DNS: Add awsPrivateHostedZoneRole

[patrickdillon]

Adds a field to the DNS config to hold a role to assume when performing cross- account installs in an AWS shared VPC
environment.

openshift/enhancements#1397

[openshift-ci]

Hello @patrickdillon! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[patrickdillon]

cc @mrunalp @Miciah @gcs278 @mtulio

[patrickdillon]

We are still deciding between whether this should live in cluster infrastructure or dns. Currently this only has the DNS implementation, which I believe is preferred.

If it's helpful, I can also add the infrastructure implementation in a separate commit. Please LMK if that would be helpful and I can add it.

[mrunalp]

@deads2k ptal.

[deads2k]

a few additional changes please.

[patrickdillon]

@deads2k suggested allowed values be AWS and "", but that seems to contrast with the validation suggested here, which is what I went with.

The intent being: dns.spec.platform is optional, but if it is provided dns.spec.platform.type is required

[deads2k]

Empty needs to be allowed to handle upgrade cases.

[patrickdillon]

I have handled this in the code, but we couldn't figure out a test case (which you mentioned in slack). None of the fields in this config are mutable (although I'm not certain that is enforced).

Was trying a test like this:

  onUpdate:
  - name: Should allow empty platform on upgrade
    initial: |
      apiVersion: config.openshift.io/v1
      kind: DNS
      spec:
        zone:
          id: foo
    updated: |
      apiVersion: config.openshift.io/v1
      kind: DNS
      spec:
        zone:
          id: bar
    expected: |
      apiVersion: config.openshift.io/v1
      kind: DNS
      spec:
        zone:
          id: bar
        platform:
          type: ""

But that is failing

[FAILED] the following fields were expected to match but did not:
[(spec.platform/spec.platform) (spec.zone/spec.zone)]

We're not really sure how to write the upgrade test

[patrickdillon]

@ingvagabund and @deads2k thanks for the review. I have addressed the feedback (except I still need to add the integration tests), but have a few resulting questions. Thanks!

[patrickdillon]

@ingvagabund @deads2k I think all feedback has been addressed (except one question about tests)

[deads2k]

/approve
/assign @Miciah

[Miciah]

You have the same test case twice.

[patrickdillon]

fixed

[Miciah]

Is this going to cause confusing error messages, or does the x-kubernetes-validations rule take precedence and prevent the enum rule from causing unsupported values to be printed in error messages?

[patrickdillon]

In the test, the x-kubernetes-validations message takes precedence, so I think we're ok.

[openshift-ci]

@patrickdillon: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[Miciah]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, Miciah, patrickdillon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [deads2k]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment