-
Notifications
You must be signed in to change notification settings - Fork 522
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OTA-916: add SignatureStores to ClusterVersionSpec #1678
OTA-916: add SignatureStores to ClusterVersionSpec #1678
Conversation
Hello @PratikMahajan! Some important instructions when contributing to openshift/api: |
b913dfb
to
fac4b77
Compare
572da06
to
71f8cb7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please take a look at the test suite files for this CRD and add both positive and negative test cases that test the validation of this new field
@@ -88,6 +88,21 @@ type ClusterVersionSpec struct { | |||
// +optional | |||
Capabilities *ClusterVersionCapabilitiesSpec `json:"capabilities,omitempty"` | |||
|
|||
// SignatureStores contains the upstream URIs to verify release signatures. | |||
// By default, CVO will use existing signature stores if this property is empty. | |||
// The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which local configmaps, are there multiple configmaps? How are these configmaps selected?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
4fea343
to
627fc08
Compare
@PratikMahajan: This pull request references OTA-916 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
d0409a1
to
45f44a7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
storage
ClusterOperator Progressing
flapping seems unrelated to this change.
/lgtm
LGTM. Is the implementation of this ready to be merged? I'm conscious we only have a 48 hour window to merge changes into 4.15 now, I would prefer not to merge the API if the feature isn't going to ship this release, and then merge once 4.16 opens next week |
cb60c41
to
36d9723
Compare
36d9723
to
2959d3d
Compare
f82fa14
to
48e52c4
Compare
48e52c4
to
52aca23
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still looks good to me :)
/lgtm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve cancel
This will currently break CustomNoUpgrade jobs, need to fix that before we can merge
config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml
Outdated
Show resolved
Hide resolved
@PratikMahajan: The specified target(s) for
The following commands are available to trigger optional jobs:
Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test ci/prow/verify |
@PratikMahajan: The specified target(s) for
The following commands are available to trigger optional jobs:
Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test verify |
baef457
to
b994043
Compare
/override ci/prow/verify-crd-schema Overriding existing boolean failures caused by renames /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, JoelSpeed, PratikMahajan, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@JoelSpeed: Overrode contexts on behalf of JoelSpeed: ci/prow/verify-crd-schema In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@PratikMahajan: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
f356bd9
into
openshift:master
[ART PR BUILD NOTIFIER] This PR has been included in build ose-cluster-config-api-container-v4.16.0-202312061931.p0.gf356bd9.assembly.stream for distgit ose-cluster-config-api. |
Pulling in openshift/api@f356bd9e2ff6 (Merge pull request openshift/api#1678 from PratikMahajan/add-custom-sig-stores, 2023-12-06). $ go get -u github.com/openshift/api@master $ go mod tidy $ go mod vendor $ git add -A go.* vendor all using: $ go version go version go1.21.1 linux/amd64 I also bumped the Dockerfile by hand, so now we'll pick up everything under 0000_00_cluster-version-operator_* (importantly for this bump, both the Default and TechPreviewNoUpgrade versions of the ClusterVersion CRD). And I bumped hack/test-prerequisites.go to use the new path to the default CRD.
Pulling in openshift/api@f356bd9e2ff6 (Merge pull request openshift/api#1678 from PratikMahajan/add-custom-sig-stores, 2023-12-06). $ go get -u github.com/openshift/api@master $ go mod tidy $ go mod vendor $ git add -A go.* vendor all using: $ go version go version go1.21.1 linux/amd64 I also bumped the Dockerfile by hand, so now we'll pick up everything under 0000_00_cluster-version-operator_* (importantly for this bump, both the Default and TechPreviewNoUpgrade versions of the ClusterVersion CRD). And I bumped hack/test-prerequisites.go to use the new path to the default CRD.
Pulling in openshift/api@f356bd9e2ff6 (Merge pull request openshift/api#1678 from PratikMahajan/add-custom-sig-stores, 2023-12-06). $ go get -u github.com/openshift/api@master $ go mod tidy $ go mod vendor $ git add -A go.* vendor all using: $ go version go version go1.21.1 linux/amd64 I also bumped the Dockerfile by hand, so now we'll pick up everything under 0000_00_cluster-version-operator_* (importantly for this bump, both the Default and TechPreviewNoUpgrade versions of the ClusterVersion CRD). And I bumped hack/test-prerequisites.go to use the new path to the default CRD.
Pulling in openshift/api@f356bd9e2ff6 (Merge pull request openshift/api#1678 from PratikMahajan/add-custom-sig-stores, 2023-12-06). $ go get -u github.com/openshift/api@master $ go mod tidy $ go mod vendor $ git add -A go.* vendor all using: $ go version go version go1.21.1 linux/amd64 I also bumped the Dockerfile by hand, so now we'll pick up everything under 0000_00_cluster-version-operator_* (importantly for this bump, both the Default and TechPreviewNoUpgrade versions of the ClusterVersion CRD). And I bumped hack/test-prerequisites.go to use the new path to the default CRD.
SignatureStore will help us define custom signature stores which
can then be used in air-gapped environments. it'll also give admin
flexibility to remove one or more signature stores that they're not
comfortable using.
Enhancement: openshift/enhancements#1485