Update location of feature gate variable

Signed-off-by: Nolan Brubaker <[email protected]>
openshift · May 21, 2024 · bd762c3 · bd762c3
1 parent 0606f07
commit bd762c3
Show file tree

Hide file tree

Showing 8 changed files with 666 additions and 8 deletions.
diff --git a/pkg/cmd/render/render.go b/pkg/cmd/render/render.go
@@ -16,6 +16,7 @@ import (
 
 	"github.com/ghodss/yaml"
 	configv1 "github.com/openshift/api/config/v1"
+	"github.com/openshift/api/features"
 	kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1"
 	"github.com/openshift/cluster-kube-apiserver-operator/bindata"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configobservation/apienablement"
@@ -333,7 +334,7 @@ func bootstrapDefaultConfig(featureGates featuregates.FeatureGate) ([]byte, erro
 		return nil, fmt.Errorf("failed to add audit policy into default config - %s", err)
 	}
 
-	if !featureGates.Enabled(configv1.FeatureGateOpenShiftPodSecurityAdmission) {
+	if !featureGates.Enabled(features.FeatureGateOpenShiftPodSecurityAdmission) {
 		if err := auth.SetPodSecurityAdmissionToEnforcePrivileged(defaultConfig); err != nil {
 			return nil, err
 		}

diff --git a/pkg/cmd/render/render_test.go b/pkg/cmd/render/render_test.go
@@ -12,6 +12,7 @@ import (
 	"testing"
 
 	configv1 "github.com/openshift/api/config/v1"
+	"github.com/openshift/api/features"
 	kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1"
 	libgoaudit "github.com/openshift/library-go/pkg/operator/apiserver/audit"
 	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
@@ -650,7 +651,7 @@ spec:
 }
 
 func TestGetDefaultConfigWithAuditPolicy(t *testing.T) {
-	raw, err := bootstrapDefaultConfig(featuregates.NewFeatureGate([]configv1.FeatureGateName{configv1.FeatureGateOpenShiftPodSecurityAdmission}, nil))
+	raw, err := bootstrapDefaultConfig(featuregates.NewFeatureGate([]configv1.FeatureGateName{features.FeatureGateOpenShiftPodSecurityAdmission}, nil))
 	require.NoError(t, err)
 	require.True(t, len(raw) > 0)
 

diff --git a/pkg/operator/configobservation/auth/podsecurityadmission.go b/pkg/operator/configobservation/auth/podsecurityadmission.go
@@ -3,7 +3,7 @@ package auth
 import (
 	"fmt"
 
-	configv1 "github.com/openshift/api/config/v1"
+	"github.com/openshift/api/features"
 	"github.com/openshift/library-go/pkg/operator/configobserver"
 	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
 	"github.com/openshift/library-go/pkg/operator/events"
@@ -98,7 +98,7 @@ func observePodSecurityAdmissionEnforcement(featureGateAccessor featuregates.Fea
 
 	observedConfig := map[string]interface{}{}
 	switch {
-	case !featureGates.Enabled(configv1.FeatureGateOpenShiftPodSecurityAdmission):
+	case !featureGates.Enabled(features.FeatureGateOpenShiftPodSecurityAdmission):
 		if err := SetPodSecurityAdmissionToEnforcePrivileged(observedConfig); err != nil {
 			return existingConfig, append(errs, err)
 		}

diff --git a/pkg/operator/configobservation/auth/podsecurityadmission_test.go b/pkg/operator/configobservation/auth/podsecurityadmission_test.go
@@ -12,6 +12,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	configv1 "github.com/openshift/api/config/v1"
+	"github.com/openshift/api/features"
 	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
 	"github.com/openshift/library-go/pkg/operator/events"
 )
@@ -27,11 +28,11 @@ func TestObservePodSecurityAdmissionEnforcement(t *testing.T) {
 	restrictedJSON, err := json.Marshal(restrictedMap)
 	require.NoError(t, err)
 
-	defaultFeatureSet := featuregates.NewHardcodedFeatureGateAccess([]configv1.FeatureGateName{configv1.FeatureGateOpenShiftPodSecurityAdmission}, []configv1.FeatureGateName{})
+	defaultFeatureSet := featuregates.NewHardcodedFeatureGateAccess([]configv1.FeatureGateName{features.FeatureGateOpenShiftPodSecurityAdmission}, []configv1.FeatureGateName{})
 
 	const sentinelExistingJSON = `{"admission":{"pluginConfig":{"PodSecurity":{"configuration":{"defaults":{"foo":"bar"}}}}}}`
 
-	disabledFeatureSet := featuregates.NewHardcodedFeatureGateAccess([]configv1.FeatureGateName{}, []configv1.FeatureGateName{configv1.FeatureGateOpenShiftPodSecurityAdmission})
+	disabledFeatureSet := featuregates.NewHardcodedFeatureGateAccess([]configv1.FeatureGateName{}, []configv1.FeatureGateName{features.FeatureGateOpenShiftPodSecurityAdmission})
 
 	for _, tc := range []struct {
 		name                string

diff --git a/pkg/operator/webhooksupportabilitycontroller/degraded_webhook_test.go b/pkg/operator/webhooksupportabilitycontroller/degraded_webhook_test.go
@@ -140,8 +140,7 @@ func (s *mockWebhookServer) Run(t *testing.T, ctx context.Context) {
 	if s.skipCABundleInjection {
 		s.CABundle = []byte{}
 	}
-	// server certs
-	serverCertCfg, err := rootCA.MakeServerCert(sets.NewString(s.Hostname, "127.0.0.1"), 10)
+	serverCertCfg, err := rootCA.MakeServerCert(sets.New(s.Hostname, "127.0.0.1"), 10)
 	if err != nil {
 		t.Fatal(err)
 	}