From 7aa30ed948318be836a2e0840bfc4de6831218bb Mon Sep 17 00:00:00 2001 From: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> Date: Wed, 29 May 2024 08:49:19 -0400 Subject: [PATCH] Sync Config/Operator CRDs Signed-off-by: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> (cherry picked from commit fc18f4868a35e21841889e6b62585711d8146ad5) --- ...nagement.io_configurationpolicies_crd.yaml | 43 ++++++++++++++++--- ...er-management.io_operatorpolicies_crd.yaml | 21 +++++++++ 2 files changed, 58 insertions(+), 6 deletions(-) diff --git a/pkg/addon/configpolicy/manifests/managedclusterchart/templates/policy.open-cluster-management.io_configurationpolicies_crd.yaml b/pkg/addon/configpolicy/manifests/managedclusterchart/templates/policy.open-cluster-management.io_configurationpolicies_crd.yaml index 9076ac1f..b78ba29b 100644 --- a/pkg/addon/configpolicy/manifests/managedclusterchart/templates/policy.open-cluster-management.io_configurationpolicies_crd.yaml +++ b/pkg/addon/configpolicy/manifests/managedclusterchart/templates/policy.open-cluster-management.io_configurationpolicies_crd.yaml @@ -162,14 +162,29 @@ spec: x-kubernetes-preserve-unknown-fields: true recordDiff: description: |- - RecordDiff specifies whether (and where) to log the diff between the object on the - cluster and the objectDefinition in the policy. Defaults to "None" when the object kind is - ConfigMap, OAuthAccessToken, OAuthAuthorizeTokens, Route, or Secret. Defaults to "InStatus" otherwise. + RecordDiff specifies whether and where to log the difference between the object on the cluster + and the `objectDefinition` parameter in the policy. The supported options are `InStatus` to record the + difference in the policy status field, `Log` to log the difference in the + `config-policy-controller` pod, and `None` to not log the difference. The default value is `None` for + object kinds that include sensitive data such as `ConfigMap`, `OAuthAccessToken`, + `OAuthAuthorizeTokens`, `Route`, and `Secret`, or when a templated `objectDefinition` references sensitive + data. For all other kinds, the default value is `InStatus`. enum: - Log - InStatus - None type: string + recreateOption: + description: |- + RecreateOption describes whether to delete and recreate an object when an update is required. `IfRequired` + will recreate the object when updating an immutable field. `Always` will always recreate the object if a mismatch + is detected. `RecreateOption` has no effect when the `remediationAction` is `inform`. `IfRequired` has no effect + on clusters without dry run update support. The default value is `None`. + enum: + - None + - IfRequired + - Always + type: string required: - complianceType - objectDefinition @@ -491,14 +506,30 @@ spec: x-kubernetes-preserve-unknown-fields: true recordDiff: description: |- - RecordDiff specifies whether (and where) to log the diff between the object on the - cluster and the objectDefinition in the policy. Defaults to "None" when the object kind is - ConfigMap, OAuthAccessToken, OAuthAuthorizeTokens, Route, or Secret. Defaults to "InStatus" otherwise. + RecordDiff specifies whether and where to log the difference between the object on the cluster + and the `objectDefinition` parameter in the policy. The supported options are `InStatus` to record the + difference in the policy status field, `Log` to log the difference in the + `config-policy-controller` pod, and `None` to not log the difference. The default value is `None` for + object kinds that include sensitive data such as `ConfigMap`, `OAuthAccessToken`, + `OAuthAuthorizeTokens`, `Route`, and `Secret`, or when a templated `objectDefinition` references sensitive + data. For all other kinds, the default value is `InStatus`. enum: - Log - InStatus - None type: string + recreateOption: + default: None + description: |- + RecreateOption describes whether to delete and recreate an object when an update is required. `IfRequired` + will recreate the object when updating an immutable field. `Always` will always recreate the object if a mismatch + is detected. `RecreateOption` has no effect when the `remediationAction` is `inform`. `IfRequired` has no effect + on clusters without dry run update support. The default value is `None`. + enum: + - None + - IfRequired + - Always + type: string required: - complianceType - objectDefinition diff --git a/pkg/addon/configpolicy/manifests/managedclusterchart/templates/policy.open-cluster-management.io_operatorpolicies_crd.yaml b/pkg/addon/configpolicy/manifests/managedclusterchart/templates/policy.open-cluster-management.io_operatorpolicies_crd.yaml index ead14fd1..46c9ff68 100644 --- a/pkg/addon/configpolicy/manifests/managedclusterchart/templates/policy.open-cluster-management.io_operatorpolicies_crd.yaml +++ b/pkg/addon/configpolicy/manifests/managedclusterchart/templates/policy.open-cluster-management.io_operatorpolicies_crd.yaml @@ -125,6 +125,16 @@ spec: https://olm.operatorframework.io/docs/concepts/crds/subscription/ type: object x-kubernetes-preserve-unknown-fields: true + upgradeApproval: + description: |- + UpgradeApproval determines whether 'upgrade' InstallPlans for the operator will be approved + by the controller when the policy is enforced and in 'musthave' mode. The initial InstallPlan + approval is not affected by this setting. This setting has no effect when the policy is in + 'mustnothave' mode. Allowed values are "None" or "Automatic". + enum: + - None + - Automatic + type: string versions: description: |- Versions is a list of nonempty strings that specifies which installed versions are compliant when @@ -136,6 +146,7 @@ spec: required: - complianceType - subscription + - upgradeApproval type: object status: description: OperatorPolicyStatus defines the observed state of OperatorPolicy @@ -207,6 +218,13 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map + overlappingPolicies: + description: |- + The list of overlapping OperatorPolicies (as name.namespace) which all manage the same + subscription, including this policy. When no overlapping is detected, this list will be empty. + items: + type: string + type: array relatedObjects: description: List of resources processed by the policy items: @@ -253,6 +271,9 @@ spec: type: string type: object type: array + resolvedSubscriptionLabel: + description: The resolved name.namespace of the subscription + type: string type: object type: object served: true