diff --git a/operator/v1/tests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement+ManagedBootImagesCPMS.yaml b/operator/v1/tests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement+ManagedBootImagesCPMS.yaml new file mode 100644 index 00000000000..810c35dd3f0 --- /dev/null +++ b/operator/v1/tests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement+ManagedBootImagesCPMS.yaml @@ -0,0 +1,223 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "MachineConfiguration" +crdName: machineconfigurations.operator.openshift.io +featureGates: +- BootImageSkewEnforcement +- ManagedBootImagesCPMS +tests: + onUpdate: + - name: Should permit an "All" CPMS boot image configuration when bootImageSkewEnforcementStatus.mode is Automatic + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: {} + status: + managedBootImagesStatus: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + bootImageSkewEnforcementStatus: + mode: Automatic + automatic: + ocpVersion: "4.18.2" + rhcosVersion: "416.94.202411201433-0" + updated: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: controlplanemachinesets + apiGroup: machine.openshift.io + selection: + mode: All + status: + managedBootImagesStatus: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + bootImageSkewEnforcementStatus: + mode: Automatic + automatic: + ocpVersion: "4.18.2" + rhcosVersion: "416.94.202411201433-0" + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal + managedBootImages: + machineManagers: + - resource: controlplanemachinesets + apiGroup: machine.openshift.io + selection: + mode: All + status: + managedBootImagesStatus: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + bootImageSkewEnforcementStatus: + mode: Automatic + automatic: + ocpVersion: "4.18.2" + rhcosVersion: "416.94.202411201433-0" + - name: Should permit a None CPMS boot image configuration when bootImageSkewEnforcementStatus.mode is Automatic + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: {} + status: + managedBootImagesStatus: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + bootImageSkewEnforcementStatus: + mode: Automatic + automatic: + ocpVersion: "4.18.2" + rhcosVersion: "416.94.202411201433-0" + updated: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: controlplanemachinesets + apiGroup: machine.openshift.io + selection: + mode: None + status: + managedBootImagesStatus: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + bootImageSkewEnforcementStatus: + mode: Automatic + automatic: + ocpVersion: "4.18.2" + rhcosVersion: "416.94.202411201433-0" + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal + managedBootImages: + machineManagers: + - resource: controlplanemachinesets + apiGroup: machine.openshift.io + selection: + mode: None + status: + managedBootImagesStatus: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + bootImageSkewEnforcementStatus: + mode: Automatic + automatic: + ocpVersion: "4.18.2" + rhcosVersion: "416.94.202411201433-0" + - name: Should not permit a None MachineSet and All CPMS boot image configuration when bootImageSkewEnforcementStatus.mode is Automatic + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: {} + status: + managedBootImagesStatus: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + bootImageSkewEnforcementStatus: + mode: Automatic + automatic: + ocpVersion: "4.18.2" + rhcosVersion: "416.94.202411201433-0" + updated: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: controlplanemachinesets + apiGroup: machine.openshift.io + selection: + mode: All + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: None + status: + managedBootImagesStatus: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + bootImageSkewEnforcementStatus: + mode: Automatic + automatic: + ocpVersion: "4.18.2" + rhcosVersion: "416.94.202411201433-0" + expectedError: "when skew enforcement is in Automatic mode, any MachineAPI MachineSet MachineManager must use selection mode 'All'" + - name: Should not permit a None MachineSet and None CPMS boot image configuration when bootImageSkewEnforcementStatus.mode is Automatic + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: {} + status: + managedBootImagesStatus: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + bootImageSkewEnforcementStatus: + mode: Automatic + automatic: + ocpVersion: "4.18.2" + rhcosVersion: "416.94.202411201433-0" + updated: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: controlplanemachinesets + apiGroup: machine.openshift.io + selection: + mode: None + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: None + status: + managedBootImagesStatus: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + bootImageSkewEnforcementStatus: + mode: Automatic + automatic: + ocpVersion: "4.18.2" + rhcosVersion: "416.94.202411201433-0" + expectedError: "when skew enforcement is in Automatic mode, any MachineAPI MachineSet MachineManager must use selection mode 'All'" + diff --git a/operator/v1/tests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement.yaml b/operator/v1/tests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement.yaml index a9aa8253f9f..73d159d7eae 100644 --- a/operator/v1/tests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement.yaml +++ b/operator/v1/tests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement.yaml @@ -336,7 +336,7 @@ tests: automatic: ocpVersion: "4.18.2" rhcosVersion: "416.94.202411201433-0" - expectedError: "when skew enforcement is in Automatic mode, managedBootImages must contain a MachineManager opting in all MachineAPI MachineSets" + expectedError: "when skew enforcement is in Automatic mode, any MachineAPI MachineSet MachineManager must use selection mode 'All'" - name: Should not be able to set boot image configuration to an empty list if bootImageSkewEnforcementStatus.mode is set to Automatic initial: | apiVersion: operator.openshift.io/v1 @@ -373,7 +373,7 @@ tests: automatic: ocpVersion: "4.18.2" rhcosVersion: "416.94.202411201433-0" - expectedError: "when skew enforcement is in Automatic mode, managedBootImages must contain a MachineManager opting in all MachineAPI MachineSets" + expectedError: "when skew enforcement is in Automatic mode, managedBootImages.machineManagers must not be an empty list" - name: Should require boot image configuration status to be set to All when bootImageSkewEnforcementStatus.mode is Automatic initial: | apiVersion: operator.openshift.io/v1 diff --git a/operator/v1/types_machineconfiguration.go b/operator/v1/types_machineconfiguration.go index c6bcd22bc0f..f5836af0f8c 100644 --- a/operator/v1/types_machineconfiguration.go +++ b/operator/v1/types_machineconfiguration.go @@ -18,7 +18,8 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() : true",message="when skew enforcement is in Automatic mode, a boot image configuration is required" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, m.selection.mode == 'All' && m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io') : true",message="when skew enforcement is in Automatic mode, managedBootImages must contain a MachineManager opting in all MachineAPI MachineSets" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) > 0 : true",message="when skew enforcement is in Automatic mode, managedBootImages.machineManagers must not be an empty list" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io') || self.spec.managedBootImages.machineManagers.exists(m, m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io' && m.selection.mode == 'All') : true",message="when skew enforcement is in Automatic mode, any MachineAPI MachineSet MachineManager must use selection mode 'All'" // +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode == 'All' && m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io'): true",message="when skew enforcement is in Automatic mode, managedBootImagesStatus must contain a MachineManager opting in all MachineAPI MachineSets" type MachineConfiguration struct { metav1.TypeMeta `json:",inline"` diff --git a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-CustomNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-CustomNoUpgrade.crd.yaml index c165fca6bf5..831b5197545 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-CustomNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-CustomNoUpgrade.crd.yaml @@ -1524,12 +1524,19 @@ spec: rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() : true' - - message: when skew enforcement is in Automatic mode, managedBootImages must - contain a MachineManager opting in all MachineAPI MachineSets + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, - m.selection.mode == ''All'' && m.resource == ''machinesets'' && m.apiGroup - == ''machine.openshift.io'') : true' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' - message: when skew enforcement is in Automatic mode, managedBootImagesStatus must contain a MachineManager opting in all MachineAPI MachineSets rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' diff --git a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml index 544168f4154..201cee1f873 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml @@ -1524,12 +1524,19 @@ spec: rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() : true' - - message: when skew enforcement is in Automatic mode, managedBootImages must - contain a MachineManager opting in all MachineAPI MachineSets + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, - m.selection.mode == ''All'' && m.resource == ''machinesets'' && m.apiGroup - == ''machine.openshift.io'') : true' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' - message: when skew enforcement is in Automatic mode, managedBootImagesStatus must contain a MachineManager opting in all MachineAPI MachineSets rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' diff --git a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml index 0cc415a5880..0e521a7577d 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml @@ -1524,12 +1524,19 @@ spec: rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() : true' - - message: when skew enforcement is in Automatic mode, managedBootImages must - contain a MachineManager opting in all MachineAPI MachineSets + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, - m.selection.mode == ''All'' && m.resource == ''machinesets'' && m.apiGroup - == ''machine.openshift.io'') : true' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' - message: when skew enforcement is in Automatic mode, managedBootImagesStatus must contain a MachineManager opting in all MachineAPI MachineSets rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement.yaml index 82e320556b0..3f7eac5c86a 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement.yaml @@ -1222,12 +1222,19 @@ spec: rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() : true' - - message: when skew enforcement is in Automatic mode, managedBootImages must - contain a MachineManager opting in all MachineAPI MachineSets + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, - m.selection.mode == ''All'' && m.resource == ''machinesets'' && m.apiGroup - == ''machine.openshift.io'') : true' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' - message: when skew enforcement is in Automatic mode, managedBootImagesStatus must contain a MachineManager opting in all MachineAPI MachineSets rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' diff --git a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-CustomNoUpgrade.crd.yaml index c165fca6bf5..831b5197545 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-CustomNoUpgrade.crd.yaml @@ -1524,12 +1524,19 @@ spec: rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() : true' - - message: when skew enforcement is in Automatic mode, managedBootImages must - contain a MachineManager opting in all MachineAPI MachineSets + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, - m.selection.mode == ''All'' && m.resource == ''machinesets'' && m.apiGroup - == ''machine.openshift.io'') : true' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' - message: when skew enforcement is in Automatic mode, managedBootImagesStatus must contain a MachineManager opting in all MachineAPI MachineSets rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' diff --git a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml index 544168f4154..201cee1f873 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml @@ -1524,12 +1524,19 @@ spec: rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() : true' - - message: when skew enforcement is in Automatic mode, managedBootImages must - contain a MachineManager opting in all MachineAPI MachineSets + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, - m.selection.mode == ''All'' && m.resource == ''machinesets'' && m.apiGroup - == ''machine.openshift.io'') : true' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' - message: when skew enforcement is in Automatic mode, managedBootImagesStatus must contain a MachineManager opting in all MachineAPI MachineSets rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' diff --git a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml index 0cc415a5880..0e521a7577d 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml @@ -1524,12 +1524,19 @@ spec: rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() : true' - - message: when skew enforcement is in Automatic mode, managedBootImages must - contain a MachineManager opting in all MachineAPI MachineSets + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, - m.selection.mode == ''All'' && m.resource == ''machinesets'' && m.apiGroup - == ''machine.openshift.io'') : true' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' - message: when skew enforcement is in Automatic mode, managedBootImagesStatus must contain a MachineManager opting in all MachineAPI MachineSets rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic''