions: - generated: lax - paths: - - third_party/ - - builtin/ - - examples/ diff --git a/boilerplate/openshift/golang-osd-operator/olm_pko_migration.py b/boilerplate/openshift/golang-osd-operator/olm_pko_migration.py index abcd28d3f..b33d7565c 100644 --- a/boilerplate/openshift/golang-osd-operator/olm_pko_migration.py +++ b/boilerplate/openshift/golang-osd-operator/olm_pko_migration.py @@ -99,7 +99,7 @@ CLEANUP_JOB_TEMPLATE = """--- # This Job cleans up old OLM resources after migrating to PKO # IMPORTANT: Review and customize this template before deploying! -# +# # Things to customize: # 1. Adjust the namespace if needed # 2. Modify resource filters (CSV names, labels, etc.) @@ -183,7 +183,7 @@ # CUSTOMIZE: Update the label selector for your operator # Example pattern: operators.coreos.com/OPERATOR_NAME.NAMESPACE oc -n openshift-{operator_name} delete csv -l "operators.coreos.com/{operator_name}.openshift-{operator_name}" || true - + # CUSTOMIZE: Add any additional cleanup logic here # Examples: # - Delete subscriptions @@ -257,7 +257,7 @@ def get_remotes() -> list[str]: raise RuntimeError( "Not in a git repository. This script must be run from within a git repository." ) - + try: result = subprocess.run( ["git", "remote", "-v"], @@ -285,7 +285,7 @@ def get_github_url() -> str: for remote in remotes: if 'openshift' not in remote: continue - + if remote.startswith('http'): return remote.removesuffix(".git") elif ":" in remote: @@ -297,12 +297,12 @@ def get_github_url() -> str: raise RuntimeError( f"Cannot parse git remote URL format: {remote}. Expected 'https://...' or 'git@github.com:...'" ) - + raise RuntimeError( - "Could not find an 'openshift' git remote. Available remotes: " + + "Could not find an 'openshift' git remote. Available remotes: " + (", ".join(remotes) if remotes else "(none)") ) - + def get_operator_name() -> str: """Extract operator name from git remote URL.""" @@ -310,21 +310,21 @@ def get_operator_name() -> str: remotes = get_remotes() if not remotes: return "unknown-operator" - + # Use the first remote URL url = remotes[0] - + # Remove .git suffix if present if url.endswith(".git"): url = url[:-4] - + # Extract the last part of the path # Works for both https://github.com/org/repo and git@github.com:org/repo if "/" in url: return url.split("/")[-1] elif ":" in url: return url.split(":")[-1].split("/")[-1] - + return "unknown-operator" except Exception as e: print(f"Warning: Could not extract operator name: {e}", file=sys.stderr) @@ -334,10 +334,10 @@ def get_operator_name() -> str: def get_default_branch() -> str: """ Detect the default branch name for the current repository. - + Returns: str: The default branch name ('main' or 'master') - + Raises: RuntimeError: If not in a git repository or cannot determine default branch """ @@ -353,7 +353,7 @@ def get_default_branch() -> str: raise RuntimeError( "Not in a git repository. This script must be run from within a git repository." ) - + try: # Try to get the default branch from the remote result = subprocess.run( @@ -362,13 +362,13 @@ def get_default_branch() -> str: text=True, check=False ) - + if result.returncode == 0: # Output format: "refs/remotes/origin/main" or "refs/remotes/origin/master" branch = result.stdout.strip().split("/")[-1] if branch in ("main", "master"): return branch - + # Fallback: check current branch result = subprocess.run( ["git", "branch", "--show-current"], @@ -376,11 +376,11 @@ def get_default_branch() -> str: text=True, check=True ) - + current_branch = result.stdout.strip() if current_branch in ("main", "master"): return current_branch - + # Last resort: check if main or master branches exist locally result = subprocess.run( ["git", "branch", "--list"], @@ -388,17 +388,17 @@ def get_default_branch() -> str: text=True, check=True ) - + branches = [line.strip().lstrip("* ") for line in result.stdout.splitlines()] if "main" in branches: return "main" if "master" in branches: return "master" - + # Default to 'main' if we can't determine print("Warning: Could not determine default branch, defaulting to 'main'", file=sys.stderr) return "main" - + except subprocess.CalledProcessError as e: print(f"Warning: Error detecting default branch: {e.stderr if e.stderr else str(e)}", file=sys.stderr) print("Defaulting to 'main'", file=sys.stderr) @@ -457,20 +457,20 @@ def get_pko_manifest(operator_name: str) -> dict[str, Any]: def get_manifest_files(path: str, recursive: bool = True) -> list[Path]: """ Get all YAML/YML files from the given path. - + Args: path: Directory path to search recursive: If True, search subdirectories recursively - + Returns: list of Path objects for YAML files """ path_obj = Path(path) if not path_obj.exists(): return [] - + yaml_extensions = {'.yaml', '.yml'} - + if recursive: # Recursively find all YAML files yaml_files = [] @@ -488,11 +488,11 @@ def get_manifest_files(path: str, recursive: bool = True) -> list[Path]: def load_manifests(path: str, recursive: bool = True) -> list[str]: """ Load all manifest files as strings. - + Args: path: Directory path containing manifests recursive: If True, search subdirectories recursively - + Returns: list of manifest file contents as strings """ @@ -581,7 +581,7 @@ def write_manifest( ) -> None: """ Write a manifest to a YAML file. - + Args: manifest: The manifest dictionary to write directory: Target directory @@ -709,7 +709,7 @@ def write_tekton_pipelines(): operator_name = get_operator_name() operator_upstream = get_github_url() default_branch = get_default_branch() - + tekton_folder = Path("./.tekton") if not tekton_folder.exists(): raise RuntimeError( @@ -717,11 +717,11 @@ def write_tekton_pipelines(): ) push_manifest = tekton_folder / (operator_name + "-pko-push.yaml") pr_manifest = tekton_folder / (operator_name + "-pko-pull-request.yaml") - + # Detect boilerplate branch - try to use the same as the current repo, fallback to master # since the boilerplate repo still uses master as default boilerplate_branch = "master" # boilerplate repo uses master - + # Push pipeline - no additional params, standard revision tag with open(push_manifest, mode="w") as manifest: manifest.write( @@ -737,12 +737,12 @@ def write_tekton_pipelines(): boilerplate_branch = boilerplate_branch ) ) - + # Pull request pipeline - add image-expires-after param and prefix revision with 'on-pr-' pr_additional_params = """ - name: image-expires-after value: 3d""" - + with open(pr_manifest, mode="w") as manifest: manifest.write( TEKTON_PIPELINE_TEMPLATE.format( @@ -762,7 +762,7 @@ def write_tekton_pipelines(): def modify_manifests(path: str, output_dir: str = "deploy_pko", recursive: bool = True) -> None: """ Main function to convert manifests from OLM to PKO format. - + Args: path: Source directory containing manifests output_dir: Output directory for PKO manifests @@ -776,14 +776,14 @@ def modify_manifests(path: str, output_dir: str = "deploy_pko", recursive: bool # Load and process manifests manifests = load_manifests(path, recursive=recursive) - + if not manifests: print(f"Warning: No YAML manifests found in {path}") return - + print(f"\nProcessing {len(manifests)} manifest(s)...") print("-" * 60) - + annotated = annotate_manifests(manifests) # Write processed manifests @@ -794,7 +794,7 @@ def modify_manifests(path: str, output_dir: str = "deploy_pko", recursive: bool print("-" * 60) pko_manifest = get_pko_manifest(operator_name) write_manifest(pko_manifest, str(pko_dir), "manifest.yaml", force=True) - + # Write cleanup Job template cleanup_file = pko_dir / "Cleanup-OLM-Job.yaml" print(f"Writing cleanup Job template to {cleanup_file}") diff --git a/boilerplate/openshift/golang-osd-operator/pre-commit-config.yaml b/boilerplate/openshift/golang-osd-operator/pre-commit-config.yaml new file mode 100644 index 000000000..14ecdd9b3 --- /dev/null +++ b/boilerplate/openshift/golang-osd-operator/pre-commit-config.yaml @@ -0,0 +1,134 @@ +# ============================================================================= +# Tier 1 — Common Pre-Commit Hooks for OSD Operators +# SREP-4485 | Golden rules: SREP-4450 +# ============================================================================= +# +# INSTALL +# pip install pre-commit +# pre-commit install +# +# USAGE +# pre-commit run # staged files only (developer / agent workflow) +# pre-commit run --all-files # full repo (CI / first-time setup) +# +# BYPASS (golden rule 16) +# Skip one hook: SKIP=hook-id git commit +# Never use: git commit --no-verify +# Agents: never bypass any hook +# Security hooks: never bypassable under any circumstances +# +# CI RELATIONSHIP (golden rule 17) +# These hooks mirror ci/prow/lint. CI remains the authoritative gate. +# Every check here also runs in CI. Pre-commit is developer convenience. +# +# AGENT USAGE (golden rule 1, 7, 19) +# Agents run: pre-commit run +# Output: PRE_COMMIT=1 is set automatically — hooks emit structured output +# Retry: max 2 fix-and-retry iterations before escalating to human +# +# TIMING TARGETS (golden rule 2, 3) +# Total run: <= 10s target / <= 60s hard limit on a 10-file changeset +# Hooks run fastest-first (golden rule 13). Each hook has a timeout guard. +# +# FIRST RUN NOTE +# Auto-fix hooks (trailing-whitespace, end-of-file-fixer) will correct +# pre-existing violations on the first run. Stage and commit those fixes +# separately before day-to-day use. +# +# ============================================================================= + +repos: + + # --------------------------------------------------------------------------- + # 1. FILE HYGIENE + YAML SYNTAX | target < 2s | auto-fix + error + # - check-merge-conflict: detects unresolved merge markers + # - trailing-whitespace: removes trailing spaces (auto-fix) + # - end-of-file-fixer: ensures single EOF newline (auto-fix) + # - check-yaml: validates YAML syntax in deploy/ manifests; + # mirrors ci/prow/lint: olm-deploy-yaml-validate + # --------------------------------------------------------------------------- + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 # pinned immutable tag + hooks: + - id: check-merge-conflict + - id: trailing-whitespace + args: [--markdown-linebreak-ext=md] + - id: end-of-file-fixer + - id: check-yaml + name: YAML syntax (deploy/) + files: ^deploy/.*\.ya?ml$ + args: [--allow-multiple-documents] + + # --------------------------------------------------------------------------- + # 2. SECRETS DETECTION | target < 5s | always blocking + # Scans all file types (YAML, shell, config) — gosec covers Go only. + # High-confidence findings block; configure .gitleaks.toml for allowlist. + # --------------------------------------------------------------------------- + - repo: https://github.com/gitleaks/gitleaks + rev: v8.18.0 # pinned immutable tag (golden rule 15) + hooks: + - id: gitleaks + + # --------------------------------------------------------------------------- + # 3. STATIC ANALYSIS | target < 15s cached | error + # Mirrors ci/prow/lint: go-check exactly (same version + config as CI). + # Linter config: boilerplate/openshift/golang-osd-operator/golangci.yml + # --------------------------------------------------------------------------- + - repo: https://github.com/golangci/golangci-lint + rev: v2.0.2 # pinned immutable tag — must match CI (golden rule 15) + hooks: + - id: golangci-lint + args: + - --config=boilerplate/openshift/golang-osd-operator/golangci.yml + - --timeout=120s # graceful timeout (golden rule 3) + + # --------------------------------------------------------------------------- + # Local hooks — compile, dependency, security + # + # TIMEOUT NOTE (golden rule 3) + # Uses portable timeout detection: 'timeout' on Linux, 'gtimeout' on macOS. + # macOS: brew install coreutils + # Linux: timeout is available by default (GNU coreutils) + # --------------------------------------------------------------------------- + - repo: local + hooks: + + # ----------------------------------------------------------------------- + # 4. COMPILE CHECK | target < 10s cached | error + # Catches import cycles and type errors before golangci-lint runs. + # Note: go build ./... writes no binary to the repo (compile check only). + # Fix: resolve compilation errors reported by go build. + # ----------------------------------------------------------------------- + - id: go-build + name: go build + language: system + entry: bash -c 'T=$(command -v timeout || command -v gtimeout || echo); ${T:+$T 30s} go build ./...' + types: [go] + pass_filenames: false + + # ----------------------------------------------------------------------- + # 5. DEPENDENCY DRIFT | target < 10s | error + # Detects uncommitted go.mod/go.sum changes after go mod tidy. + # Fix: run 'go mod tidy' and stage go.mod and go.sum. + # ----------------------------------------------------------------------- + - id: go-mod-tidy + name: go mod tidy + language: system + entry: bash -c 'T=$(command -v timeout || command -v gtimeout || echo); ${T:+$T 60s} go mod tidy && git diff --exit-code go.mod go.sum' + files: '(\.go$|go\.(mod|sum)$)' + exclude: '^vendor/' + pass_filenames: false + + # ----------------------------------------------------------------------- + # 6. RBAC WILDCARD CHECK | target < 5s | warn-only (blocking after cleanup) + # Rejects wildcard RBAC in deploy/ manifests (verbs/resources: ["*"] + # or multi-line - '*' format). Logic lives in standard.mk target + # 'rbac-wildcard-check' for readability and reuse. + # Fix: replace wildcards with explicit verbs and resource names. + # ----------------------------------------------------------------------- + - id: rbac-wildcard-check + name: RBAC wildcard permissions + language: system + entry: bash -c 'make rbac-wildcard-check' + files: ^deploy/.*\.ya?ml$ + pass_filenames: false diff --git a/boilerplate/openshift/golang-osd-operator/standard.mk b/boilerplate/openshift/golang-osd-operator/standard.mk index cebc45058..c6356e278 100644 --- a/boilerplate/openshift/golang-osd-operator/standard.mk +++ b/boilerplate/openshift/golang-osd-operator/standard.mk @@ -172,10 +172,19 @@ docker-login: mkdir -p ${CONTAINER_ENGINE_CONFIG_DIR} @${CONTAINER_ENGINE} login -u="${REGISTRY_USER}" -p="${REGISTRY_TOKEN}" quay.io +# Only lint new/changed code. In Prow CI, PULL_BASE_SHA points to the +# base commit and is guaranteed to exist in the checkout (even shallow +# clones). Locally, fall back to the default branch ref. +ifdef PULL_BASE_SHA +LINT_NEW_FROM_REV := $(PULL_BASE_SHA) +else +LINT_NEW_FROM_REV := $(shell git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's|refs/remotes/||') +endif + .PHONY: go-check go-check: ## Golang linting and other static analysis ${CONVENTION_DIR}/ensure.sh golangci-lint - ${GOENV} GOLANGCI_LINT_CACHE=${GOLANGCI_LINT_CACHE} golangci-lint run -c ${CONVENTION_DIR}/golangci.yml ./... + ${GOENV} GOLANGCI_LINT_CACHE=${GOLANGCI_LINT_CACHE} golangci-lint run -c ${CONVENTION_DIR}/golangci.yml $(if $(LINT_NEW_FROM_REV),--new-from-rev=$(LINT_NEW_FROM_REV)) ./... .PHONY: go-generate go-generate: @@ -380,6 +389,23 @@ validate: boilerplate-freeze-check generate-check validate-pko-fixtures .PHONY: lint lint: olm-deploy-yaml-validate go-check +# rbac-wildcard-check: Detect wildcard RBAC permissions in deploy/ manifests. +# Checks both inline (verbs: ["*"]) and multi-line (- '*' under verbs/resources:) +# formats. Called by the pre-commit rbac-wildcard-check hook. +# Currently warn-only (exits 0) to avoid breaking repos with pre-existing wildcards. +# Will become blocking once existing violations are resolved across the fleet. +.PHONY: rbac-wildcard-check +rbac-wildcard-check: + @python3 -c "\ +import sys,glob;\ +violations=[(f,n,l.rstrip()) for f in glob.glob('deploy/*.yaml')+glob.glob('deploy/*.yml') \ +for lines in [list(enumerate(open(f),1))] \ +for i,(n,l) in enumerate(lines) \ +if l.strip().lstrip('- ').strip(chr(39)+chr(34))=='*' \ +and any(lines[j][1].strip() in ('verbs:','resources:') for j in range(max(0,i-5),i))];\ +[print('WARNING: wildcard RBAC found: '+v[0]+'|'+str(v[1])+'|'+v[2]) for v in violations];\ +sys.exit(0)" + # test: "Local" unit and functional testing. .PHONY: test test: go-test diff --git a/boilerplate/openshift/golang-osd-operator/test_olm_pko_migration.py b/boilerplate/openshift/golang-osd-operator/test_olm_pko_migration.py index 2f9563454..16b39f68e 100644 --- a/boilerplate/openshift/golang-osd-operator/test_olm_pko_migration.py +++ b/boilerplate/openshift/golang-osd-operator/test_olm_pko_migration.py @@ -36,7 +36,7 @@ def test_get_remotes_success(self, mock_run): stderr='' ) ] - + remotes = migration.get_remotes() self.assertEqual(remotes, ['git@github.com:openshift/my-operator.git']) @@ -48,7 +48,7 @@ def test_get_remotes_not_git_repo(self, mock_run): cmd=['git', 'rev-parse', '--git-dir'], stderr='fatal: not a git repository' ) - + with self.assertRaises(RuntimeError) as ctx: migration.get_remotes() self.assertIn('Not in a git repository', str(ctx.exception)) @@ -57,7 +57,7 @@ def test_get_remotes_not_git_repo(self, mock_run): def test_get_github_url_ssh_format(self, mock_get_remotes): """Test GitHub URL extraction from SSH format.""" mock_get_remotes.return_value = ['git@github.com:openshift/my-operator.git'] - + url = migration.get_github_url() self.assertEqual(url, 'https://github.com/openshift/my-operator') @@ -65,7 +65,7 @@ def test_get_github_url_ssh_format(self, mock_get_remotes): def test_get_github_url_https_format(self, mock_get_remotes): """Test GitHub URL extraction from HTTPS format.""" mock_get_remotes.return_value = ['https://github.com/openshift/my-operator.git'] - + url = migration.get_github_url() self.assertEqual(url, 'https://github.com/openshift/my-operator') @@ -73,7 +73,7 @@ def test_get_github_url_https_format(self, mock_get_remotes): def test_get_github_url_no_openshift_remote(self, mock_get_remotes): """Test error when no openshift remote is found.""" mock_get_remotes.return_value = ['https://github.com/other-org/repo.git'] - + with self.assertRaises(RuntimeError) as ctx: migration.get_github_url() self.assertIn('Could not find an', str(ctx.exception)) @@ -82,7 +82,7 @@ def test_get_github_url_no_openshift_remote(self, mock_get_remotes): def test_get_operator_name_from_url(self, mock_get_remotes): """Test operator name extraction from git URL.""" mock_get_remotes.return_value = ['https://github.com/openshift/my-operator.git'] - + name = migration.get_operator_name() self.assertEqual(name, 'my-operator') @@ -90,7 +90,7 @@ def test_get_operator_name_from_url(self, mock_get_remotes): def test_get_operator_name_ssh_format(self, mock_get_remotes): """Test operator name extraction from SSH format.""" mock_get_remotes.return_value = ['git@github.com:openshift/test-operator.git'] - + name = migration.get_operator_name() self.assertEqual(name, 'test-operator') @@ -103,7 +103,7 @@ def test_get_default_branch_from_remote_head(self, mock_run): # Second call: git symbolic-ref refs/remotes/origin/HEAD Mock(returncode=0, stdout='refs/remotes/origin/main\n', stderr='') ] - + branch = migration.get_default_branch() self.assertEqual(branch, 'main') @@ -116,7 +116,7 @@ def test_get_default_branch_master_from_remote_head(self, mock_run): # Second call: git symbolic-ref refs/remotes/origin/HEAD Mock(returncode=0, stdout='refs/remotes/origin/master\n', stderr='') ] - + branch = migration.get_default_branch() self.assertEqual(branch, 'master') @@ -131,7 +131,7 @@ def test_get_default_branch_from_current_branch(self, mock_run): # Third call: git branch --show-current Mock(returncode=0, stdout='main\n', stderr='') ] - + branch = migration.get_default_branch() self.assertEqual(branch, 'main') @@ -148,7 +148,7 @@ def test_get_default_branch_from_branch_list(self, mock_run): # Fourth call: git branch --list Mock(returncode=0, stdout=' feature-branch\n* main\n develop\n', stderr='') ] - + branch = migration.get_default_branch() self.assertEqual(branch, 'main') @@ -165,7 +165,7 @@ def test_get_default_branch_defaults_to_main(self, mock_run): # Fourth call: git branch --list (no main or master) Mock(returncode=0, stdout=' feature-branch\n develop\n', stderr='') ] - + branch = migration.get_default_branch() self.assertEqual(branch, 'main') @@ -177,7 +177,7 @@ def test_get_default_branch_not_git_repo(self, mock_run): cmd=['git', 'rev-parse', '--git-dir'], stderr='fatal: not a git repository' ) - + with self.assertRaises(RuntimeError) as ctx: migration.get_default_branch() self.assertIn('Not in a git repository', str(ctx.exception)) @@ -193,9 +193,9 @@ def test_annotate_adds_phase_annotation(self): 'kind': 'ServiceAccount', 'metadata': {'name': 'test-sa'} } - + result = migration.annotate(manifest, migration.PHASE_RBAC) - + self.assertIn('annotations', result['metadata']) self.assertEqual( result['metadata']['annotations'][migration.PKO_PHASE_ANNOTATION], @@ -214,9 +214,9 @@ def test_annotate_preserves_existing_annotations(self): 'annotations': {'existing': 'value'} } } - + result = migration.annotate(manifest, migration.PHASE_DEPLOY) - + self.assertEqual(result['metadata']['annotations']['existing'], 'value') self.assertIn(migration.PKO_PHASE_ANNOTATION, result['metadata']['annotations']) @@ -234,16 +234,16 @@ def test_set_image_template_replaces_image(self): } } } - + result = migration.set_image_template(manifest) - + for container in result['spec']['template']['spec']['containers']: self.assertEqual(container['image'], '{{ .config.image }}') def test_set_image_template_handles_missing_containers(self): """Test that set_image_template handles manifests without containers.""" manifest = {'spec': {}} - + # Should not raise an exception result = migration.set_image_template(manifest) self.assertEqual(result, manifest) @@ -262,9 +262,9 @@ def test_annotate_manifests_crds(self): spec: group: mygroup.com """ - + result = migration.annotate_manifests([manifest_str]) - + self.assertEqual(len(result), 1) self.assertEqual( result[0]['metadata']['annotations'][migration.PKO_PHASE_ANNOTATION], @@ -293,9 +293,9 @@ def test_annotate_manifests_rbac_resources(self): name: test-role """, ] - + results = migration.annotate_manifests(rbac_manifests) - + self.assertEqual(len(results), 3) for result in results: self.assertEqual( @@ -317,9 +317,9 @@ def test_annotate_manifests_deployment(self): - name: operator image: quay.io/openshift/test:v1.0 """ - + result = migration.annotate_manifests([manifest_str]) - + self.assertEqual(len(result), 1) self.assertEqual( result[0]['metadata']['annotations'][migration.PKO_PHASE_ANNOTATION], @@ -337,7 +337,7 @@ def test_annotate_manifests_skips_invalid_yaml(self): "invalid: yaml: broken:", "another:\n valid: manifest" ] - + # Should not raise an exception result = migration.annotate_manifests(manifests) # Should process the valid ones @@ -351,7 +351,7 @@ def setUp(self): """Create a temporary directory structure for testing.""" self.temp_dir: str = tempfile.mkdtemp() self.addCleanup(lambda: shutil.rmtree(self.temp_dir)) - + # Create test directory structure # temp_dir/ # ├── deploy/ @@ -360,17 +360,17 @@ def setUp(self): # │ └── crds/ # │ └── crd.yaml # └── other.txt - + deploy_dir = Path(self.temp_dir) / 'deploy' deploy_dir.mkdir() - + (deploy_dir / 'deployment.yaml').write_text('apiVersion: apps/v1\nkind: Deployment') (deploy_dir / 'service.yml').write_text('apiVersion: v1\nkind: Service') - + crds_dir = deploy_dir / 'crds' crds_dir.mkdir() (crds_dir / 'crd.yaml').write_text('apiVersion: apiextensions.k8s.io/v1') - + (Path(self.temp_dir) / 'other.txt').write_text('not yaml') def test_get_manifest_files_recursive(self): @@ -379,7 +379,7 @@ def test_get_manifest_files_recursive(self): str(Path(self.temp_dir) / 'deploy'), recursive=True ) - + self.assertEqual(len(files), 3) filenames = {f.name for f in files} self.assertEqual(filenames, {'deployment.yaml', 'service.yml', 'crd.yaml'}) @@ -390,7 +390,7 @@ def test_get_manifest_files_non_recursive(self): str(Path(self.temp_dir) / 'deploy'), recursive=False ) - + self.assertEqual(len(files), 2) filenames = {f.name for f in files} self.assertEqual(filenames, {'deployment.yaml', 'service.yml'}) @@ -406,7 +406,7 @@ def test_load_manifests(self): str(Path(self.temp_dir) / 'deploy'), recursive=False ) - + self.assertEqual(len(manifests), 2) # Check that content was actually loaded for manifest in manifests: @@ -420,13 +420,13 @@ class TestPKOManifestGeneration(unittest.TestCase): def test_get_pko_manifest_structure(self, mock_get_name): """Test that PKO PackageManifest has correct structure.""" mock_get_name.return_value = 'test-operator' - + manifest = migration.get_pko_manifest('test-operator') - + self.assertEqual(manifest['apiVersion'], 'manifests.package-operator.run/v1alpha1') self.assertEqual(manifest['kind'], 'PackageManifest') self.assertEqual(manifest['metadata']['name'], 'test-operator') - + # Check phases phase_names = [p['name'] for p in manifest['spec']['phases']] expected_phases = [ @@ -438,11 +438,11 @@ def test_get_pko_manifest_structure(self, mock_get_name): migration.PHASE_CLEANUP_DEPLOY, ] self.assertEqual(phase_names, expected_phases) - + # Check availability probes exist self.assertIn('availabilityProbes', manifest['spec']) self.assertGreater(len(manifest['spec']['availabilityProbes']), 0) - + # Check config schema self.assertIn('config', manifest['spec']) self.assertIn('openAPIV3Schema', manifest['spec']['config']) @@ -463,12 +463,12 @@ def test_write_manifest_creates_file(self): 'kind': 'ServiceAccount', 'metadata': {'name': 'test-sa'} } - + migration.write_manifest(manifest, self.temp_dir) - + expected_file = Path(self.temp_dir) / 'ServiceAccount-test-sa.yaml' self.assertTrue(expected_file.exists()) - + # Verify content is valid YAML with open(expected_file) as f: loaded = yaml.safe_load(f) @@ -481,9 +481,9 @@ def test_write_manifest_deployment_uses_gotmpl(self): 'kind': 'Deployment', 'metadata': {'name': 'test-deploy'} } - + migration.write_manifest(manifest, self.temp_dir) - + expected_file = Path(self.temp_dir) / 'Deployment-test-deploy.yaml.gotmpl' self.assertTrue(expected_file.exists()) @@ -494,9 +494,9 @@ def test_write_manifest_custom_filename(self): 'kind': 'Service', 'metadata': {'name': 'test'} } - + migration.write_manifest(manifest, self.temp_dir, filename='custom.yaml') - + expected_file = Path(self.temp_dir) / 'custom.yaml' self.assertTrue(expected_file.exists()) @@ -507,9 +507,9 @@ def test_write_manifest_skips_package_kinds(self): 'kind': 'ClusterPackage', 'metadata': {'name': 'test'} } - + migration.write_manifest(manifest, self.temp_dir) - + # Should not create any files files = list(Path(self.temp_dir).iterdir()) self.assertEqual(len(files), 0) @@ -521,9 +521,9 @@ def test_write_manifest_force_writes_package_kinds(self): 'kind': 'PackageManifest', 'metadata': {'name': 'test'} } - + migration.write_manifest(manifest, self.temp_dir, filename='test.yaml', force=True) - + expected_file = Path(self.temp_dir) / 'test.yaml' self.assertTrue(expected_file.exists()) @@ -535,11 +535,11 @@ def setUp(self): """Create a temporary directory structure.""" self.temp_dir = tempfile.mkdtemp() self.addCleanup(lambda: shutil.rmtree(self.temp_dir)) - + # Change to temp dir for git operations self.original_dir = os.getcwd() os.chdir(self.temp_dir) - + # Initialize git repo subprocess.run(['git', 'init', '-b', 'main'], check=True, capture_output=True) subprocess.run(['git', 'config', 'user.name', 'Test'], check=True, capture_output=True) @@ -559,12 +559,12 @@ def test_write_pko_dockerfile(self): # Create build directory build_dir = Path(self.temp_dir) / 'build' build_dir.mkdir() - + migration.write_pko_dockerfile() - + dockerfile = build_dir / 'Dockerfile.pko' self.assertTrue(dockerfile.exists()) - + content = dockerfile.read_text() self.assertIn('FROM scratch', content) self.assertIn('openshift-test-operator', content) @@ -581,15 +581,15 @@ def test_write_tekton_pipelines(self): # Create .tekton directory tekton_dir = Path(self.temp_dir) / '.tekton' tekton_dir.mkdir() - + migration.write_tekton_pipelines() - + push_pipeline = tekton_dir / 'test-operator-pko-push.yaml' pr_pipeline = tekton_dir / 'test-operator-pko-pull-request.yaml' - + self.assertTrue(push_pipeline.exists()) self.assertTrue(pr_pipeline.exists()) - + # Check push pipeline content push_content = push_pipeline.read_text() self.assertIn('apiVersion: tekton.dev/v1', push_content) @@ -599,7 +599,7 @@ def test_write_tekton_pipelines(self): self.assertIn('target_branch\n == "main"', push_content) # Verify it uses master for boilerplate self.assertIn('value: master', push_content) - + # Check PR pipeline content pr_content = pr_pipeline.read_text() self.assertIn('event == "pull_request"', pr_content) @@ -717,11 +717,11 @@ def setUp(self): """Create a temporary directory with sample manifests.""" self.temp_dir = tempfile.mkdtemp() self.addCleanup(lambda: shutil.rmtree(self.temp_dir)) - + # Change to temp dir self.original_dir = os.getcwd() os.chdir(self.temp_dir) - + # Initialize git repo subprocess.run(['git', 'init', '-b', 'main'], check=True, capture_output=True) subprocess.run(['git', 'config', 'user.name', 'Test'], check=True, capture_output=True) @@ -731,11 +731,11 @@ def setUp(self): check=True, capture_output=True ) - + # Create deploy directory with sample manifests deploy_dir = Path(self.temp_dir) / 'deploy' deploy_dir.mkdir() - + # CRD (deploy_dir / 'crd.yaml').write_text(""" apiVersion: apiextensions.k8s.io/v1 @@ -745,7 +745,7 @@ def setUp(self): spec: group: example.com """) - + # ServiceAccount (deploy_dir / 'serviceaccount.yaml').write_text(""" apiVersion: v1 @@ -753,7 +753,7 @@ def setUp(self): metadata: name: test-operator """) - + # Deployment (deploy_dir / 'deployment.yaml').write_text(""" apiVersion: apps/v1 @@ -775,26 +775,26 @@ def tearDown(self): def test_modify_manifests_end_to_end(self): """Test complete manifest conversion process.""" output_dir = 'deploy_pko' - + migration.modify_manifests('deploy', output_dir=output_dir, recursive=True) - + output_path = Path(self.temp_dir) / output_dir - + # Check that output directory was created self.assertTrue(output_path.exists()) - + # Check for PackageManifest manifest_file = output_path / 'manifest.yaml' self.assertTrue(manifest_file.exists()) - + with open(manifest_file) as f: package_manifest = yaml.safe_load(f) self.assertEqual(package_manifest['kind'], 'PackageManifest') - + # Check for converted manifests crd_file = output_path / 'CustomResourceDefinition-tests.example.com.yaml' self.assertTrue(crd_file.exists()) - + # Verify CRD has correct phase annotation with open(crd_file) as f: crd = yaml.safe_load(f) @@ -802,18 +802,18 @@ def test_modify_manifests_end_to_end(self): crd['metadata']['annotations'][migration.PKO_PHASE_ANNOTATION], migration.PHASE_CRDS ) - + # Check deployment has .gotmpl extension and templated image deployment_files = list(output_path.glob('Deployment-*.yaml.gotmpl')) self.assertEqual(len(deployment_files), 1) - + with open(deployment_files[0]) as f: deployment = yaml.safe_load(f) self.assertEqual( deployment['spec']['template']['spec']['containers'][0]['image'], '{{ .config.image }}' ) - + # Check cleanup job was created cleanup_file = output_path / 'Cleanup-OLM-Job.yaml' self.assertTrue(cleanup_file.exists()) diff --git a/boilerplate/openshift/golang-osd-operator/update b/boilerplate/openshift/golang-osd-operator/update index 7f2c702f2..5fe4a3859 100755 --- a/boilerplate/openshift/golang-osd-operator/update +++ b/boilerplate/openshift/golang-osd-operator/update @@ -110,6 +110,10 @@ echo " name: $IMAGE_NAME" echo " tag: $LATEST_IMAGE_TAG" ${SED?} "s/__NAMESPACE__/$IMAGE_NAMESPACE/; s/__NAME__/$IMAGE_NAME/; s/__TAG__/$LATEST_IMAGE_TAG/" ${HERE}/.ci-operator.yaml >$REPO_ROOT/.ci-operator.yaml +# Add pre-commit hooks configuration (SREP-4485) +echo "Copying pre-commit-config.yaml to .pre-commit-config.yaml" +cp ${HERE}/pre-commit-config.yaml $REPO_ROOT/.pre-commit-config.yaml + # Check for pipeline files in .tekton directory and centralize them TEKTON_DIR="${REPO_ROOT}/.tekton" if [ -d "$TEKTON_DIR" ]; then diff --git a/build/Dockerfile b/build/Dockerfile index 4eb0a046c..d5fdc5510 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/redhat-services-prod/openshift/boilerplate:image-v8.3.4 AS builder +FROM quay.io/redhat-services-prod/openshift/boilerplate:image-v8.3.6 AS builder WORKDIR /workdir @@ -11,7 +11,7 @@ RUN make go-build RUN GOOS=linux CGO_ENABLED=1 GOARCH=amd64 GOFLAGS="" go build -o build/_output/bin/addon-operator-webhook ./cmd/addon-operator-webhook ### -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1776104705 +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1778562320 ENV USER_UID=1001 \ USER_NAME=addon-operator diff --git a/build/Dockerfile.olm-registry b/build/Dockerfile.olm-registry index 6cabec1ca..1d2477502 100644 --- a/build/Dockerfile.olm-registry +++ b/build/Dockerfile.olm-registry @@ -4,7 +4,7 @@ COPY ${SAAS_OPERATOR_DIR} manifests RUN initializer --permissive # ubi-micro does not work for clusters with fips enabled unless we make OpenSSL available -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1776104705 +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1778562320 COPY --from=builder /bin/registry-server /bin/registry-server COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe diff --git a/build/Dockerfile.webhook b/build/Dockerfile.webhook index 4c896e426..3d9341153 100644 --- a/build/Dockerfile.webhook +++ b/build/Dockerfile.webhook @@ -12,7 +12,7 @@ COPY . . RUN GOOS=linux CGO_ENABLED=1 GOARCH=amd64 GOFLAGS="" go build -o build/_output/bin/addon-operator-webhook ./cmd/addon-operator-webhook ### -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1776104705 +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1778562320 ENV USER_UID=1001 \ USER_NAME=addon-operator diff --git a/controllers/addon/monitoring_stack_reconciler.go b/controllers/addon/monitoring_stack_reconciler.go index 1fc66f7db..d3930b60d 100644 --- a/controllers/addon/monitoring_stack_reconciler.go +++ b/controllers/addon/monitoring_stack_reconciler.go @@ -98,6 +98,8 @@ func (r *monitoringStackReconciler) propagateMonitoringStackStatusToAddon(monito case obov1alpha1.ReconciledCondition: reconciledCondition = monitoringStack.Status.Conditions[i] reconciledConditionFound = true + default: + // explicitly ignore other conditions } } diff --git a/controllers/addon/phase_observe_operatorresource.go b/controllers/addon/phase_observe_operatorresource.go index a12cf4ee2..77962e706 100644 --- a/controllers/addon/phase_observe_operatorresource.go +++ b/controllers/addon/phase_observe_operatorresource.go @@ -99,7 +99,7 @@ func (r *olmReconciler) observeOperatorResource( // do nothing here case operatorsv1alpha1.CSVPhaseFailed: message = "failed" - default: + case operatorsv1alpha1.CSVPhasePending, operatorsv1alpha1.CSVPhaseInstallReady, operatorsv1alpha1.CSVPhaseInstalling, operatorsv1alpha1.CSVPhaseUnknown, operatorsv1alpha1.CSVPhaseReplacing, operatorsv1alpha1.CSVPhaseDeleting, operatorsv1alpha1.CSVPhaseAny: message = "unknown/pending" } diff --git a/deploy-extras/development/01-metrics-server-tls-secret.yaml b/deploy-extras/development/01-metrics-server-tls-secret.yaml index 72b280c8e..6d7cf9ff0 100644 --- a/deploy-extras/development/01-metrics-server-tls-secret.yaml +++ b/deploy-extras/development/01-metrics-server-tls-secret.yaml @@ -9,6 +9,6 @@ metadata: namespace: openshift-addon-operator type: kubernetes.io/tls data: - ca-bundle.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZuekNDQTRlZ0F3SUJBZ0lVT0xLdjROZTlUcEJRaG1ac1RMZ0c4dE1ZTy9nd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1BqRThNRG9HQTFVRUF3d3pZV1JrYjI0dGIzQmxjbUYwYjNJdGJXVjBjbWxqY3k1dmNHVnVjMmhwWm5RdApZV1JrYjI0dGIzQmxjbUYwYjNJdWMzWmpNQjRYRFRJME1ERXdPVEF6TkRJMU5Wb1hEVE0wTURFd05qQXpOREkxCk5Wb3dQakU4TURvR0ExVUVBd3d6WVdSa2IyNHRiM0JsY21GMGIzSXRiV1YwY21samN5NXZjR1Z1YzJocFpuUXQKWVdSa2IyNHRiM0JsY21GMGIzSXVjM1pqTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBOGtETGhIY3pyQTlRdHhSbWpUSUhqK0xQamJ4TVA2cjI4bWJMRG5VZHd1bGp0RUs5RnlwUHE4Q2RESDhlCk1BQ2ZZTFdoVFZOTmRHWEFXNi85SUx0VFY3NlhFWThwMkxkYzY5eWRrTWRndzljOEJ0ZHZBd0haQmgzcndWNzYKRlhYSnh6QWJtalBES2FvdWlteTVPV2x3WkZ2N3lST3U5bXBVbnU1NTQ4T0ZieGRqc1RaTEpFL0FMSVQwSkZPOAphc2lUNitYOHZtbmw5VW1LWWp4YlhGWWljaERrYnZrS3hsOEx5Q2pPRnhQVnFhNlBjdXVUMkJQSkNqZmZUQ3NrCkl4WEd4d3RyaTVXV01NRDRuNDQ2anNMMlJub3JwSGtWWXM3V2k3NVFqd0hPamxLMytnRlliUU96c25vcitESG8KdG5idE5qSlovellXS3M3eUdhN284VzRyZ0hicSt2RXAyWWREeHd2UDNBci9Yc2tLNDFVVXFvR2loVm1SZ0RPLwoySUx3Nzl4ZGtucitBSlNLVlpSMnc2UUdqVlR2aHhLVm02WXRJeGxxbmROTDZ5MWVnUlRhQWV3UVhTc3o5UVNDCnNDT2ZoOEFWM3ZUemd0akJpM0RDQ09rUnhMMWIwOHFLODZ3KzBkSG9OQ0dwa2MvNTB5MHRMbjdtd2I1S3VibUQKOHdnS2pKWEhiVGw0Z1BHZWpsNlUvMjRuQlJ4cFFQeEU2eElZR1NBK2pYamNBeHdmQlJLMnArdXFsakJhUVJlZQpVR1FoejlFOHFWanhqT1VPUlorWjM1cnNwWGthOVJKRUg2N0NycFBUZTJsM20wK1BOR1pySjc4NmtURmFUYUh4CmZOMDdQbkRlK0hoaXlxWDBtZ3I3REtYRnRCZXFBOXVuTFpST2FZdUtJTzFrNEtVQ0F3RUFBYU9CbERDQmtUQWQKQmdOVkhRNEVGZ1FVaEUrL3BYOFVqeG1MR3ArKys3cFpVN2lDdDBFd0h3WURWUjBqQkJnd0ZvQVVoRSsvcFg4VQpqeG1MR3ArKys3cFpVN2lDdDBFd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBK0JnTlZIUkVFTnpBMWdqTmhaR1J2CmJpMXZjR1Z5WVhSdmNpMXRaWFJ5YVdOekxtOXdaVzV6YUdsbWRDMWhaR1J2YmkxdmNHVnlZWFJ2Y2k1emRtTXcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUVYZTlOeEZQVEdVQWkzeExNSUd6Nkw0d3JTbWlKa2FNTmN5ZHI1UgpvanYzOHlnUjRlMjdNakNRQVdEdTVweTdZRndoeTZKSXByUnBuMnh1YnpiNjg5cS9SOXBXeDRYM3c3RFBTeFAxCkFtaEQ2ZFE5dElOWWV6clFEMWp6TDZqMVozaFdOSG5za0JkbEg1N2J1UEtqeXQwZGZ1SHFhVDR5UGxFTTFjVjcKY1RuTHN0YmczZGprSTNGTlg1cjZua1d6ZVA3eVdZRGFlMzhKdERZZENtV014ZjQxZzJrVEowT1BsOUF2YzQvbQo1R2lJTFZkYzFzSE5lMjRKRFVyZVowb3FYYm1EWEczMWZZRHFwNTVYMTNrV21IRnFBNTVXUmJIZCt0Wms5azNVCmlUUUJCbExLTkJYK3BwSmhDcWZKVVBVRHhySXRnQ1pienJiR2oxQm1WUC83U2lKaXJObG53Tkx0OTV1OFNUQ00KRHZkVDB5aEVsTGM4bEtncnE3YVM2SDBsNmRuTXZpRTdoaTlkTU5CV0lwK0hpLzlBZFcwMGgxaFRBQWNUaG1oZQp4VVJNMEVkbHJZY1V4RmFXM291LzdjZk81MGFPblVZVjZKaFZrY09GMUxwUnJzUmpmNmcxSUZrNXhxdWRYYURYCjllMnIyQWV1SENmckppbWQ4dnpGLy9Xd2w1NWdCMnd6VmtkUnFJODR6WGVGN0x6Z0Z4eUlCWHdYcDdFRGkrSHEKOHpRK0hYRmhBSUpUWnh6Q3QzNDVBTzY5WTYwWVhHMzJSUlZuRlo5b1BOQWdUR0t0blZUTGZ2R0ZuVjlVQlRVNQp1blVwQ1hrNTBkY3JhQmd4dDNkaURTS1AyRHpZaFFqOXJJVSsxVWZOWExxWlZQaWlZQUkxaUgwbzhBOE05Wng0CmwrVVgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + ca-bundle.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZuekNDQTRlZ0F3SUJBZ0lVT0xLdjROZTlUcEJRaG1ac1RMZ0c4dE1ZTy9nd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1BqRThNRG9HQTFVRUF3d3pZV1JrYjI0dGIzQmxjbUYwYjNJdGJXVjBjbWxqY3k1dmNHVnVjMmhwWm5RdApZV1JrYjI0dGIzQmxjbUYwYjNJdWMzWmpNQjRYRFRJME1ERXdPVEF6TkRJMU5Wb1hEVE0wTURFd05qQXpOREkxCk5Wb3dQakU4TURvR0ExVUVBd3d6WVdSa2IyNHRiM0JsY21GMGIzSXRiV1YwY21samN5NXZjR1Z1YzJocFpuUXQKWVdSa2IyNHRiM0JsY21GMGIzSXVjM1pqTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBOGtETGhIY3pyQTlRdHhSbWpUSUhqK0xQamJ4TVA2cjI4bWJMRG5VZHd1bGp0RUs5RnlwUHE4Q2RESDhlCk1BQ2ZZTFdoVFZOTmRHWEFXNi85SUx0VFY3NlhFWThwMkxkYzY5eWRrTWRndzljOEJ0ZHZBd0haQmgzcndWNzYKRlhYSnh6QWJtalBES2FvdWlteTVPV2x3WkZ2N3lST3U5bXBVbnU1NTQ4T0ZieGRqc1RaTEpFL0FMSVQwSkZPOAphc2lUNitYOHZtbmw5VW1LWWp4YlhGWWljaERrYnZrS3hsOEx5Q2pPRnhQVnFhNlBjdXVUMkJQSkNqZmZUQ3NrCkl4WEd4d3RyaTVXV01NRDRuNDQ2anNMMlJub3JwSGtWWXM3V2k3NVFqd0hPamxLMytnRlliUU96c25vcitESG8KdG5idE5qSlovellXS3M3eUdhN284VzRyZ0hicSt2RXAyWWREeHd2UDNBci9Yc2tLNDFVVXFvR2loVm1SZ0RPLwoySUx3Nzl4ZGtucitBSlNLVlpSMnc2UUdqVlR2aHhLVm02WXRJeGxxbmROTDZ5MWVnUlRhQWV3UVhTc3o5UVNDCnNDT2ZoOEFWM3ZUemd0akJpM0RDQ09rUnhMMWIwOHFLODZ3KzBkSG9OQ0dwa2MvNTB5MHRMbjdtd2I1S3VibUQKOHdnS2pKWEhiVGw0Z1BHZWpsNlUvMjRuQlJ4cFFQeEU2eElZR1NBK2pYamNBeHdmQlJLMnArdXFsakJhUVJlZQpVR1FoejlFOHFWanhqT1VPUlorWjM1cnNwWGthOVJKRUg2N0NycFBUZTJsM20wK1BOR1pySjc4NmtURmFUYUh4CmZOMDdQbkRlK0hoaXlxWDBtZ3I3REtYRnRCZXFBOXVuTFpST2FZdUtJTzFrNEtVQ0F3RUFBYU9CbERDQmtUQWQKQmdOVkhRNEVGZ1FVaEUrL3BYOFVqeG1MR3ArKys3cFpVN2lDdDBFd0h3WURWUjBqQkJnd0ZvQVVoRSsvcFg4VQpqeG1MR3ArKys3cFpVN2lDdDBFd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBK0JnTlZIUkVFTnpBMWdqTmhaR1J2CmJpMXZjR1Z5WVhSdmNpMXRaWFJ5YVdOekxtOXdaVzV6YUdsbWRDMWhaR1J2YmkxdmNHVnlZWFJ2Y2k1emRtTXcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUVYZTlOeEZQVEdVQWkzeExNSUd6Nkw0d3JTbWlKa2FNTmN5ZHI1UgpvanYzOHlnUjRlMjdNakNRQVdEdTVweTdZRndoeTZKSXByUnBuMnh1YnpiNjg5cS9SOXBXeDRYM3c3RFBTeFAxCkFtaEQ2ZFE5dElOWWV6clFEMWp6TDZqMVozaFdOSG5za0JkbEg1N2J1UEtqeXQwZGZ1SHFhVDR5UGxFTTFjVjcKY1RuTHN0YmczZGprSTNGTlg1cjZua1d6ZVA3eVdZRGFlMzhKdERZZENtV014ZjQxZzJrVEowT1BsOUF2YzQvbQo1R2lJTFZkYzFzSE5lMjRKRFVyZVowb3FYYm1EWEczMWZZRHFwNTVYMTNrV21IRnFBNTVXUmJIZCt0Wms5azNVCmlUUUJCbExLTkJYK3BwSmhDcWZKVVBVRHhySXRnQ1pienJiR2oxQm1WUC83U2lKaXJObG53Tkx0OTV1OFNUQ00KRHZkVDB5aEVsTGM4bEtncnE3YVM2SDBsNmRuTXZpRTdoaTlkTU5CV0lwK0hpLzlBZFcwMGgxaFRBQWNUaG1oZQp4VVJNMEVkbHJZY1V4RmFXM291LzdjZk81MGFPblVZVjZKaFZrY09GMUxwUnJzUmpmNmcxSUZrNXhxdWRYYURYCjllMnIyQWV1SENmckppbWQ4dnpGLy9Xd2w1NWdCMnd6VmtkUnFJODR6WGVGN0x6Z0Z4eUlCWHdYcDdFRGkrSHEKOHpRK0hYRmhBSUpUWnh6Q3QzNDVBTzY5WTYwWVhHMzJSUlZuRlo5b1BOQWdUR0t0blZUTGZ2R0ZuVjlVQlRVNQp1blVwQ1hrNTBkY3JhQmd4dDNkaURTS1AyRHpZaFFqOXJJVSsxVWZOWExxWlZQaWlZQUkxaUgwbzhBOE05Wng0CmwrVVgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZuekNDQTRlZ0F3SUJBZ0lVT0xLdjROZTlUcEJRaG1ac1RMZ0c4dE1ZTy9nd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1BqRThNRG9HQTFVRUF3d3pZV1JrYjI0dGIzQmxjbUYwYjNJdGJXVjBjbWxqY3k1dmNHVnVjMmhwWm5RdApZV1JrYjI0dGIzQmxjbUYwYjNJdWMzWmpNQjRYRFRJME1ERXdPVEF6TkRJMU5Wb1hEVE0wTURFd05qQXpOREkxCk5Wb3dQakU4TURvR0ExVUVBd3d6WVdSa2IyNHRiM0JsY21GMGIzSXRiV1YwY21samN5NXZjR1Z1YzJocFpuUXQKWVdSa2IyNHRiM0JsY21GMGIzSXVjM1pqTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBOGtETGhIY3pyQTlRdHhSbWpUSUhqK0xQamJ4TVA2cjI4bWJMRG5VZHd1bGp0RUs5RnlwUHE4Q2RESDhlCk1BQ2ZZTFdoVFZOTmRHWEFXNi85SUx0VFY3NlhFWThwMkxkYzY5eWRrTWRndzljOEJ0ZHZBd0haQmgzcndWNzYKRlhYSnh6QWJtalBES2FvdWlteTVPV2x3WkZ2N3lST3U5bXBVbnU1NTQ4T0ZieGRqc1RaTEpFL0FMSVQwSkZPOAphc2lUNitYOHZtbmw5VW1LWWp4YlhGWWljaERrYnZrS3hsOEx5Q2pPRnhQVnFhNlBjdXVUMkJQSkNqZmZUQ3NrCkl4WEd4d3RyaTVXV01NRDRuNDQ2anNMMlJub3JwSGtWWXM3V2k3NVFqd0hPamxLMytnRlliUU96c25vcitESG8KdG5idE5qSlovellXS3M3eUdhN284VzRyZ0hicSt2RXAyWWREeHd2UDNBci9Yc2tLNDFVVXFvR2loVm1SZ0RPLwoySUx3Nzl4ZGtucitBSlNLVlpSMnc2UUdqVlR2aHhLVm02WXRJeGxxbmROTDZ5MWVnUlRhQWV3UVhTc3o5UVNDCnNDT2ZoOEFWM3ZUemd0akJpM0RDQ09rUnhMMWIwOHFLODZ3KzBkSG9OQ0dwa2MvNTB5MHRMbjdtd2I1S3VibUQKOHdnS2pKWEhiVGw0Z1BHZWpsNlUvMjRuQlJ4cFFQeEU2eElZR1NBK2pYamNBeHdmQlJLMnArdXFsakJhUVJlZQpVR1FoejlFOHFWanhqT1VPUlorWjM1cnNwWGthOVJKRUg2N0NycFBUZTJsM20wK1BOR1pySjc4NmtURmFUYUh4CmZOMDdQbkRlK0hoaXlxWDBtZ3I3REtYRnRCZXFBOXVuTFpST2FZdUtJTzFrNEtVQ0F3RUFBYU9CbERDQmtUQWQKQmdOVkhRNEVGZ1FVaEUrL3BYOFVqeG1MR3ArKys3cFpVN2lDdDBFd0h3WURWUjBqQkJnd0ZvQVVoRSsvcFg4VQpqeG1MR3ArKys3cFpVN2lDdDBFd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBK0JnTlZIUkVFTnpBMWdqTmhaR1J2CmJpMXZjR1Z5WVhSdmNpMXRaWFJ5YVdOekxtOXdaVzV6YUdsbWRDMWhaR1J2YmkxdmNHVnlZWFJ2Y2k1emRtTXcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUVYZTlOeEZQVEdVQWkzeExNSUd6Nkw0d3JTbWlKa2FNTmN5ZHI1UgpvanYzOHlnUjRlMjdNakNRQVdEdTVweTdZRndoeTZKSXByUnBuMnh1YnpiNjg5cS9SOXBXeDRYM3c3RFBTeFAxCkFtaEQ2ZFE5dElOWWV6clFEMWp6TDZqMVozaFdOSG5za0JkbEg1N2J1UEtqeXQwZGZ1SHFhVDR5UGxFTTFjVjcKY1RuTHN0YmczZGprSTNGTlg1cjZua1d6ZVA3eVdZRGFlMzhKdERZZENtV014ZjQxZzJrVEowT1BsOUF2YzQvbQo1R2lJTFZkYzFzSE5lMjRKRFVyZVowb3FYYm1EWEczMWZZRHFwNTVYMTNrV21IRnFBNTVXUmJIZCt0Wms5azNVCmlUUUJCbExLTkJYK3BwSmhDcWZKVVBVRHhySXRnQ1pienJiR2oxQm1WUC83U2lKaXJObG53Tkx0OTV1OFNUQ00KRHZkVDB5aEVsTGM4bEtncnE3YVM2SDBsNmRuTXZpRTdoaTlkTU5CV0lwK0hpLzlBZFcwMGgxaFRBQWNUaG1oZQp4VVJNMEVkbHJZY1V4RmFXM291LzdjZk81MGFPblVZVjZKaFZrY09GMUxwUnJzUmpmNmcxSUZrNXhxdWRYYURYCjllMnIyQWV1SENmckppbWQ4dnpGLy9Xd2w1NWdCMnd6VmtkUnFJODR6WGVGN0x6Z0Z4eUlCWHdYcDdFRGkrSHEKOHpRK0hYRmhBSUpUWnh6Q3QzNDVBTzY5WTYwWVhHMzJSUlZuRlo5b1BOQWdUR0t0blZUTGZ2R0ZuVjlVQlRVNQp1blVwQ1hrNTBkY3JhQmd4dDNkaURTS1AyRHpZaFFqOXJJVSsxVWZOWExxWlZQaWlZQUkxaUgwbzhBOE05Wng0CmwrVVgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRHlRTXVFZHpPc0QxQzMKRkdhTk1nZVA0cytOdkV3L3F2Ynlac3NPZFIzQzZXTzBRcjBYS2srcndKME1meDR3QUo5Z3RhRk5VMDEwWmNCYgpyLzBndTFOWHZwY1JqeW5ZdDF6cjNKMlF4MkREMXp3RzEyOERBZGtHSGV2Qlh2b1ZkY25ITUJ1YU04TXBxaTZLCmJMazVhWEJrVy92SkU2NzJhbFNlN25uanc0VnZGMk94Tmtza1Q4QXNoUFFrVTd4cXlKUHI1ZnkrYWVYMVNZcGkKUEZ0Y1ZpSnlFT1J1K1FyR1h3dklLTTRYRTlXcHJvOXk2NVBZRThrS045OU1LeVFqRmNiSEMydUxsWll3d1BpZgpqanFPd3ZaR2VpdWtlUlZpenRhTHZsQ1BBYzZPVXJmNkFWaHRBN095ZWl2NE1laTJkdTAyTWxuL05oWXF6dklaCnJ1anhiaXVBZHVyNjhTblpoMFBIQzgvY0N2OWV5UXJqVlJTcWdhS0ZXWkdBTTcvWWd2RHYzRjJTZXY0QWxJcFYKbEhiRHBBYU5WTytIRXBXYnBpMGpHV3FkMDB2ckxWNkJGTm9CN0JCZEt6UDFCSUt3STUrSHdCWGU5UE9DMk1HTApjTUlJNlJIRXZWdlR5b3J6ckQ3UjBlZzBJYW1Sei9uVExTMHVmdWJCdmtxNXVZUHpDQXFNbGNkdE9YaUE4WjZPClhwVC9iaWNGSEdsQS9FVHJFaGdaSUQ2TmVOd0RIQjhGRXJhbjY2cVdNRnBCRjU1UVpDSFAwVHlwV1BHTTVRNUYKbjVuZm11eWxlUnIxRWtRZnJzS3VrOU43YVhlYlQ0ODBabXNudnpxUk1WcE5vZkY4M1RzK2NONzRlR0xLcGZTYQpDdnNNcGNXMEY2b0QyNmN0bEU1cGk0b2c3V1RncFFJREFRQUJBb0lDQUFwTmlhcE1WSWtDakwwQWs5ejQ3ZnZuCldrcnRvWE9LdnA1d0V6NDk2bUplQVRUTEt0WVhvVlJOYUpCOXZvZXRteG1tbCtIZFExdktNUXhsTjNlREtBZ0IKRGRVOEdMeEVEaUprMjFtck5Sa1hLQkVsYSszOWorQ1QrTEVjYkRmcDdzYzNLMUZiVnJkSXF0cU54YkhrbzFoTgpWaS9HMDhmY25WVTJFTDZJVS80MXlUSmgrLytqR2FuN0RKUVg4Sms5QnhkL0RFai80WDBWWDlxT05SZC8vVTZMCkcrQUJYUDB6VVNHMTVJLzBNci9ZOGZaaUFRTnRVZjFLZzRkdWhVYXR1Q3JDZUZRekxEUk9ITFRTZkhpU1g1MS8KT0NoeVV0L0ZLcmcrUTVoVmJCYSsrMTZaWEl5a1hlbmZDc3d2T1RXN2FKckh1TzZpK3YzZWw4clNWc3RmMDE4NQo0TC9ORy9WVFBPWW1kci8rVEZySHdlTlducFZ4eUhhNXE0REFOTXR3YlRrdmh4a3cxdU9mazQzaU0veTFNSXh6CkV0RUdpNW0rRU1ndHVQRTFIc2ZVQ25ZcUhRK1E5c3BjTnc5YUVXd2ZGRy81MjBvYVlvaHllMng0OXlMQ2ozdmQKU0dHN0pBdFhiNUpGb1doWHFOZ3ZxRi9uR1kycWd4cU9CMFVLaVJ5cEsyNUZWVVBmbVZyK1pUakhiUE5nellCcApyMWNjT0VSRXYyT29oclF0SkRoNzlJdlFvdVY0MUpoZTR6dFd3OUxXMFVQTDlFNXVLOVRzZmV0SldmSXd2MmpUCm1henhzTzdKU1lDczIyZmd1dlRDTFA5bFJmVlhGVGpmdzJQYk5YR29GUFkwTzltTCtpNEJod3Z0bFR4WHdhMDUKdVlaTHNCQWx4Z2VBNDgzU1pvREpBb0lCQVFENVVZMFVEbTE5NCtoMlZ3YWJDUnUxQnVTb1g2d0I1bnNGYW9YcApkMnRDaUc0TWRXR1BIOFVpSEU2VUQ0Ti9aUnBZMXg2bVFYSFV0YWtmQmRWQ3cxeHcxczRvWHE3QTV2d2J4OFVwCjhNV1BSSGJQeDRzREJaUmFjelU0M1VPSlBldTE3MXRaUHExMTNXTjBFRFIvUUJVY3ZFVGYxdXRPZFlDMlRTdmMKNTFYNytBRGFEUDJIZElReDJvYk4vRjlncityQzlodHI5M1J5S0hObHdrRmtvc3owaC83U2pPSnZFeWV1QzFTNgpCUWpzM1gyTDlTalgvVjJiekdScm8xWDNSRTJTeVBJODN4bXZHZ1RXbXdic1pUZmJQTFU2R2cybXhuVkx2RFpsCjV6R3NsMGRkb3lhaTVXWDgvVVZSNGU1RlJaMWdxdEJpaVZTZlB3ek83R2lia21rTkFvSUJBUUQ0dnNWNXdEOUUKS0tnbmZwKy9tMnNYRTdiOHpmaDQ1bjdxZkFqOVNjU2xmbUVYYzlqWWtxc3VpZWdTVFdka01DU3lkS2l1eExIMwpRbW1iSXpBMVBTSVRPdFBHYWR1RFRVTHZHWkNJby9KaTVBendkeHlSZ0RDcTZOUEllVGg4ZS9yeElOVlg4aWExCjlydGljVXNhZGkwWGZGUGQ3a3BZNWlzNmVmUko4UHJNQURwVk0zTE93L3dKaFpxSGRaU3B6Szh4WjRCQnd3MGoKSzdOcjRKa25GYUhmOGxkYmlYMGk4V0NNeFBpNEpROTQ2UnRsSGlLMURZYVViT2hGOTNQSThDOEc1eDdLU3Q5RAoyZno4K2t5UmthU3RMTU9ldWJSOGVBLzFUSkRVbzVrd1F5SGhlSUV2ZExjWXNXVEl5ZlFhN0xNQVVFYm05SlBWCnA3WHRiV2wvREwvNUFvSUJBQU9rQWpoaHdZMk9EMjN5OVdDOE1GQmphbUZmREViMjA2TVBuQ2I5bkc1YlNhZ2EKNnJMSlZ2cVppVGcyUmNoTmRLWUpkaVFkWG9rcG9lK1hDVGN4WFI4MHM4djVIZm9wSlZOT2huMkhTNHM5QjdNZgpDZE9nZURzZDVaQVFBeFYwOXdVd0dwaGlCdXhxc0RJWXJudVJOdjIxYmhnS3JtTDE2a3cvTWozR2p3WGY2RHRHCjUwamNGYllZcDlGSU55aFZTVXRSaHJMNzZSSmxydEcwbFhuZnVyaHpaL0F4S0hsUXdVcVVWY2Rsbld6QUN6NUkKOVRDNlBXeXgvbUZvQURCZEtmalR3RjNOTURYVFhuQzMwTkVRNVZEcFFRZzVLeXZkU0FjMEYyTkRqZ0VrTUdHWQpxVTdGcE1pZDlpNHM2MnJOaW0vSDdzVVJsay9BL3ZIaWwrQjFzZDBDZ2dFQkFOOVRxRWpmYWUzdjhzbEN6bnBoCk40eklqb243QXhMSkh6bTNrdnFWdUpBOUh6N0hLL0dGL1ZzVFJlRG96ZU1OdG1UaWlIQWcrUWRlQVNMZ1BQQVAKcXdCSTJNcFRVRnBhaTdYUDVneEg1ZDhUa09wMGhwbTcxZlljZzhpQnpVMDJvdDdLODhDNkVEZGZCbTRqK2FJUQpaL3VtREVZOUkxTWRrOEkwckRlV3ZCVmNQd012NWV2dDJlTlNxS0xsMWt0OUVlM3hWeDJ6MloreUpLeStRY0x0CmtTQlhuRWI2OGZibGNDSHkxcnU5eWw1c0s4UmxnaE83eVJDSmx5RDZRbUl1QW9yWUJyVG84L3NmUkJ4OVBUR1UKNlp6eGk5QitPcVZseGk0ZVNBb2h0KyswMWo1d3lzdW9wcHJzNmVlOEtnWGliZlBpSDBaTVlFNTYvTVBtYjhrNQowVUVDZ2dFQVBscWVTWDFhSGxlY0xlMExQcmQ4V2N0bzZFZ24zWVVueU0zNkxQQWd0OXh5aFFtNFd2dVQ5WFRlCmUwSGRCdi9QM2NCU2E4b0FPK2hHQXFXSVZVdzFjWGQwZklXUW5GOW8zek9BOTZyMWt5S216TEpsRW00N3B1bHoKTmNtaURSTmRoTDRIQzIxclM1U2haZit6UGx4WSsrdTc4bUQ3UEFQc2lLMFdzNy8xOU1acVQvZkdLR3hxTWFieAowWXYrYnhzOGQxaGxwSG03VjNyeWpLeGdGM1JpUE5hbU0wcDdGTXdDSmNBL2cwbjMzTDc4TWlCd09iQWlCbzF1CnJoZ0RFRjFNK2RUYUdxZlozaW1lOG5YaXhlV1ZxNTQzTHFVVmNYL0M4Ym1BZ204aEhrNU9UOFZhVWZaeE5hSXQKblg0M2FHNGJOVmZJOHpvVFJESEtnVkJnazlVK0NnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRHlRTXVFZHpPc0QxQzMKRkdhTk1nZVA0cytOdkV3L3F2Ynlac3NPZFIzQzZXTzBRcjBYS2srcndKME1meDR3QUo5Z3RhRk5VMDEwWmNCYgpyLzBndTFOWHZwY1JqeW5ZdDF6cjNKMlF4MkREMXp3RzEyOERBZGtHSGV2Qlh2b1ZkY25ITUJ1YU04TXBxaTZLCmJMazVhWEJrVy92SkU2NzJhbFNlN25uanc0VnZGMk94Tmtza1Q4QXNoUFFrVTd4cXlKUHI1ZnkrYWVYMVNZcGkKUEZ0Y1ZpSnlFT1J1K1FyR1h3dklLTTRYRTlXcHJvOXk2NVBZRThrS045OU1LeVFqRmNiSEMydUxsWll3d1BpZgpqanFPd3ZaR2VpdWtlUlZpenRhTHZsQ1BBYzZPVXJmNkFWaHRBN095ZWl2NE1laTJkdTAyTWxuL05oWXF6dklaCnJ1anhiaXVBZHVyNjhTblpoMFBIQzgvY0N2OWV5UXJqVlJTcWdhS0ZXWkdBTTcvWWd2RHYzRjJTZXY0QWxJcFYKbEhiRHBBYU5WTytIRXBXYnBpMGpHV3FkMDB2ckxWNkJGTm9CN0JCZEt6UDFCSUt3STUrSHdCWGU5UE9DMk1HTApjTUlJNlJIRXZWdlR5b3J6ckQ3UjBlZzBJYW1Sei9uVExTMHVmdWJCdmtxNXVZUHpDQXFNbGNkdE9YaUE4WjZPClhwVC9iaWNGSEdsQS9FVHJFaGdaSUQ2TmVOd0RIQjhGRXJhbjY2cVdNRnBCRjU1UVpDSFAwVHlwV1BHTTVRNUYKbjVuZm11eWxlUnIxRWtRZnJzS3VrOU43YVhlYlQ0ODBabXNudnpxUk1WcE5vZkY4M1RzK2NONzRlR0xLcGZTYQpDdnNNcGNXMEY2b0QyNmN0bEU1cGk0b2c3V1RncFFJREFRQUJBb0lDQUFwTmlhcE1WSWtDakwwQWs5ejQ3ZnZuCldrcnRvWE9LdnA1d0V6NDk2bUplQVRUTEt0WVhvVlJOYUpCOXZvZXRteG1tbCtIZFExdktNUXhsTjNlREtBZ0IKRGRVOEdMeEVEaUprMjFtck5Sa1hLQkVsYSszOWorQ1QrTEVjYkRmcDdzYzNLMUZiVnJkSXF0cU54YkhrbzFoTgpWaS9HMDhmY25WVTJFTDZJVS80MXlUSmgrLytqR2FuN0RKUVg4Sms5QnhkL0RFai80WDBWWDlxT05SZC8vVTZMCkcrQUJYUDB6VVNHMTVJLzBNci9ZOGZaaUFRTnRVZjFLZzRkdWhVYXR1Q3JDZUZRekxEUk9ITFRTZkhpU1g1MS8KT0NoeVV0L0ZLcmcrUTVoVmJCYSsrMTZaWEl5a1hlbmZDc3d2T1RXN2FKckh1TzZpK3YzZWw4clNWc3RmMDE4NQo0TC9ORy9WVFBPWW1kci8rVEZySHdlTlducFZ4eUhhNXE0REFOTXR3YlRrdmh4a3cxdU9mazQzaU0veTFNSXh6CkV0RUdpNW0rRU1ndHVQRTFIc2ZVQ25ZcUhRK1E5c3BjTnc5YUVXd2ZGRy81MjBvYVlvaHllMng0OXlMQ2ozdmQKU0dHN0pBdFhiNUpGb1doWHFOZ3ZxRi9uR1kycWd4cU9CMFVLaVJ5cEsyNUZWVVBmbVZyK1pUakhiUE5nellCcApyMWNjT0VSRXYyT29oclF0SkRoNzlJdlFvdVY0MUpoZTR6dFd3OUxXMFVQTDlFNXVLOVRzZmV0SldmSXd2MmpUCm1henhzTzdKU1lDczIyZmd1dlRDTFA5bFJmVlhGVGpmdzJQYk5YR29GUFkwTzltTCtpNEJod3Z0bFR4WHdhMDUKdVlaTHNCQWx4Z2VBNDgzU1pvREpBb0lCQVFENVVZMFVEbTE5NCtoMlZ3YWJDUnUxQnVTb1g2d0I1bnNGYW9YcApkMnRDaUc0TWRXR1BIOFVpSEU2VUQ0Ti9aUnBZMXg2bVFYSFV0YWtmQmRWQ3cxeHcxczRvWHE3QTV2d2J4OFVwCjhNV1BSSGJQeDRzREJaUmFjelU0M1VPSlBldTE3MXRaUHExMTNXTjBFRFIvUUJVY3ZFVGYxdXRPZFlDMlRTdmMKNTFYNytBRGFEUDJIZElReDJvYk4vRjlncityQzlodHI5M1J5S0hObHdrRmtvc3owaC83U2pPSnZFeWV1QzFTNgpCUWpzM1gyTDlTalgvVjJiekdScm8xWDNSRTJTeVBJODN4bXZHZ1RXbXdic1pUZmJQTFU2R2cybXhuVkx2RFpsCjV6R3NsMGRkb3lhaTVXWDgvVVZSNGU1RlJaMWdxdEJpaVZTZlB3ek83R2lia21rTkFvSUJBUUQ0dnNWNXdEOUUKS0tnbmZwKy9tMnNYRTdiOHpmaDQ1bjdxZkFqOVNjU2xmbUVYYzlqWWtxc3VpZWdTVFdka01DU3lkS2l1eExIMwpRbW1iSXpBMVBTSVRPdFBHYWR1RFRVTHZHWkNJby9KaTVBendkeHlSZ0RDcTZOUEllVGg4ZS9yeElOVlg4aWExCjlydGljVXNhZGkwWGZGUGQ3a3BZNWlzNmVmUko4UHJNQURwVk0zTE93L3dKaFpxSGRaU3B6Szh4WjRCQnd3MGoKSzdOcjRKa25GYUhmOGxkYmlYMGk4V0NNeFBpNEpROTQ2UnRsSGlLMURZYVViT2hGOTNQSThDOEc1eDdLU3Q5RAoyZno4K2t5UmthU3RMTU9ldWJSOGVBLzFUSkRVbzVrd1F5SGhlSUV2ZExjWXNXVEl5ZlFhN0xNQVVFYm05SlBWCnA3WHRiV2wvREwvNUFvSUJBQU9rQWpoaHdZMk9EMjN5OVdDOE1GQmphbUZmREViMjA2TVBuQ2I5bkc1YlNhZ2EKNnJMSlZ2cVppVGcyUmNoTmRLWUpkaVFkWG9rcG9lK1hDVGN4WFI4MHM4djVIZm9wSlZOT2huMkhTNHM5QjdNZgpDZE9nZURzZDVaQVFBeFYwOXdVd0dwaGlCdXhxc0RJWXJudVJOdjIxYmhnS3JtTDE2a3cvTWozR2p3WGY2RHRHCjUwamNGYllZcDlGSU55aFZTVXRSaHJMNzZSSmxydEcwbFhuZnVyaHpaL0F4S0hsUXdVcVVWY2Rsbld6QUN6NUkKOVRDNlBXeXgvbUZvQURCZEtmalR3RjNOTURYVFhuQzMwTkVRNVZEcFFRZzVLeXZkU0FjMEYyTkRqZ0VrTUdHWQpxVTdGcE1pZDlpNHM2MnJOaW0vSDdzVVJsay9BL3ZIaWwrQjFzZDBDZ2dFQkFOOVRxRWpmYWUzdjhzbEN6bnBoCk40eklqb243QXhMSkh6bTNrdnFWdUpBOUh6N0hLL0dGL1ZzVFJlRG96ZU1OdG1UaWlIQWcrUWRlQVNMZ1BQQVAKcXdCSTJNcFRVRnBhaTdYUDVneEg1ZDhUa09wMGhwbTcxZlljZzhpQnpVMDJvdDdLODhDNkVEZGZCbTRqK2FJUQpaL3VtREVZOUkxTWRrOEkwckRlV3ZCVmNQd012NWV2dDJlTlNxS0xsMWt0OUVlM3hWeDJ6MloreUpLeStRY0x0CmtTQlhuRWI2OGZibGNDSHkxcnU5eWw1c0s4UmxnaE83eVJDSmx5RDZRbUl1QW9yWUJyVG84L3NmUkJ4OVBUR1UKNlp6eGk5QitPcVZseGk0ZVNBb2h0KyswMWo1d3lzdW9wcHJzNmVlOEtnWGliZlBpSDBaTVlFNTYvTVBtYjhrNQowVUVDZ2dFQVBscWVTWDFhSGxlY0xlMExQcmQ4V2N0bzZFZ24zWVVueU0zNkxQQWd0OXh5aFFtNFd2dVQ5WFRlCmUwSGRCdi9QM2NCU2E4b0FPK2hHQXFXSVZVdzFjWGQwZklXUW5GOW8zek9BOTZyMWt5S216TEpsRW00N3B1bHoKTmNtaURSTmRoTDRIQzIxclM1U2haZit6UGx4WSsrdTc4bUQ3UEFQc2lLMFdzNy8xOU1acVQvZkdLR3hxTWFieAowWXYrYnhzOGQxaGxwSG03VjNyeWpLeGdGM1JpUE5hbU0wcDdGTXdDSmNBL2cwbjMzTDc4TWlCd09iQWlCbzF1CnJoZ0RFRjFNK2RUYUdxZlozaW1lOG5YaXhlV1ZxNTQzTHFVVmNYL0M4Ym1BZ204aEhrNU9UOFZhVWZaeE5hSXQKblg0M2FHNGJOVmZJOHpvVFJESEtnVkJnazlVK0NnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= diff --git a/deploy-extras/development/webhook/00-tls-secret.yaml b/deploy-extras/development/webhook/00-tls-secret.yaml index ee9e0cd9c..7baf959df 100644 --- a/deploy-extras/development/webhook/00-tls-secret.yaml +++ b/deploy-extras/development/webhook/00-tls-secret.yaml @@ -9,6 +9,6 @@ metadata: namespace: openshift-addon-operator type: kubernetes.io/tls data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpakNDQTNLZ0F3SUJBZ0lVSC9xQmxWdXRRNUptdFBRRlFIcy95WnJuVlNrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd056RTFNRE1HQTFVRUF3d3NkMlZpYUc5dmF5MXpaWEoyYVdObExtOXdaVzV6YUdsbWRDMWhaR1J2YmkxdgpjR1Z5WVhSdmNpNXpkbU13SGhjTk1qUXdNVEEwTURFek1ERXdXaGNOTXpRd01UQXhNREV6TURFd1dqQTNNVFV3Ck13WURWUVFEREN4M1pXSm9iMjlyTFhObGNuWnBZMlV1YjNCbGJuTm9hV1owTFdGa1pHOXVMVzl3WlhKaGRHOXkKTG5OMll6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUt3WTZycDFXZXRCd2t6ZQp6VHpiNXUwUTAvT2Fta2NUWGJuK1hDSkN0TTFoNVJ3YnhzclB2VnY4SGtOeFJaTHhRYWYvNW1OQzdmYUF5N0d5CjBwb0FmT0FhWWxMaGF3alorTmd1Zm8xbG1IYXhTNDRrT1JZdXJHZ3pIY281NEdGK0tVK1RjRG1WN2VhbWFDbEYKSjlpQjhUL2kyS1kxRDdqcEtaU0FsZUREQkxkcWtqS0ZKLzlnMzJybHZPK0YvZFBBbWdRalNqRWh5a0IyRFE4SQp6S3BKRDBSQVBxdDZ4ZXZnZlkvNmpmb3pLOGtza0FKdTBSZGRwMW5DYjVLcmRSbjA1dkhVRGNkOFBPMnI2NmNXClJJTUJUN1N3b3pwZmVrTHRabXphRmVnQW5kZFoyZGZRM3JTelBGZ1FvNzUxbGxhMitYcXl0c2dEdXMzSGl0cUwKckVZdVFPYXhZMDhsRXRNRTZGbEJMcGt0cWZWRnAydmVwZWFXWW9mMWFuUEtoSm5HZytXYnBKQ0krMFMxS2JhdwpFNFRURXM4UDdxaDdhMmVtQWhCOHJRYVJtR3NZS3F3c2o2SkRwQUlrUDQxcHZKajc5RjRTZXdRSzB1a2Npa3EwCnl2RHJKQjhUbE5YUUVmSUVNUC9ORVplb0t3NXc4NVFGNmJrNmRsdFJCbmFBN0dOVkVuRG9UaWQ0b0ZmekV1YXQKSkZFYWkrbUQrakxXdWEyZ2NHR2pWV1E0aGI0T0dqUmlwR1d5U2JRTVdYc0lvQ3k1dkJacVJhZHpoYWlybDR5UQpFQ1VQOFE1aGg2SCtCMENnS2NCRWJUYWtWZ3hlY3RwaG1qcjhpeGpiY0tURllNWXkvSzM2bnFLSnpDVThLRE9FCkR0Mm9ibTFxOEM2dGZ3VHZDYXRaaEtSd0VWa2hBZ01CQUFHamdZMHdnWW93SFFZRFZSME9CQllFRk0vaTdzV24KV2VVLy9wZHRtRVMrYjhMQXliNDBNQjhHQTFVZEl3UVlNQmFBRk0vaTdzV25XZVUvL3BkdG1FUytiOExBeWI0MApNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOd1lEVlIwUkJEQXdMb0lzZDJWaWFHOXZheTF6WlhKMmFXTmxMbTl3ClpXNXphR2xtZEMxaFpHUnZiaTF2Y0dWeVlYUnZjaTV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGU1UKMUU2WkJRVFRYNkdveWNISFczc1hQWEhSZFNsYjUzVGR2NHgyM2FheE12YjUya0RESlFnT3NicFI0cTRGbXdQLwpmLzNtYWU2VFpEcituS2dWVmw3QXJjN3FGcENRcDV2SEVaZHZVcERRbE9BOHpiM2FLdy9Ua3JwTFluUWE5N1NyCm0wbzlkaHhNWkJlb1QxQ3VtSHVCMndhTEZZd0lMbWQ0eHA2ald6NnBkNTdqaXY3bnhWUVZlYjdkdWRZYklYQlcKR2hnUWdadFRYbWFnQ1lOTC9ZOGd2N1o2THhhYThVOWdxeWJIOFpNSTBCN25iRjdzRG5VZGZid1FpdVZDelV4Nwp0cEtlQTdjc28zdlRkQTNaSFNTVERuMmttMlNza1JHampIZERkZHlmUFo1cXp4bkkxYzd4Tlp3U2RKbW5sZWtDCm5SWmlnUFFWWHc4ZHZFTWVDMkxsMXV3dEJLNERZVkZxYVlNaG4rczBqenhJUVZBTzNCNjZrdEg1dEZZanlsTTYKK2JDVm8vQ01UTmNYZTFjMUhWTmloZEZKZDdiVWpycFc3M1lEY3EydUNnMHQzanVkMzV5RVFidnY3VkFsUFJOTApVWmJRaGx0a0FyZ2YvUWdGeGN2UE1xY3U0cEsrdS81V1lsOTMrTU1reXZGbWh3NmVSUVJySHQzL1NZTFB2eXI4Cmdrcys2bUYyazYvSEJOUk9CQWtoNzkvSWozcy9kVDRyUmwzU1lXcGh4ZzRWT00xRUlSVEhHbEZWdFEzYTZMMkUKLzlBTkZJRXhhQTd0MkJIcHNSVU5MM29WU0IvMFJ1RjdQTHBjOGtvMzEwYWpJc2VEWXJKdE5MNThDQ2VWYTFlMgptQlNYbEFtTjhCL2pNMkI2UFF3OTNRdXNob1huOStJSU9ETldWeDhFCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpakNDQTNLZ0F3SUJBZ0lVSC9xQmxWdXRRNUptdFBRRlFIcy95WnJuVlNrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd056RTFNRE1HQTFVRUF3d3NkMlZpYUc5dmF5MXpaWEoyYVdObExtOXdaVzV6YUdsbWRDMWhaR1J2YmkxdgpjR1Z5WVhSdmNpNXpkbU13SGhjTk1qUXdNVEEwTURFek1ERXdXaGNOTXpRd01UQXhNREV6TURFd1dqQTNNVFV3Ck13WURWUVFEREN4M1pXSm9iMjlyTFhObGNuWnBZMlV1YjNCbGJuTm9hV1owTFdGa1pHOXVMVzl3WlhKaGRHOXkKTG5OMll6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUt3WTZycDFXZXRCd2t6ZQp6VHpiNXUwUTAvT2Fta2NUWGJuK1hDSkN0TTFoNVJ3YnhzclB2VnY4SGtOeFJaTHhRYWYvNW1OQzdmYUF5N0d5CjBwb0FmT0FhWWxMaGF3alorTmd1Zm8xbG1IYXhTNDRrT1JZdXJHZ3pIY281NEdGK0tVK1RjRG1WN2VhbWFDbEYKSjlpQjhUL2kyS1kxRDdqcEtaU0FsZUREQkxkcWtqS0ZKLzlnMzJybHZPK0YvZFBBbWdRalNqRWh5a0IyRFE4SQp6S3BKRDBSQVBxdDZ4ZXZnZlkvNmpmb3pLOGtza0FKdTBSZGRwMW5DYjVLcmRSbjA1dkhVRGNkOFBPMnI2NmNXClJJTUJUN1N3b3pwZmVrTHRabXphRmVnQW5kZFoyZGZRM3JTelBGZ1FvNzUxbGxhMitYcXl0c2dEdXMzSGl0cUwKckVZdVFPYXhZMDhsRXRNRTZGbEJMcGt0cWZWRnAydmVwZWFXWW9mMWFuUEtoSm5HZytXYnBKQ0krMFMxS2JhdwpFNFRURXM4UDdxaDdhMmVtQWhCOHJRYVJtR3NZS3F3c2o2SkRwQUlrUDQxcHZKajc5RjRTZXdRSzB1a2Npa3EwCnl2RHJKQjhUbE5YUUVmSUVNUC9ORVplb0t3NXc4NVFGNmJrNmRsdFJCbmFBN0dOVkVuRG9UaWQ0b0ZmekV1YXQKSkZFYWkrbUQrakxXdWEyZ2NHR2pWV1E0aGI0T0dqUmlwR1d5U2JRTVdYc0lvQ3k1dkJacVJhZHpoYWlybDR5UQpFQ1VQOFE1aGg2SCtCMENnS2NCRWJUYWtWZ3hlY3RwaG1qcjhpeGpiY0tURllNWXkvSzM2bnFLSnpDVThLRE9FCkR0Mm9ibTFxOEM2dGZ3VHZDYXRaaEtSd0VWa2hBZ01CQUFHamdZMHdnWW93SFFZRFZSME9CQllFRk0vaTdzV24KV2VVLy9wZHRtRVMrYjhMQXliNDBNQjhHQTFVZEl3UVlNQmFBRk0vaTdzV25XZVUvL3BkdG1FUytiOExBeWI0MApNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOd1lEVlIwUkJEQXdMb0lzZDJWaWFHOXZheTF6WlhKMmFXTmxMbTl3ClpXNXphR2xtZEMxaFpHUnZiaTF2Y0dWeVlYUnZjaTV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGU1UKMUU2WkJRVFRYNkdveWNISFczc1hQWEhSZFNsYjUzVGR2NHgyM2FheE12YjUya0RESlFnT3NicFI0cTRGbXdQLwpmLzNtYWU2VFpEcituS2dWVmw3QXJjN3FGcENRcDV2SEVaZHZVcERRbE9BOHpiM2FLdy9Ua3JwTFluUWE5N1NyCm0wbzlkaHhNWkJlb1QxQ3VtSHVCMndhTEZZd0lMbWQ0eHA2ald6NnBkNTdqaXY3bnhWUVZlYjdkdWRZYklYQlcKR2hnUWdadFRYbWFnQ1lOTC9ZOGd2N1o2THhhYThVOWdxeWJIOFpNSTBCN25iRjdzRG5VZGZid1FpdVZDelV4Nwp0cEtlQTdjc28zdlRkQTNaSFNTVERuMmttMlNza1JHampIZERkZHlmUFo1cXp4bkkxYzd4Tlp3U2RKbW5sZWtDCm5SWmlnUFFWWHc4ZHZFTWVDMkxsMXV3dEJLNERZVkZxYVlNaG4rczBqenhJUVZBTzNCNjZrdEg1dEZZanlsTTYKK2JDVm8vQ01UTmNYZTFjMUhWTmloZEZKZDdiVWpycFc3M1lEY3EydUNnMHQzanVkMzV5RVFidnY3VkFsUFJOTApVWmJRaGx0a0FyZ2YvUWdGeGN2UE1xY3U0cEsrdS81V1lsOTMrTU1reXZGbWh3NmVSUVJySHQzL1NZTFB2eXI4Cmdrcys2bUYyazYvSEJOUk9CQWtoNzkvSWozcy9kVDRyUmwzU1lXcGh4ZzRWT00xRUlSVEhHbEZWdFEzYTZMMkUKLzlBTkZJRXhhQTd0MkJIcHNSVU5MM29WU0IvMFJ1RjdQTHBjOGtvMzEwYWpJc2VEWXJKdE5MNThDQ2VWYTFlMgptQlNYbEFtTjhCL2pNMkI2UFF3OTNRdXNob1huOStJSU9ETldWeDhFCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpakNDQTNLZ0F3SUJBZ0lVSC9xQmxWdXRRNUptdFBRRlFIcy95WnJuVlNrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd056RTFNRE1HQTFVRUF3d3NkMlZpYUc5dmF5MXpaWEoyYVdObExtOXdaVzV6YUdsbWRDMWhaR1J2YmkxdgpjR1Z5WVhSdmNpNXpkbU13SGhjTk1qUXdNVEEwTURFek1ERXdXaGNOTXpRd01UQXhNREV6TURFd1dqQTNNVFV3Ck13WURWUVFEREN4M1pXSm9iMjlyTFhObGNuWnBZMlV1YjNCbGJuTm9hV1owTFdGa1pHOXVMVzl3WlhKaGRHOXkKTG5OMll6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUt3WTZycDFXZXRCd2t6ZQp6VHpiNXUwUTAvT2Fta2NUWGJuK1hDSkN0TTFoNVJ3YnhzclB2VnY4SGtOeFJaTHhRYWYvNW1OQzdmYUF5N0d5CjBwb0FmT0FhWWxMaGF3alorTmd1Zm8xbG1IYXhTNDRrT1JZdXJHZ3pIY281NEdGK0tVK1RjRG1WN2VhbWFDbEYKSjlpQjhUL2kyS1kxRDdqcEtaU0FsZUREQkxkcWtqS0ZKLzlnMzJybHZPK0YvZFBBbWdRalNqRWh5a0IyRFE4SQp6S3BKRDBSQVBxdDZ4ZXZnZlkvNmpmb3pLOGtza0FKdTBSZGRwMW5DYjVLcmRSbjA1dkhVRGNkOFBPMnI2NmNXClJJTUJUN1N3b3pwZmVrTHRabXphRmVnQW5kZFoyZGZRM3JTelBGZ1FvNzUxbGxhMitYcXl0c2dEdXMzSGl0cUwKckVZdVFPYXhZMDhsRXRNRTZGbEJMcGt0cWZWRnAydmVwZWFXWW9mMWFuUEtoSm5HZytXYnBKQ0krMFMxS2JhdwpFNFRURXM4UDdxaDdhMmVtQWhCOHJRYVJtR3NZS3F3c2o2SkRwQUlrUDQxcHZKajc5RjRTZXdRSzB1a2Npa3EwCnl2RHJKQjhUbE5YUUVmSUVNUC9ORVplb0t3NXc4NVFGNmJrNmRsdFJCbmFBN0dOVkVuRG9UaWQ0b0ZmekV1YXQKSkZFYWkrbUQrakxXdWEyZ2NHR2pWV1E0aGI0T0dqUmlwR1d5U2JRTVdYc0lvQ3k1dkJacVJhZHpoYWlybDR5UQpFQ1VQOFE1aGg2SCtCMENnS2NCRWJUYWtWZ3hlY3RwaG1qcjhpeGpiY0tURllNWXkvSzM2bnFLSnpDVThLRE9FCkR0Mm9ibTFxOEM2dGZ3VHZDYXRaaEtSd0VWa2hBZ01CQUFHamdZMHdnWW93SFFZRFZSME9CQllFRk0vaTdzV24KV2VVLy9wZHRtRVMrYjhMQXliNDBNQjhHQTFVZEl3UVlNQmFBRk0vaTdzV25XZVUvL3BkdG1FUytiOExBeWI0MApNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOd1lEVlIwUkJEQXdMb0lzZDJWaWFHOXZheTF6WlhKMmFXTmxMbTl3ClpXNXphR2xtZEMxaFpHUnZiaTF2Y0dWeVlYUnZjaTV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGU1UKMUU2WkJRVFRYNkdveWNISFczc1hQWEhSZFNsYjUzVGR2NHgyM2FheE12YjUya0RESlFnT3NicFI0cTRGbXdQLwpmLzNtYWU2VFpEcituS2dWVmw3QXJjN3FGcENRcDV2SEVaZHZVcERRbE9BOHpiM2FLdy9Ua3JwTFluUWE5N1NyCm0wbzlkaHhNWkJlb1QxQ3VtSHVCMndhTEZZd0lMbWQ0eHA2ald6NnBkNTdqaXY3bnhWUVZlYjdkdWRZYklYQlcKR2hnUWdadFRYbWFnQ1lOTC9ZOGd2N1o2THhhYThVOWdxeWJIOFpNSTBCN25iRjdzRG5VZGZid1FpdVZDelV4Nwp0cEtlQTdjc28zdlRkQTNaSFNTVERuMmttMlNza1JHampIZERkZHlmUFo1cXp4bkkxYzd4Tlp3U2RKbW5sZWtDCm5SWmlnUFFWWHc4ZHZFTWVDMkxsMXV3dEJLNERZVkZxYVlNaG4rczBqenhJUVZBTzNCNjZrdEg1dEZZanlsTTYKK2JDVm8vQ01UTmNYZTFjMUhWTmloZEZKZDdiVWpycFc3M1lEY3EydUNnMHQzanVkMzV5RVFidnY3VkFsUFJOTApVWmJRaGx0a0FyZ2YvUWdGeGN2UE1xY3U0cEsrdS81V1lsOTMrTU1reXZGbWh3NmVSUVJySHQzL1NZTFB2eXI4Cmdrcys2bUYyazYvSEJOUk9CQWtoNzkvSWozcy9kVDRyUmwzU1lXcGh4ZzRWT00xRUlSVEhHbEZWdFEzYTZMMkUKLzlBTkZJRXhhQTd0MkJIcHNSVU5MM29WU0IvMFJ1RjdQTHBjOGtvMzEwYWpJc2VEWXJKdE5MNThDQ2VWYTFlMgptQlNYbEFtTjhCL2pNMkI2UFF3OTNRdXNob1huOStJSU9ETldWeDhFCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ3NHT3E2ZFZuclFjSk0KM3MwODIrYnRFTlB6bXBwSEUxMjUvbHdpUXJUTlllVWNHOGJLejcxYi9CNURjVVdTOFVHbi8rWmpRdTMyZ011eApzdEthQUh6Z0dtSlM0V3NJMmZqWUxuNk5aWmgyc1V1T0pEa1dMcXhvTXgzS09lQmhmaWxQazNBNWxlM21wbWdwClJTZllnZkUvNHRpbU5RKzQ2U21VZ0pYZ3d3UzNhcEl5aFNmL1lOOXE1Ynp2aGYzVHdKb0VJMG94SWNwQWRnMFAKQ015cVNROUVRRDZyZXNYcjRIMlArbzM2TXl2SkxKQUNidEVYWGFkWndtK1NxM1VaOU9ieDFBM0hmRHp0cSt1bgpGa1NEQVUrMHNLTTZYM3BDN1daczJoWG9BSjNYV2RuWDBONjBzenhZRUtPK2RaWld0dmw2c3JiSUE3ck54NHJhCmk2eEdMa0Rtc1dOUEpSTFRCT2haUVM2WkxhbjFSYWRyM3FYbWxtS0g5V3B6eW9TWnhvUGxtNlNRaVB0RXRTbTIKc0JPRTB4TFBEKzZvZTJ0bnBnSVFmSzBHa1pockdDcXNMSStpUTZRQ0pEK05hYnlZKy9SZUVuc0VDdExwSElwSwp0TXJ3NnlRZkU1VFYwQkh5QkREL3pSR1hxQ3NPY1BPVUJlbTVPblpiVVFaMmdPeGpWUkp3NkU0bmVLQlg4eExtCnJTUlJHb3ZwZy9veTFybXRvSEJobzFWa09JVytEaG8wWXFSbHNrbTBERmw3Q0tBc3Vid1dha1duYzRXb3E1ZU0Ka0JBbEQvRU9ZWWVoL2dkQW9DbkFSRzAycEZZTVhuTGFZWm82L0lzWTIzQ2t4V0RHTXZ5dCtwNmlpY3dsUENnegpoQTdkcUc1dGF2QXVyWDhFN3dtcldZU2tjQkZaSVFJREFRQUJBb0lDQUFGejd2c3l0Q0dtdngwZGo2Z2daTFpWClF6a2t2SGNRMmxuYkpFN0ZVZS81V3NrU1VUV2d2QXpvUlBRTm1KQmZYVDRqSEhyZVZrSitWeWM0TkRFbzJPK3oKcGZ5UEF0T1ZuYXFndHdYcXNOY3JnMHRoNGdjK1daWU0zSmIvL0NBTjZUWXBpalo3UGZ4RVdsVU5zZGdib3pteApIZmVtYUtic3RYMUNPZzhHWXg1SkNKbWpkYTZyenNFTHE0SlpFYUhjTW9uL2NnVmczMERYYjZBVURnQnY4Q3NwCkVNVUxTdkRWTWFiWENibURpQjZUK1NzdHdZZENrd3FnZ3JIVXI1bTFMMWxhUUl1Y2NIVFN5VUVuMWQyR1dSOHYKSGZ2OHByeFBuZmhFUGFWNmNyQURsaEdvSUZHRnErMk9wanpuTXErOHJsWEo4aWlnRXU5MkxGQW1EV3cvZ0t5SwpVbnBaQm5wNE1GcTFJdWVuZUFETFpWL2ZYLzh1ZmJKbHI5cjd2U1NFNU1KVitnMUFOVnJOa2wzRHh2cEtTU3JaClViYzBvS1F0ajZZamk4bGQxYzZlWDN6Y3VNeHNmM1lTV3Z3eXB5ZlRIdDFLOGJEWEwrczBrYzJWNUhGencyZWYKZHA1cjF5WmxOQ3pRUEwyUVRnTnpOZkNrUmhrRkF3Y0podW0xNHlvbkpkWUQreTlIUEY5M05SeHhxM1Q2RVlRYwpNQnArY3Exb0tqdlpOZVYzQ1c0U3lFcHMycDA5VFRDNndLbHBRNmtHdmhLNkhvR2RSQVN2RlRBQWNESHJPR3E1CjI1aGVYUlp0L0MzOUpEbEUyUVBpM2VydzV5elFJSW4zaGRNMUM0MThRR1VHYksrL2M0N1JqOS9hMzU5MlFaK3YKSHdPOVBFQ1p1djdaNklmcHNxQXhBb0lCQVFEeVZCUkoxcWpnRjNFbUNhTEpxM0x1WGVyMWExRWdPeVZzazZSSwpTNWsvbHF3Y2htdnZ3elZTSlhGNzlYakQxQmRuREw5Uyt3Ty9FR2NyOEh4OFhpa3dyTXlJR1VIajBybUxVOWNJCjgycDlOV21TbmYwWDV0UWIwZStZZDFmeFR2YkZrVUxGRmg5R21tSnVIR1lhQVVNUVlrQnVXM3c0NE8yc1RWL2oKR0JBS0VQem11TldJOURiLy9WQnRrTzBTdWxoVlBNY3MyeHhsTVBPMzg5aTVrS0MxN2VsZWxUYkNQcEthNHdpSgpDclRCa24xNkQ0VGRRN3h3SGlJTDVpQnllR1FaSmRMTEViRkxMVFVHVkR3VFVNN21YakJ5TUVydVBrU1NJZGJWCjd4SlJ5YlQxd2QxSU5PdDJOZDV0Y3pCMkFSeTFGdW1nUmNJNE14UStiU05NdVp3eEFvSUJBUUMxem4rSmo4Z0QKRC9xRExtUDcvSjBXNXlIT2V6L1JwdGdDUDh0U1pUU3VGczlWQVlZS2UvSmkzdkcwd0pRdk1PMmc3Y1o5UUlEMQpiM0Y5SFFQTFoybGZWS2xObktwSjh6MmltZ0JkckMrd0hwSit1OGlDOW9ybXE0Q0NRS1FOZndnY2pCRTVzL2RjCm5DRlphMEZ3bDNqYXd6RjNFeTJGdlo5SUcrM3NjTXZ6MGZxOHdCWTNnNkJIN1FWSzJneUovdU1obHNtWTY3Y28KeFYyeFdrK2l2L2Z1WFJ2SU9pSUgxbkg5VTQyWFVBRit0dnlOV3VFaUd4NGIrVHk2UkdaL0pOZ244TTRjQy9pbwoza21hTEdwSks0bEZud09iNW11bWg4ZkdSRE5SVklUY2dKYWtzaDlCYmhNTm11dUJtVjhuQ0NmUHl5QWh3QmxJCkJsRWd3Ykt0S1gveEFvSUJBSFlkbFdZSVEzZzI5T2ZkZW9OaUZqc3BmQVR6c2k5THBRb3ZUTDBKN0VDYWFIbmUKNjIyS2NNc0JoVGN1aHhhc29sdVFVeEZYV0pRZ29xbEFKdTFYMkN2cGppZ29aMzFza1JQZ1ljZnpIY3k1NUNPYQo3bXBnRUxNZXVQSlArWVdkUDVzOUdwYUdHZWlJQjhJMEJYQlhmU0RYUXlDSFp4MHlSYWJlY0FaNURCaGIvMmxXClhuN0t5cVFzREsvYkhETXNzVEdhMWxwKzBuQmdVK3N0NkUxS3VZcnowL1JPTnNxblJUNUp1emRSQ0pueGxVZVIKbU9sZ3d0RERYMFQ5Zm9OTk96MG11b0JRdDJJMVBzcys4NmxXa2dLbmxtV1NOSE83MWlDRWJmc0k5Sno0L0VOdApvelkyMVM1aFEzR0YyL0VveVoxYTliVXhTMkdwUkF6SmxaTW9SWUVDZ2dFQUJwZ1R4aUNCNTZLSHVvUlBPZytDCmZ4Y3BBYjAwcGx6L3pxMFRxY3hqNmNDSUNwUkFrVmJIaHRDQlFjWU9XZHZUY3BmTk1EUEx1WnN1S1pTSTA3TFAKZnBhcWdWY2lVZ1pSZ1BsRzlCN1BwL3FqNDViYUFlNEJRYmFNdGF5MGhveko5WWNiQk5YRExnZTNxZSthOHdONwpiYXZRdW5ubWw4ZzE0NzZubFlETjFPMFR4QTdQZjNuMXNVWW1mLzJDb09xdXdFUWcwYndTNjVhay9FN0RQcXJwCnlpcDBYSUhIUkRPQjlPYzM1bm9QWTlJdFBNOUVCU0dvcU9rVVM4azVVbms2b2RBNUdZbFJub1paY3c4VFY4NE4KYjRvQjdvQ2YvTzFGMEtvZWxsK1RaZy8vNXI5VEpPTmlLNGNuN1k1cmhoWGtvOFBCU1pnWEVxYXdBSmtsNnVQcgpjUUtDQVFFQXNYbEFETmZlTUk2TE81VEhVZnNDeCtuejVsSVd3VFljVlJ2Yk11R09UQlI4UlYzblpxU2lMUEtqCjMzOExqbW8rL0hWb1RLODY0a2V4TFFWWmFoM0FOME9ldHF3dzdSOU5rdDZoVXhrcGhha3BnUG8xWGF0cTF1V0MKak1pSDRyekxuWGQ2Uzl6Qm5PM2N5ZW94OTJMKzhmakpKY2NaMDBCZ3JNYm5vRkxBQ0dqV2hQT1VYb2dUT1Q2Mwo2bGRjZ2lsTWpPby9RUHdBeisyaGdmNXdHenorb0tXZWRINXRnNTVDYlI0M091cC9EQ3JMbFlxR0crcWxNME9TCllWQ3lBTGY1QkpIQmpFMmViNEJLN2FRUGxONStiKy85UGdTTnB3akErTFowUFZVdUIzcmdTT282ZnFXd0FYSWkKMmt0bkNRT0ErU0xQZk16d3d3NDhBb2pDNG9GUVpBPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= diff --git a/deploy-extras/development/webhook/validatingwebhookconfig.yaml b/deploy-extras/development/webhook/validatingwebhookconfig.yaml index 55970d0df..ba21f468d 100644 --- a/deploy-extras/development/webhook/validatingwebhookconfig.yaml +++ b/deploy-extras/development/webhook/validatingwebhookconfig.yaml @@ -9,7 +9,7 @@ webhooks: - v1 clientConfig: # Should be used with `00-tls-secret.yaml` - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpakNDQTNLZ0F3SUJBZ0lVSC9xQmxWdXRRNUptdFBRRlFIcy95WnJuVlNrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd056RTFNRE1HQTFVRUF3d3NkMlZpYUc5dmF5MXpaWEoyYVdObExtOXdaVzV6YUdsbWRDMWhaR1J2YmkxdgpjR1Z5WVhSdmNpNXpkbU13SGhjTk1qUXdNVEEwTURFek1ERXdXaGNOTXpRd01UQXhNREV6TURFd1dqQTNNVFV3Ck13WURWUVFEREN4M1pXSm9iMjlyTFhObGNuWnBZMlV1YjNCbGJuTm9hV1owTFdGa1pHOXVMVzl3WlhKaGRHOXkKTG5OMll6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUt3WTZycDFXZXRCd2t6ZQp6VHpiNXUwUTAvT2Fta2NUWGJuK1hDSkN0TTFoNVJ3YnhzclB2VnY4SGtOeFJaTHhRYWYvNW1OQzdmYUF5N0d5CjBwb0FmT0FhWWxMaGF3alorTmd1Zm8xbG1IYXhTNDRrT1JZdXJHZ3pIY281NEdGK0tVK1RjRG1WN2VhbWFDbEYKSjlpQjhUL2kyS1kxRDdqcEtaU0FsZUREQkxkcWtqS0ZKLzlnMzJybHZPK0YvZFBBbWdRalNqRWh5a0IyRFE4SQp6S3BKRDBSQVBxdDZ4ZXZnZlkvNmpmb3pLOGtza0FKdTBSZGRwMW5DYjVLcmRSbjA1dkhVRGNkOFBPMnI2NmNXClJJTUJUN1N3b3pwZmVrTHRabXphRmVnQW5kZFoyZGZRM3JTelBGZ1FvNzUxbGxhMitYcXl0c2dEdXMzSGl0cUwKckVZdVFPYXhZMDhsRXRNRTZGbEJMcGt0cWZWRnAydmVwZWFXWW9mMWFuUEtoSm5HZytXYnBKQ0krMFMxS2JhdwpFNFRURXM4UDdxaDdhMmVtQWhCOHJRYVJtR3NZS3F3c2o2SkRwQUlrUDQxcHZKajc5RjRTZXdRSzB1a2Npa3EwCnl2RHJKQjhUbE5YUUVmSUVNUC9ORVplb0t3NXc4NVFGNmJrNmRsdFJCbmFBN0dOVkVuRG9UaWQ0b0ZmekV1YXQKSkZFYWkrbUQrakxXdWEyZ2NHR2pWV1E0aGI0T0dqUmlwR1d5U2JRTVdYc0lvQ3k1dkJacVJhZHpoYWlybDR5UQpFQ1VQOFE1aGg2SCtCMENnS2NCRWJUYWtWZ3hlY3RwaG1qcjhpeGpiY0tURllNWXkvSzM2bnFLSnpDVThLRE9FCkR0Mm9ibTFxOEM2dGZ3VHZDYXRaaEtSd0VWa2hBZ01CQUFHamdZMHdnWW93SFFZRFZSME9CQllFRk0vaTdzV24KV2VVLy9wZHRtRVMrYjhMQXliNDBNQjhHQTFVZEl3UVlNQmFBRk0vaTdzV25XZVUvL3BkdG1FUytiOExBeWI0MApNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOd1lEVlIwUkJEQXdMb0lzZDJWaWFHOXZheTF6WlhKMmFXTmxMbTl3ClpXNXphR2xtZEMxaFpHUnZiaTF2Y0dWeVlYUnZjaTV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGU1UKMUU2WkJRVFRYNkdveWNISFczc1hQWEhSZFNsYjUzVGR2NHgyM2FheE12YjUya0RESlFnT3NicFI0cTRGbXdQLwpmLzNtYWU2VFpEcituS2dWVmw3QXJjN3FGcENRcDV2SEVaZHZVcERRbE9BOHpiM2FLdy9Ua3JwTFluUWE5N1NyCm0wbzlkaHhNWkJlb1QxQ3VtSHVCMndhTEZZd0lMbWQ0eHA2ald6NnBkNTdqaXY3bnhWUVZlYjdkdWRZYklYQlcKR2hnUWdadFRYbWFnQ1lOTC9ZOGd2N1o2THhhYThVOWdxeWJIOFpNSTBCN25iRjdzRG5VZGZid1FpdVZDelV4Nwp0cEtlQTdjc28zdlRkQTNaSFNTVERuMmttMlNza1JHampIZERkZHlmUFo1cXp4bkkxYzd4Tlp3U2RKbW5sZWtDCm5SWmlnUFFWWHc4ZHZFTWVDMkxsMXV3dEJLNERZVkZxYVlNaG4rczBqenhJUVZBTzNCNjZrdEg1dEZZanlsTTYKK2JDVm8vQ01UTmNYZTFjMUhWTmloZEZKZDdiVWpycFc3M1lEY3EydUNnMHQzanVkMzV5RVFidnY3VkFsUFJOTApVWmJRaGx0a0FyZ2YvUWdGeGN2UE1xY3U0cEsrdS81V1lsOTMrTU1reXZGbWh3NmVSUVJySHQzL1NZTFB2eXI4Cmdrcys2bUYyazYvSEJOUk9CQWtoNzkvSWozcy9kVDRyUmwzU1lXcGh4ZzRWT00xRUlSVEhHbEZWdFEzYTZMMkUKLzlBTkZJRXhhQTd0MkJIcHNSVU5MM29WU0IvMFJ1RjdQTHBjOGtvMzEwYWpJc2VEWXJKdE5MNThDQ2VWYTFlMgptQlNYbEFtTjhCL2pNMkI2UFF3OTNRdXNob1huOStJSU9ETldWeDhFCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpakNDQTNLZ0F3SUJBZ0lVSC9xQmxWdXRRNUptdFBRRlFIcy95WnJuVlNrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd056RTFNRE1HQTFVRUF3d3NkMlZpYUc5dmF5MXpaWEoyYVdObExtOXdaVzV6YUdsbWRDMWhaR1J2YmkxdgpjR1Z5WVhSdmNpNXpkbU13SGhjTk1qUXdNVEEwTURFek1ERXdXaGNOTXpRd01UQXhNREV6TURFd1dqQTNNVFV3Ck13WURWUVFEREN4M1pXSm9iMjlyTFhObGNuWnBZMlV1YjNCbGJuTm9hV1owTFdGa1pHOXVMVzl3WlhKaGRHOXkKTG5OMll6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUt3WTZycDFXZXRCd2t6ZQp6VHpiNXUwUTAvT2Fta2NUWGJuK1hDSkN0TTFoNVJ3YnhzclB2VnY4SGtOeFJaTHhRYWYvNW1OQzdmYUF5N0d5CjBwb0FmT0FhWWxMaGF3alorTmd1Zm8xbG1IYXhTNDRrT1JZdXJHZ3pIY281NEdGK0tVK1RjRG1WN2VhbWFDbEYKSjlpQjhUL2kyS1kxRDdqcEtaU0FsZUREQkxkcWtqS0ZKLzlnMzJybHZPK0YvZFBBbWdRalNqRWh5a0IyRFE4SQp6S3BKRDBSQVBxdDZ4ZXZnZlkvNmpmb3pLOGtza0FKdTBSZGRwMW5DYjVLcmRSbjA1dkhVRGNkOFBPMnI2NmNXClJJTUJUN1N3b3pwZmVrTHRabXphRmVnQW5kZFoyZGZRM3JTelBGZ1FvNzUxbGxhMitYcXl0c2dEdXMzSGl0cUwKckVZdVFPYXhZMDhsRXRNRTZGbEJMcGt0cWZWRnAydmVwZWFXWW9mMWFuUEtoSm5HZytXYnBKQ0krMFMxS2JhdwpFNFRURXM4UDdxaDdhMmVtQWhCOHJRYVJtR3NZS3F3c2o2SkRwQUlrUDQxcHZKajc5RjRTZXdRSzB1a2Npa3EwCnl2RHJKQjhUbE5YUUVmSUVNUC9ORVplb0t3NXc4NVFGNmJrNmRsdFJCbmFBN0dOVkVuRG9UaWQ0b0ZmekV1YXQKSkZFYWkrbUQrakxXdWEyZ2NHR2pWV1E0aGI0T0dqUmlwR1d5U2JRTVdYc0lvQ3k1dkJacVJhZHpoYWlybDR5UQpFQ1VQOFE1aGg2SCtCMENnS2NCRWJUYWtWZ3hlY3RwaG1qcjhpeGpiY0tURllNWXkvSzM2bnFLSnpDVThLRE9FCkR0Mm9ibTFxOEM2dGZ3VHZDYXRaaEtSd0VWa2hBZ01CQUFHamdZMHdnWW93SFFZRFZSME9CQllFRk0vaTdzV24KV2VVLy9wZHRtRVMrYjhMQXliNDBNQjhHQTFVZEl3UVlNQmFBRk0vaTdzV25XZVUvL3BkdG1FUytiOExBeWI0MApNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOd1lEVlIwUkJEQXdMb0lzZDJWaWFHOXZheTF6WlhKMmFXTmxMbTl3ClpXNXphR2xtZEMxaFpHUnZiaTF2Y0dWeVlYUnZjaTV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGU1UKMUU2WkJRVFRYNkdveWNISFczc1hQWEhSZFNsYjUzVGR2NHgyM2FheE12YjUya0RESlFnT3NicFI0cTRGbXdQLwpmLzNtYWU2VFpEcituS2dWVmw3QXJjN3FGcENRcDV2SEVaZHZVcERRbE9BOHpiM2FLdy9Ua3JwTFluUWE5N1NyCm0wbzlkaHhNWkJlb1QxQ3VtSHVCMndhTEZZd0lMbWQ0eHA2ald6NnBkNTdqaXY3bnhWUVZlYjdkdWRZYklYQlcKR2hnUWdadFRYbWFnQ1lOTC9ZOGd2N1o2THhhYThVOWdxeWJIOFpNSTBCN25iRjdzRG5VZGZid1FpdVZDelV4Nwp0cEtlQTdjc28zdlRkQTNaSFNTVERuMmttMlNza1JHampIZERkZHlmUFo1cXp4bkkxYzd4Tlp3U2RKbW5sZWtDCm5SWmlnUFFWWHc4ZHZFTWVDMkxsMXV3dEJLNERZVkZxYVlNaG4rczBqenhJUVZBTzNCNjZrdEg1dEZZanlsTTYKK2JDVm8vQ01UTmNYZTFjMUhWTmloZEZKZDdiVWpycFc3M1lEY3EydUNnMHQzanVkMzV5RVFidnY3VkFsUFJOTApVWmJRaGx0a0FyZ2YvUWdGeGN2UE1xY3U0cEsrdS81V1lsOTMrTU1reXZGbWh3NmVSUVJySHQzL1NZTFB2eXI4Cmdrcys2bUYyazYvSEJOUk9CQWtoNzkvSWozcy9kVDRyUmwzU1lXcGh4ZzRWT00xRUlSVEhHbEZWdFEzYTZMMkUKLzlBTkZJRXhhQTd0MkJIcHNSVU5MM29WU0IvMFJ1RjdQTHBjOGtvMzEwYWpJc2VEWXJKdE5MNThDQ2VWYTFlMgptQlNYbEFtTjhCL2pNMkI2UFF3OTNRdXNob1huOStJSU9ETldWeDhFCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K service: name: webhook-service namespace: openshift-addon-operator diff --git a/deploy/80_addon-sermon-fedaration-token.yaml b/deploy/80_addon-sermon-fedaration-token.yaml index 52400cc32..c3ec33200 100644 --- a/deploy/80_addon-sermon-fedaration-token.yaml +++ b/deploy/80_addon-sermon-fedaration-token.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: addon-operator-prom-token - namespace: openshift-addon-operator + namespace: openshift-addon-operator annotations: kubernetes.io/service-account.name: "addon-operator-prom-token" --- @@ -15,7 +15,7 @@ metadata: name: addon-operator name: addon-operator-prom-token namespace: openshift-addon-operator -type: kubernetes.io/service-account-token +type: kubernetes.io/service-account-token --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yaml b/deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yaml index a2335a8a3..cc8a70889 100755 --- a/deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yaml +++ b/deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yaml @@ -1,7 +1,7 @@ --- # This Job cleans up old OLM resources after migrating to PKO # IMPORTANT: Review and customize this template before deploying! -# +# # Things to customize: # 1. Adjust the namespace if needed # 2. Modify resource filters (CSV names, labels, etc.) @@ -85,7 +85,7 @@ spec: # CUSTOMIZE: Update the label selector for your operator # Example pattern: operators.coreos.com/OPERATOR_NAME.NAMESPACE oc -n openshift-addon-operator delete csv -l "operators.coreos.com/addon-operator.openshift-addon-operator" || true - + # CUSTOMIZE: Add any additional cleanup logic here # Examples: # - Delete subscriptions diff --git a/deploy_pko/Cleanup-OLM-Job.yaml b/deploy_pko/Cleanup-OLM-Job.yaml index a2335a8a3..cc8a70889 100644 --- a/deploy_pko/Cleanup-OLM-Job.yaml +++ b/deploy_pko/Cleanup-OLM-Job.yaml @@ -1,7 +1,7 @@ --- # This Job cleans up old OLM resources after migrating to PKO # IMPORTANT: Review and customize this template before deploying! -# +# # Things to customize: # 1. Adjust the namespace if needed # 2. Modify resource filters (CSV names, labels, etc.) @@ -85,7 +85,7 @@ spec: # CUSTOMIZE: Update the label selector for your operator # Example pattern: operators.coreos.com/OPERATOR_NAME.NAMESPACE oc -n openshift-addon-operator delete csv -l "operators.coreos.com/addon-operator.openshift-addon-operator" || true - + # CUSTOMIZE: Add any additional cleanup logic here # Examples: # - Delete subscriptions diff --git a/fips.go b/fips.go index d4b108ee9..dad11e1ee 100644 --- a/fips.go +++ b/fips.go @@ -12,5 +12,5 @@ import ( ) func init() { - fmt.Println("***** Starting with FIPS crypto enabled *****") + _, _ = fmt.Println("***** Starting with FIPS crypto enabled *****") } diff --git a/hack/hypershift/package/.test-fixtures/namespace-scope/hcp/addon-operator.yaml b/hack/hypershift/package/.test-fixtures/namespace-scope/hcp/addon-operator.yaml index c89ef9502..914fa982e 100755 --- a/hack/hypershift/package/.test-fixtures/namespace-scope/hcp/addon-operator.yaml +++ b/hack/hypershift/package/.test-fixtures/namespace-scope/hcp/addon-operator.yaml @@ -94,7 +94,7 @@ spec: - effect: NoSchedule key: hypershift.openshift.io/cluster operator: Equal - value: 'ocm-staging-2bjb6klkupkpg4ovp0srqcteotev0773-ves-hcp' + value: 'ocm-staging-2bjb6klkupkpg4ovp0srqcteotev0773-ves-hcp' volumes: - name: kubeconfig secret: diff --git a/hack/hypershift/package/hcp/addon-operator.yaml.gotmpl b/hack/hypershift/package/hcp/addon-operator.yaml.gotmpl index 6198fb957..a0e8d5598 100755 --- a/hack/hypershift/package/hcp/addon-operator.yaml.gotmpl +++ b/hack/hypershift/package/hcp/addon-operator.yaml.gotmpl @@ -94,7 +94,7 @@ spec: - effect: NoSchedule key: hypershift.openshift.io/cluster operator: Equal - value: '{{.package.metadata.namespace}}' + value: '{{.package.metadata.namespace}}' volumes: - name: kubeconfig secret: diff --git a/hack/hypershift/package/manifest.yaml b/hack/hypershift/package/manifest.yaml index abdf5bd9c..f6bded200 100644 --- a/hack/hypershift/package/manifest.yaml +++ b/hack/hypershift/package/manifest.yaml @@ -36,4 +36,4 @@ test: package: metadata: name: addon-operator-manager - namespace: ocm-staging-2bjb6klkupkpg4ovp0srqcteotev0773-ves-hcp + namespace: ocm-staging-2bjb6klkupkpg4ovp0srqcteotev0773-ves-hcp diff --git a/integration/fixtures_test.go b/integration/fixtures_test.go index b9014eb8e..bd9dc82aa 100644 --- a/integration/fixtures_test.go +++ b/integration/fixtures_test.go @@ -16,25 +16,20 @@ import ( var ( // Version: v0.1.0 - // nolint - gosec G101 false-positive referenceAddonCatalogSourceImageWorking = "quay.io/osd-addons/reference-addon-index@sha256:58cb1c4478a150dc44e6c179d709726516d84db46e4e130a5227d8b76456b5bd" // version v0.6.7 - // nolint - gosec G101 false-positive referenceAddonCatalogSourceImageWorkingv6 = "quay.io/osd-addons/reference-addon-index@sha256:5e19fa26ab71861ec8522b0e56a92c61fc84718c6a794e57db307164ce05a90f" // version v0.5.0 - // nolint - gosec G101 false-positive referenceAddonCatalogSourceImageWorkingv5 = "quay.io/osd-addons/reference-addon-index@sha256:ccd0ab7962a7f185e9c0783319b649a17695442855208948363eac4acf6e0b5b" // Latest - // nolint - gosec G101 false-positive referenceAddonCatalogSourceImageWorkingLatest = "quay.io/osd-addons/reference-addon-index@sha256:2403bcb6d6f61ba3cd9d3a4653edeb852026a1edc0c49f416d3df5008dad37e8" // The latest bundle in this index image deploys a version of our referene-addon where InstallPlan and CSV never succeed // because the deployed operator pod is deliberately broken through invalid readiness and liveness probes. // Version: v0.1.3 - // nolint - gosec G101 false-positive referenceAddonCatalogSourceImageBroken = "quay.io/osd-addons/reference-addon-index@sha256:9e6306e310d585610d564412780d58ec54cb24a67d7cdabfc067ab733295010a" referenceAddonConfigEnvObjects = []addonsv1alpha1.EnvObject{ {Name: "TESTING1", Value: "TRUE"}, diff --git a/integration/metrics_collection_test.go b/integration/metrics_collection_test.go index 1ec4350f9..ee165b69e 100644 --- a/integration/metrics_collection_test.go +++ b/integration/metrics_collection_test.go @@ -101,7 +101,7 @@ func (s *integrationTestSuite) TestReconcileErrorMetrics() { func(ctx context.Context) error { metricNotFound := errors.New("expected addon_operator metric was not found") podCommand1 := []string{"curl", "https://localhost:8443/metrics", "-k"} - // nolint:contextcheck + //nolint:contextcheck result, _, err := integration.ExecCommandInPod( integration.AddonOperatorNamespace, adoPod.Name, @@ -111,7 +111,7 @@ func (s *integrationTestSuite) TestReconcileErrorMetrics() { if err != nil { // Try http if https doesn't work for local dev podCommand2 := []string{"curl", "http://localhost:8443/metrics"} - // nolint:contextcheck + //nolint:contextcheck result, _, err = integration.ExecCommandInPod( integration.AddonOperatorNamespace, adoPod.Name, @@ -182,7 +182,7 @@ func configureApiMock(ctx context.Context, failOnAddonStatusCreateEndpoint bool) ctx, retry.WithMaxDuration(time.Minute*1, backoff), func(ctx context.Context) error { - // nolint:contextcheck + //nolint:contextcheck _, _, err := integration.ExecCommandInPod( "api-mock", apiMockPod.Name, diff --git a/integration/monitoring_stack_test.go b/integration/monitoring_stack_test.go index 4a123f634..3f78e7985 100644 --- a/integration/monitoring_stack_test.go +++ b/integration/monitoring_stack_test.go @@ -89,6 +89,9 @@ func (s *integrationTestSuite) TestMonitoringStack_MonitoringInPlaceAtCreationWi case obov1alpha1.AvailableCondition: availableCondition = reconciledMonitoringStack.Status.Conditions[i] availableConditionFound = true + case obov1alpha1.ResourceDiscoveryCondition: + // ignore + case obov1alpha1.ReconciledCondition: reconciledCondition = reconciledMonitoringStack.Status.Conditions[i] reconciledConditionFound = true diff --git a/internal/metrics/recorder.go b/internal/metrics/recorder.go index 58de90614..17b06f441 100644 --- a/internal/metrics/recorder.go +++ b/internal/metrics/recorder.go @@ -302,6 +302,9 @@ func (r *Recorder) recordAddonHealthInfo( if len(addonHealth.GetReason()) > 0 { healthReason = addonHealth.GetReason() } + case metav1.ConditionUnknown: + healthStatus = 2 + case metav1.ConditionTrue: healthStatus = 1 default: diff --git a/internal/webhooks/addon_webhook.go b/internal/webhooks/addon_webhook.go index 0effa5585..98818c9e2 100644 --- a/internal/webhooks/addon_webhook.go +++ b/internal/webhooks/addon_webhook.go @@ -33,6 +33,9 @@ func (r *AddonWebhookHandler) Handle(ctx context.Context, req admission.Request) switch req.Operation { case v1.Operation(adminv1beta1.Create): return r.validateCreate(&obj) + case v1.Operation(adminv1beta1.Delete), v1.Operation(adminv1beta1.Connect): + return admission.Allowed("") + case v1.Operation(adminv1beta1.Update): oldObj := addonsv1alpha1.Addon{} if r.decoder == nil {