diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 636966aeec1..7ed49257301 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -58555,13 +58555,13 @@ func schema_openshift_api_operator_v1_KMSEncryptionStatus(ref common.ReferenceCa Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ "nodeName", - "keyId", + "keyID", }, "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "healthReports contains all KMS plugin health reports. When omitted, no health reports are available. Each entry must have a unique combination of nodeName and keyId.", + Description: "healthReports contains all KMS plugin health reports. When omitted, no health reports are available. Each entry must have a unique combination of nodeName and keyID.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -58589,14 +58589,14 @@ func schema_openshift_api_operator_v1_KMSPluginHealthReport(ref common.Reference Properties: map[string]spec.Schema{ "nodeName": { SchemaProps: spec.SchemaProps{ - Description: "nodeName is the name of the node this instance of the plugin runs on. The combination of nodeName and keyId makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + Description: "nodeName is the name of the node this instance of the plugin runs on. The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", Type: []string{"string"}, Format: "", }, }, - "keyId": { + "keyID": { SchemaProps: spec.SchemaProps{ - Description: "keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters.", + Description: "keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters.", Type: []string{"string"}, Format: "", }, @@ -58614,9 +58614,9 @@ func schema_openshift_api_operator_v1_KMSPluginHealthReport(ref common.Reference Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, - "kekId": { + "remoteKeyID": { SchemaProps: spec.SchemaProps{ - Description: "kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. This is not a cryptographic key, but a unique representation of the KEK. The value must be between 1 and 1024 characters.", + Description: "remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. This is not a cryptographic key, but a unique representation of the KEK. The value must be between 1 and 1024 characters.", Type: []string{"string"}, Format: "", }, @@ -58629,7 +58629,7 @@ func schema_openshift_api_operator_v1_KMSPluginHealthReport(ref common.Reference }, }, }, - Required: []string{"nodeName", "keyId", "status", "lastCheckedTime", "kekId"}, + Required: []string{"nodeName", "keyID", "status", "lastCheckedTime", "remoteKeyID"}, }, }, Dependencies: []string{ diff --git a/openapi/openapi.json b/openapi/openapi.json index 468c116a34e..4535394038d 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -33973,7 +33973,7 @@ "type": "object", "properties": { "healthReports": { - "description": "healthReports contains all KMS plugin health reports. When omitted, no health reports are available. Each entry must have a unique combination of nodeName and keyId.", + "description": "healthReports contains all KMS plugin health reports. When omitted, no health reports are available. Each entry must have a unique combination of nodeName and keyID.", "type": "array", "items": { "default": {}, @@ -33981,7 +33981,7 @@ }, "x-kubernetes-list-map-keys": [ "nodeName", - "keyId" + "keyID" ], "x-kubernetes-list-type": "map" } @@ -33991,22 +33991,18 @@ "type": "object", "required": [ "nodeName", - "keyId", + "keyID", "status", "lastCheckedTime", - "kekId" + "remoteKeyID" ], "properties": { "detail": { "description": "detail contains additional error/health information for the respective KMS plugin. When omitted, no additional error or health information is provided. When set, the value must be between 1 and 1024 characters.", "type": "string" }, - "kekId": { - "description": "kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. This is not a cryptographic key, but a unique representation of the KEK. The value must be between 1 and 1024 characters.", - "type": "string" - }, - "keyId": { - "description": "keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters.", + "keyID": { + "description": "keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters.", "type": "string" }, "lastCheckedTime": { @@ -34014,7 +34010,11 @@ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, "nodeName": { - "description": "nodeName is the name of the node this instance of the plugin runs on. The combination of nodeName and keyId makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + "description": "nodeName is the name of the node this instance of the plugin runs on. The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + "type": "string" + }, + "remoteKeyID": { + "description": "remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. This is not a cryptographic key, but a unique representation of the KEK. The value must be between 1 and 1024 characters.", "type": "string" }, "status": { diff --git a/operator/v1/tests/authentications.operator.openshift.io/KMSEncryption.yaml b/operator/v1/tests/authentications.operator.openshift.io/KMSEncryption.yaml index 504b8374e37..016576b0c56 100644 --- a/operator/v1/tests/authentications.operator.openshift.io/KMSEncryption.yaml +++ b/operator/v1/tests/authentications.operator.openshift.io/KMSEncryption.yaml @@ -23,10 +23,10 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 expected: | apiVersion: operator.openshift.io/v1 kind: Authentication @@ -40,11 +40,11 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 - - name: Should accept multiple health reports with unique nodeName/keyId combinations + remoteKeyID: kek-1 + - name: Should accept multiple health reports with unique nodeName/keyID combinations initial: | apiVersion: operator.openshift.io/v1 kind: Authentication @@ -62,21 +62,21 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 - nodeName: node-a - keyId: key-2 + keyID: key-2 status: Unhealthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-2 + remoteKeyID: kek-2 detail: plugin unreachable - nodeName: node-b - keyId: key-1 + keyID: key-1 status: Error lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: arn:aws:kms:us-east-1:123456789012:key/abc + remoteKeyID: arn:aws:kms:us-east-1:123456789012:key/abc detail: authentication failed expected: | apiVersion: operator.openshift.io/v1 @@ -91,23 +91,23 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 - nodeName: node-a - keyId: key-2 + keyID: key-2 status: Unhealthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-2 + remoteKeyID: kek-2 detail: plugin unreachable - nodeName: node-b - keyId: key-1 + keyID: key-1 status: Error lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: arn:aws:kms:us-east-1:123456789012:key/abc + remoteKeyID: arn:aws:kms:us-east-1:123456789012:key/abc detail: authentication failed - - name: Should reject duplicate nodeName/keyId health reports + - name: Should reject duplicate nodeName/keyID health reports initial: | apiVersion: operator.openshift.io/v1 kind: Authentication @@ -119,10 +119,10 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 updated: | apiVersion: operator.openshift.io/v1 kind: Authentication @@ -134,15 +134,15 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Unhealthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-2 + remoteKeyID: kek-2 detail: plugin error expectedStatusError: "Duplicate value" - name: Should reject an invalid nodeName in health reports @@ -163,8 +163,8 @@ tests: encryptionStatus: healthReports: - nodeName: INVALID - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 expectedStatusError: "nodeName must be a lowercase RFC 1123 subdomain" diff --git a/operator/v1/tests/kubeapiservers.operator.openshift.io/KMSEncryption.yaml b/operator/v1/tests/kubeapiservers.operator.openshift.io/KMSEncryption.yaml index d526f5f3659..8af6a43719a 100644 --- a/operator/v1/tests/kubeapiservers.operator.openshift.io/KMSEncryption.yaml +++ b/operator/v1/tests/kubeapiservers.operator.openshift.io/KMSEncryption.yaml @@ -18,10 +18,10 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 expected: | apiVersion: operator.openshift.io/v1 kind: KubeAPIServer @@ -32,11 +32,11 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 - - name: Should accept multiple health reports with unique nodeName/keyId combinations + remoteKeyID: kek-1 + - name: Should accept multiple health reports with unique nodeName/keyID combinations initial: | apiVersion: operator.openshift.io/v1 kind: KubeAPIServer @@ -49,21 +49,21 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 - nodeName: node-a - keyId: key-2 + keyID: key-2 status: Unhealthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-2 + remoteKeyID: kek-2 detail: plugin unreachable - nodeName: node-b - keyId: key-1 + keyID: key-1 status: Error lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: arn:aws:kms:us-east-1:123456789012:key/abc + remoteKeyID: arn:aws:kms:us-east-1:123456789012:key/abc detail: authentication failed expected: | apiVersion: operator.openshift.io/v1 @@ -75,23 +75,23 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 - nodeName: node-a - keyId: key-2 + keyID: key-2 status: Unhealthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-2 + remoteKeyID: kek-2 detail: plugin unreachable - nodeName: node-b - keyId: key-1 + keyID: key-1 status: Error lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: arn:aws:kms:us-east-1:123456789012:key/abc + remoteKeyID: arn:aws:kms:us-east-1:123456789012:key/abc detail: authentication failed - - name: Should reject duplicate nodeName/keyId health reports + - name: Should reject duplicate nodeName/keyID health reports initial: | apiVersion: operator.openshift.io/v1 kind: KubeAPIServer @@ -100,10 +100,10 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 updated: | apiVersion: operator.openshift.io/v1 kind: KubeAPIServer @@ -112,15 +112,15 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Unhealthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-2 + remoteKeyID: kek-2 detail: plugin error expectedStatusError: "Duplicate value" - name: Should reject an invalid nodeName in health reports @@ -136,8 +136,8 @@ tests: encryptionStatus: healthReports: - nodeName: INVALID - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 expectedStatusError: "nodeName must be a lowercase RFC 1123 subdomain" diff --git a/operator/v1/tests/openshiftapiservers.operator.openshift.io/KMSEncryption.yaml b/operator/v1/tests/openshiftapiservers.operator.openshift.io/KMSEncryption.yaml index ca3eb115998..abc907d6f84 100644 --- a/operator/v1/tests/openshiftapiservers.operator.openshift.io/KMSEncryption.yaml +++ b/operator/v1/tests/openshiftapiservers.operator.openshift.io/KMSEncryption.yaml @@ -18,10 +18,10 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 expected: | apiVersion: operator.openshift.io/v1 kind: OpenShiftAPIServer @@ -32,11 +32,11 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 - - name: Should accept multiple health reports with unique nodeName/keyId combinations + remoteKeyID: kek-1 + - name: Should accept multiple health reports with unique nodeName/keyID combinations initial: | apiVersion: operator.openshift.io/v1 kind: OpenShiftAPIServer @@ -49,21 +49,21 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 - nodeName: node-a - keyId: key-2 + keyID: key-2 status: Unhealthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-2 + remoteKeyID: kek-2 detail: plugin unreachable - nodeName: node-b - keyId: key-1 + keyID: key-1 status: Error lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: arn:aws:kms:us-east-1:123456789012:key/abc + remoteKeyID: arn:aws:kms:us-east-1:123456789012:key/abc detail: authentication failed expected: | apiVersion: operator.openshift.io/v1 @@ -75,23 +75,23 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 - nodeName: node-a - keyId: key-2 + keyID: key-2 status: Unhealthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-2 + remoteKeyID: kek-2 detail: plugin unreachable - nodeName: node-b - keyId: key-1 + keyID: key-1 status: Error lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: arn:aws:kms:us-east-1:123456789012:key/abc + remoteKeyID: arn:aws:kms:us-east-1:123456789012:key/abc detail: authentication failed - - name: Should reject duplicate nodeName/keyId health reports + - name: Should reject duplicate nodeName/keyID health reports initial: | apiVersion: operator.openshift.io/v1 kind: OpenShiftAPIServer @@ -100,10 +100,10 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 updated: | apiVersion: operator.openshift.io/v1 kind: OpenShiftAPIServer @@ -112,15 +112,15 @@ tests: encryptionStatus: healthReports: - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 - nodeName: node-a - keyId: key-1 + keyID: key-1 status: Unhealthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-2 + remoteKeyID: kek-2 detail: plugin error expectedStatusError: "Duplicate value" - name: Should reject an invalid nodeName in health reports @@ -136,8 +136,8 @@ tests: encryptionStatus: healthReports: - nodeName: INVALID - keyId: key-1 + keyID: key-1 status: Healthy lastCheckedTime: "2026-01-01T00:00:00Z" - kekId: kek-1 + remoteKeyID: kek-1 expectedStatusError: "nodeName must be a lowercase RFC 1123 subdomain" diff --git a/operator/v1/types_kmsencryption.go b/operator/v1/types_kmsencryption.go index a5dcf7d334e..70274322415 100644 --- a/operator/v1/types_kmsencryption.go +++ b/operator/v1/types_kmsencryption.go @@ -15,11 +15,10 @@ const ( KMSPluginHealthStatusError KMSPluginHealthStatus = "Error" ) -// +openshift:compatibility-gen:level=1 type KMSPluginHealthReport struct { // nodeName is the name of the node this instance of the plugin runs on. - // The combination of nodeName and keyId makes this health report unique. + // The combination of nodeName and keyID makes this health report unique. // The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain // consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with // an alphanumeric character, and be at most 253 characters in length. @@ -29,13 +28,13 @@ type KMSPluginHealthReport struct { // +required NodeName string `json:"nodeName,omitempty"` - // keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + // keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. // This is not a cryptographic key used to encrypt/decrypt any resources. // The value must be between 1 and 512 characters. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=512 // +required - KeyId string `json:"keyId,omitempty"` + KeyID string `json:"keyID,omitempty"` // status contains a health indicator for the respective KMS plugin // The field can have three states: healthy, unhealthy, error. @@ -47,13 +46,13 @@ type KMSPluginHealthReport struct { // +required LastCheckedTime metav1.Time `json:"lastCheckedTime,omitempty"` - // kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. + // remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. // This is not a cryptographic key, but a unique representation of the KEK. // The value must be between 1 and 1024 characters. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 // +required - KEKId string `json:"kekId,omitempty"` + RemoteKeyID string `json:"remoteKeyID,omitempty"` // detail contains additional error/health information for the respective KMS plugin. // When omitted, no additional error or health information is provided. @@ -69,12 +68,12 @@ type KMSPluginHealthReport struct { type KMSEncryptionStatus struct { // healthReports contains all KMS plugin health reports. // When omitted, no health reports are available. - // Each entry must have a unique combination of nodeName and keyId. + // Each entry must have a unique combination of nodeName and keyID. // +optional // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=200 // +listType=map // +listMapKey=nodeName - // +listMapKey=keyId + // +listMapKey=keyID HealthReports []KMSPluginHealthReport `json:"healthReports,omitempty"` } diff --git a/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml index 57df5e1297f..5295f3ed774 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml @@ -182,7 +182,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -193,17 +193,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -217,7 +209,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -230,6 +222,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -241,10 +241,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -252,7 +252,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml index 0371d90d7a1..e69d220f76c 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml @@ -182,7 +182,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -193,17 +193,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -217,7 +209,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -230,6 +222,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -241,10 +241,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -252,7 +252,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml index bdabdecd350..08379e379dd 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml @@ -182,7 +182,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -193,17 +193,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -217,7 +209,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -230,6 +222,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -241,10 +241,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -252,7 +252,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml index 0a3beba5bf3..adc23fefeba 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml @@ -149,7 +149,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -160,17 +160,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -184,7 +176,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -197,6 +189,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -208,10 +208,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -219,7 +219,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml index 89cb665ff4d..8dac988128d 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml @@ -149,7 +149,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -160,17 +160,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -184,7 +176,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -197,6 +189,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -208,10 +208,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -219,7 +219,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml index d380fa60f47..31a634ec23e 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml @@ -149,7 +149,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -160,17 +160,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -184,7 +176,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -197,6 +189,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -208,10 +208,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -219,7 +219,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml index a1d80bd5d9d..75cb803633f 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml @@ -304,7 +304,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -315,17 +315,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -339,7 +331,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -352,6 +344,14 @@ spec: '-' or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -363,10 +363,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -374,7 +374,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object latestAvailableRevision: diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml index 9e8ba13fd55..3a9e139301b 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml @@ -304,7 +304,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -315,17 +315,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -339,7 +331,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -352,6 +344,14 @@ spec: '-' or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -363,10 +363,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -374,7 +374,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object latestAvailableRevision: diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml index 03b3daf02a1..1b51279f4ac 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml @@ -304,7 +304,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -315,17 +315,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -339,7 +331,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -352,6 +344,14 @@ spec: '-' or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -363,10 +363,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -374,7 +374,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object latestAvailableRevision: diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/authentications.operator.openshift.io/KMSEncryption.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/authentications.operator.openshift.io/KMSEncryption.yaml index 5aef084320e..b510199efc3 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/authentications.operator.openshift.io/KMSEncryption.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/authentications.operator.openshift.io/KMSEncryption.yaml @@ -199,7 +199,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -210,17 +210,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -234,7 +226,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -247,6 +239,14 @@ spec: '-' or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -258,10 +258,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -269,7 +269,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object latestAvailableRevision: diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/kubeapiservers.operator.openshift.io/KMSEncryption.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/kubeapiservers.operator.openshift.io/KMSEncryption.yaml index fc3426a6fec..d5e8ac003cb 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/kubeapiservers.operator.openshift.io/KMSEncryption.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/kubeapiservers.operator.openshift.io/KMSEncryption.yaml @@ -168,7 +168,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -179,17 +179,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -203,7 +195,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -216,6 +208,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -227,10 +227,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -238,7 +238,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/openshiftapiservers.operator.openshift.io/KMSEncryption.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/openshiftapiservers.operator.openshift.io/KMSEncryption.yaml index 01cf4f74a48..f392943168b 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/openshiftapiservers.operator.openshift.io/KMSEncryption.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/openshiftapiservers.operator.openshift.io/KMSEncryption.yaml @@ -149,7 +149,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -160,17 +160,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -184,7 +176,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -197,6 +189,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -208,10 +208,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -219,7 +219,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/operator/v1/zz_generated.swagger_doc_generated.go b/operator/v1/zz_generated.swagger_doc_generated.go index 114b5c7a689..ee65d29d3fa 100644 --- a/operator/v1/zz_generated.swagger_doc_generated.go +++ b/operator/v1/zz_generated.swagger_doc_generated.go @@ -1389,7 +1389,7 @@ func (InsightsReport) SwaggerDoc() map[string]string { } var map_KMSEncryptionStatus = map[string]string{ - "healthReports": "healthReports contains all KMS plugin health reports. When omitted, no health reports are available. Each entry must have a unique combination of nodeName and keyId.", + "healthReports": "healthReports contains all KMS plugin health reports. When omitted, no health reports are available. Each entry must have a unique combination of nodeName and keyID.", } func (KMSEncryptionStatus) SwaggerDoc() map[string]string { @@ -1397,11 +1397,11 @@ func (KMSEncryptionStatus) SwaggerDoc() map[string]string { } var map_KMSPluginHealthReport = map[string]string{ - "nodeName": "nodeName is the name of the node this instance of the plugin runs on. The combination of nodeName and keyId makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", - "keyId": "keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters.", + "nodeName": "nodeName is the name of the node this instance of the plugin runs on. The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + "keyID": "keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters.", "status": "status contains a health indicator for the respective KMS plugin The field can have three states: healthy, unhealthy, error. With error and unhealthy containing additional information in Detail.", "lastCheckedTime": "lastCheckedTime is a timestamp of when the probe was last checked.", - "kekId": "kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. This is not a cryptographic key, but a unique representation of the KEK. The value must be between 1 and 1024 characters.", + "remoteKeyID": "remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. This is not a cryptographic key, but a unique representation of the KEK. The value must be between 1 and 1024 characters.", "detail": "detail contains additional error/health information for the respective KMS plugin. When omitted, no additional error or health information is provided. When set, the value must be between 1 and 1024 characters.", } diff --git a/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml index 57df5e1297f..5295f3ed774 100644 --- a/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-CustomNoUpgrade.crd.yaml @@ -182,7 +182,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -193,17 +193,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -217,7 +209,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -230,6 +222,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -241,10 +241,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -252,7 +252,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml index 0371d90d7a1..e69d220f76c 100644 --- a/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml @@ -182,7 +182,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -193,17 +193,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -217,7 +209,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -230,6 +222,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -241,10 +241,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -252,7 +252,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml index bdabdecd350..08379e379dd 100644 --- a/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml @@ -182,7 +182,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -193,17 +193,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -217,7 +209,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -230,6 +222,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -241,10 +241,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -252,7 +252,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml index 0a3beba5bf3..adc23fefeba 100644 --- a/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-CustomNoUpgrade.crd.yaml @@ -149,7 +149,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -160,17 +160,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -184,7 +176,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -197,6 +189,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -208,10 +208,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -219,7 +219,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml index 89cb665ff4d..8dac988128d 100644 --- a/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-DevPreviewNoUpgrade.crd.yaml @@ -149,7 +149,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -160,17 +160,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -184,7 +176,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -197,6 +189,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -208,10 +208,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -219,7 +219,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml index d380fa60f47..31a634ec23e 100644 --- a/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_30_openshift-apiserver_01_openshiftapiservers-TechPreviewNoUpgrade.crd.yaml @@ -149,7 +149,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -160,17 +160,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -184,7 +176,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -197,6 +189,14 @@ spec: or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -208,10 +208,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -219,7 +219,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object generations: diff --git a/payload-manifests/crds/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml index a1d80bd5d9d..75cb803633f 100644 --- a/payload-manifests/crds/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_50_authentication_01_authentications-CustomNoUpgrade.crd.yaml @@ -304,7 +304,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -315,17 +315,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -339,7 +331,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -352,6 +344,14 @@ spec: '-' or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -363,10 +363,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -374,7 +374,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object latestAvailableRevision: diff --git a/payload-manifests/crds/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml index 9e8ba13fd55..3a9e139301b 100644 --- a/payload-manifests/crds/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_50_authentication_01_authentications-DevPreviewNoUpgrade.crd.yaml @@ -304,7 +304,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -315,17 +315,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -339,7 +331,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -352,6 +344,14 @@ spec: '-' or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -363,10 +363,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -374,7 +374,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object latestAvailableRevision: diff --git a/payload-manifests/crds/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml index 03b3daf02a1..1b51279f4ac 100644 --- a/payload-manifests/crds/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_50_authentication_01_authentications-TechPreviewNoUpgrade.crd.yaml @@ -304,7 +304,7 @@ spec: description: |- healthReports contains all KMS plugin health reports. When omitted, no health reports are available. - Each entry must have a unique combination of nodeName and keyId. + Each entry must have a unique combination of nodeName and keyID. items: properties: detail: @@ -315,17 +315,9 @@ spec: maxLength: 1024 minLength: 1 type: string - kekId: + keyID: description: |- - kekId refers to the remote KEK id from KMS v2 StatusResponse.key_id. - This is not a cryptographic key, but a unique representation of the KEK. - The value must be between 1 and 1024 characters. - maxLength: 1024 - minLength: 1 - type: string - keyId: - description: |- - keyId is the encryption-key-secret id (kms-{keyId}.sock), a unique identifier of the plugin on that node. + keyID is the encryption-key-secret id (kms-{keyID}.sock), a unique identifier of the plugin on that node. This is not a cryptographic key used to encrypt/decrypt any resources. The value must be between 1 and 512 characters. maxLength: 512 @@ -339,7 +331,7 @@ spec: nodeName: description: |- nodeName is the name of the node this instance of the plugin runs on. - The combination of nodeName and keyId makes this health report unique. + The combination of nodeName and keyID makes this health report unique. The value must be a valid Kubernetes node name: a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length. @@ -352,6 +344,14 @@ spec: '-' or '.', and must start and end with an alphanumeric character rule: '!format.dns1123Subdomain().validate(self).hasValue()' + remoteKeyID: + description: |- + remoteKeyID refers to the remote KEK id from KMS v2 StatusResponse.key_id. + This is not a cryptographic key, but a unique representation of the KEK. + The value must be between 1 and 1024 characters. + maxLength: 1024 + minLength: 1 + type: string status: description: |- status contains a health indicator for the respective KMS plugin @@ -363,10 +363,10 @@ spec: - Error type: string required: - - kekId - - keyId + - keyID - lastCheckedTime - nodeName + - remoteKeyID - status type: object maxItems: 200 @@ -374,7 +374,7 @@ spec: type: array x-kubernetes-list-map-keys: - nodeName - - keyId + - keyID x-kubernetes-list-type: map type: object latestAvailableRevision: