diff --git a/Dockerfile b/Dockerfile index 3a942884..f18c19c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ # In the first stage, install the common dependencies, and then set up the standard user. FROM registry.access.redhat.com/ubi8/ubi-minimal AS base -RUN microdnf install python38 shadow-utils \ +RUN microdnf install python39 shadow-utils git \ && groupadd -g 7051 ibp-user \ && useradd -u 7051 -g ibp-user -G root -s /bin/bash ibp-user \ && chgrp -R root /home/ibp-user /etc/passwd \ @@ -26,8 +26,12 @@ ADD . /tmp/collection RUN cd /tmp/collection \ && ansible-galaxy collection build --output-path /tmp \ && ansible-galaxy collection install /tmp/ibm-blockchain_platform-*.tar.gz \ + && ansible-galaxy collection install kubernetes.core \ && chgrp -R root /home/ibp-user/.ansible \ && chmod -R g=u /home/ibp-user/.ansible +RUN curl -sSL "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o /tmp/kubectl \ + && chmod +x /tmp/kubectl \ + && mv /tmp/kubectl /home/ibp-user/.local/bin # In the third stage, build the Hyperledger Fabric binaries with HSM enabled (this is not the default). FROM base AS fabric @@ -59,6 +63,7 @@ COPY --from=builder /home/ibp-user/.ansible /home/ibp-user/.ansible COPY --from=fabric /go/src/github.com/hyperledger/fabric/build/bin /opt/fabric/bin COPY --from=fabric /go/src/github.com/hyperledger/fabric/sampleconfig /opt/fabric/config COPY docker/docker-entrypoint.sh / +RUN mkdir /home/ibp-user/.kube ENV FABRIC_CFG_PATH=/opt/fabric/config ENV PATH=/opt/fabric/bin:/home/ibp-user/.local/bin:$PATH USER 7051 diff --git a/README.md b/README.md index e35a5555..d909612f 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,17 @@ The IBM Blockchain Platform provides advanced tooling that allows you to quickly This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. *Please Note* the main branch is now set to `2.0.0-beta`, the `release-1.2` branch is available. If you build a local copy of Ansible for production, please work from the `release-1.2` branch. + +## Beta support for Fabric Operator and Fabric Operations Console + +With the Open Source version of the [Fabric Operations Console](https://github.com/hyperledger-labs/fabric-operations-console) and the [Fabric Operator](https://github.com/hyperledger-labs/fabric-operator), it is possible now to use the Ansible Playbooks previously targetted towards The IBM Blockchain Platform in a complete open source stack. + +This should be considered beta functionality at present, please do try it out, but would not advise production use cases at present. Both the Operator AND the Console must be installed. + +Currently the installation of the Operator and Console are available via Playbooks. Once installed Fabric resources can be managed with the existing Ansible modules. + +Please see the [README](./examples/opensource-stack/README.md) in the `opensource-stack` example for more information. + ## Documentation Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ diff --git a/examples/opensource-stack/01-operator-install.yml b/examples/opensource-stack/01-operator-install.yml new file mode 100644 index 00000000..744e0083 --- /dev/null +++ b/examples/opensource-stack/01-operator-install.yml @@ -0,0 +1,13 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Deploy Opensource custom resource definitions and operator + hosts: localhost + vars_files: + - vars.yml + vars: + state: present + wait_timeout: 3600 + roles: + - ibm.blockchain_platform.fabric_operator_crds diff --git a/examples/opensource-stack/02-console-install.yml b/examples/opensource-stack/02-console-install.yml new file mode 100644 index 00000000..2ce54667 --- /dev/null +++ b/examples/opensource-stack/02-console-install.yml @@ -0,0 +1,13 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Deploy Opensource Console + hosts: localhost + vars_files: + - vars.yml + vars: + state: present + wait_timeout: 3600 + roles: + - ibm.blockchain_platform.fabric_console diff --git a/examples/opensource-stack/README.md b/examples/opensource-stack/README.md new file mode 100644 index 00000000..dec45f93 --- /dev/null +++ b/examples/opensource-stack/README.md @@ -0,0 +1,54 @@ +# Open-source Fabric Stack + +The two playbooks in this example install the [Fabric Operations Console](https://github.com/hyperledger-labs/fabric-operations-console) and the [Fabric Operator](https://github.com/hyperledger-labs/fabric-operator) + +## Usage + +As this function should be considered beta, it has not been published to Ansible Galaxy, or an image to DockerHub. Therefore please follow the installation instructions on installing from source. + +In brief, + +- Clone this repository +- Use `poetry` to create a development shell `poetry shell` +- Run these commands to build locally +``` + ansible-galaxy collection build -f + ansible-galaxy collection install $(ls -1 | grep ibm-blockchain_platform) -f +``` + +You can then run the playbooks as needed + +### Pre-requistie tools + +In addition you will need the `kubectl` and `git` installed. +## Kubernetes Connection + +The playbooks assume that the kubectl context in the current shell is set to the cluster you wish to install to. NOTE that this has been initially tested using a KIND cluster (see the `sample-network` example in the [Fabric Operator](https://github.com/hyperledger-labs/fabric-operator) for creating a KIND instance) + +`vars.yml` contains the essential configuration for naming and initial identities. + +## Post-creation actions + +Once installed, you've the choice of using the Console to create Fabric resources. +Alternatively you can use the other Ansible modules to create resources. + +It helps to create an API key rather than use the username/password. + +For example, assuming the naming as used in the example's `vars.yml` and a local KIND cluster. + +``` + AUTH=$(curl -X POST https://fabricinfra-hlf-console-console.localho.st:443/ak/api/v2/permissions/keys -u admin:password -k -H 'Content-Type: application/json' -d '{"roles": ["writer", "manager"],"description": "newkey"}') + KEY=$(echo $AUTH | jq .api_key | tr -d '"') + SECRET=$(echo $AUTH | jq .api_secret | tr -d '"') + + echo "Writing authentication file for Ansible based IBP (Software) network building" + cat << EOF > auth-vars.yml + api_key: $KEY + api_endpoint: http://fabricinfra-hlf-console-console.localho.st/ + api_authtype: basic + api_secret: $SECRET + EOF + +``` + +The `auth-vars.yml` can be included in any other playbooks or added in the `ansible-playbook` cli diff --git a/examples/opensource-stack/vars.yml b/examples/opensource-stack/vars.yml new file mode 100644 index 00000000..ac8b7aee --- /dev/null +++ b/examples/opensource-stack/vars.yml @@ -0,0 +1,23 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +# The type of K8S cluster this is using +target: kind +arch: amd64 + +# k8s namespace for the operator and console +namespace: fabricinfra + +# Console name/domain +console_name: hlf-console +console_domain: localho.st + +# default configuration for the console +# password reset will be required on first login +console_email: admin +console_default_password: password + +# different k8s clusters will be shipped with differently named default storage providers +# or none at all. KIND for example has one called 'standard' +console_storage_class: standard diff --git a/justfile b/justfile index d6aca4a1..d61d037e 100644 --- a/justfile +++ b/justfile @@ -23,6 +23,9 @@ lint: shellcheck tutorial/*.sh yamllint . +docker: + docker build -t fabric-ansible . + # Build the documentation docs: #!/bin/bash diff --git a/plugins/module_utils/certificate_authorities.py b/plugins/module_utils/certificate_authorities.py index d2806f0e..7ea57fff 100644 --- a/plugins/module_utils/certificate_authorities.py +++ b/plugins/module_utils/certificate_authorities.py @@ -108,7 +108,7 @@ def wait_for(self, timeout): for x in range(timeout): try: url = urllib.parse.urljoin(self.operations_url, '/healthz') - response = open_url(url, None, None, method='GET', validate_certs=False) + response = open_url(url, None, None, method='GET', validate_certs=False, follow_redirects='all') if response.code == 200: healthz = json.load(response) if healthz['status'] == 'OK': @@ -158,7 +158,7 @@ def get_ca_chain(self): def _get_ca_chain(self): url = urllib.parse.urljoin(self.certificate_authority.api_url, f'/cainfo?ca={self.certificate_authority.ca_name}') - response = open_url(url, None, None, method='GET', validate_certs=False) + response = open_url(url, None, None, method='GET', validate_certs=False, follow_redirects='all') cainfo = json.load(response) return cainfo['result']['CAChain'] @@ -167,7 +167,7 @@ def get_tlsca_chain(self): def _get_tlsca_chain(self): url = urllib.parse.urljoin(self.certificate_authority.api_url, f'/cainfo?ca={self.certificate_authority.tlsca_name}') - response = open_url(url, None, None, method='GET', validate_certs=False) + response = open_url(url, None, None, method='GET', validate_certs=False, follow_redirects='all') cainfo = json.load(response) return cainfo['result']['CAChain'] diff --git a/plugins/module_utils/consoles.py b/plugins/module_utils/consoles.py index 5beab48a..6fe6f267 100644 --- a/plugins/module_utils/consoles.py +++ b/plugins/module_utils/consoles.py @@ -87,7 +87,7 @@ def _login_ibmcloud(self, api_key): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to log in to IBM Cloud', 'url': self.api_token_endpoint, 'attempt': attempt, 'api_timeout': self.api_timeout}) - auth_response = open_url(url=self.api_token_endpoint, method='POST', headers=headers, data=data, timeout=self.api_timeout) + auth_response = open_url(url=self.api_token_endpoint, method='POST', headers=headers, data=data, timeout=self.api_timeout, follow_redirects='all') auth = json.load(auth_response) access_token = auth['access_token'] self.authorization = f'Bearer {access_token}' @@ -116,7 +116,7 @@ def get_health(self): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to get console health', 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') health = json.load(response) self.module.json_log({'msg': 'got console health', 'health': health}) return health @@ -136,7 +136,7 @@ def get_settings(self): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to get console settings', 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') settings = json.load(response) self.module.json_log({'msg': 'got console settings', 'settings': settings}) return settings @@ -156,7 +156,7 @@ def get_all_components(self, deployment_attrs='omitted'): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to get all components', 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') parsed_response = json.load(response) components = parsed_response.get('components', list()) self.module.json_log({'msg': 'got all components', 'components': components}) @@ -177,7 +177,7 @@ def get_component_by_id(self, id, deployment_attrs='omitted'): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to get component by id', 'id': id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'got component by id', 'component': component}) return component @@ -231,7 +231,7 @@ def create_ca(self, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to create certificate authority', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'created certificate authority', 'component': component}) return component @@ -271,7 +271,7 @@ def _update_ca(self, id, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to update certificate authority', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, serialized_data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, serialized_data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'updated certificate authority', 'component': component}) return component @@ -290,7 +290,7 @@ def delete_ca(self, id): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to delete certificate authority', 'id': id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') self.module.json_log({'msg': 'deleted certificate authority'}) return except Exception as e: @@ -325,7 +325,7 @@ def create_ext_ca(self, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to create external certificate authority', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'created external certificate authority', 'component': component}) return component @@ -347,7 +347,7 @@ def update_ext_ca(self, id, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to update external certificate authority', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'updated external certificate authority', 'component': component}) return component @@ -366,7 +366,7 @@ def delete_ext_ca(self, id): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to delete external certificate authority', 'id': id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') self.module.json_log({'msg': 'deleted external certificate authority'}) return except Exception as e: @@ -387,7 +387,7 @@ def create_peer(self, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to create peer', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'created peer', 'component': component}) return component @@ -427,7 +427,7 @@ def _update_peer(self, id, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to update peer', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, serialized_data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, serialized_data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'updated peer', 'component': component}) return component @@ -446,7 +446,7 @@ def delete_peer(self, id): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to delete peer', 'id': id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') self.module.json_log({'msg': 'deleted peer'}) return except Exception as e: @@ -481,7 +481,7 @@ def create_ext_peer(self, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to create external peer', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'created external peer', 'component': component}) return component @@ -503,7 +503,7 @@ def update_ext_peer(self, id, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to update external peer', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'updated external peer', 'component': component}) return component @@ -522,7 +522,7 @@ def delete_ext_peer(self, id): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to delete external peer', 'id': id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') self.module.json_log({'msg': 'deleted external peer'}) return except Exception as e: @@ -543,7 +543,7 @@ def create_ordering_service(self, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to create ordering service', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') components = json.load(response) if 'created' in components: components = components['created'] @@ -566,7 +566,7 @@ def delete_ordering_service(self, cluster_id): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to delete ordering service', 'cluster_id': cluster_id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') if response.getcode() == 207: json_response = json.load(response) for deleted in json_response['deleted']: @@ -579,7 +579,7 @@ def delete_ordering_service(self, cluster_id): # Blockchain Platform console this time. self.module.json_log({'msg': 'attempting to delete ordering service (not in kubernetes)', 'cluster_id': cluster_id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) new_url = urllib.parse.urljoin(self.api_endpoint, f'/ak/api/v2/components/tags/{cluster_id}') - open_url(new_url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + open_url(new_url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') else: raise Exception(f'{deleted}') self.module.json_log({'msg': 'deleted ordering service'}) @@ -607,7 +607,7 @@ def delete_ext_ordering_service(self, cluster_id): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to delete external ordering service', 'cluster_id': cluster_id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') if response.getcode() == 207: json_response = json.load(response) for deleted in json_response['deleted']: @@ -641,7 +641,7 @@ def edit_ordering_service_node(self, id, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to edit ordering service node', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, serialized_data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, serialized_data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'edited ordering service node', 'component': component}) return component @@ -681,7 +681,7 @@ def _update_ordering_service_node(self, id, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to update ordering service node', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, serialized_data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, serialized_data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'updated ordering service node', 'component': component}) return component @@ -700,7 +700,7 @@ def delete_ordering_service_node(self, id): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to delete ordering service node', 'id': id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') self.module.json_log({'msg': 'deleted ordering service node'}) return except Exception as e: @@ -741,7 +741,7 @@ def create_ext_ordering_service_node(self, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to create external ordering service node', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'created external ordering service node', 'component': component}) return component @@ -763,7 +763,7 @@ def update_ext_ordering_service_node(self, id, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to update external ordering service node', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'updated external ordering service node', 'component': component}) return component @@ -784,7 +784,7 @@ def delete_ext_ordering_service_node(self, id): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to delete external ordering service node', 'id': id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') self.module.json_log({'msg': 'deleted external ordering service node'}) return except Exception as e: @@ -809,7 +809,7 @@ def edit_admin_certs(self, id, append_admin_certs, remove_admin_certs): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to edit admin certificates', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') self.module.json_log({'msg': 'edited admin certificates'}) return except Exception as e: @@ -830,7 +830,7 @@ def create_organization(self, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to create organization', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'created organization', 'component': component}) return component @@ -852,7 +852,7 @@ def update_organization(self, id, data): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to update organization', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - response = open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') component = json.load(response) self.module.json_log({'msg': 'updated organization', 'component': component}) return component @@ -871,7 +871,7 @@ def delete_organization(self, id): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to delete organization', 'id': id, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') self.module.json_log({'msg': 'deleted organization'}) return except Exception as e: @@ -908,7 +908,7 @@ def submit_config_block(self, id, config_block): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to submit config block', 'data': data, 'url': url, 'attempt': attempt, 'api_timeout': self.api_timeout}) - open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') self.module.json_log({'msg': 'submitted config block'}) except Exception as e: self.module.json_log({'msg': 'failed to submit config block', 'error': str(e)}) @@ -1008,7 +1008,7 @@ def get_users(self): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to get all console users', 'url': url, 'attempt': attempt}) - response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') break except Exception as e: self.module.json_log({'msg': 'failed to get all console users', 'error': str(e)}) @@ -1050,7 +1050,7 @@ def create_user(self, email, roles): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to create console user', 'data': data, 'url': url, 'attempt': attempt}) - open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout) + open_url(url, data, headers, 'POST', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') break except Exception as e: self.module.json_log({'msg': 'failed to create console user', 'error': str(e)}) @@ -1082,7 +1082,7 @@ def update_user(self, email, roles): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to update console user', 'data': data, 'url': url, 'attempt': attempt}) - open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout) + open_url(url, data, headers, 'PUT', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') break except Exception as e: self.module.json_log({'msg': 'failed to update console user', 'error': str(e)}) @@ -1106,7 +1106,7 @@ def delete_user(self, email): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to delete console user', 'email': email, 'url': url, 'attempt': attempt}) - open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout) + open_url(url, None, headers, 'DELETE', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') self.module.json_log({'msg': 'deleted console user'}) return except Exception as e: @@ -1125,7 +1125,7 @@ def get_msps_by_msp_id(self, msp_id): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to get msps by msp id', 'url': url, 'attempt': attempt}) - response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') parsed_response = json.load(response) msps = parsed_response.get('msps', list()) self.module.json_log({'msg': 'got msps by msp id', 'msps': msps}) @@ -1146,7 +1146,7 @@ def get_all_fabric_versions(self): for attempt in range(1, self.retries + 1): try: self.module.json_log({'msg': 'attempting to get all available fabric versions', 'url': url, 'attempt': attempt}) - response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout) + response = open_url(url, None, headers, 'GET', validate_certs=False, timeout=self.api_timeout, follow_redirects='all') parsed_response = json.load(response) versions = parsed_response.get('versions', dict()) self.module.json_log({'msg': 'got all available fabric versions', 'versions': versions}) diff --git a/plugins/module_utils/ordering_services.py b/plugins/module_utils/ordering_services.py index 41c6048b..e7505ec8 100644 --- a/plugins/module_utils/ordering_services.py +++ b/plugins/module_utils/ordering_services.py @@ -129,7 +129,7 @@ def wait_for(self, timeout): for x in range(timeout): try: url = urllib.parse.urljoin(self.operations_url, '/healthz') - response = open_url(url, None, None, method='GET', validate_certs=False) + response = open_url(url, None, None, method='GET', validate_certs=False, follow_redirects='all') if response.code == 200: healthz = json.load(response) if healthz['status'] == 'OK': diff --git a/plugins/module_utils/peers.py b/plugins/module_utils/peers.py index 90c5b235..7b834642 100644 --- a/plugins/module_utils/peers.py +++ b/plugins/module_utils/peers.py @@ -98,7 +98,7 @@ def wait_for(self, timeout): for x in range(timeout): try: url = urllib.parse.urljoin(self.operations_url, '/healthz') - response = open_url(url, None, None, method='GET', validate_certs=False) + response = open_url(url, None, None, method='GET', validate_certs=False, follow_redirects='all') if response.code == 200: healthz = json.load(response) if healthz['status'] == 'OK': diff --git a/poetry.lock b/poetry.lock index f34ccba4..e5dda3fb 100644 --- a/poetry.lock +++ b/poetry.lock @@ -8,7 +8,7 @@ python-versions = "*" [[package]] name = "ansible" -version = "2.9.27" +version = "2.9.0" description = "Radically simple IT automation" category = "main" optional = false @@ -22,6 +22,38 @@ PyYAML = "*" [package.extras] azure = ["packaging", "requests", "xmltodict", "azure-cli-core (==2.0.35)", "azure-cli-nspkg (==3.0.2)", "azure-common (==1.1.11)", "azure-mgmt-authorization (==0.51.1)", "azure-mgmt-batch (==5.0.1)", "azure-mgmt-cdn (==3.0.0)", "azure-mgmt-compute (==4.4.0)", "azure-mgmt-containerinstance (==1.4.0)", "azure-mgmt-containerregistry (==2.0.0)", "azure-mgmt-containerservice (==4.4.0)", "azure-mgmt-dns (==2.1.0)", "azure-mgmt-keyvault (==1.1.0)", "azure-mgmt-marketplaceordering (==0.1.0)", "azure-mgmt-monitor (==0.5.2)", "azure-mgmt-network (==2.3.0)", "azure-mgmt-nspkg (==2.0.0)", "azure-mgmt-redis (==5.0.0)", "azure-mgmt-resource (==2.1.0)", "azure-mgmt-rdbms (==1.4.1)", "azure-mgmt-servicebus (==0.5.3)", "azure-mgmt-sql (==0.10.0)", "azure-mgmt-storage (==3.1.0)", "azure-mgmt-trafficmanager (==0.50.0)", "azure-mgmt-web (==0.41.0)", "azure-nspkg (==2.0.0)", "azure-storage (==0.35.1)", "msrest (==0.6.1)", "msrestazure (==0.5.0)", "azure-keyvault (==1.0.0a1)", "azure-graphrbac (==0.40.0)", "azure-mgmt-cosmosdb (==0.5.2)", "azure-mgmt-hdinsight (==0.1.0)", "azure-mgmt-devtestlabs (==3.0.0)", "azure-mgmt-loganalytics (==0.2.0)", "azure-mgmt-automation (==0.1.1)", "azure-mgmt-iothub (==0.7.0)"] +[[package]] +name = "ansible-compat" +version = "2.2.0" +description = "Ansible compatibility goodies" +category = "dev" +optional = false +python-versions = ">=3.8" + +[package.dependencies] +jsonschema = ">=4.6.0" +PyYAML = "*" +subprocess-tee = ">=0.3.5" + +[package.extras] +docs = ["sphinx-autobuild (>=0.7.1,<1.0)", "sphinx (>=4.2.0,<5.0)", "sphinx-ansible-theme", "myst-parser"] +test = ["coverage", "flaky", "pip-tools", "pytest", "pytest-markdown", "pytest-mock", "pytest-plus"] + +[[package]] +name = "ansible-core" +version = "2.13.2" +description = "Radically simple IT automation" +category = "dev" +optional = false +python-versions = ">=3.8" + +[package.dependencies] +cryptography = "*" +jinja2 = ">=3.0.0" +packaging = "*" +PyYAML = ">=5.1" +resolvelib = ">=0.5.3,<0.9.0" + [[package]] name = "ansible-doc-extractor" version = "0.1.8" @@ -41,26 +73,28 @@ core = ["ansible-core"] [[package]] name = "ansible-lint" -version = "5.3.2" -description = "Checks playbooks for practices and behaviour that could potentially be improved" +version = "6.3.0" +description = "Checks playbooks for practices and behavior that could potentially be improved" category = "dev" optional = false -python-versions = ">=3.6" +python-versions = ">=3.8" [package.dependencies] +ansible-compat = ">=2.1.0" +ansible-core = ">=2.12.0" enrich = ">=1.2.6" +jsonschema = ">=4.6.0" packaging = "*" +pytest = "*" pyyaml = "*" rich = ">=9.5.1" -"ruamel.yaml" = {version = ">=0.15.37,<1", markers = "python_version >= \"3.7\""} -tenacity = "*" +"ruamel.yaml" = ">=0.15.34,<0.18" wcmatch = ">=7.0" +yamllint = ">=1.25.0" [package.extras] -community = ["ansible (>=2.10)"] -core = ["ansible-core (>=2.11.4)"] -test = ["flaky (>=3.7.0)", "pytest (>=6.0.1)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=2.1.0)", "psutil"] -yamllint = ["yamllint (>=1.25.0)"] +docs = ["myst-parser (>=0.16.1)", "pipdeptree (>=2.2.1)", "sphinx (>=4.4.0)", "sphinx-ansible-theme (>=0.9.1)", "sphinx-rtd-theme (>=0.5.2,<1.0.0)", "sphinxcontrib-apidoc (>=0.3.0)", "sphinxcontrib-programoutput2 (>=2.0a1)", "yamllint (>=1.26.3)"] +test = ["coverage (>=6.3)", "tomli (>=2.0.0)", "flaky (>=3.7.0)", "pytest (>=6.0.1)", "pytest-cov (>=2.10.1)", "pytest-plus (>=0.2)", "pytest-xdist (>=2.1.0)", "psutil", "black", "mypy", "pylint", "flake8"] [[package]] name = "argcomplete" @@ -73,9 +107,31 @@ python-versions = ">=3.6" [package.extras] test = ["coverage", "flake8", "pexpect", "wheel"] +[[package]] +name = "atomicwrites" +version = "1.4.1" +description = "Atomic file writes." +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[[package]] +name = "attrs" +version = "21.4.0" +description = "Classes Without Boilerplate" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + +[package.extras] +dev = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "mypy", "pytest-mypy-plugins", "zope.interface", "furo", "sphinx", "sphinx-notfound-page", "pre-commit", "cloudpickle"] +docs = ["furo", "sphinx", "zope.interface", "sphinx-notfound-page"] +tests = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "mypy", "pytest-mypy-plugins", "zope.interface", "cloudpickle"] +tests_no_zope = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "mypy", "pytest-mypy-plugins", "cloudpickle"] + [[package]] name = "babel" -version = "2.10.1" +version = "2.10.3" description = "Internationalization utilities" category = "dev" optional = false @@ -86,7 +142,7 @@ pytz = ">=2015.7" [[package]] name = "bracex" -version = "2.3" +version = "2.3.post1" description = "Bash style brace expander." category = "dev" optional = false @@ -94,7 +150,7 @@ python-versions = ">=3.7" [[package]] name = "certifi" -version = "2022.5.18.1" +version = "2022.6.15" description = "Python package for providing Mozilla's CA Bundle." category = "dev" optional = false @@ -102,7 +158,7 @@ python-versions = ">=3.6" [[package]] name = "cffi" -version = "1.15.0" +version = "1.15.1" description = "Foreign Function Interface for Python calling C code." category = "main" optional = false @@ -113,18 +169,18 @@ pycparser = "*" [[package]] name = "charset-normalizer" -version = "2.0.12" +version = "2.1.0" description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." category = "dev" optional = false -python-versions = ">=3.5.0" +python-versions = ">=3.6.0" [package.extras] unicode_backport = ["unicodedata2"] [[package]] name = "colorama" -version = "0.4.4" +version = "0.4.5" description = "Cross-platform colored terminal text." category = "dev" optional = false @@ -143,7 +199,7 @@ test = ["flake8 (==3.7.8)", "hypothesis (==3.55.3)"] [[package]] name = "cryptography" -version = "37.0.2" +version = "37.0.4" description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." category = "main" optional = false @@ -205,7 +261,7 @@ python-versions = ">=3.5" [[package]] name = "imagesize" -version = "1.3.0" +version = "1.4.1" description = "Getting image size from png/jpeg/jpeg2000/gif file" category = "dev" optional = false @@ -213,7 +269,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" [[package]] name = "importlib-metadata" -version = "4.11.4" +version = "4.12.0" description = "Read metadata from Python packages" category = "dev" optional = false @@ -225,7 +281,15 @@ zipp = ">=0.5" [package.extras] docs = ["sphinx", "jaraco.packaging (>=9)", "rst.linker (>=1.9)"] perf = ["ipython"] -testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-cov", "pytest-enabler (>=1.0.1)", "packaging", "pyfakefs", "flufl.flake8", "pytest-perf (>=0.9.2)", "pytest-black (>=0.3.7)", "pytest-mypy (>=0.9.1)", "importlib-resources (>=1.3)"] +testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-cov", "pytest-enabler (>=1.3)", "packaging", "pyfakefs", "flufl.flake8", "pytest-perf (>=0.9.2)", "pytest-black (>=0.3.7)", "pytest-mypy (>=0.9.1)", "importlib-resources (>=1.3)"] + +[[package]] +name = "iniconfig" +version = "1.1.1" +description = "iniconfig: brain-dead simple config-ini parsing" +category = "dev" +optional = false +python-versions = "*" [[package]] name = "jinja2" @@ -241,6 +305,22 @@ MarkupSafe = ">=2.0" [package.extras] i18n = ["Babel (>=2.7)"] +[[package]] +name = "jsonschema" +version = "4.7.2" +description = "An implementation of JSON Schema validation for Python" +category = "dev" +optional = false +python-versions = ">=3.7" + +[package.dependencies] +attrs = ">=17.4.0" +pyrsistent = ">=0.14.0,<0.17.0 || >0.17.0,<0.17.1 || >0.17.1,<0.17.2 || >0.17.2" + +[package.extras] +format = ["fqdn", "idna", "isoduration", "jsonpointer (>1.13)", "rfc3339-validator", "rfc3987", "uri-template", "webcolors (>=1.11)"] +format-nongpl = ["fqdn", "idna", "isoduration", "jsonpointer (>1.13)", "rfc3339-validator", "rfc3986-validator (>0.1.0)", "uri-template", "webcolors (>=1.11)"] + [[package]] name = "markupsafe" version = "2.1.1" @@ -276,6 +356,26 @@ category = "dev" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7" +[[package]] +name = "pluggy" +version = "1.0.0" +description = "plugin and hook calling mechanisms for python" +category = "dev" +optional = false +python-versions = ">=3.6" + +[package.extras] +dev = ["pre-commit", "tox"] +testing = ["pytest", "pytest-benchmark"] + +[[package]] +name = "py" +version = "1.11.0" +description = "library with cross-python path, ini-parsing, io, code, log facilities" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + [[package]] name = "pycodestyle" version = "2.8.0" @@ -319,6 +419,35 @@ python-versions = ">=3.6.8" [package.extras] diagrams = ["railroad-diagrams", "jinja2"] +[[package]] +name = "pyrsistent" +version = "0.18.1" +description = "Persistent/Functional/Immutable data structures" +category = "dev" +optional = false +python-versions = ">=3.7" + +[[package]] +name = "pytest" +version = "7.1.2" +description = "pytest: simple powerful testing with Python" +category = "dev" +optional = false +python-versions = ">=3.7" + +[package.dependencies] +atomicwrites = {version = ">=1.0", markers = "sys_platform == \"win32\""} +attrs = ">=19.2.0" +colorama = {version = "*", markers = "sys_platform == \"win32\""} +iniconfig = "*" +packaging = "*" +pluggy = ">=0.12,<2.0" +py = ">=1.8.2" +tomli = ">=1.0.0" + +[package.extras] +testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "pygments (>=2.7.2)", "requests", "xmlschema"] + [[package]] name = "pytz" version = "2022.1" @@ -337,25 +466,39 @@ python-versions = ">=3.6" [[package]] name = "requests" -version = "2.27.1" +version = "2.28.1" description = "Python HTTP for Humans." category = "dev" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" +python-versions = ">=3.7, <4" [package.dependencies] certifi = ">=2017.4.17" -charset-normalizer = {version = ">=2.0.0,<2.1.0", markers = "python_version >= \"3\""} -idna = {version = ">=2.5,<4", markers = "python_version >= \"3\""} +charset-normalizer = ">=2,<3" +idna = ">=2.5,<4" urllib3 = ">=1.21.1,<1.27" [package.extras] -socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"] -use_chardet_on_py3 = ["chardet (>=3.0.2,<5)"] +socks = ["PySocks (>=1.5.6,!=1.5.7)"] +use_chardet_on_py3 = ["chardet (>=3.0.2,<6)"] + +[[package]] +name = "resolvelib" +version = "0.8.1" +description = "Resolve abstract dependencies into concrete ones" +category = "dev" +optional = false +python-versions = "*" + +[package.extras] +examples = ["html5lib", "packaging", "pygraphviz", "requests"] +lint = ["black", "flake8", "mypy", "isort", "types-requests"] +release = ["build", "towncrier", "twine"] +test = ["commentjson", "packaging", "pytest"] [[package]] name = "rich" -version = "12.4.4" +version = "12.5.1" description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" category = "dev" optional = false @@ -364,7 +507,6 @@ python-versions = ">=3.6.3,<4.0.0" [package.dependencies] commonmark = ">=0.9.0,<0.10.0" pygments = ">=2.6.0,<3.0.0" -typing-extensions = {version = ">=4.0.0,<5.0", markers = "python_version < \"3.9\""} [package.extras] jupyter = ["ipywidgets (>=7.5.1,<8.0.0)"] @@ -519,15 +661,15 @@ lint = ["flake8", "mypy", "docutils-stubs"] test = ["pytest"] [[package]] -name = "tenacity" -version = "8.0.1" -description = "Retry code until it succeeds" +name = "subprocess-tee" +version = "0.3.5" +description = "subprocess-tee" category = "dev" optional = false python-versions = ">=3.6" [package.extras] -doc = ["reno", "sphinx", "tornado (>=4.5)"] +test = ["enrich (>=1.2.6)", "mock (>=4.0.3)", "molecule (>=3.4.0)", "pytest-cov (>=2.12.1)", "pytest-plus (>=0.2)", "pytest-xdist (>=2.3.0)", "pytest (>=6.2.5)"] [[package]] name = "toml" @@ -538,20 +680,20 @@ optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" [[package]] -name = "typing-extensions" -version = "4.2.0" -description = "Backported and Experimental Type Hints for Python 3.7+" +name = "tomli" +version = "2.0.1" +description = "A lil' TOML parser" category = "dev" optional = false python-versions = ">=3.7" [[package]] name = "urllib3" -version = "1.26.9" +version = "1.26.10" description = "HTTP library with thread-safe connection pooling, file post, and more." category = "dev" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4" +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, <4" [package.extras] brotli = ["brotlicffi (>=0.8.0)", "brotli (>=1.0.9)", "brotlipy (>=0.6.0)"] @@ -560,11 +702,11 @@ socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"] [[package]] name = "wcmatch" -version = "8.3" +version = "8.4" description = "Wildcard/glob file name matcher." category = "dev" optional = false -python-versions = ">=3.6" +python-versions = ">=3.7" [package.dependencies] bracex = ">=2.1.1" @@ -579,11 +721,11 @@ python-versions = ">=3.4" [[package]] name = "yamllint" -version = "1.26.3" +version = "1.27.1" description = "A linter for YAML files." category = "dev" optional = false -python-versions = ">=3.5" +python-versions = ">=3.6" [package.dependencies] pathspec = ">=0.5.3" @@ -608,141 +750,51 @@ tests = ["coverage", "flake8", "wheel"] [[package]] name = "zipp" -version = "3.8.0" +version = "3.8.1" description = "Backport of pathlib-compatible object wrapper for zip files" category = "dev" optional = false python-versions = ">=3.7" [package.extras] -docs = ["sphinx", "jaraco.packaging (>=9)", "rst.linker (>=1.9)"] -testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-cov", "pytest-enabler (>=1.0.1)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy (>=0.9.1)"] +docs = ["sphinx", "jaraco.packaging (>=9)", "rst.linker (>=1.9)", "jaraco.tidelift (>=1.4)"] +testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-cov", "pytest-enabler (>=1.3)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy (>=0.9.1)"] [metadata] lock-version = "1.1" -python-versions = "^3.8" -content-hash = "18dd64b21dec6b5a390fca533ca4356b70ebdf7b6a78b998daf9393f7cd6f876" +python-versions = "^3.9" +content-hash = "c76c142efc0d7d391c9b8ccb4ef1c6953f27a024321d652d7b7d6cf1397f4faa" [metadata.files] alabaster = [ {file = "alabaster-0.7.12-py2.py3-none-any.whl", hash = "sha256:446438bdcca0e05bd45ea2de1668c1d9b032e1a9154c2c259092d77031ddd359"}, {file = "alabaster-0.7.12.tar.gz", hash = "sha256:a661d72d58e6ea8a57f7a86e37d86716863ee5e92788398526d58b26a4e4dc02"}, ] -ansible = [ - {file = "ansible-2.9.27.tar.gz", hash = "sha256:479159e50b3bd90920d06bc59410c3a51d3f9be9b4e1029e11d1e4a2d0705736"}, -] +ansible = [] +ansible-compat = [] +ansible-core = [] ansible-doc-extractor = [ {file = "ansible-doc-extractor-0.1.8.tar.gz", hash = "sha256:3bb88d45a8bb3f4ec92646da2b6d68be9288e175f4c6ec570428ac3a819e2b87"}, {file = "ansible_doc_extractor-0.1.8-py3-none-any.whl", hash = "sha256:c381dd9a039c0bb8ba97e754e3fcb1d0f904bbbf8080ea44a4a3391f0f851501"}, ] -ansible-lint = [ - {file = "ansible-lint-5.3.2.tar.gz", hash = "sha256:9ba886db4c44e59360bc8d668f0beae6193c0a1fcbb9e76127000ca3aced7c28"}, - {file = "ansible_lint-5.3.2-py3-none-any.whl", hash = "sha256:4673e55e61809bbebf5a6376cc5ed9cac32ef5fff6a121db70ea5ab0228cd81f"}, -] +ansible-lint = [] argcomplete = [ {file = "argcomplete-2.0.0-py2.py3-none-any.whl", hash = "sha256:cffa11ea77999bb0dd27bb25ff6dc142a6796142f68d45b1a26b11f58724561e"}, {file = "argcomplete-2.0.0.tar.gz", hash = "sha256:6372ad78c89d662035101418ae253668445b391755cfe94ea52f1b9d22425b20"}, ] -babel = [ - {file = "Babel-2.10.1-py3-none-any.whl", hash = "sha256:3f349e85ad3154559ac4930c3918247d319f21910d5ce4b25d439ed8693b98d2"}, - {file = "Babel-2.10.1.tar.gz", hash = "sha256:98aeaca086133efb3e1e2aad0396987490c8425929ddbcfe0550184fdc54cd13"}, -] -bracex = [ - {file = "bracex-2.3-py3-none-any.whl", hash = "sha256:6789a715744bcb3359b53c4012dd94be5ab7669c638affe89f670595a3c73cc0"}, - {file = "bracex-2.3.tar.gz", hash = "sha256:a3ce1d8a9fb7acc887e2e60ac5aa269f243d960c34c3d8a541fb672bdb9aa957"}, -] -certifi = [ - {file = "certifi-2022.5.18.1-py3-none-any.whl", hash = "sha256:f1d53542ee8cbedbe2118b5686372fb33c297fcd6379b050cca0ef13a597382a"}, - {file = "certifi-2022.5.18.1.tar.gz", hash = "sha256:9c5705e395cd70084351dd8ad5c41e65655e08ce46f2ec9cf6c2c08390f71eb7"}, -] -cffi = [ - {file = "cffi-1.15.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:c2502a1a03b6312837279c8c1bd3ebedf6c12c4228ddbad40912d671ccc8a962"}, - {file = "cffi-1.15.0-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:23cfe892bd5dd8941608f93348c0737e369e51c100d03718f108bf1add7bd6d0"}, - {file = "cffi-1.15.0-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:41d45de54cd277a7878919867c0f08b0cf817605e4eb94093e7516505d3c8d14"}, - {file = "cffi-1.15.0-cp27-cp27m-win32.whl", hash = "sha256:4a306fa632e8f0928956a41fa8e1d6243c71e7eb59ffbd165fc0b41e316b2474"}, - {file = "cffi-1.15.0-cp27-cp27m-win_amd64.whl", hash = "sha256:e7022a66d9b55e93e1a845d8c9eba2a1bebd4966cd8bfc25d9cd07d515b33fa6"}, - {file = "cffi-1.15.0-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:14cd121ea63ecdae71efa69c15c5543a4b5fbcd0bbe2aad864baca0063cecf27"}, - {file = "cffi-1.15.0-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:d4d692a89c5cf08a8557fdeb329b82e7bf609aadfaed6c0d79f5a449a3c7c023"}, - {file = "cffi-1.15.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0104fb5ae2391d46a4cb082abdd5c69ea4eab79d8d44eaaf79f1b1fd806ee4c2"}, - {file = "cffi-1.15.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:91ec59c33514b7c7559a6acda53bbfe1b283949c34fe7440bcf917f96ac0723e"}, - {file = "cffi-1.15.0-cp310-cp310-manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:f5c7150ad32ba43a07c4479f40241756145a1f03b43480e058cfd862bf5041c7"}, - {file = "cffi-1.15.0-cp310-cp310-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:00c878c90cb53ccfaae6b8bc18ad05d2036553e6d9d1d9dbcf323bbe83854ca3"}, - {file = "cffi-1.15.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:abb9a20a72ac4e0fdb50dae135ba5e77880518e742077ced47eb1499e29a443c"}, - {file = "cffi-1.15.0-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a5263e363c27b653a90078143adb3d076c1a748ec9ecc78ea2fb916f9b861962"}, - {file = "cffi-1.15.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f54a64f8b0c8ff0b64d18aa76675262e1700f3995182267998c31ae974fbc382"}, - {file = "cffi-1.15.0-cp310-cp310-win32.whl", hash = "sha256:c21c9e3896c23007803a875460fb786118f0cdd4434359577ea25eb556e34c55"}, - {file = "cffi-1.15.0-cp310-cp310-win_amd64.whl", hash = "sha256:5e069f72d497312b24fcc02073d70cb989045d1c91cbd53979366077959933e0"}, - {file = "cffi-1.15.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:64d4ec9f448dfe041705426000cc13e34e6e5bb13736e9fd62e34a0b0c41566e"}, - {file = "cffi-1.15.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2756c88cbb94231c7a147402476be2c4df2f6078099a6f4a480d239a8817ae39"}, - {file = "cffi-1.15.0-cp36-cp36m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3b96a311ac60a3f6be21d2572e46ce67f09abcf4d09344c49274eb9e0bf345fc"}, - {file = "cffi-1.15.0-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:75e4024375654472cc27e91cbe9eaa08567f7fbdf822638be2814ce059f58032"}, - {file = "cffi-1.15.0-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:59888172256cac5629e60e72e86598027aca6bf01fa2465bdb676d37636573e8"}, - {file = "cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:27c219baf94952ae9d50ec19651a687b826792055353d07648a5695413e0c605"}, - {file = "cffi-1.15.0-cp36-cp36m-win32.whl", hash = "sha256:4958391dbd6249d7ad855b9ca88fae690783a6be9e86df65865058ed81fc860e"}, - {file = "cffi-1.15.0-cp36-cp36m-win_amd64.whl", hash = "sha256:f6f824dc3bce0edab5f427efcfb1d63ee75b6fcb7282900ccaf925be84efb0fc"}, - {file = "cffi-1.15.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:06c48159c1abed75c2e721b1715c379fa3200c7784271b3c46df01383b593636"}, - {file = "cffi-1.15.0-cp37-cp37m-manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:c2051981a968d7de9dd2d7b87bcb9c939c74a34626a6e2f8181455dd49ed69e4"}, - {file = "cffi-1.15.0-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:fd8a250edc26254fe5b33be00402e6d287f562b6a5b2152dec302fa15bb3e997"}, - {file = "cffi-1.15.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:91d77d2a782be4274da750752bb1650a97bfd8f291022b379bb8e01c66b4e96b"}, - {file = "cffi-1.15.0-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:45db3a33139e9c8f7c09234b5784a5e33d31fd6907800b316decad50af323ff2"}, - {file = "cffi-1.15.0-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:263cc3d821c4ab2213cbe8cd8b355a7f72a8324577dc865ef98487c1aeee2bc7"}, - {file = "cffi-1.15.0-cp37-cp37m-win32.whl", hash = "sha256:17771976e82e9f94976180f76468546834d22a7cc404b17c22df2a2c81db0c66"}, - {file = "cffi-1.15.0-cp37-cp37m-win_amd64.whl", hash = "sha256:3415c89f9204ee60cd09b235810be700e993e343a408693e80ce7f6a40108029"}, - {file = "cffi-1.15.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:4238e6dab5d6a8ba812de994bbb0a79bddbdf80994e4ce802b6f6f3142fcc880"}, - {file = "cffi-1.15.0-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:0808014eb713677ec1292301ea4c81ad277b6cdf2fdd90fd540af98c0b101d20"}, - {file = "cffi-1.15.0-cp38-cp38-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:57e9ac9ccc3101fac9d6014fba037473e4358ef4e89f8e181f8951a2c0162024"}, - {file = "cffi-1.15.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8b6c2ea03845c9f501ed1313e78de148cd3f6cad741a75d43a29b43da27f2e1e"}, - {file = "cffi-1.15.0-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:10dffb601ccfb65262a27233ac273d552ddc4d8ae1bf93b21c94b8511bffe728"}, - {file = "cffi-1.15.0-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:786902fb9ba7433aae840e0ed609f45c7bcd4e225ebb9c753aa39725bb3e6ad6"}, - {file = "cffi-1.15.0-cp38-cp38-win32.whl", hash = "sha256:da5db4e883f1ce37f55c667e5c0de439df76ac4cb55964655906306918e7363c"}, - {file = "cffi-1.15.0-cp38-cp38-win_amd64.whl", hash = "sha256:181dee03b1170ff1969489acf1c26533710231c58f95534e3edac87fff06c443"}, - {file = "cffi-1.15.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:45e8636704eacc432a206ac7345a5d3d2c62d95a507ec70d62f23cd91770482a"}, - {file = "cffi-1.15.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:31fb708d9d7c3f49a60f04cf5b119aeefe5644daba1cd2a0fe389b674fd1de37"}, - {file = "cffi-1.15.0-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:6dc2737a3674b3e344847c8686cf29e500584ccad76204efea14f451d4cc669a"}, - {file = "cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:74fdfdbfdc48d3f47148976f49fab3251e550a8720bebc99bf1483f5bfb5db3e"}, - {file = "cffi-1.15.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ffaa5c925128e29efbde7301d8ecaf35c8c60ffbcd6a1ffd3a552177c8e5e796"}, - {file = "cffi-1.15.0-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3f7d084648d77af029acb79a0ff49a0ad7e9d09057a9bf46596dac9514dc07df"}, - {file = "cffi-1.15.0-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:ef1f279350da2c586a69d32fc8733092fd32cc8ac95139a00377841f59a3f8d8"}, - {file = "cffi-1.15.0-cp39-cp39-win32.whl", hash = "sha256:2a23af14f408d53d5e6cd4e3d9a24ff9e05906ad574822a10563efcef137979a"}, - {file = "cffi-1.15.0-cp39-cp39-win_amd64.whl", hash = "sha256:3773c4d81e6e818df2efbc7dd77325ca0dcb688116050fb2b3011218eda36139"}, - {file = "cffi-1.15.0.tar.gz", hash = "sha256:920f0d66a896c2d99f0adbb391f990a84091179542c205fa53ce5787aff87954"}, -] -charset-normalizer = [ - {file = "charset-normalizer-2.0.12.tar.gz", hash = "sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597"}, - {file = "charset_normalizer-2.0.12-py3-none-any.whl", hash = "sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"}, -] -colorama = [ - {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"}, - {file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"}, -] +atomicwrites = [] +attrs = [] +babel = [] +bracex = [] +certifi = [] +cffi = [] +charset-normalizer = [] +colorama = [] commonmark = [ {file = "commonmark-0.9.1-py2.py3-none-any.whl", hash = "sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9"}, {file = "commonmark-0.9.1.tar.gz", hash = "sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60"}, ] -cryptography = [ - {file = "cryptography-37.0.2-cp36-abi3-macosx_10_10_universal2.whl", hash = "sha256:ef15c2df7656763b4ff20a9bc4381d8352e6640cfeb95c2972c38ef508e75181"}, - {file = "cryptography-37.0.2-cp36-abi3-macosx_10_10_x86_64.whl", hash = "sha256:3c81599befb4d4f3d7648ed3217e00d21a9341a9a688ecdd615ff72ffbed7336"}, - {file = "cryptography-37.0.2-cp36-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:2bd1096476aaac820426239ab534b636c77d71af66c547b9ddcd76eb9c79e004"}, - {file = "cryptography-37.0.2-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:31fe38d14d2e5f787e0aecef831457da6cec68e0bb09a35835b0b44ae8b988fe"}, - {file = "cryptography-37.0.2-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:093cb351031656d3ee2f4fa1be579a8c69c754cf874206be1d4cf3b542042804"}, - {file = "cryptography-37.0.2-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:59b281eab51e1b6b6afa525af2bd93c16d49358404f814fe2c2410058623928c"}, - {file = "cryptography-37.0.2-cp36-abi3-manylinux_2_24_x86_64.whl", hash = "sha256:0cc20f655157d4cfc7bada909dc5cc228211b075ba8407c46467f63597c78178"}, - {file = "cryptography-37.0.2-cp36-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:f8ec91983e638a9bcd75b39f1396e5c0dc2330cbd9ce4accefe68717e6779e0a"}, - {file = "cryptography-37.0.2-cp36-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:46f4c544f6557a2fefa7ac8ac7d1b17bf9b647bd20b16decc8fbcab7117fbc15"}, - {file = "cryptography-37.0.2-cp36-abi3-win32.whl", hash = "sha256:731c8abd27693323b348518ed0e0705713a36d79fdbd969ad968fbef0979a7e0"}, - {file = "cryptography-37.0.2-cp36-abi3-win_amd64.whl", hash = "sha256:471e0d70201c069f74c837983189949aa0d24bb2d751b57e26e3761f2f782b8d"}, - {file = "cryptography-37.0.2-pp37-pypy37_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a68254dd88021f24a68b613d8c51d5c5e74d735878b9e32cc0adf19d1f10aaf9"}, - {file = "cryptography-37.0.2-pp37-pypy37_pp73-manylinux_2_24_x86_64.whl", hash = "sha256:a7d5137e556cc0ea418dca6186deabe9129cee318618eb1ffecbd35bee55ddc1"}, - {file = "cryptography-37.0.2-pp38-pypy38_pp73-macosx_10_10_x86_64.whl", hash = "sha256:aeaba7b5e756ea52c8861c133c596afe93dd716cbcacae23b80bc238202dc023"}, - {file = "cryptography-37.0.2-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:95e590dd70642eb2079d280420a888190aa040ad20f19ec8c6e097e38aa29e06"}, - {file = "cryptography-37.0.2-pp38-pypy38_pp73-manylinux_2_24_x86_64.whl", hash = "sha256:1b9362d34363f2c71b7853f6251219298124aa4cc2075ae2932e64c91a3e2717"}, - {file = "cryptography-37.0.2-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:e53258e69874a306fcecb88b7534d61820db8a98655662a3dd2ec7f1afd9132f"}, - {file = "cryptography-37.0.2-pp39-pypy39_pp73-macosx_10_10_x86_64.whl", hash = "sha256:1f3bfbd611db5cb58ca82f3deb35e83af34bb8cf06043fa61500157d50a70982"}, - {file = "cryptography-37.0.2-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:419c57d7b63f5ec38b1199a9521d77d7d1754eb97827bbb773162073ccd8c8d4"}, - {file = "cryptography-37.0.2-pp39-pypy39_pp73-manylinux_2_24_x86_64.whl", hash = "sha256:dc26bb134452081859aa21d4990474ddb7e863aa39e60d1592800a8865a702de"}, - {file = "cryptography-37.0.2-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:3b8398b3d0efc420e777c40c16764d6870bcef2eb383df9c6dbb9ffe12c64452"}, - {file = "cryptography-37.0.2.tar.gz", hash = "sha256:f224ad253cc9cea7568f49077007d2263efa57396a2f2f78114066fd54b5c68e"}, -] +cryptography = [] docutils = [ {file = "docutils-0.17.1-py2.py3-none-any.whl", hash = "sha256:cf316c8370a737a022b72b56874f6602acf974a37a9fba42ec2876387549fc61"}, {file = "docutils-0.17.1.tar.gz", hash = "sha256:686577d2e4c32380bb50cbb22f575ed742d58168cee37e99117a854bcd88f125"}, @@ -759,18 +811,14 @@ idna = [ {file = "idna-3.3-py3-none-any.whl", hash = "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff"}, {file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"}, ] -imagesize = [ - {file = "imagesize-1.3.0-py2.py3-none-any.whl", hash = "sha256:1db2f82529e53c3e929e8926a1fa9235aa82d0bd0c580359c67ec31b2fddaa8c"}, - {file = "imagesize-1.3.0.tar.gz", hash = "sha256:cd1750d452385ca327479d45b64d9c7729ecf0b3969a58148298c77092261f9d"}, -] -importlib-metadata = [ - {file = "importlib_metadata-4.11.4-py3-none-any.whl", hash = "sha256:c58c8eb8a762858f49e18436ff552e83914778e50e9d2f1660535ffb364552ec"}, - {file = "importlib_metadata-4.11.4.tar.gz", hash = "sha256:5d26852efe48c0a32b0509ffbc583fda1a2266545a78d104a6f4aff3db17d700"}, -] +imagesize = [] +importlib-metadata = [] +iniconfig = [] jinja2 = [ {file = "Jinja2-3.1.2-py3-none-any.whl", hash = "sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61"}, {file = "Jinja2-3.1.2.tar.gz", hash = "sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852"}, ] +jsonschema = [] markupsafe = [ {file = "MarkupSafe-2.1.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:86b1f75c4e7c2ac2ccdaec2b9022845dbb81880ca318bb7a0a01fbf7813e3812"}, {file = "MarkupSafe-2.1.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:f121a1420d4e173a5d96e47e9a0c0dcff965afdf1626d28de1460815f7c4ee7a"}, @@ -825,6 +873,8 @@ pathspec = [ {file = "pathspec-0.9.0-py2.py3-none-any.whl", hash = "sha256:7d15c4ddb0b5c802d161efc417ec1a2558ea2653c2e8ad9c19098201dc1c993a"}, {file = "pathspec-0.9.0.tar.gz", hash = "sha256:e564499435a2673d586f6b2130bb5b95f04a3ba06f81b8f895b651a3c76aabb1"}, ] +pluggy = [] +py = [] pycodestyle = [ {file = "pycodestyle-2.8.0-py2.py3-none-any.whl", hash = "sha256:720f8b39dde8b293825e7ff02c475f3077124006db4f440dcbc9a20b76548a20"}, {file = "pycodestyle-2.8.0.tar.gz", hash = "sha256:eddd5847ef438ea1c7870ca7eb78a9d47ce0cdb4851a5523949f2601d0cbbe7f"}, @@ -845,6 +895,8 @@ pyparsing = [ {file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"}, {file = "pyparsing-3.0.9.tar.gz", hash = "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"}, ] +pyrsistent = [] +pytest = [] pytz = [ {file = "pytz-2022.1-py2.py3-none-any.whl", hash = "sha256:e68985985296d9a66a881eb3193b0906246245294a881e7c8afe623866ac6a5c"}, {file = "pytz-2022.1.tar.gz", hash = "sha256:1e760e2fe6a8163bc0b3d9a19c4f84342afa0a2affebfaa84b01b978a02ecaa7"}, @@ -884,14 +936,9 @@ pyyaml = [ {file = "PyYAML-6.0-cp39-cp39-win_amd64.whl", hash = "sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c"}, {file = "PyYAML-6.0.tar.gz", hash = "sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2"}, ] -requests = [ - {file = "requests-2.27.1-py2.py3-none-any.whl", hash = "sha256:f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d"}, - {file = "requests-2.27.1.tar.gz", hash = "sha256:68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61"}, -] -rich = [ - {file = "rich-12.4.4-py3-none-any.whl", hash = "sha256:d2bbd99c320a2532ac71ff6a3164867884357da3e3301f0240090c5d2fdac7ec"}, - {file = "rich-12.4.4.tar.gz", hash = "sha256:4c586de507202505346f3e32d1363eb9ed6932f0c2f63184dea88983ff4971e2"}, -] +requests = [] +resolvelib = [] +rich = [] "ruamel.yaml" = [ {file = "ruamel.yaml-0.17.21-py3-none-any.whl", hash = "sha256:742b35d3d665023981bd6d16b3d24248ce5df75fdb4e2924e93a05c1f8b61ca7"}, {file = "ruamel.yaml-0.17.21.tar.gz", hash = "sha256:8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af"}, @@ -959,38 +1006,24 @@ sphinxcontrib-serializinghtml = [ {file = "sphinxcontrib-serializinghtml-1.1.5.tar.gz", hash = "sha256:aa5f6de5dfdf809ef505c4895e51ef5c9eac17d0f287933eb49ec495280b6952"}, {file = "sphinxcontrib_serializinghtml-1.1.5-py2.py3-none-any.whl", hash = "sha256:352a9a00ae864471d3a7ead8d7d79f5fc0b57e8b3f95e9867eb9eb28999b92fd"}, ] -tenacity = [ - {file = "tenacity-8.0.1-py3-none-any.whl", hash = "sha256:f78f4ea81b0fabc06728c11dc2a8c01277bfc5181b321a4770471902e3eb844a"}, - {file = "tenacity-8.0.1.tar.gz", hash = "sha256:43242a20e3e73291a28bcbcacfd6e000b02d3857a9a9fff56b297a27afdc932f"}, -] +subprocess-tee = [] toml = [ {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, ] -typing-extensions = [ - {file = "typing_extensions-4.2.0-py3-none-any.whl", hash = "sha256:6657594ee297170d19f67d55c05852a874e7eb634f4f753dbd667855e07c1708"}, - {file = "typing_extensions-4.2.0.tar.gz", hash = "sha256:f1c24655a0da0d1b67f07e17a5e6b2a105894e6824b92096378bb3668ef02376"}, -] -urllib3 = [ - {file = "urllib3-1.26.9-py2.py3-none-any.whl", hash = "sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14"}, - {file = "urllib3-1.26.9.tar.gz", hash = "sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e"}, -] -wcmatch = [ - {file = "wcmatch-8.3-py3-none-any.whl", hash = "sha256:7141d2c85314253f16b38cb3d6cc0fb612918d407e1df3ccc2be7c86cc259c22"}, - {file = "wcmatch-8.3.tar.gz", hash = "sha256:371072912398af61d1e4e78609e18801c6faecd3cb36c54c82556a60abc965db"}, +tomli = [ + {file = "tomli-2.0.1-py3-none-any.whl", hash = "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc"}, + {file = "tomli-2.0.1.tar.gz", hash = "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f"}, ] +urllib3 = [] +wcmatch = [] xmltodict = [ {file = "xmltodict-0.13.0-py2.py3-none-any.whl", hash = "sha256:aa89e8fd76320154a40d19a0df04a4695fb9dc5ba977cbb68ab3e4eb225e7852"}, {file = "xmltodict-0.13.0.tar.gz", hash = "sha256:341595a488e3e01a85a9d8911d8912fd922ede5fecc4dce437eb4b6c8d037e56"}, ] -yamllint = [ - {file = "yamllint-1.26.3.tar.gz", hash = "sha256:3934dcde484374596d6b52d8db412929a169f6d9e52e20f9ade5bf3523d9b96e"}, -] +yamllint = [] yq = [ {file = "yq-2.14.0-py3-none-any.whl", hash = "sha256:b6321b29cb39c4e92a4a6f16d47d99a024650211e45e09a02d1906ec45fbaede"}, {file = "yq-2.14.0.tar.gz", hash = "sha256:f4bf2b299d1e5c7ebd74cfb25d1f5d9b6401063bac07a2d09a156144c1d644e1"}, ] -zipp = [ - {file = "zipp-3.8.0-py3-none-any.whl", hash = "sha256:c4f6e5bbf48e74f7a38e7cc5b0480ff42b0ae5178957d564d18932525d5cf099"}, - {file = "zipp-3.8.0.tar.gz", hash = "sha256:56bf8aadb83c24db6c4b577e13de374ccfb67da2078beba1d037c17980bf43ad"}, -] +zipp = [] diff --git a/pyproject.toml b/pyproject.toml index 84b641fa..09203c0c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,17 +7,17 @@ authors = ["Matthew B White "] license = "Apache-2.0" [tool.poetry.dependencies] -python = "^3.8" +python = "^3.9" yq = "^2.14.0" -ansible = ">=2.9,<2.10" +ansible = "2.9" [tool.poetry.dev-dependencies] -ansible-lint = "5.3.2" yamllint = "^1.26.3" flake8 = "^4.0.1" ansible-doc-extractor = "^0.1.8" Sphinx = "^4.5.0" sphinx-rtd-theme = "^1.0.0" +ansible-lint = "^6.3.0" [build-system] requires = ["poetry-core>=1.0.0"] diff --git a/roles/console/meta/main.yml b/roles/console/meta/main.yml index ff2cfc11..e15244f2 100644 --- a/roles/console/meta/main.yml +++ b/roles/console/meta/main.yml @@ -11,4 +11,4 @@ galaxy_info: versions: - all galaxy_tags: [] - min_ansible_version: 2.9 + min_ansible_version: "2.9" diff --git a/roles/crds/meta/main.yml b/roles/crds/meta/main.yml index b39fe1d0..e5d64c91 100644 --- a/roles/crds/meta/main.yml +++ b/roles/crds/meta/main.yml @@ -11,4 +11,4 @@ galaxy_info: versions: - all galaxy_tags: [] - min_ansible_version: 2.9 + min_ansible_version: "2.9" diff --git a/roles/endorsing_organization/meta/main.yml b/roles/endorsing_organization/meta/main.yml index a1c97ed9..3acf89b7 100644 --- a/roles/endorsing_organization/meta/main.yml +++ b/roles/endorsing_organization/meta/main.yml @@ -11,4 +11,4 @@ galaxy_info: versions: - all galaxy_tags: [] - min_ansible_version: 2.9 + min_ansible_version: "2.9" diff --git a/roles/fabric_console/README.md b/roles/fabric_console/README.md new file mode 100644 index 00000000..ad87f9bb --- /dev/null +++ b/roles/fabric_console/README.md @@ -0,0 +1,17 @@ +# console + +This role installs the [Hyperledger Fabric Operations Console](https://github.com/hyperledger-labs/fabric-operations-console) + +## Documentation + +Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ + +The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. + +## License + +Apache-2.0 + +## Author Information + +This Ansible collection is maintained by the IBM Hyperledger Fabric Support Offering development team. \ No newline at end of file diff --git a/roles/fabric_console/defaults/main.yml b/roles/fabric_console/defaults/main.yml new file mode 100644 index 00000000..52ddf5e7 --- /dev/null +++ b/roles/fabric_console/defaults/main.yml @@ -0,0 +1,45 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +state: present +# target: k8s | openshift +# arch: amd64 | s390x +# project: my-project +namespace: "" # defined by jinja2 otherwise + +image_pull_secret: ghcr-pull-secret +image_registry: hyperledger +# image_registry_username: cp +# image_registry_email: user@example.org +# image_registry_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + +fabric_version: 2.4.4 +fabric_ca_version: 1.5.4 + +image_repository: cp +image_registry_url: "{{ image_registry }}/{{ image_repository }}" + +service_account: default + +# console_domain: example.org +# console_email: user@example.org +# console_default_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +console_storage_class: default +console_storage_size: 5Gi + +wait_timeout: 60 + +deployer_image: ghcr.io/ibm-blockchain/fabric-deployer +deployer_image_label: latest-amd64 +console_image: ghcr.io/hyperledger-labs/fabric-console +console_image_label: latest + +init_image: registry.access.redhat.com/ubi8/ubi-minimal +init_image_label: latest + +couchdb_image: couchdb +couchdb_image_label: 3.2.1 + +tools_image: "{{ image_registry }}/fabric-tools" +tools_image_label: "{{ fabric_version }}" diff --git a/roles/fabric_console/meta/main.yml b/roles/fabric_console/meta/main.yml new file mode 100644 index 00000000..1a9268c0 --- /dev/null +++ b/roles/fabric_console/meta/main.yml @@ -0,0 +1,14 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +galaxy_info: + author: Matthew White + description: Ansible role for deploying the Fabric Labs console into Kubernetes or Red Hat OpenShift + license: Apache-2.0 + platforms: + - name: GenericLinux + versions: + - all + galaxy_tags: [] + min_ansible_version: "2.9" diff --git a/roles/fabric_console/tasks/create.yml b/roles/fabric_console/tasks/create.yml new file mode 100644 index 00000000..469f89c2 --- /dev/null +++ b/roles/fabric_console/tasks/create.yml @@ -0,0 +1,26 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Fail if architecture not specified + fail: + msg: arch not specified or is not one of "amd64" or "s390x" + when: not arch is defined or not arch in ("amd64", "s390x") + +- name: Fail if console domain not specified + fail: + msg: console_domain not specified or is empty + when: not console_domain is defined or not console_domain + +- name: Fail if console email not specified + fail: + msg: console_email not specified or is empty + when: not console_email is defined or not console_email + +- name: Fail if console default password not specified + fail: + msg: console_default_password not specified or is empty + when: not console_default_password is defined or not console_default_password + +- name: Create console + include_tasks: "{{ target }}/create.yml" diff --git a/roles/fabric_console/tasks/delete.yml b/roles/fabric_console/tasks/delete.yml new file mode 100644 index 00000000..deca3398 --- /dev/null +++ b/roles/fabric_console/tasks/delete.yml @@ -0,0 +1,6 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Delete console + include_tasks: "{{ target }}/delete.yml" diff --git a/roles/fabric_console/tasks/kind/create.yml b/roles/fabric_console/tasks/kind/create.yml new file mode 100644 index 00000000..662fa37c --- /dev/null +++ b/roles/fabric_console/tasks/kind/create.yml @@ -0,0 +1,59 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Fail if namespace not specified + fail: + msg: namespace not specified or is empty + when: not namespace is defined or not namespace + +- name: Determine if namespace exists + k8s_info: + api_version: v1 + kind: Namespace + name: "{{ namespace }}" + register: namespace_info + +- name: Determine if console exists + k8s_info: + namespace: "{{ namespace }}" + api_version: "ibp.com/v1alpha2" + kind: IBPConsole + name: "{{ console_name }}" + register: existing_console + +# deletion of existin config maps? Other roles do this,, but AFTER the console creation has started? + +- name: Create console + k8s: + state: present + namespace: "{{ namespace }}" + resource_definition: "{{ lookup('template', 'k8s/hlf-operations-console.yaml.j2') }}" + apply: yes + register: create_console + +- name: Wait for console deployment to exist + k8s_info: + namespace: "{{ namespace }}" + api_version: apps/v1 + kind: Deployment + name: "{{ console_name }}" + register: console_deployment + until: console_deployment.resources + retries: "{{ wait_timeout }}" + delay: 1 + +- name: Wait for console deployment to start + k8s: + state: present + namespace: "{{ namespace }}" + api_version: apps/v1 + kind: Deployment + name: "{{ console_name }}" + wait: yes + wait_timeout: "{{ wait_timeout }}" + changed_when: False + +- name: Print console URL + debug: + msg: IBM Blockchain Platform console available at {{ create_console }} diff --git a/roles/fabric_console/tasks/kind/delete.yml b/roles/fabric_console/tasks/kind/delete.yml new file mode 100644 index 00000000..3e4aeb63 --- /dev/null +++ b/roles/fabric_console/tasks/kind/delete.yml @@ -0,0 +1,87 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Fail if namespace not specified + fail: + msg: namespace not specified or is empty + when: not namespace is defined or not namespace + +- name: Determine if namespace exists + k8s_info: + api_version: v1 + kind: Namespace + name: "{{ namespace }}" + register: namespace_info + +- name: Determine if custom resource definitions exist + k8s_info: + api_version: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: ibpconsoles.ibp.com + register: crds_info + +- name: Delete console + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: "{{ 'ibp.com/v1alpha2' if product_version is version('2.5.0', '>=') else 'ibp.com/v1alpha1' }}" + kind: IBPConsole + name: "{{ console }}" + when: namespace_info.resources and crds_info.resources + +- name: Delete operator + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: apps/v1 + kind: Deployment + name: "{{ operator }}" + wait: yes + wait_timeout: "{{ wait_timeout }}" + when: namespace_info.resources + +- name: Delete image secret + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: v1 + kind: Secret + name: "{{ image_pull_secret }}" + when: namespace_info.resources + +- name: Delete role binding + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: rbac.authorization.k8s.io/v1 + kind: RoleBinding + name: "{{ role_binding }}" + when: namespace_info.resources + +- name: Delete cluster role binding + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + name: "{{ cluster_role_binding }}" + when: namespace_info.resources + +- name: Delete cluster role + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: rbac.authorization.k8s.io/v1 + kind: ClusterRole + name: "{{ cluster_role }}" + when: namespace_info.resources + +- name: Delete pod security policy + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: policy/v1beta1 + kind: PodSecurityPolicy + name: "{{ pod_security_policy }}" + when: namespace_info.resources diff --git a/roles/fabric_console/tasks/main.yml b/roles/fabric_console/tasks/main.yml new file mode 100644 index 00000000..05524467 --- /dev/null +++ b/roles/fabric_console/tasks/main.yml @@ -0,0 +1,16 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Fail if target not specified + fail: + msg: target not specified or is not one of "k8s" or "openshift" or "kind" + when: not target is defined or not target in ("k8s", "openshift","kind") + +- name: Create console + include_tasks: "create.yml" + when: state == "present" + +- name: Delete console + include_tasks: "delete.yml" + when: state == "absent" diff --git a/roles/fabric_console/templates/k8s/hlf-operations-console.yaml.j2 b/roles/fabric_console/templates/k8s/hlf-operations-console.yaml.j2 new file mode 100644 index 00000000..c328e7df --- /dev/null +++ b/roles/fabric_console/templates/k8s/hlf-operations-console.yaml.j2 @@ -0,0 +1,81 @@ +--- +apiVersion: ibp.com/v1beta1 +kind: IBPConsole +metadata: + name: "{{ console_name }}" +spec: + arch: + - "{{arch}}" + license: + accept: true + serviceAccountName: "{{ service_account }}" + email: "{{ console_email }}" + password: "{{ console_default_password }}" + allowDefaultPassword: true + imagePullSecrets: + - "{{ image_pull_secret }}" + networkinfo: + domain: "{{ console_domain }}" + images: + deployerImage: "{{deployer_image}}" + deployerTag: "{{deployer_image_label}}" + consoleInitImage: "{{init_image}}" + consoleInitTag: "{{init_image_label}}" + consoleImage: "{{console_image}}" + consoleTag: "{{console_image_label}}" + configtxlatorImage: "{{tools_image}}" + configtxlatorTag: "{{tools_image_label}}" + couchdbImage: "{{couchdb_image}}" + couchdbTag: "{{couchdb_image_label}}" #} + networkinfo: + domain: "{{console_domain}}" + storage: + console: + class: "{{ console_storage_class }}" + size: "{{ console_storage_size }}" + usetags: true + version: 1.0.0 + resources: + init: + limits: + cpu: 100m + memory: 200M + requests: + cpu: 10m + memory: 20M + configtxlator: + limits: + cpu: 25m + ephemeral-storage: 1G + memory: 50Mi + requests: + cpu: 25m + ephemeral-storage: 100M + memory: 50Mi + couchdb: + limits: + cpu: 500m + ephemeral-storage: 1Gi + memory: 1000Mi + requests: + cpu: 50m + ephemeral-storage: 100Mi + memory: 128Mi + deployer: + limits: + cpu: 100m + ephemeral-storage: 1G + memory: 200Mi + requests: + cpu: 100m + ephemeral-storage: 100M + memory: 128Mi + console: + limits: + cpu: 500m + ephemeral-storage: 1G + memory: 1000Mi + requests: + cpu: 50m + ephemeral-storage: 100M + memory: 128Mi \ No newline at end of file diff --git a/roles/fabric_operator_crds/README.md b/roles/fabric_operator_crds/README.md new file mode 100644 index 00000000..a408c74f --- /dev/null +++ b/roles/fabric_operator_crds/README.md @@ -0,0 +1,19 @@ +# hlfsupport_crds + +The IBM Support for Hyperledger Fabric provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. + +This Ansible collection, provided as part of the IBM Support for Hyperledger Fabric, enables you to automate the building of Hyperledger Fabric networks. + +## Documentation + +Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ + +The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. + +## License + +Apache-2.0 + +## Author Information + +This Ansible collection is maintained by the IBM Support for Hyperledger Fabric development team. For more information on the IBM Support for Hyperledger Fabric, visit the following website: https://www.ibm.com/cloud/blockchain-platform/hyperledger-fabric-support \ No newline at end of file diff --git a/roles/fabric_operator_crds/defaults/main.yml b/roles/fabric_operator_crds/defaults/main.yml new file mode 100644 index 00000000..d9a96c3d --- /dev/null +++ b/roles/fabric_operator_crds/defaults/main.yml @@ -0,0 +1,67 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +state: present +target: openshift +# arch: amd64 | s390x +# project: my-project +namespace: "" + +fabric_container_registry: hyperledger + +fabric_ca_version: 1.5.2 +fabric_version: 2.4.3 + +ca_image: "{{ fabric_container_registry }}/fabric-ca" +ca_image_label: "{{ fabric_ca_version }}" +peer_image: "{{ fabric_container_registry }}/fabric-peer" +peer_image_label: "{{ fabric_version }}" +orderer_image: "{{ fabric_container_registry }}/fabric-orderer" +orderer_image_label: "{{ fabric_version }}" +tools_image: "{{ fabric_container_registry }}/fabric-tools" +tools_image_label: "{{ fabric_version }}" +operator_image: ghcr.io/ibm-blockchain/fabric-operator +operator_image_label: latest-amd64 +init_image: registry.access.redhat.com/ubi8/ubi-minimal +init_image_label: latest +grpcweb_image: ghcr.io/hyperledger-labs/grpc-web +grpcweb_image_label: latest +couchdb_image: couchdb +couchdb_image_label: 3.2.1 +console_image: ghcr.io/hyperledger-labs/fabric-console +console_image_label: latest +deployer_image: ghcr.io/ibm-blockchain/fabric-deployer +deployer_image_label: latest-amd64 + +fabric_operator_image: "{{ operator_image }}:{{ operator_image_label }}" +fabric_console_image: "{{ console_image }}:{{ console_image_label }}" +fabric_deployer_image: "{{ deployer_image }}:{{ deployer_image_label }}" +fabric_ca_image: "{{ ca_image }}:{{ ca_image_label }}" +fabric_peer_image: "{{ peer_image }}:{{ peer_image_label }}" +fabric_orderer_image: "{{ orderer_image }}:{{ orderer_image_label }}" +fabric_tools_image: "{{ tools_image }}:{{ tools_image_label }}" + +# test_network_ingress_ipaddr: "172.17.154.105" +ingress_domain: localho.st +container_cli: docker +container_namespace: "" +storage_class: standard +# image_pull_secret: docker-key-secret +# image_registry: cp.icr.io +# image_registry_username: cp +# # image_registry_email: user@example.org +# # image_registry_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +# image_repository: cp +# image_registry_url: "{{ image_registry }}/{{ image_repository }}" + +# role: "{{ project | default(namespace) | default('') }}" +# role_binding: "{{ project | default(namespace) | default('') }}" +# security_context_constraints: "{{ project | default(namespace) | default('') }}" +# service_account: default +# wait_timeout: 60 + +# product_version: "1.0.0" +# webhook_version: "20220308" +# webhook_image: "{{ image_registry_url }}/ibm-hlfsupport-crdwebhook" +# webhook_tag: "{{ product_version }}-{{ webhook_version }}-{{ arch }}" diff --git a/roles/fabric_operator_crds/meta/main.yml b/roles/fabric_operator_crds/meta/main.yml new file mode 100644 index 00000000..e318dd71 --- /dev/null +++ b/roles/fabric_operator_crds/meta/main.yml @@ -0,0 +1,14 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +galaxy_info: + author: Matthew White + description: Ansible role for deploying the Fabric Operator + license: Apache-2.0 + platforms: + - name: GenericLinux + versions: + - all + galaxy_tags: [] + min_ansible_version: "2.9" diff --git a/roles/fabric_operator_crds/tasks/create.yml b/roles/fabric_operator_crds/tasks/create.yml new file mode 100644 index 00000000..1b6ad3b9 --- /dev/null +++ b/roles/fabric_operator_crds/tasks/create.yml @@ -0,0 +1,11 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Fail if architecture not specified + fail: + msg: arch not specified or is not one of "amd64" or "s390x" + when: not arch is defined or not arch in ("amd64", "s390x") + +- name: Create custom resource definitions + include_tasks: "{{ target }}/create.yml" diff --git a/roles/fabric_operator_crds/tasks/delete.yml b/roles/fabric_operator_crds/tasks/delete.yml new file mode 100644 index 00000000..b9e3e51d --- /dev/null +++ b/roles/fabric_operator_crds/tasks/delete.yml @@ -0,0 +1,6 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Delete custom resource definitions + include_tasks: "{{ target }}/delete.yml" diff --git a/roles/fabric_operator_crds/tasks/kind/create.yml b/roles/fabric_operator_crds/tasks/kind/create.yml new file mode 100644 index 00000000..9c23f8f5 --- /dev/null +++ b/roles/fabric_operator_crds/tasks/kind/create.yml @@ -0,0 +1,94 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Creating CRDs + k8s: + definition: "{{ lookup('kubernetes.core.kustomize',dir=role_path+'/templates/'+target+'/crd') }}" + register: resultcrds + +- name: Create kubernetes resources for the ingress + k8s: + definition: "{{ lookup('kubernetes.core.kustomize', dir=role_path+'/templates/'+target+'/ingress') }}" + register: resultingress + +- name: Wait for the ingress + command: kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m + changed_when: false + +# Override the cluster DNS with a local override to refer pods to the HOST interface +# when connecting to ingress. +- name: Need the cluster ip address + k8s_info: + api_version: v1 + kind: service + namespace: ingress-nginx + name: "ingress-nginx-controller" + register: ingress_info + +- name: Applying CoreDNS overrides for ingress domain + vars: + clusterip: "{{ ingress_info.resources[0].spec.clusterIP }}" + k8s: + state: present + namespace: kube-system + resource_definition: "{{ lookup('template','templates/'+target+'/coredns/coredns.yaml.j2') }}" + apply: yes + +- name: Rollout the CoreDNS + shell: | + kubectl -n kube-system rollout restart deployment/coredns + kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m + changed_when: false + +# END of KIND specifics + +# Time to deploy the operator +# Create the namespace for the operator +- name: Fail if namespace not specified + fail: + msg: namespace not specified or is empty + when: not namespace is defined or not namespace + +- name: Determine if namespace exists + k8s_info: + api_version: v1 + kind: Namespace + name: "{{ namespace }}" + register: namespace_info + +- name: Create namespace + k8s: + state: present + api_version: v1 + kind: Namespace + name: "{{ namespace }}" + when: not namespace_info.resources + +# Create the Role based Access Control +- name: Create Role Based Access Control + k8s: + state: present + namespace: "{{ namespace }}" + resource_definition: "{{ lookup('template', 'templates/'+target+'/rbac/'+item) }}" + apply: yes + loop: + - hlf-operator-clusterrole.yaml + - hlf-operator-clusterrolebinding.yaml.j2 + - hlf-operator-serviceaccount.yaml + - hlf-psp.yaml + +# create the manager +- name: Create Operator + k8s: + state: present + namespace: "{{ namespace }}" + resource_definition: "{{ lookup('template', 'templates/'+target+'/manager/'+item) }}" + apply: yes + loop: + - hlf-operator-manager.yaml.j2 + +- name: Wait for operator + shell: | + kubectl -n {{ namespace }} rollout status deploy fabric-operator + changed_when: false diff --git a/roles/fabric_operator_crds/tasks/kind/delete.yml b/roles/fabric_operator_crds/tasks/kind/delete.yml new file mode 100644 index 00000000..1b61fe06 --- /dev/null +++ b/roles/fabric_operator_crds/tasks/kind/delete.yml @@ -0,0 +1,92 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Fail if namespace not specified + fail: + msg: namespace not specified or is empty + when: not namespace is defined or not namespace + +- name: Determine if namespace exists + k8s_info: + api_version: v1 + kind: Namespace + name: "{{ namespace }}" + register: namespace_info + +- name: Delete custom resource definitions + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + name: "{{ item }}" + loop: + - ibpcas.ibp.com + - ibpconsoles.ibp.com + - ibporderers.ibp.com + - ibppeers.ibp.com + when: namespace_info.resources + +- name: Delete service + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: v1 + kind: Service + name: "{{ webhook }}" + wait: yes + wait_timeout: "{{ wait_timeout }}" + when: namespace_info.resources + +- name: Delete deployment + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: v1 + kind: Deployment + name: "{{ webhook }}" + wait: yes + wait_timeout: "{{ wait_timeout }}" + when: namespace_info.resources + +- name: Delete secrets + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: v1 + kind: Secret + name: "{{ item }}" + wait: yes + wait_timeout: "{{ wait_timeout }}" + loop: + - webhook-tls-cert + - webhook-tls-key + when: namespace_info.resources + +- name: Delete role binding + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: rbac.authorization.k8s.io/v1 + kind: RoleBinding + name: "{{ role_binding }}" + when: namespace_info.resources + +- name: Delete role + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: rbac.authorization.k8s.io/v1 + kind: Role + name: "{{ role }}" + when: namespace_info.resources + +- name: Delete image secret + k8s: + state: absent + namespace: "{{ namespace }}" + api_version: v1 + kind: Secret + name: "{{ image_pull_secret }}" + when: namespace_info.resources diff --git a/roles/fabric_operator_crds/tasks/main.yml b/roles/fabric_operator_crds/tasks/main.yml new file mode 100644 index 00000000..5a0894cb --- /dev/null +++ b/roles/fabric_operator_crds/tasks/main.yml @@ -0,0 +1,16 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +--- +- name: Fail if target not specified + fail: + msg: target not specified or is not one of "kind" + when: not target is defined or not target in ("kind") + +- name: Create custom resource definitions + include_tasks: "create.yml" + when: state == "present" + +- name: Delete custom resource definitions + include_tasks: "delete.yml" + when: state == "absent" diff --git a/roles/fabric_operator_crds/templates/kind/coredns/coredns.yaml.j2 b/roles/fabric_operator_crds/templates/kind/coredns/coredns.yaml.j2 new file mode 100644 index 00000000..59065d96 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/coredns/coredns.yaml.j2 @@ -0,0 +1,33 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: coredns + namespace: kube-system +data: + Corefile: | + .:53 { + errors + health { + lameduck 5s + } + rewrite name regex (.*)\.localho\.st host.ingress.internal + hosts { + {{ clusterip }} host.ingress.internal + fallthrough + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + } + prometheus :9153 + forward . /etc/resolv.conf { + max_concurrent 1000 + } + cache 30 + loop + reload + loadbalance + } \ No newline at end of file diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator-ignore b/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator-ignore new file mode 100644 index 00000000..7484ee59 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator-ignore @@ -0,0 +1,23 @@ +# OpenAPI Generator Ignore +# Generated by openapi-generator https://github.com/openapitools/openapi-generator + +# Use this file to prevent files from being overwritten by the generator. +# The patterns follow closely to .gitignore or .dockerignore. + +# As an example, the C# client generator defines ApiClient.cs. +# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line: +#ApiClient.cs + +# You can match any string of characters against a directory, file or extension with a single asterisk (*): +#foo/*/qux +# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux + +# You can recursively match patterns against a directory, file or extension with a double asterisk (**): +#foo/**/qux +# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux + +# You can also negate patterns with an exclamation (!). +# For example, you can ignore all files in a docs folder with the file extension .md: +#docs/*.md +# Then explicitly reverse the ignore rule for a single file: +#!docs/README.md diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator/FILES b/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator/FILES new file mode 100644 index 00000000..af3fdae9 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator/FILES @@ -0,0 +1,2 @@ +.openapi-generator-ignore +index.html diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator/VERSION b/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator/VERSION new file mode 100644 index 00000000..7cbea073 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator/VERSION @@ -0,0 +1 @@ +5.2.0 \ No newline at end of file diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/index.html b/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/index.html new file mode 100644 index 00000000..80188ce0 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/index.html @@ -0,0 +1,843 @@ + + + + + CRD Documentation + + + + + + + + + + + +
+
+
+ +
+
+
+
+

CRD Documentation

+

Generated by crd-api-doc-gen

+

+

Version: 0.0.0
+

+
+
+
+
+
+ + +
+
+
+ + + + + + + diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibpcas.yaml b/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibpcas.yaml new file mode 100644 index 00000000..72e30106 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibpcas.yaml @@ -0,0 +1,408 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: ibpcas.ibp.com +spec: + group: ibp.com + names: + kind: IBPCA + listKind: IBPCAList + plural: ibpcas + singular: ibpca + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: + "Certificate Authorities issue certificates for all the identities + to transact on the network. Warning: CA deployment using this tile is not + supported. Please use the IBP Console to deploy a CA." + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: IBPCASpec defines the desired state of IBP CA + properties: + action: + description: Action (Optional) is action object for trigerring actions + properties: + renew: + description: Renew action is object for certificate renewals + properties: + tlscert: + description: + TLSCert action is used to renew TLS crypto for + CA server + type: boolean + type: object + restart: + description: Restart action is used to restart the running CA + type: boolean + type: object + arch: + description: + Arch (Optional) is the architecture of the nodes where + CA should be deployed + items: + type: string + type: array + configoverride: + description: + ConfigOverride (Optional) is the object to provide overrides + to CA & TLSCA config + properties: + ca: + description: CA (Optional) is the overrides to CA's configuration + type: object + x-kubernetes-preserve-unknown-fields: true + maxnamelength: + description: + MaxNameLength (Optional) is the maximum length of + the name that the CA can have + type: integer + tlsca: + description: TLSCA (Optional) is the overrides to TLSCA's configuration + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + customNames: + description: + CustomNames (Optional) is to use pre-configured resources + for CA's deployment + properties: + pvc: + description: + PVC is the list of PVC Names to be used for CA's + deployment + properties: + ca: + description: CA is the pvc to be used as CA's storage + type: string + type: object + sqlitepath: + description: Sqlite is the sqlite path to be used for CA's deployment + type: string + type: object + domain: + description: Domain is the sub-domain used for CA's deployment + type: string + hsm: + description: HSM (Optional) is DEPRECATED + properties: + pkcs11endpoint: + description: PKCS11Endpoint is DEPRECATED + type: string + type: object + imagePullSecrets: + description: + ImagePullSecrets (Optional) is the list of ImagePullSecrets + to be used for CA's deployment + items: + type: string + type: array + images: + description: + Images (Optional) lists the images to be used for CA's + deployment + properties: + caImage: + description: CAImage is the name of the CA image + type: string + caInitImage: + description: CAInitImage is the name of the Init image + type: string + caInitTag: + description: CAInitTag is the tag of the Init image + type: string + caTag: + description: CATag is the tag of the CA image + type: string + enrollerImage: + description: + EnrollerImage is the name of the init image for crypto + generation + type: string + enrollerTag: + description: + EnrollerTag is the tag of the init image for crypto + generation + type: string + hsmImage: + description: HSMImage is the name of the HSM image + type: string + hsmTag: + description: HSMTag is the tag of the HSM image + type: string + type: object + ingress: + description: Ingress (Optional) is ingress object for ingress overrides + properties: + class: + description: Class (Optional) is the class to set for ingress + type: string + tlsSecretName: + description: + TlsSecretName (Optional) is the secret name to be + used for tls certificates + type: string + type: object + license: + description: + License should be accepted by the user to be able to + setup CA + properties: + accept: + description: Accept should be set to true to accept the license. + enum: + - true + type: boolean + type: object + numSecondsWarningPeriod: + description: + NumSecondsWarningPeriod (Optional - default 30 days) + is used to define certificate expiry warning period. + format: int64 + type: integer + region: + description: + Region (Optional) is the region of the nodes where the + CA should be deployed + type: string + registryURL: + description: RegistryURL is registry url used to pull images + type: string + replicas: + description: + Replicas (Optional - default 1) is the number of CA replicas + to be setup + format: int32 + type: integer + resources: + description: + Resources (Optional) is the amount of resources to be + provided to CA deployment + properties: + ca: + description: CA is the resources provided to the CA container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + enrollJob: + description: + EnrollJJob is the resources provided to the enroll + job container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + hsmDaemon: + description: + HSMDaemon is the resources provided to the HSM daemon + container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + init: + description: Init is the resources provided to the init container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + type: object + service: + description: Service (Optional) is the override object for CA's service + properties: + type: + description: The "type" of the service to be used + type: string + type: object + storage: + description: + Storage (Optional - uses default storageclass if not + provided) is the override object for CA's PVC config + properties: + ca: + description: CA is the configuration of the storage of the CA + properties: + class: + description: Class is the storage class + type: string + size: + description: Size of storage + type: string + type: object + type: object + version: + description: + FabricVersion (Optional) set the fabric version you want + to use. + type: string + zone: + description: + Zone (Optional) is the zone of the nodes where the CA + should be deployed + type: string + required: + - license + - version + type: object + status: + description: Status is the observed state of IBPCA + properties: + errorcode: + description: ErrorCode is the code of classification of errors + type: integer + lastHeartbeatTime: + description: + LastHeartbeatTime is when the controller reconciled this + component + type: string + message: + description: + Message provides a message for the status to be shown + to customer + type: string + reason: + description: Reason provides a reason for an error + type: string + status: + description: + Status is defined based on the current status of the + component + type: string + type: + description: Type is true or false based on if status is valid + type: string + version: + description: Version is the product (IBP) version of the component + type: string + versions: + description: Versions is the operand version of the component + properties: + reconciled: + description: + Reconciled provides the reconciled version of the + operand + type: string + required: + - reconciled + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibpconsoles.yaml b/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibpconsoles.yaml new file mode 100644 index 00000000..e22425d1 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibpconsoles.yaml @@ -0,0 +1,846 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: ibpconsoles.ibp.com +spec: + group: ibp.com + names: + kind: IBPConsole + listKind: IBPConsoleList + plural: ibpconsoles + singular: ibpconsole + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: + The Console is used to deploy and manage the CA, peer, ordering + nodes. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: IBPConsoleSpec defines the desired state of IBPConsole + properties: + action: + description: Action (Optional) is action object for trigerring actions + properties: + restart: + type: boolean + type: object + arch: + description: + Arch (Optional) is the architecture of the nodes where + console should be deployed + items: + type: string + type: array + authScheme: + description: + console settings AuthScheme is auth scheme for console + access + type: string + clusterdata: + description: ClusterData is object cluster data information + properties: + namespace: + type: string + type: + description: Type provides the type of cluster + type: string + zones: + description: Zones provides the zones available + items: + type: string + type: array + type: object + components: + description: Components is database name used for components + type: string + configoverride: + description: ConfigOverride (Optional) is the object to provide overrides + properties: + console: + description: Console is the overrides to console configuration + type: object + x-kubernetes-preserve-unknown-fields: true + deployer: + description: Deployer is the overrides to deployer configuration + type: object + x-kubernetes-preserve-unknown-fields: true + maxnamelength: + description: + MaxNameLength (Optional) is the maximum length of + the name that the console can have + type: integer + type: object + configtxlator: + description: ConfigtxlatorURL is url for configtxlator server + type: string + connectionString: + description: ConnectionString is connection url for backend database + type: string + crn: + properties: + account_id: + type: string + c_name: + type: string + c_type: + type: string + instance_id: + type: string + location: + type: string + resource_id: + type: string + resource_type: + type: string + service_name: + type: string + version: + type: string + type: object + deployer: + description: Deployer is object for deployer configs + properties: + components_db: + type: string + connectionstring: + type: string + create_db: + type: boolean + domain: + type: string + type: object + deployerTimeout: + description: DeployerTimeout is timeout value for deployer calls + format: int32 + type: integer + deployerUrl: + description: DeployerURL is url for deployer server + type: string + email: + description: Email is the email used for initial access + type: string + featureflags: + description: FeatureFlags is object for feature flag settings + properties: + capabilities_enabled: + type: boolean + create_channel_enabled: + type: boolean + dev_mode: + type: boolean + enable_ou_identifier: + type: boolean + high_availability: + type: boolean + hsm_enabled: + type: boolean + infra_import_options: + properties: + platform: + type: string + supported_cas: + items: + type: string + type: array + supported_orderers: + items: + type: string + type: array + supported_peers: + items: + type: string + type: array + type: object + lifecycle2_0_enabled: + type: boolean + mustgather_enabled: + type: boolean + patch_1_4to2_x_enabled: + type: boolean + remote_peer_config_enabled: + type: boolean + saas_enabled: + type: boolean + scale_raft_nodes_enabled: + type: boolean + templates_enabled: + type: boolean + type: object + iamApiKey: + type: string + ibmid: + properties: + client_id: + type: string + client_secret: + type: string + url: + type: string + type: object + imagePullSecrets: + description: + ImagePullSecrets (Optional) is the list of ImagePullSecrets + to be used for console's deployment + items: + type: string + type: array + images: + description: + Images (Optional) lists the images to be used for console's + deployment + properties: + configtxlatorImage: + description: + ConfigtxlatorImage is the name of the configtxlator + image + type: string + configtxlatorTag: + description: + ConfigtxlatorTag is the tag of the configtxlator + image + type: string + consoleImage: + description: ConsoleImage is the name of the console image + type: string + consoleInitImage: + description: + ConsoleInitImage is the name of the console init + image + type: string + consoleInitTag: + description: ConsoleInitTag is the tag of the console init image + type: string + consoleTag: + description: ConsoleTag is the tag of the console image + type: string + couchdbImage: + description: CouchDBImage is the name of the couchdb image + type: string + couchdbTag: + description: CouchDBTag is the tag of the couchdb image + type: string + deployerImage: + description: DeployerImage is the name of the deployer image + type: string + deployerTag: + description: DeployerTag is the tag of the deployer image + type: string + mustgatherImage: + description: MustgatherImage is the name of the mustgather image + type: string + mustgatherTag: + description: MustgatherTag is the tag of the mustgatherTag image + type: string + type: object + ingress: + description: Ingress (Optional) is ingress object for ingress overrides + properties: + class: + description: Class (Optional) is the class to set for ingress + type: string + tlsSecretName: + description: + TlsSecretName (Optional) is the secret name to be + used for tls certificates + type: string + type: object + kubeconfig: + format: byte + type: string + kubeconfignamespace: + type: string + kubeconfigsecretname: + type: string + license: + description: + License should be accepted by the user to be able to + setup console + properties: + accept: + description: Accept should be set to true to accept the license. + enum: + - true + type: boolean + type: object + networkinfo: + description: NetworkInfo is object for network overrides + properties: + configtxlatorPort: + description: ConfigtxlatorPort is the port to access configtxlator + format: int32 + type: integer + consolePort: + description: ConsolePort is the port to access the console + format: int32 + type: integer + domain: + description: Domain for the components + type: string + proxyPort: + description: ProxyPort is the port to access console proxy + format: int32 + type: integer + type: object + password: + description: Password is initial password to access console + type: string + passwordSecretName: + description: PasswordSecretName is secretname where password is stored + type: string + proxying: + type: boolean + region: + description: + Region (Optional) is the region of the nodes where the + console should be deployed + type: string + registryURL: + description: RegistryURL is registry url used to pull images + type: string + replicas: + description: + Replicas (Optional - default 1) is the number of console + replicas to be setup + format: int32 + type: integer + resources: + description: + Resources (Optional) is the amount of resources to be + provided to console deployment + properties: + configtxlator: + description: + Configtxlator is the resources provided to the configtxlator + container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + console: + description: + Console is the resources provided to the console + container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + couchdb: + description: + CouchDB is the resources provided to the couchdb + container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + deployer: + description: + Deployer is the resources provided to the deployer + container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + init: + description: Init is the resources provided to the init container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + type: object + segmentWriteKey: + type: string + service: + description: + Service (Optional) is the override object for console's + service + properties: + type: + description: The "type" of the service to be used + type: string + type: object + serviceAccountName: + description: + ServiceAccountName defines serviceaccount used for console + deployment + type: string + sessions: + description: Sessions is sessions database name to use + type: string + storage: + description: + Storage (Optional - uses default storageclass if not + provided) is the override object for CA's PVC config + properties: + console: + description: + Console is the configuration of the storage of the + console + properties: + class: + description: Class is the storage class + type: string + size: + description: Size of storage + type: string + type: object + type: object + system: + description: System is system database name to use + type: string + systemChannel: + description: SystemChannel is default systemchannel name + type: string + tlsSecretName: + description: TLSSecretName is secret name to load custom tls certs + type: string + usetags: + description: + UseTags (Optional) is a flag to switch between image + digests and tags + type: boolean + version: + description: Version (Optional) is version for the console + type: string + versions: + properties: + ca: + additionalProperties: + properties: + default: + type: boolean + image: + description: + CAImages is the list of images to be used in + CA deployment + properties: + caImage: + description: CAImage is the name of the CA image + type: string + caInitImage: + description: CAInitImage is the name of the Init image + type: string + caInitTag: + description: CAInitTag is the tag of the Init image + type: string + caTag: + description: CATag is the tag of the CA image + type: string + enrollerImage: + description: + EnrollerImage is the name of the init image + for crypto generation + type: string + enrollerTag: + description: + EnrollerTag is the tag of the init image + for crypto generation + type: string + hsmImage: + description: HSMImage is the name of the HSM image + type: string + hsmTag: + description: HSMTag is the tag of the HSM image + type: string + type: object + version: + type: string + required: + - default + - version + type: object + type: object + orderer: + additionalProperties: + properties: + default: + type: boolean + image: + description: + OrdererImages is the list of images to be used + in orderer deployment + properties: + enrollerImage: + description: + EnrollerImage is the name of the init image + for crypto generation + type: string + enrollerTag: + description: + EnrollerTag is the tag of the init image + for crypto generation + type: string + grpcwebImage: + description: + GRPCWebImage is the name of the grpc web + proxy image + type: string + grpcwebTag: + description: + GRPCWebTag is the tag of the grpc web proxy + image + type: string + hsmImage: + description: HSMImage is the name of the hsm image + type: string + hsmTag: + description: HSMTag is the tag of the hsm image + type: string + ordererImage: + description: + OrdererImage is the name of the orderer + image + type: string + ordererInitImage: + description: + OrdererInitImage is the name of the orderer + init image + type: string + ordererInitTag: + description: + OrdererInitTag is the tag of the orderer + init image + type: string + ordererTag: + description: OrdererTag is the tag of the orderer image + type: string + type: object + version: + type: string + required: + - default + - version + type: object + type: object + peer: + additionalProperties: + properties: + default: + type: boolean + image: + description: + PeerImages is the list of images to be used + in peer deployment + properties: + builderImage: + description: + BuilderImage is the name of the builder + image + type: string + builderTag: + description: BuilderTag is the tag of the builder image + type: string + chaincodeLauncherImage: + description: + CCLauncherImage is the name of the chaincode + launcher image + type: string + chaincodeLauncherTag: + description: + CCLauncherTag is the tag of the chaincode + launcher image + type: string + couchdbImage: + description: + CouchDBImage is the name of the couchdb + image + type: string + couchdbTag: + description: CouchDBTag is the tag of the couchdb image + type: string + dindImage: + description: DindImage is the name of the dind image + type: string + dindTag: + description: DindTag is the tag of the dind image + type: string + enrollerImage: + description: + EnrollerImage is the name of the init image + for crypto generation + type: string + enrollerTag: + description: + EnrollerTag is the tag of the init image + for crypto generation + type: string + fileTransferImage: + description: + FileTransferImage is the name of the file + transfer image + type: string + fileTransferTag: + description: + FileTransferTag is the tag of the file + transfer image + type: string + fluentdImage: + description: + FluentdImage is the name of the fluentd + logger image + type: string + fluentdTag: + description: + FluentdTag is the tag of the fluentd logger + image + type: string + goEnvImage: + description: GoEnvImage is the name of the goenv image + type: string + goEnvTag: + description: GoEnvTag is the tag of the goenv image + type: string + grpcwebImage: + description: + GRPCWebImage is the name of the grpc web + proxy image + type: string + grpcwebTag: + description: + GRPCWebTag is the tag of the grpc web proxy + image + type: string + hsmImage: + description: HSMImage is the name of the hsm image + type: string + hsmTag: + description: HSMTag is the tag of the hsm image + type: string + javaEnvImage: + description: + JavaEnvImage is the name of the javaenv + image + type: string + javaEnvTag: + description: JavaEnvTag is the tag of the javaenv image + type: string + nodeEnvImage: + description: + NodeEnvImage is the name of the nodeenv + image + type: string + nodeEnvTag: + description: NodeEnvTag is the tag of the nodeenv image + type: string + peerImage: + description: PeerImage is the name of the peer image + type: string + peerInitImage: + description: + PeerInitImage is the name of the peer init + image + type: string + peerInitTag: + description: + PeerInitTag is the tag of the peer init + image + type: string + peerTag: + description: PeerTag is the tag of the peer image + type: string + type: object + version: + type: string + required: + - default + - version + type: object + type: object + required: + - ca + - orderer + - peer + type: object + zone: + description: + Zone (Optional) is the zone of the nodes where the console + should be deployed + type: string + required: + - license + - usetags + - version + type: object + status: + description: Status is the observed state of IBPConsole + properties: + errorcode: + description: ErrorCode is the code of classification of errors + type: integer + lastHeartbeatTime: + description: + LastHeartbeatTime is when the controller reconciled this + component + type: string + message: + description: + Message provides a message for the status to be shown + to customer + type: string + reason: + description: Reason provides a reason for an error + type: string + status: + description: + Status is defined based on the current status of the + component + type: string + type: + description: Type is true or false based on if status is valid + type: string + version: + description: Version is the product (IBP) version of the component + type: string + versions: + description: Versions is the operand version of the component + properties: + reconciled: + description: + Reconciled provides the reconciled version of the + operand + type: string + required: + - reconciled + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibporderers.yaml b/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibporderers.yaml new file mode 100644 index 00000000..2c1e1359 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibporderers.yaml @@ -0,0 +1,978 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: ibporderers.ibp.com +spec: + group: ibp.com + names: + kind: IBPOrderer + listKind: IBPOrdererList + plural: ibporderers + singular: ibporderer + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: + "Ordering nodes create the blocks that form the ledger and send + them to peers. Warning: Orderer deployment using this tile is not supported. + Please use the IBP Console to deploy an orderer." + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: IBPOrdererSpec defines the desired state of IBPOrderer + properties: + action: + description: Action (Optional) is object for orderer actions + properties: + enroll: + description: Enroll contains actions for triggering crypto enroll + properties: + ecert: + description: Ecert is used to trigger enroll for ecert + type: boolean + tlscert: + description: TLSCert is used to trigger enroll for tls certs + type: boolean + type: object + reenroll: + description: Reenroll contains actions for triggering crypto reenroll + properties: + ecert: + description: Ecert is used to trigger reenroll for ecert + type: boolean + ecertNewKey: + description: + EcertNewKey is used to trigger reenroll for ecert + and also generating a new private key + type: boolean + tlscert: + description: TLSCert is used to trigger reenroll for tlscert + type: boolean + tlscertNewKey: + description: + TLSCertNewKey is used to trigger reenroll for + tlscert and also generating a new private key + type: boolean + type: object + restart: + description: Restart action is used to restart orderer deployment + type: boolean + type: object + arch: + description: + Arch (Optional) is the architecture of the nodes where + orderer should be deployed + items: + type: string + type: array + clusterSize: + description: ClusterSize (Optional) number of orderers if a cluster + type: integer + clusterconfigoverride: + description: + ClusterConfigOverride (Optional) is array of config overrides + for cluster + items: + type: object + type: array + clustersecret: + description: ClusterSecret (Optional) is array of msp crypto for cluster + items: + description: SecretSpec defines the crypto spec to pass to components + properties: + enrollment: + description: Enrollment defines enrollment part of secret spec + properties: + clientauth: + description: + ClientAuth contains client uath enrollment + details + properties: + admincerts: + description: AdminCerts is the base64 encoded admincerts + items: + type: string + type: array + cahost: + description: CAHost is host part of the CA to use + type: string + caname: + description: CAName is name of CA + type: string + caport: + description: CAPort is port of the CA to use + type: string + catls: + description: CATLS is tls details to talk to CA endpoint + properties: + cacert: + description: CACert is the base64 encoded certificate + type: string + type: object + csr: + description: CSR is the CSR override object + properties: + hosts: + description: Hosts override for CSR + items: + type: string + type: array + type: object + enrollid: + description: EnrollID is the enrollment username + type: string + enrollsecret: + description: + EnrollSecret is enrollment secret ( password + ) + type: string + type: object + component: + description: Component contains ecert enrollment details + properties: + admincerts: + description: AdminCerts is the base64 encoded admincerts + items: + type: string + type: array + cahost: + description: CAHost is host part of the CA to use + type: string + caname: + description: CAName is name of CA + type: string + caport: + description: CAPort is port of the CA to use + type: string + catls: + description: CATLS is tls details to talk to CA endpoint + properties: + cacert: + description: CACert is the base64 encoded certificate + type: string + type: object + csr: + description: CSR is the CSR override object + properties: + hosts: + description: Hosts override for CSR + items: + type: string + type: array + type: object + enrollid: + description: EnrollID is the enrollment username + type: string + enrollsecret: + description: + EnrollSecret is enrollment secret ( password + ) + type: string + type: object + tls: + description: TLS contains tls enrollment details + properties: + admincerts: + description: AdminCerts is the base64 encoded admincerts + items: + type: string + type: array + cahost: + description: CAHost is host part of the CA to use + type: string + caname: + description: CAName is name of CA + type: string + caport: + description: CAPort is port of the CA to use + type: string + catls: + description: CATLS is tls details to talk to CA endpoint + properties: + cacert: + description: CACert is the base64 encoded certificate + type: string + type: object + csr: + description: CSR is the CSR override object + properties: + hosts: + description: Hosts override for CSR + items: + type: string + type: array + type: object + enrollid: + description: EnrollID is the enrollment username + type: string + enrollsecret: + description: + EnrollSecret is enrollment secret ( password + ) + type: string + type: object + type: object + msp: + description: MSP defines msp part of secret spec + properties: + clientauth: + description: + ClientAuth contains crypto for client auth + certs + properties: + admincerts: + description: + AdminCerts is base64 encoded admincerts + array + items: + type: string + type: array + cacerts: + description: CACerts is base64 encoded cacerts array + items: + type: string + type: array + intermediatecerts: + description: + IntermediateCerts is base64 encoded intermediate + certs array + items: + type: string + type: array + keystore: + description: KeyStore is base64 encoded private key + type: string + signcerts: + description: SignCerts is base64 encoded sign cert + type: string + type: object + component: + description: Component contains crypto for ecerts + properties: + admincerts: + description: + AdminCerts is base64 encoded admincerts + array + items: + type: string + type: array + cacerts: + description: CACerts is base64 encoded cacerts array + items: + type: string + type: array + intermediatecerts: + description: + IntermediateCerts is base64 encoded intermediate + certs array + items: + type: string + type: array + keystore: + description: KeyStore is base64 encoded private key + type: string + signcerts: + description: SignCerts is base64 encoded sign cert + type: string + type: object + tls: + description: TLS contains crypto for tls certs + properties: + admincerts: + description: + AdminCerts is base64 encoded admincerts + array + items: + type: string + type: array + cacerts: + description: CACerts is base64 encoded cacerts array + items: + type: string + type: array + intermediatecerts: + description: + IntermediateCerts is base64 encoded intermediate + certs array + items: + type: string + type: array + keystore: + description: KeyStore is base64 encoded private key + type: string + signcerts: + description: SignCerts is base64 encoded sign cert + type: string + type: object + type: object + type: object + type: array + configoverride: + description: + ConfigOverride (Optional) is the object to provide overrides + to core yaml config + type: object + x-kubernetes-preserve-unknown-fields: true + customNames: + description: + CustomNames (Optional) is to use pre-configured resources + for orderer's deployment + properties: + pvc: + description: + PVC is the list of PVC Names to be used for orderer's + deployment + properties: + orderer: + description: Orderer is the pvc to be used as orderer's storage + type: string + type: object + type: object + disablenodeou: + description: + DisableNodeOU (Optional) is used to switch nodeou on + and off + type: boolean + domain: + description: Domain is the sub-domain used for orderer's deployment + type: string + externalAddress: + description: ExternalAddress (Optional) is used internally + type: string + genesisBlock: + description: + GenesisBlock (Optional) is genesis block to start the + orderer + type: string + genesisProfile: + type: string + hsm: + description: HSM (Optional) is DEPRECATED + properties: + pkcs11endpoint: + description: PKCS11Endpoint is DEPRECATED + type: string + type: object + imagePullSecrets: + description: + ImagePullSecrets (Optional) is the list of ImagePullSecrets + to be used for orderer's deployment + items: + type: string + type: array + images: + description: + Images (Optional) lists the images to be used for orderer's + deployment + properties: + enrollerImage: + description: + EnrollerImage is the name of the init image for crypto + generation + type: string + enrollerTag: + description: + EnrollerTag is the tag of the init image for crypto + generation + type: string + grpcwebImage: + description: GRPCWebImage is the name of the grpc web proxy image + type: string + grpcwebTag: + description: GRPCWebTag is the tag of the grpc web proxy image + type: string + hsmImage: + description: HSMImage is the name of the hsm image + type: string + hsmTag: + description: HSMTag is the tag of the hsm image + type: string + ordererImage: + description: OrdererImage is the name of the orderer image + type: string + ordererInitImage: + description: + OrdererInitImage is the name of the orderer init + image + type: string + ordererInitTag: + description: OrdererInitTag is the tag of the orderer init image + type: string + ordererTag: + description: OrdererTag is the tag of the orderer image + type: string + type: object + ingress: + description: Ingress (Optional) is ingress object for ingress overrides + properties: + class: + description: Class (Optional) is the class to set for ingress + type: string + tlsSecretName: + description: + TlsSecretName (Optional) is the secret name to be + used for tls certificates + type: string + type: object + isprecreate: + description: + IsPrecreate (Optional) defines if orderer is in precreate + state + type: boolean + license: + description: + License should be accepted by the user to be able to + setup orderer + properties: + accept: + description: Accept should be set to true to accept the license. + enum: + - true + type: boolean + type: object + location: + description: + ClusterLocation (Optional) is array of cluster location + settings for cluster + items: + description: + IBPOrdererClusterLocation (Optional) is object of cluster + location settings for cluster + properties: + region: + description: + Region (Optional) is the region of the nodes where + the orderer should be deployed + type: string + zone: + description: + Zone (Optional) is the zone of the nodes where + the orderer should be deployed + type: string + type: object + type: array + mspID: + description: MSPID is the msp id of the orderer + type: string + numSecondsWarningPeriod: + description: + NumSecondsWarningPeriod (Optional - default 30 days) + is used to define certificate expiry warning period. + format: int64 + type: integer + number: + description: + NodeNumber (Optional) is the number of this node in cluster + - used internally + type: integer + ordererType: + description: OrdererType is type of orderer you want to start + type: string + orgName: + description: OrgName is the organization name of the orderer + type: string + region: + description: + Region (Optional) is the region of the nodes where the + orderer should be deployed + type: string + registryURL: + description: RegistryURL is registry url used to pull images + type: string + replicas: + description: + Replicas (Optional - default 1) is the number of orderer + replicas to be setup + format: int32 + type: integer + resources: + description: + Resources (Optional) is the amount of resources to be + provided to orderer deployment + properties: + enroller: + description: + Enroller (Optional) is the resources provided to + the enroller container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + hsmdaemon: + description: + HSMDaemon (Optional) is the resources provided to + the HSM Daemon container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + init: + description: + Init (Optional) is the resources provided to the + init container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + orderer: + description: + Orderer (Optional) is the resources provided to the + orderer container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + proxy: + description: + GRPCProxy (Optional) is the resources provided to + the proxy container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + type: object + secret: + description: Secret is object for msp crypto + properties: + enrollment: + description: Enrollment defines enrollment part of secret spec + properties: + clientauth: + description: ClientAuth contains client uath enrollment details + properties: + admincerts: + description: AdminCerts is the base64 encoded admincerts + items: + type: string + type: array + cahost: + description: CAHost is host part of the CA to use + type: string + caname: + description: CAName is name of CA + type: string + caport: + description: CAPort is port of the CA to use + type: string + catls: + description: CATLS is tls details to talk to CA endpoint + properties: + cacert: + description: CACert is the base64 encoded certificate + type: string + type: object + csr: + description: CSR is the CSR override object + properties: + hosts: + description: Hosts override for CSR + items: + type: string + type: array + type: object + enrollid: + description: EnrollID is the enrollment username + type: string + enrollsecret: + description: + EnrollSecret is enrollment secret ( password + ) + type: string + type: object + component: + description: Component contains ecert enrollment details + properties: + admincerts: + description: AdminCerts is the base64 encoded admincerts + items: + type: string + type: array + cahost: + description: CAHost is host part of the CA to use + type: string + caname: + description: CAName is name of CA + type: string + caport: + description: CAPort is port of the CA to use + type: string + catls: + description: CATLS is tls details to talk to CA endpoint + properties: + cacert: + description: CACert is the base64 encoded certificate + type: string + type: object + csr: + description: CSR is the CSR override object + properties: + hosts: + description: Hosts override for CSR + items: + type: string + type: array + type: object + enrollid: + description: EnrollID is the enrollment username + type: string + enrollsecret: + description: + EnrollSecret is enrollment secret ( password + ) + type: string + type: object + tls: + description: TLS contains tls enrollment details + properties: + admincerts: + description: AdminCerts is the base64 encoded admincerts + items: + type: string + type: array + cahost: + description: CAHost is host part of the CA to use + type: string + caname: + description: CAName is name of CA + type: string + caport: + description: CAPort is port of the CA to use + type: string + catls: + description: CATLS is tls details to talk to CA endpoint + properties: + cacert: + description: CACert is the base64 encoded certificate + type: string + type: object + csr: + description: CSR is the CSR override object + properties: + hosts: + description: Hosts override for CSR + items: + type: string + type: array + type: object + enrollid: + description: EnrollID is the enrollment username + type: string + enrollsecret: + description: + EnrollSecret is enrollment secret ( password + ) + type: string + type: object + type: object + msp: + description: MSP defines msp part of secret spec + properties: + clientauth: + description: ClientAuth contains crypto for client auth certs + properties: + admincerts: + description: AdminCerts is base64 encoded admincerts array + items: + type: string + type: array + cacerts: + description: CACerts is base64 encoded cacerts array + items: + type: string + type: array + intermediatecerts: + description: + IntermediateCerts is base64 encoded intermediate + certs array + items: + type: string + type: array + keystore: + description: KeyStore is base64 encoded private key + type: string + signcerts: + description: SignCerts is base64 encoded sign cert + type: string + type: object + component: + description: Component contains crypto for ecerts + properties: + admincerts: + description: AdminCerts is base64 encoded admincerts array + items: + type: string + type: array + cacerts: + description: CACerts is base64 encoded cacerts array + items: + type: string + type: array + intermediatecerts: + description: + IntermediateCerts is base64 encoded intermediate + certs array + items: + type: string + type: array + keystore: + description: KeyStore is base64 encoded private key + type: string + signcerts: + description: SignCerts is base64 encoded sign cert + type: string + type: object + tls: + description: TLS contains crypto for tls certs + properties: + admincerts: + description: AdminCerts is base64 encoded admincerts array + items: + type: string + type: array + cacerts: + description: CACerts is base64 encoded cacerts array + items: + type: string + type: array + intermediatecerts: + description: + IntermediateCerts is base64 encoded intermediate + certs array + items: + type: string + type: array + keystore: + description: KeyStore is base64 encoded private key + type: string + signcerts: + description: SignCerts is base64 encoded sign cert + type: string + type: object + type: object + type: object + service: + description: + Service (Optional) is the override object for orderer's + service + properties: + type: + description: The "type" of the service to be used + type: string + type: object + storage: + description: + Storage (Optional - uses default storageclass if not + provided) is the override object for CA's PVC config + properties: + orderer: + description: + Orderer (Optional) is the configuration of the storage + of the orderer + properties: + class: + description: Class is the storage class + type: string + size: + description: Size of storage + type: string + type: object + type: object + systemChannelName: + description: SystemChannelName is the name of systemchannel + type: string + useChannelLess: + type: boolean + version: + description: FabricVersion (Optional) is fabric version for the orderer + type: string + zone: + description: + Zone (Optional) is the zone of the nodes where the orderer + should be deployed + type: string + required: + - license + - version + type: object + status: + description: IBPOrdererStatus defines the observed state of IBPOrderer + properties: + errorcode: + description: ErrorCode is the code of classification of errors + type: integer + lastHeartbeatTime: + description: + LastHeartbeatTime is when the controller reconciled this + component + type: string + message: + description: + Message provides a message for the status to be shown + to customer + type: string + reason: + description: Reason provides a reason for an error + type: string + status: + description: + Status is defined based on the current status of the + component + type: string + type: + description: Type is true or false based on if status is valid + type: string + version: + description: Version is the product (IBP) version of the component + type: string + versions: + description: Versions is the operand version of the component + properties: + reconciled: + description: + Reconciled provides the reconciled version of the + operand + type: string + required: + - reconciled + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibppeers.yaml b/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibppeers.yaml new file mode 100644 index 00000000..e743f28e --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibppeers.yaml @@ -0,0 +1,918 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: ibppeers.ibp.com +spec: + group: ibp.com + names: + kind: IBPPeer + listKind: IBPPeerList + plural: ibppeers + singular: ibppeer + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: + "IBPPeer is the Schema for the ibppeers API. Warning: Peer deployment + using this tile is not supported. Please use the IBP Console to deploy a + Peer." + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: IBPPeerSpec defines the desired state of IBPPeer + properties: + action: + description: Action (Optional) is object for peer actions + properties: + enroll: + description: Enroll contains actions for triggering crypto enroll + properties: + ecert: + description: Ecert is used to trigger enroll for ecert + type: boolean + tlscert: + description: TLSCert is used to trigger enroll for tlscert + type: boolean + type: object + reenroll: + description: Reenroll contains actions for triggering crypto reenroll + properties: + ecert: + description: Ecert is used to trigger reenroll for ecert + type: boolean + ecertNewKey: + description: + EcertNewKey is used to trigger reenroll for ecert + and also generating a new private key + type: boolean + tlscert: + description: TLSCert is used to trigger reenroll for tlscert + type: boolean + tlscertNewKey: + description: + TLSCertNewKey is used to trigger reenroll for + tlscert and also generating a new private key + type: boolean + type: object + restart: + description: Restart action is used to restart peer deployment + type: boolean + upgradedbs: + description: + UpgradeDBs action is used to trigger peer node upgrade-dbs + command + type: boolean + type: object + arch: + description: + cluster related configs Arch (Optional) is the architecture + of the nodes where peer should be deployed + items: + type: string + type: array + chaincodeBuilderConfig: + additionalProperties: + type: string + description: + ChaincodeBuilderConfig (Optional) is a k/v map providing + a scope for template substitutions defined in chaincode-as-a-service + package metadata files. The map will be serialized as JSON and set + in the peer deployment CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG env + variable. + type: object + configoverride: + description: + ConfigOverride (Optional) is the object to provide overrides + to core yaml config + type: object + x-kubernetes-preserve-unknown-fields: true + customNames: + description: + CustomNames (Optional) is to use pre-configured resources + for peer's deployment + properties: + pvc: + description: + PVC is the list of PVC Names to be used for peer's + deployment + properties: + peer: + description: Peer is the pvc to be used as peer's storage + type: string + statedb: + description: StateDB is the pvc to be used as statedb's storage + type: string + type: object + type: object + dindArgs: + description: + advanced configs DindArgs (Optional) is used to override + args passed to dind container + items: + type: string + type: array + disablenodeou: + description: + DisableNodeOU (Optional) is used to switch nodeou on + and off + type: boolean + domain: + description: + proxy ip passed if not OCP, domain for OCP Domain is + the sub-domain used for peer's deployment + type: string + hsm: + description: HSM (Optional) is DEPRECATED + properties: + pkcs11endpoint: + description: PKCS11Endpoint is DEPRECATED + type: string + type: object + imagePullSecrets: + description: + ImagePullSecrets (Optional) is the list of ImagePullSecrets + to be used for peer's deployment + items: + type: string + type: array + images: + description: + Images (Optional) lists the images to be used for peer's + deployment + properties: + builderImage: + description: BuilderImage is the name of the builder image + type: string + builderTag: + description: BuilderTag is the tag of the builder image + type: string + chaincodeLauncherImage: + description: + CCLauncherImage is the name of the chaincode launcher + image + type: string + chaincodeLauncherTag: + description: + CCLauncherTag is the tag of the chaincode launcher + image + type: string + couchdbImage: + description: CouchDBImage is the name of the couchdb image + type: string + couchdbTag: + description: CouchDBTag is the tag of the couchdb image + type: string + dindImage: + description: DindImage is the name of the dind image + type: string + dindTag: + description: DindTag is the tag of the dind image + type: string + enrollerImage: + description: + EnrollerImage is the name of the init image for crypto + generation + type: string + enrollerTag: + description: + EnrollerTag is the tag of the init image for crypto + generation + type: string + fileTransferImage: + description: + FileTransferImage is the name of the file transfer + image + type: string + fileTransferTag: + description: FileTransferTag is the tag of the file transfer image + type: string + fluentdImage: + description: FluentdImage is the name of the fluentd logger image + type: string + fluentdTag: + description: FluentdTag is the tag of the fluentd logger image + type: string + goEnvImage: + description: GoEnvImage is the name of the goenv image + type: string + goEnvTag: + description: GoEnvTag is the tag of the goenv image + type: string + grpcwebImage: + description: GRPCWebImage is the name of the grpc web proxy image + type: string + grpcwebTag: + description: GRPCWebTag is the tag of the grpc web proxy image + type: string + hsmImage: + description: HSMImage is the name of the hsm image + type: string + hsmTag: + description: HSMTag is the tag of the hsm image + type: string + javaEnvImage: + description: JavaEnvImage is the name of the javaenv image + type: string + javaEnvTag: + description: JavaEnvTag is the tag of the javaenv image + type: string + nodeEnvImage: + description: NodeEnvImage is the name of the nodeenv image + type: string + nodeEnvTag: + description: NodeEnvTag is the tag of the nodeenv image + type: string + peerImage: + description: PeerImage is the name of the peer image + type: string + peerInitImage: + description: PeerInitImage is the name of the peer init image + type: string + peerInitTag: + description: PeerInitTag is the tag of the peer init image + type: string + peerTag: + description: PeerTag is the tag of the peer image + type: string + type: object + ingress: + description: Ingress (Optional) is ingress object for ingress overrides + properties: + class: + description: Class (Optional) is the class to set for ingress + type: string + tlsSecretName: + description: + TlsSecretName (Optional) is the secret name to be + used for tls certificates + type: string + type: object + license: + description: + License should be accepted by the user to be able to + setup Peer + properties: + accept: + description: Accept should be set to true to accept the license. + enum: + - true + type: boolean + type: object + mspID: + description: peer specific configs MSPID is the msp id of the peer + type: string + mspSecret: + description: + msp data can be passed in secret on in spec MSPSecret + (Optional) is secret used to store msp crypto + type: string + numSecondsWarningPeriod: + description: + NumSecondsWarningPeriod (Optional - default 30 days) + is used to define certificate expiry warning period. + format: int64 + type: integer + peerExternalEndpoint: + description: + PeerExternalEndpoint (Optional) is used to override peer + external endpoint + type: string + region: + description: + Region (Optional) is the region of the nodes where the + peer should be deployed + type: string + registryURL: + description: RegistryURL is registry url used to pull images + type: string + replicas: + description: + Replicas (Optional - default 1) is the number of peer + replicas to be setup + format: int32 + type: integer + resources: + description: + Resources (Optional) is the amount of resources to be + provided to peer deployment + properties: + chaincodelauncher: + description: + CCLauncher (Optional) is the resources provided to + the cclauncher container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + couchdb: + description: + CouchDB (Optional) is the resources provided to the + couchdb container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + dind: + description: + DinD (Optional) is the resources provided to the + dind container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + enroller: + description: + Enroller (Optional) is the resources provided to + the enroller container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + fluentd: + description: + FluentD (Optional) is the resources provided to the + fluentd container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + hsmdaemon: + description: + HSMDaemon (Optional) is the resources provided to + the HSM Daemon container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + init: + description: + Init (Optional) is the resources provided to the + init container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + peer: + description: + / Peer (Optional) is the resources provided to the + peer container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + proxy: + description: + GRPCProxy (Optional) is the resources provided to + the proxy container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: + "Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: object + type: object + type: object + secret: + description: Secret is object for msp crypto + properties: + enrollment: + description: Enrollment defines enrollment part of secret spec + properties: + clientauth: + description: ClientAuth contains client uath enrollment details + properties: + admincerts: + description: AdminCerts is the base64 encoded admincerts + items: + type: string + type: array + cahost: + description: CAHost is host part of the CA to use + type: string + caname: + description: CAName is name of CA + type: string + caport: + description: CAPort is port of the CA to use + type: string + catls: + description: CATLS is tls details to talk to CA endpoint + properties: + cacert: + description: CACert is the base64 encoded certificate + type: string + type: object + csr: + description: CSR is the CSR override object + properties: + hosts: + description: Hosts override for CSR + items: + type: string + type: array + type: object + enrollid: + description: EnrollID is the enrollment username + type: string + enrollsecret: + description: + EnrollSecret is enrollment secret ( password + ) + type: string + type: object + component: + description: Component contains ecert enrollment details + properties: + admincerts: + description: AdminCerts is the base64 encoded admincerts + items: + type: string + type: array + cahost: + description: CAHost is host part of the CA to use + type: string + caname: + description: CAName is name of CA + type: string + caport: + description: CAPort is port of the CA to use + type: string + catls: + description: CATLS is tls details to talk to CA endpoint + properties: + cacert: + description: CACert is the base64 encoded certificate + type: string + type: object + csr: + description: CSR is the CSR override object + properties: + hosts: + description: Hosts override for CSR + items: + type: string + type: array + type: object + enrollid: + description: EnrollID is the enrollment username + type: string + enrollsecret: + description: + EnrollSecret is enrollment secret ( password + ) + type: string + type: object + tls: + description: TLS contains tls enrollment details + properties: + admincerts: + description: AdminCerts is the base64 encoded admincerts + items: + type: string + type: array + cahost: + description: CAHost is host part of the CA to use + type: string + caname: + description: CAName is name of CA + type: string + caport: + description: CAPort is port of the CA to use + type: string + catls: + description: CATLS is tls details to talk to CA endpoint + properties: + cacert: + description: CACert is the base64 encoded certificate + type: string + type: object + csr: + description: CSR is the CSR override object + properties: + hosts: + description: Hosts override for CSR + items: + type: string + type: array + type: object + enrollid: + description: EnrollID is the enrollment username + type: string + enrollsecret: + description: + EnrollSecret is enrollment secret ( password + ) + type: string + type: object + type: object + msp: + description: MSP defines msp part of secret spec + properties: + clientauth: + description: ClientAuth contains crypto for client auth certs + properties: + admincerts: + description: AdminCerts is base64 encoded admincerts array + items: + type: string + type: array + cacerts: + description: CACerts is base64 encoded cacerts array + items: + type: string + type: array + intermediatecerts: + description: + IntermediateCerts is base64 encoded intermediate + certs array + items: + type: string + type: array + keystore: + description: KeyStore is base64 encoded private key + type: string + signcerts: + description: SignCerts is base64 encoded sign cert + type: string + type: object + component: + description: Component contains crypto for ecerts + properties: + admincerts: + description: AdminCerts is base64 encoded admincerts array + items: + type: string + type: array + cacerts: + description: CACerts is base64 encoded cacerts array + items: + type: string + type: array + intermediatecerts: + description: + IntermediateCerts is base64 encoded intermediate + certs array + items: + type: string + type: array + keystore: + description: KeyStore is base64 encoded private key + type: string + signcerts: + description: SignCerts is base64 encoded sign cert + type: string + type: object + tls: + description: TLS contains crypto for tls certs + properties: + admincerts: + description: AdminCerts is base64 encoded admincerts array + items: + type: string + type: array + cacerts: + description: CACerts is base64 encoded cacerts array + items: + type: string + type: array + intermediatecerts: + description: + IntermediateCerts is base64 encoded intermediate + certs array + items: + type: string + type: array + keystore: + description: KeyStore is base64 encoded private key + type: string + signcerts: + description: SignCerts is base64 encoded sign cert + type: string + type: object + type: object + type: object + service: + description: + Service (Optional) is the override object for peer's + service + properties: + type: + description: The "type" of the service to be used + type: string + type: object + stateDb: + description: + StateDb (Optional) is the statedb used for peer, can + be couchdb or leveldb + type: string + storage: + description: + Storage (Optional - uses default storageclass if not + provided) is the override object for peer's PVC config + properties: + peer: + description: + Peer (Optional) is the configuration of the storage + of the peer + properties: + class: + description: Class is the storage class + type: string + size: + description: Size of storage + type: string + type: object + statedb: + description: + StateDB (Optional) is the configuration of the storage + of the statedb + properties: + class: + description: Class is the storage class + type: string + size: + description: Size of storage + type: string + type: object + type: object + version: + description: FabricVersion (Optional) is fabric version for the peer + type: string + zone: + description: + Zone (Optional) is the zone of the nodes where the peer + should be deployed + type: string + required: + - license + - version + type: object + status: + description: IBPPeerStatus defines the observed state of IBPPeer + properties: + errorcode: + description: ErrorCode is the code of classification of errors + type: integer + lastHeartbeatTime: + description: + LastHeartbeatTime is when the controller reconciled this + component + type: string + message: + description: + Message provides a message for the status to be shown + to customer + type: string + reason: + description: Reason provides a reason for an error + type: string + status: + description: + Status is defined based on the current status of the + component + type: string + type: + description: Type is true or false based on if status is valid + type: string + version: + description: Version is the product (IBP) version of the component + type: string + versions: + description: Versions is the operand version of the component + properties: + reconciled: + description: + Reconciled provides the reconciled version of the + operand + type: string + required: + - reconciled + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator-ignore b/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator-ignore new file mode 100644 index 00000000..7484ee59 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator-ignore @@ -0,0 +1,23 @@ +# OpenAPI Generator Ignore +# Generated by openapi-generator https://github.com/openapitools/openapi-generator + +# Use this file to prevent files from being overwritten by the generator. +# The patterns follow closely to .gitignore or .dockerignore. + +# As an example, the C# client generator defines ApiClient.cs. +# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line: +#ApiClient.cs + +# You can match any string of characters against a directory, file or extension with a single asterisk (*): +#foo/*/qux +# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux + +# You can recursively match patterns against a directory, file or extension with a double asterisk (**): +#foo/**/qux +# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux + +# You can also negate patterns with an exclamation (!). +# For example, you can ignore all files in a docs folder with the file extension .md: +#docs/*.md +# Then explicitly reverse the ignore rule for a single file: +#!docs/README.md diff --git a/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator/FILES b/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator/FILES new file mode 100644 index 00000000..af3fdae9 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator/FILES @@ -0,0 +1,2 @@ +.openapi-generator-ignore +index.html diff --git a/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator/VERSION b/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator/VERSION new file mode 100644 index 00000000..7cbea073 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator/VERSION @@ -0,0 +1 @@ +5.2.0 \ No newline at end of file diff --git a/roles/fabric_operator_crds/templates/kind/crd/docs/index.html b/roles/fabric_operator_crds/templates/kind/crd/docs/index.html new file mode 100644 index 00000000..5fef4016 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/docs/index.html @@ -0,0 +1,3788 @@ + + + + + CRD Documentation + + + + + + + + + + + +
+
+
+ +
+
+
+
+

CRD Documentation

+

Generated by crd-api-doc-gen

+

+

Version: 0.0.0
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+ + +
+
+
+ + + + + + + diff --git a/roles/fabric_operator_crds/templates/kind/crd/kustomization.yaml b/roles/fabric_operator_crds/templates/kind/crd/kustomization.yaml new file mode 100644 index 00000000..c05b37ef --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/kustomization.yaml @@ -0,0 +1,31 @@ +--- +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: + - bases/ibp.com_ibpcas.yaml + - bases/ibp.com_ibppeers.yaml + - bases/ibp.com_ibporderers.yaml + - bases/ibp.com_ibpconsoles.yaml +# +kubebuilder:scaffold:crdkustomizeresource + +patchesStrategicMerge: +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. +# patches here are for enabling the conversion webhook for each CRD +#- patches/webhook_in_ibpcas.yaml +#- patches/webhook_in_ibppeers.yaml +#- patches/webhook_in_ibporderers.yaml +#- patches/webhook_in_ibpconsoles.yaml +# +kubebuilder:scaffold:crdkustomizewebhookpatch + +# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. +# patches here are for enabling the CA injection for each CRD +#- patches/cainjection_in_ibpcas.yaml +#- patches/cainjection_in_ibppeers.yaml +#- patches/cainjection_in_ibporderers.yaml +#- patches/cainjection_in_ibpconsoles.yaml +# +kubebuilder:scaffold:crdkustomizecainjectionpatch + +# the following config is for teaching kustomize how to do kustomization for CRDs. +configurations: + - kustomizeconfig.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/kustomizeconfig.yaml b/roles/fabric_operator_crds/templates/kind/crd/kustomizeconfig.yaml new file mode 100644 index 00000000..801dde28 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/kustomizeconfig.yaml @@ -0,0 +1,18 @@ +--- +# This file is for teaching kustomize how to substitute name and namespace reference in CRD +nameReference: + - kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhookClientConfig/service/name + +namespace: + - kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhookClientConfig/service/namespace + create: false + +varReference: + - path: metadata/annotations diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibpcas.yaml b/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibpcas.yaml new file mode 100644 index 00000000..c188eb35 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibpcas.yaml @@ -0,0 +1,9 @@ +--- +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: ibpcas.ibp.com diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibpconsoles.yaml b/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibpconsoles.yaml new file mode 100644 index 00000000..265fc2c0 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibpconsoles.yaml @@ -0,0 +1,9 @@ +--- +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: ibpconsoles.ibp.com diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibporderers.yaml b/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibporderers.yaml new file mode 100644 index 00000000..634c65fd --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibporderers.yaml @@ -0,0 +1,9 @@ +--- +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: ibporderers.ibp.com diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibppeers.yaml b/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibppeers.yaml new file mode 100644 index 00000000..ee98e1cf --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibppeers.yaml @@ -0,0 +1,9 @@ +--- +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: ibppeers.ibp.com diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibpcas.yaml b/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibpcas.yaml new file mode 100644 index 00000000..2cb83d5a --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibpcas.yaml @@ -0,0 +1,18 @@ +--- +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ibpcas.ibp.com +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibpconsoles.yaml b/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibpconsoles.yaml new file mode 100644 index 00000000..5e1f04bd --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibpconsoles.yaml @@ -0,0 +1,17 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ibpconsoles.ibp.com +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibporderers.yaml b/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibporderers.yaml new file mode 100644 index 00000000..9053ab54 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibporderers.yaml @@ -0,0 +1,17 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ibporderers.ibp.com +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibppeers.yaml b/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibppeers.yaml new file mode 100644 index 00000000..199c7cbb --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibppeers.yaml @@ -0,0 +1,17 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ibppeers.ibp.com +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/roles/fabric_operator_crds/templates/kind/ingress/ingress-nginx-controller.yaml b/roles/fabric_operator_crds/templates/kind/ingress/ingress-nginx-controller.yaml new file mode 100644 index 00000000..37e5d1a2 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/ingress/ingress-nginx-controller.yaml @@ -0,0 +1,40 @@ +# +# Copyright contributors to the Hyperledger Fabric Operator project +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: ingress-nginx + name: ingress-nginx-controller +spec: + template: + spec: + containers: + - name: controller + args: + - /nginx-ingress-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --watch-ingress-without-class=true + - --publish-status-address=localhost + - --enable-ssl-passthrough diff --git a/roles/fabric_operator_crds/templates/kind/ingress/kustomization.yaml b/roles/fabric_operator_crds/templates/kind/ingress/kustomization.yaml new file mode 100644 index 00000000..6635f17a --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/ingress/kustomization.yaml @@ -0,0 +1,26 @@ +# +# Copyright contributors to the Hyperledger Fabric Operator project +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/kubernetes/ingress-nginx.git/deploy/static/provider/kind?ref=controller-v1.1.2 + +patchesStrategicMerge: + - ingress-nginx-controller.yaml diff --git a/roles/fabric_operator_crds/templates/kind/manager/hlf-operator-manager.yaml.j2 b/roles/fabric_operator_crds/templates/kind/manager/hlf-operator-manager.yaml.j2 new file mode 100644 index 00000000..a58df675 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/manager/hlf-operator-manager.yaml.j2 @@ -0,0 +1,119 @@ +# +# Copyright contributors to the Hyperledger Fabric Operator project +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fabric-operator + labels: + release: "operator" + helm.sh/chart: "hlf" + app.kubernetes.io/name: "hlf" + app.kubernetes.io/instance: "hlf" + app.kubernetes.io/managed-by: "fabric-operator" +spec: + replicas: 1 + strategy: + type: "Recreate" + selector: + matchLabels: + name: fabric-operator + template: + metadata: + labels: + name: fabric-operator + release: "operator" + helm.sh/chart: "hlf" + app.kubernetes.io/name: "hlf" + app.kubernetes.io/instance: "hlf" + app.kubernetes.io/managed-by: "fabric-operator" + annotations: + productName: "IBM Support for Hyperledger Fabric" + productID: "5d5997a033594f149a534a09802d60f1" + productVersion: "1.0.0" + productChargedContainers: "" + productMetric: "VIRTUAL_PROCESSOR_CORE" + spec: + # hostIPC: false + # hostNetwork: false + # hostPID: false + serviceAccountName: hlf-operator + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + # securityContext: + # runAsNonRoot: true + # runAsUser: 1001 + # fsGroup: 2000 + containers: + - name: fabric-operator + image: {{ fabric_operator_image }} + imagePullPolicy: IfNotPresent + + command: + - ibp-operator + # securityContext: + # privileged: false + # allowPrivilegeEscalation: false + # readOnlyRootFilesystem: false + # runAsNonRoot: false + # runAsUser: 1001 + # capabilities: + # drop: + # - ALL + # add: + # - CHOWN + # - FOWNER + livenessProbe: + tcpSocket: + port: 8383 + initialDelaySeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + readinessProbe: + tcpSocket: + port: 8383 + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 5 + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "fabric-operator" + - name: CLUSTERTYPE + value: K8S + resources: + requests: + cpu: 10m + memory: 10Mi + limits: + cpu: 100m + memory: 200Mi diff --git a/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-clusterrole.yaml b/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-clusterrole.yaml new file mode 100644 index 00000000..fb35269b --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-clusterrole.yaml @@ -0,0 +1,205 @@ +# +# Copyright contributors to the Hyperledger Fabric Operator project +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: hlf-operator-role + labels: + release: "operator" + helm.sh/chart: "ibm-hlfsupport" + app.kubernetes.io/name: "ibm-hlfsupport" + app.kubernetes.io/instance: "ibm-hlfsupport" + app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" +rules: + - apiGroups: + - extensions + resourceNames: + - ibm-hlfsupport-psp + resources: + - podsecuritypolicies + verbs: + - use + - apiGroups: + - apiextensions.k8s.io + resources: + - persistentvolumeclaims + - persistentvolumes + verbs: + - get + - list + - create + - update + - patch + - watch + - delete + - deletecollection + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - create + - update + - patch + - watch + - delete + - deletecollection + - apiGroups: + - "" + resources: + - pods + - pods/log + - persistentvolumeclaims + - persistentvolumes + - services + - endpoints + - events + - configmaps + - secrets + - nodes + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - watch + - delete + - deletecollection + - apiGroups: + - "batch" + resources: + - jobs + verbs: + - get + - list + - create + - update + - patch + - watch + - delete + - deletecollection + - apiGroups: + - "authorization.openshift.io" + - "rbac.authorization.k8s.io" + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - watch + - delete + - deletecollection + - bind + - escalate + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list + - create + - update + - patch + - watch + - delete + - deletecollection + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - ibm-hlfsupport-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - ibp.com + resources: + - ibpcas.ibp.com + - ibppeers.ibp.com + - ibporderers.ibp.com + - ibpconsoles.ibp.com + - ibpcas + - ibppeers + - ibporderers + - ibpconsoles + - ibpcas/finalizers + - ibppeers/finalizers + - ibporderers/finalizers + - ibpconsoles/finalizers + - ibpcas/status + - ibppeers/status + - ibporderers/status + - ibpconsoles/status + verbs: + - get + - list + - create + - update + - patch + - watch + - delete + - deletecollection + - apiGroups: + - extensions + - networking.k8s.io + - config.openshift.io + resources: + - ingresses + - networkpolicies + verbs: + - get + - list + - create + - update + - patch + - watch + - delete + - deletecollection diff --git a/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-clusterrolebinding.yaml.j2 b/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-clusterrolebinding.yaml.j2 new file mode 100644 index 00000000..2a05d17c --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-clusterrolebinding.yaml.j2 @@ -0,0 +1,36 @@ +# +# Copyright contributors to the Hyperledger Fabric Operator project +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hlf-operator-rolebinding + labels: + release: "operator" + helm.sh/chart: "ibm-hlfsupport" + app.kubernetes.io/name: "ibm-hlfsupport" + app.kubernetes.io/instance: "ibm-hlfsupport" + app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" +subjects: + - kind: ServiceAccount + name: hlf-operator + namespace: "{{namespace}}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: hlf-operator-role diff --git a/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-serviceaccount.yaml b/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-serviceaccount.yaml new file mode 100644 index 00000000..7cb3420d --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-serviceaccount.yaml @@ -0,0 +1,22 @@ +# +# Copyright contributors to the Hyperledger Fabric Operator project +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hlf-operator diff --git a/roles/fabric_operator_crds/templates/kind/rbac/hlf-psp.yaml b/roles/fabric_operator_crds/templates/kind/rbac/hlf-psp.yaml new file mode 100644 index 00000000..dcd53c72 --- /dev/null +++ b/roles/fabric_operator_crds/templates/kind/rbac/hlf-psp.yaml @@ -0,0 +1,48 @@ +# +# Copyright contributors to the Hyperledger Fabric Operator project +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: ibm-hlfsupport-psp +spec: + hostIPC: false + hostNetwork: false + hostPID: false + privileged: true + allowPrivilegeEscalation: true + readOnlyRootFilesystem: false + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + requiredDropCapabilities: + - ALL + allowedCapabilities: + - NET_BIND_SERVICE + - CHOWN + - DAC_OVERRIDE + - SETGID + - SETUID + - FOWNER + volumes: + - '*' diff --git a/roles/hlfsupport_console/meta/main.yml b/roles/hlfsupport_console/meta/main.yml index 4e7e5d99..d42a29af 100644 --- a/roles/hlfsupport_console/meta/main.yml +++ b/roles/hlfsupport_console/meta/main.yml @@ -11,4 +11,4 @@ galaxy_info: versions: - all galaxy_tags: [] - min_ansible_version: 2.9 + min_ansible_version: "2.9" diff --git a/roles/hlfsupport_crds/meta/main.yml b/roles/hlfsupport_crds/meta/main.yml index 084174a1..e5a427e4 100644 --- a/roles/hlfsupport_crds/meta/main.yml +++ b/roles/hlfsupport_crds/meta/main.yml @@ -11,4 +11,4 @@ galaxy_info: versions: - all galaxy_tags: [] - min_ansible_version: 2.9 + min_ansible_version: "2.9" diff --git a/roles/mrha_endorsing_organization/meta/main.yml b/roles/mrha_endorsing_organization/meta/main.yml index 4c4bdf4a..1ff73873 100644 --- a/roles/mrha_endorsing_organization/meta/main.yml +++ b/roles/mrha_endorsing_organization/meta/main.yml @@ -12,4 +12,4 @@ galaxy_info: versions: - all galaxy_tags: [] - min_ansible_version: 2.9 + min_ansible_version: "2.9" diff --git a/roles/mrha_ordering_organization/meta/main.yml b/roles/mrha_ordering_organization/meta/main.yml index 4e3e182e..614e9ab8 100644 --- a/roles/mrha_ordering_organization/meta/main.yml +++ b/roles/mrha_ordering_organization/meta/main.yml @@ -12,4 +12,4 @@ galaxy_info: versions: - all galaxy_tags: [] - min_ansible_version: 2.9 + min_ansible_version: "2.9" diff --git a/roles/mzha_endorsing_organization/meta/main.yml b/roles/mzha_endorsing_organization/meta/main.yml index 46f4ecb8..f23b18a5 100644 --- a/roles/mzha_endorsing_organization/meta/main.yml +++ b/roles/mzha_endorsing_organization/meta/main.yml @@ -12,4 +12,4 @@ galaxy_info: versions: - all galaxy_tags: [] - min_ansible_version: 2.9 + min_ansible_version: "2.9" diff --git a/roles/mzha_ordering_organization/meta/main.yml b/roles/mzha_ordering_organization/meta/main.yml index b5a2cf70..fbfe2d15 100644 --- a/roles/mzha_ordering_organization/meta/main.yml +++ b/roles/mzha_ordering_organization/meta/main.yml @@ -12,4 +12,4 @@ galaxy_info: versions: - all galaxy_tags: [] - min_ansible_version: 2.9 + min_ansible_version: "2.9" diff --git a/roles/ordering_organization/meta/main.yml b/roles/ordering_organization/meta/main.yml index 8e1dc9ae..d31ed234 100644 --- a/roles/ordering_organization/meta/main.yml +++ b/roles/ordering_organization/meta/main.yml @@ -11,4 +11,4 @@ galaxy_info: versions: - all galaxy_tags: [] - min_ansible_version: 2.9 + min_ansible_version: "2.9"